Home manager
This commit is contained in:
@@ -1,14 +1,7 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
settings = import ../settings.nix;
|
||||
# The assets folder from the project root
|
||||
assetsPath = ../assets;
|
||||
in
|
||||
{
|
||||
# Use tmpfiles.rules to create the symlink at boot/activation
|
||||
# L+ forces the creation of the symlink, removing existing file/dir if necessary
|
||||
systemd.tmpfiles.rules = [
|
||||
"L+ /home/${settings.username}/Assets - - - - ${assetsPath}"
|
||||
"L+ /home/atridad/Assets - - - - ${../assets}"
|
||||
];
|
||||
}
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
{
|
||||
security.rtkit.enable = true;
|
||||
|
||||
# Pipewire
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
@@ -14,15 +13,28 @@
|
||||
};
|
||||
|
||||
services.pipewire.extraConfig.pipewire."92-low-latency" = {
|
||||
"context.properties" = {
|
||||
"default.clock.rate" = 48000;
|
||||
"default.clock.quantum" = 256;
|
||||
"default.clock.min-quantum" = 256;
|
||||
"default.clock.max-quantum" = 1024;
|
||||
};
|
||||
};
|
||||
"context.properties" = {
|
||||
"default.clock.rate" = 48000;
|
||||
"default.clock.quantum" = 1024;
|
||||
"default.clock.min-quantum" = 512;
|
||||
"default.clock.max-quantum" = 2048;
|
||||
};
|
||||
};
|
||||
|
||||
services.pipewire.wireplumber.extraConfig = {
|
||||
"monitor.alsa.rules" = [
|
||||
{
|
||||
matches = [ { "node.name" = "~alsa_output.*"; } ];
|
||||
actions = {
|
||||
update-props = {
|
||||
"session.suspend-timeout-seconds" = 0;
|
||||
"dither.method" = "rectangular";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
# DeepFilterNet noise reduction filter chain
|
||||
services.pipewire.extraConfig.pipewire."99-deepfilter-source" = {
|
||||
"context.modules" = [
|
||||
{
|
||||
@@ -37,9 +49,7 @@
|
||||
name = "deepfilter";
|
||||
plugin = "${pkgs.deepfilternet}/lib/ladspa/libdeep_filter_ladspa.so";
|
||||
label = "deep_filter_mono";
|
||||
control = {
|
||||
"Attenuation Limit (dB)" = 100;
|
||||
};
|
||||
control = { "Attenuation Limit (dB)" = 100; };
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
@@ -1,11 +1,17 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
services.desktopManager.plasma6.enable = true;
|
||||
services.xserver.enable = true;
|
||||
|
||||
services.displayManager.sddm.enable = true;
|
||||
services.xserver.displayManager.gdm.enable = true;
|
||||
services.xserver.desktopManager.gnome.enable = true;
|
||||
|
||||
services.displayManager.sddm.wayland.enable = true;
|
||||
environment.gnome.excludePackages = (with pkgs; [
|
||||
gnome-photos
|
||||
gnome-tour
|
||||
]);
|
||||
|
||||
services.udev.packages = with pkgs; [ gnome-settings-daemon ];
|
||||
|
||||
services.printing.enable = true;
|
||||
}
|
||||
|
||||
@@ -1,12 +1,7 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
settings = import ../settings.nix;
|
||||
in
|
||||
{
|
||||
# Time zone
|
||||
time.timeZone = settings.timezone;
|
||||
time.timeZone = "America/Edmonton";
|
||||
|
||||
# Internationalization properties
|
||||
i18n.defaultLocale = settings.locale;
|
||||
}
|
||||
i18n.defaultLocale = "en_CA.UTF-8";
|
||||
}
|
||||
|
||||
@@ -1,10 +1,7 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
settings = import ../settings.nix;
|
||||
in
|
||||
{
|
||||
networking.hostName = settings.hostname;
|
||||
networking.hostName = "lavitz";
|
||||
|
||||
networking.networkmanager = {
|
||||
enable = true;
|
||||
@@ -14,17 +11,12 @@ in
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
|
||||
# Allowed ports
|
||||
allowedTCPPorts = [
|
||||
# Sunshine
|
||||
47984 47989 48010
|
||||
# SyncThing
|
||||
8384 22000
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
# Sunshine
|
||||
47998 47999 48000 48010
|
||||
# SyncThing
|
||||
22000 21027
|
||||
];
|
||||
};
|
||||
|
||||
@@ -1,23 +1,17 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
settings = import ../settings.nix;
|
||||
in
|
||||
{
|
||||
# Enable unfree globally
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
environment.variables.BROWSER = "librewolf";
|
||||
environment.variables.SSH_AUTH_SOCK = "/home/${settings.username}/.bitwarden-ssh-agent.sock";
|
||||
environment.variables.SSH_AUTH_SOCK = "/home/atridad/.bitwarden-ssh-agent.sock";
|
||||
|
||||
environment.systemPackages =
|
||||
with pkgs; [
|
||||
# Browsers and comms
|
||||
discord
|
||||
signal-desktop
|
||||
librewolf
|
||||
|
||||
# Development tools
|
||||
gnumake
|
||||
openssh
|
||||
nodePackages."pnpm"
|
||||
@@ -37,7 +31,6 @@ in
|
||||
wget
|
||||
unzip
|
||||
|
||||
# Desktop applications
|
||||
bitwarden-desktop
|
||||
vlc
|
||||
streamrip
|
||||
@@ -50,7 +43,6 @@ in
|
||||
onlyoffice-desktopeditors
|
||||
protege
|
||||
|
||||
# KDE
|
||||
kdePackages.kcalc
|
||||
kdePackages.kcolorchooser
|
||||
kdePackages.ksystemlog
|
||||
@@ -63,7 +55,6 @@ in
|
||||
wl-clipboard
|
||||
];
|
||||
|
||||
# Programs with extra configuration
|
||||
programs.steam = {
|
||||
enable = true;
|
||||
remotePlay.openFirewall = true;
|
||||
@@ -75,17 +66,4 @@ in
|
||||
programs.steam.extraPackages = [ pkgs.jdk ];
|
||||
|
||||
programs.obs-studio.enable = true;
|
||||
|
||||
programs.git = {
|
||||
enable = true;
|
||||
config = {
|
||||
user = {
|
||||
name = "${settings.gitName}";
|
||||
email = "${settings.gitEmail}";
|
||||
signingkey = "${settings.gitKey}";
|
||||
};
|
||||
gpg.format = "ssh";
|
||||
commit.gpgsign = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,27 +1,20 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
settings = import ../settings.nix;
|
||||
in
|
||||
{
|
||||
# Hardened OpenSSH
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
ports = [ 22 ];
|
||||
settings = {
|
||||
# Authentication
|
||||
PermitRootLogin = "no";
|
||||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
PermitEmptyPasswords = false;
|
||||
|
||||
# Security hardening
|
||||
X11Forwarding = false;
|
||||
AllowTcpForwarding = false;
|
||||
AllowAgentForwarding = false;
|
||||
AllowStreamLocalForwarding = false;
|
||||
|
||||
# Session settings
|
||||
ClientAliveInterval = 300;
|
||||
ClientAliveCountMax = 2;
|
||||
MaxAuthTries = 3;
|
||||
@@ -30,13 +23,10 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
# Tailscale
|
||||
services.tailscale.enable = true;
|
||||
|
||||
# Fwupd
|
||||
services.fwupd.enable = true;
|
||||
|
||||
# Sunshine
|
||||
services.sunshine = {
|
||||
enable = true;
|
||||
autoStart = true;
|
||||
@@ -60,9 +50,9 @@ in
|
||||
syncthing = {
|
||||
enable = true;
|
||||
group = "wheel";
|
||||
user = "${settings.username}";
|
||||
dataDir = "/home/${settings.username}/syncthing/data";
|
||||
configDir = "/home/${settings.username}/syncthing/conf";
|
||||
user = "atridad";
|
||||
dataDir = "/home/atridad/syncthing/data";
|
||||
configDir = "/home/atridad/syncthing/conf";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@@ -1,18 +1,15 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
settings = import ../settings.nix;
|
||||
in
|
||||
{
|
||||
users.groups.plugdev.gid = 69420;
|
||||
|
||||
users.users.${settings.username} = {
|
||||
users.users.atridad = {
|
||||
isNormalUser = true;
|
||||
description = settings.userDescription;
|
||||
extraGroups = settings.userGroups;
|
||||
description = "Atridad Lahiji";
|
||||
extraGroups = [ "networkmanager" "wheel" "docker" "plugdev" "input" "video" ];
|
||||
shell = pkgs.bash;
|
||||
};
|
||||
|
||||
# Security
|
||||
security.sudo.execWheelOnly = true;
|
||||
security.audit.enable = true;
|
||||
security.auditd.enable = true;
|
||||
|
||||
Reference in New Issue
Block a user