From e58d5a7a186fac663e96a6f329b6d82ca74f9d27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lukrecja=20Pleskaczy=C5=84ska?= Date: Tue, 10 Mar 2026 23:22:08 +0100 Subject: [PATCH] refactor into modules --- nixos/configuration.nix | 378 +++---------------------- nixos/flake.nix | 14 +- nixos/home.nix | 13 - nixos/modules/boot/bootloader.nix | 7 + nixos/modules/boot/kernel.nix | 26 ++ nixos/modules/boot/tpm.nix | 6 + nixos/modules/desktop/fonts.nix | 10 + nixos/modules/desktop/greetd.nix | 13 + nixos/modules/desktop/xdg.nix | 22 ++ nixos/modules/desktop/xwayland.nix | 9 + nixos/modules/filesystems.nix | 27 ++ nixos/modules/hardware/bluetooth.nix | 6 + nixos/modules/hardware/gpu.nix | 8 + nixos/modules/hardware/power.nix | 6 + nixos/modules/hardware/rtl-sdr.nix | 11 + nixos/modules/hardware/scanner.nix | 9 + nixos/modules/hardware/tablet.nix | 7 + nixos/modules/hardware/udev.nix | 11 + nixos/modules/networking/general.nix | 11 + nixos/modules/networking/tailscale.nix | 11 + nixos/modules/networking/vpn.nix | 55 ++++ nixos/modules/packages.nix | 25 ++ nixos/modules/services/flatpak.nix | 5 + nixos/modules/services/printing.nix | 17 ++ nixos/modules/services/smb.nix | 5 + nixos/modules/services/ssh.nix | 5 + nixos/modules/users.nix | 16 ++ nixos/modules/virtualization.nix | 12 + nixos/modules/wireshark.nix | 6 + 29 files changed, 386 insertions(+), 365 deletions(-) delete mode 100644 nixos/home.nix create mode 100644 nixos/modules/boot/bootloader.nix create mode 100644 nixos/modules/boot/kernel.nix create mode 100644 nixos/modules/boot/tpm.nix create mode 100644 nixos/modules/desktop/fonts.nix create mode 100644 nixos/modules/desktop/greetd.nix create mode 100644 nixos/modules/desktop/xdg.nix create mode 100644 nixos/modules/desktop/xwayland.nix create mode 100644 nixos/modules/filesystems.nix create mode 100644 nixos/modules/hardware/bluetooth.nix create mode 100644 nixos/modules/hardware/gpu.nix create mode 100644 nixos/modules/hardware/power.nix create mode 100644 nixos/modules/hardware/rtl-sdr.nix create mode 100644 nixos/modules/hardware/scanner.nix create mode 100644 nixos/modules/hardware/tablet.nix create mode 100644 nixos/modules/hardware/udev.nix create mode 100644 nixos/modules/networking/general.nix create mode 100644 nixos/modules/networking/tailscale.nix create mode 100644 nixos/modules/networking/vpn.nix create mode 100644 nixos/modules/packages.nix create mode 100644 nixos/modules/services/flatpak.nix create mode 100644 nixos/modules/services/printing.nix create mode 100644 nixos/modules/services/smb.nix create mode 100644 nixos/modules/services/ssh.nix create mode 100644 nixos/modules/users.nix create mode 100644 nixos/modules/virtualization.nix create mode 100644 nixos/modules/wireshark.nix diff --git a/nixos/configuration.nix b/nixos/configuration.nix index 459bbbc..6deb97a 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -1,360 +1,52 @@ { config, lib, pkgs, ... }: { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; + imports = [ + ./hardware-configuration.nix - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.resumeDevice = "/dev/mapper/luksroot"; + ./modules/boot/bootloader.nix + ./modules/boot/kernel.nix + ./modules/boot/tpm.nix - boot.extraModprobeConfig = '' - options mt7921_common disable_clc=1 - options atkbd reset=1 softrepeat=1 - options i8042 nomux=1 reset=1 nopnp=1 kbdreset=1 direct=1 dumbkbd=1 - ''; + ./modules/desktop/fonts.nix + ./modules/desktop/greetd.nix + ./modules/desktop/xdg.nix + ./modules/desktop/xwayland.nix - # Blacklist built-in RTL modules - boot.blacklistedKernelModules = [ - "dvb_usb_rtl28xxu" - "rtl2832" - "rtl2830" + ./modules/filesystems.nix + + ./modules/hardware/bluetooth.nix + ./modules/hardware/gpu.nix + ./modules/hardware/power.nix + ./modules/hardware/rtl-sdr.nix + ./modules/hardware/scanner.nix + ./modules/hardware/tablet.nix + ./modules/hardware/udev.nix + + ./modules/networking/general.nix + ./modules/networking/tailscale.nix + ./modules/networking/vpn.nix + + ./modules/packages.nix + + ./modules/services/flatpak.nix + ./modules/services/printing.nix + ./modules/services/smb.nix + ./modules/services/ssh.nix + + ./modules/users.nix + ./modules/virtualization.nix + ./modules/wireshark.nix ]; - # Kernel parameters for power saving - boot.kernelParams = [ - # CRITICAL FIX: Disable ACPI for i8042 (ASUS BIOS bug workaround) - "i8042.noacpi" # Disable buggy ASUS ACPI keyboard controller - "i8042.reset=1" # Force reset i8042 - "i8042.nomux=1" # No multiplexing - "i8042.nopnp=1" # Ignore PnP detection - "atkbd.softrepeat=1" # Software key repeat - "amd_pstate=active" # Use AMD P-State driver for better power management - "amd_pstate.shared_mem=1" - # "pcie_aspm.policy=powersupersave" # Aggressive PCIe power management - "amdgpu.gpu_recovery=1" # Enable automatic GPU recovery - "amdgpu.runpm=0" # Disable runtime PM (major hang cause) - ###"amdgpu.dcdebugmask=0x400" - #"amdgpu.dcdebugmask=0x10" # Disable PSR (panel self-refresh) - #"amdgpu.ppfeaturemask=0xf7fff" # Disable GFXOFF - ]; - - # Disable TPM - systemd.tpm2.enable = false; - boot.initrd.systemd.tpm2.enable = false; - - # Enable swap file - swapDevices = [{ device = "/swap/swapfile"; }]; - - # Override btrfs mount options from hardware-configuration.nix - fileSystems."/" = { - options = [ "subvol=@" "compress=zstd" "space_cache=v2" "noatime" - "lazytime" "ssd" "discard=async" ]; - }; - - fileSystems."/home" = { - options = [ "subvol=@home" "compress=zstd" "space_cache=v2" "noatime" - "lazytime" "ssd" "discard=async" ]; - }; - - fileSystems."/var/log" = { - options = [ "subvol=@log" "compress=zstd" "space_cache=v2" "noatime" - "lazytime" "ssd" "discard=async" ]; - }; - - fileSystems."/swap" = { - options = [ "subvol=@swap" "noatime" "ssd" "discard=async" ]; - }; - - # Enable NetworkManager and set network host name - networking.networkmanager.enable = true; - networking.hostName = "lusia-laptop"; - - # NetworkManager power saving for WiFi - networking.networkmanager.wifi.powersave = true; - - # Enable Tailscale - services.tailscale.enable = true; - - # Trust the Tailscale interface - networking.firewall.trustedInterfaces = [ "tailscale0" ]; - - # Disable reverse path filtering for Tailscale, change kernel writeback options - boot.kernel.sysctl = { - "net.ipv4.conf.tailscale0.rp_filter" = 0; - "vm.dirty_ratio" = 10; - "vm.dirty_background_ratio" = 5; - "vm.swappiness" = 10; - }; - - # Enable resolved - services.resolved.enable = true; - - # Set DNS - networking.nameservers = [ "9.9.9.9" ]; - - # OpenVPN services - # VSTech VPN (with DNS for bgs.local domain) - services.openvpn.servers.vstech = { - config = '' - client - remote 51.83.143.81 - proto udp - port 649 - dev tun - topology subnet - ca /home/lusia/VSTech-vpn/ca.crt - cert /home/lusia/VSTech-vpn/Klient251.crt - key /home/lusia/VSTech-vpn/Klient251.inline - tls-crypt /home/lusia/VSTech-vpn/ta.key - - auth sha512 - data-ciphers aes-256-cbc - data-ciphers-fallback aes-256-cbc - key-direction 1 - keepalive 10 120 - ''; - updateResolvConf = false; - - # Manually set DNS after connection - up = '' - ${pkgs.systemd}/bin/resolvectl dns $dev 10.10.10.1 - ${pkgs.systemd}/bin/resolvectl domain $dev bgs.local - ''; - - down = '' - ${pkgs.systemd}/bin/resolvectl revert $dev - ''; - }; - - # CAT VPN - services.openvpn.servers.cat = { - config = '' - client - remote 79.133.193.211 - proto tcp - port 1194 - dev tun - topology subnet - ca /home/lusia/vpn/ca.crt - cert /home/lusia/vpn/client18.crt - key /home/lusia/vpn/client18.key - - auth sha256 - data-ciphers AES-256-CBC - key-direction 1 - ''; - updateResolvConf = true; - }; - - # Enable upower service - services.upower.enable = true; - - # Set your time zone. time.timeZone = "Europe/Warsaw"; - # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; - console = { - keyMap = "pl"; - }; - - # Enable fish - programs.fish.enable = true; - - # Enable greetd with tuigreet - services.greetd = { - enable = true; - settings = { - default_session = { - command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session"; - user = "greeter"; - }; - }; - }; - - # Essential for niri - security.polkit.enable = true; - services.gnome.gnome-keyring.enable = true; - - # XDG Portal for file pickers or screen sharing - xdg.portal = { - enable = true; - extraPortals = [ pkgs.xdg-desktop-portal-gtk - pkgs.xdg-desktop-portal-gnome ]; - config = { - common = { - default = [ "gtk" ]; - "org.freedesktop.impl.portal.ScreenCast" = [ "gnome" ]; - "org.freedesktop.impl.portal.Screenshot" = [ "gnome" ]; - }; - }; - }; - - # Enable dconf - programs.dconf.enable = true; - - users.groups.plugdev = {}; - - users.users.lusia = { - isNormalUser = true; - description = "Lukrecja"; - extraGroups = [ "wheel" "networkmanager" "docker" "plugdev" "scanner" "lp" "wireshark" "libvirtd" "kvm" "vboxusers" "dialout" ]; - initialPassword = "pass"; - shell = pkgs.fish; - }; - - # Import udev rules for probe-rs - services.udev.packages = [ - (pkgs.writeTextFile { - name = "probe-rs-udev-rules"; - destination = "/etc/udev/rules.d/69-probe-rs.rules"; - text = builtins.readFile ./udev-rules/69-probe-rs.rules; - }) - ]; + console.keyMap = "pl"; hardware.enableAllFirmware = true; - services.openssh.enable = true; - security.sudo.enable = true; - - # Enable virtualisation - virtualisation.libvirtd.enable = true; - - # Enable VirtualBox - virtualisation.virtualbox.host.enable = true; - virtualisation.virtualbox.host.enableExtensionPack = true; - - # Enable xwayland - programs.xwayland.enable = true; - - # Set a session variable for icon theme - environment.sessionVariables = rec { - QT_QPA_PLATFORMTHEME = "qt5ct"; - }; - - environment.systemPackages = with pkgs; [ - git - curl - wget - vim - fish - kitty - #asusctl - powertop # For monitoring power consumption - openvpn - nodejs - gnumake - gcc - cmake - xwayland-satellite - busybox - libdecor - file - cifs-utils - samba - gvfs - ]; - - # Enable Wireshark with proper groups - programs.wireshark.enable = true; - programs.wireshark.package = pkgs.wireshark; - - # Fonts - fonts.packages = with pkgs; [ - noto-fonts - noto-fonts-cjk-sans - noto-fonts-color-emoji - pkgs.nerd-fonts.fira-code - ]; - - # For SMB shares - services.gvfs.enable = true; - - # Printers - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; - - services.printing = { - enable = true; - drivers = with pkgs; [ - cups-filters - cups-browsed - ]; - }; - - # Enable Flatpaks - services.flatpak.enable = true; - - # Enable Docker - virtualisation.docker.enable = true; - nixpkgs.config.allowUnfree = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; - # Enable Bluetooth (but it will be blocked by default to save power) - hardware.bluetooth.enable = true; - hardware.bluetooth.powerOnBoot = false; # Don't power on bluetooth at boot - - hardware.sane.enable = true; - - # Configure epsonds for network scanning - environment.etc."sane.d/epsonds.conf".text = '' - net EPSOND80395.local - ''; - - # Enable OpenTabletDriver - hardware.opentabletdriver.enable = true; - hardware.uinput.enable = true; - - # Enable kernel modules - boot.kernelModules = [ "uinput" "usbmon" "kvm-amd" ]; - - # Enable PPD for power options - services.power-profiles-daemon.enable = true; - - # Enable AMD GPU graphics acceleration - hardware.graphics = { - enable = true; - enable32Bit = true; # For 32-bit applications/games - }; - - # Enable RTL-SDL module - hardware.rtl-sdr.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "24.11"; # Did you read the comment? - + system.stateVersion = "24.11"; } diff --git a/nixos/flake.nix b/nixos/flake.nix index af98d40..a95951d 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -5,14 +5,10 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; }; - outputs = inputs@{ nixpkgs, home-manager, ... }: { - nixosConfigurations = { - lusia-laptop = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./configuration.nix - ]; - }; + outputs = inputs: { + nixosConfigurations.lusia-laptop = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ ./configuration.nix ]; }; - }; + }; } diff --git a/nixos/home.nix b/nixos/home.nix deleted file mode 100644 index ff377e5..0000000 --- a/nixos/home.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, pkgs, ... }: - -{ - home.username = "lusia"; - home.homeDirectory = "/home/lusia"; - home.stateVersion = "24.11"; - - programs.kitty = { - enable = true; - }; - - programs.home-manager.enable = true; -} diff --git a/nixos/modules/boot/bootloader.nix b/nixos/modules/boot/bootloader.nix new file mode 100644 index 0000000..1f48b8f --- /dev/null +++ b/nixos/modules/boot/bootloader.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.resumeDevice = "/dev/mapper/luksroot"; +} diff --git a/nixos/modules/boot/kernel.nix b/nixos/modules/boot/kernel.nix new file mode 100644 index 0000000..df9f2e2 --- /dev/null +++ b/nixos/modules/boot/kernel.nix @@ -0,0 +1,26 @@ +{ ... }: + +{ + boot.extraModprobeConfig = '' + options mt7921_common disable_clc=1 + options atkbd reset=1 softrepeat=1 + options i8042 nomux=1 reset=1 nopnp=1 kbdreset=1 direct=1 dumbkbd=1 + ''; + + boot.kernelParams = [ + # CRITICAL FIX: Disable ACPI for i8042 (ASUS BIOS bug workaround) + "i8042.noacpi" + "i8042.reset=1" + "i8042.nomux=1" + "i8042.nopnp=1" + "atkbd.softrepeat=1" + # AMD P-State driver for better power management + "amd_pstate=active" + "amd_pstate.shared_mem=1" + # GPU + "amdgpu.gpu_recovery=1" + "amdgpu.runpm=0" + ]; + + boot.kernelModules = [ "usbmon" ]; +} diff --git a/nixos/modules/boot/tpm.nix b/nixos/modules/boot/tpm.nix new file mode 100644 index 0000000..87b3146 --- /dev/null +++ b/nixos/modules/boot/tpm.nix @@ -0,0 +1,6 @@ +{ ... }: + +{ + systemd.tpm2.enable = false; + boot.initrd.systemd.tpm2.enable = false; +} diff --git a/nixos/modules/desktop/fonts.nix b/nixos/modules/desktop/fonts.nix new file mode 100644 index 0000000..731d9c1 --- /dev/null +++ b/nixos/modules/desktop/fonts.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: + +{ + fonts.packages = with pkgs; [ + noto-fonts + noto-fonts-cjk-sans + noto-fonts-color-emoji + nerd-fonts.fira-code + ]; +} diff --git a/nixos/modules/desktop/greetd.nix b/nixos/modules/desktop/greetd.nix new file mode 100644 index 0000000..9784b55 --- /dev/null +++ b/nixos/modules/desktop/greetd.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: + +{ + services.greetd = { + enable = true; + settings = { + default_session = { + command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session"; + user = "greeter"; + }; + }; + }; +} diff --git a/nixos/modules/desktop/xdg.nix b/nixos/modules/desktop/xdg.nix new file mode 100644 index 0000000..4f20ab9 --- /dev/null +++ b/nixos/modules/desktop/xdg.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: + +{ + security.polkit.enable = true; + services.gnome.gnome-keyring.enable = true; + programs.dconf.enable = true; + + xdg.portal = { + enable = true; + extraPortals = [ + pkgs.xdg-desktop-portal-gtk + pkgs.xdg-desktop-portal-gnome + ]; + config = { + common = { + default = [ "gtk" ]; + "org.freedesktop.impl.portal.ScreenCast" = [ "gnome" ]; + "org.freedesktop.impl.portal.Screenshot" = [ "gnome" ]; + }; + }; + }; +} diff --git a/nixos/modules/desktop/xwayland.nix b/nixos/modules/desktop/xwayland.nix new file mode 100644 index 0000000..b28724d --- /dev/null +++ b/nixos/modules/desktop/xwayland.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + programs.xwayland.enable = true; + + environment.sessionVariables = { + QT_QPA_PLATFORMTHEME = "qt5ct"; + }; +} diff --git a/nixos/modules/filesystems.nix b/nixos/modules/filesystems.nix new file mode 100644 index 0000000..5e31003 --- /dev/null +++ b/nixos/modules/filesystems.nix @@ -0,0 +1,27 @@ +{ ... }: + +{ + fileSystems."/" = { + options = [ "subvol=@" "compress=zstd" "space_cache=v2" "noatime" "lazytime" "ssd" "discard=async" ]; + }; + + fileSystems."/home" = { + options = [ "subvol=@home" "compress=zstd" "space_cache=v2" "noatime" "lazytime" "ssd" "discard=async" ]; + }; + + fileSystems."/var/log" = { + options = [ "subvol=@log" "compress=zstd" "space_cache=v2" "noatime" "lazytime" "ssd" "discard=async" ]; + }; + + fileSystems."/swap" = { + options = [ "subvol=@swap" "noatime" "ssd" "discard=async" ]; + }; + + swapDevices = [{ device = "/swap/swapfile"; }]; + + boot.kernel.sysctl = { + "vm.dirty_ratio" = 10; + "vm.dirty_background_ratio" = 5; + "vm.swappiness" = 10; + }; +} diff --git a/nixos/modules/hardware/bluetooth.nix b/nixos/modules/hardware/bluetooth.nix new file mode 100644 index 0000000..d3c98d9 --- /dev/null +++ b/nixos/modules/hardware/bluetooth.nix @@ -0,0 +1,6 @@ +{ ... }: + +{ + hardware.bluetooth.enable = true; + hardware.bluetooth.powerOnBoot = false; +} diff --git a/nixos/modules/hardware/gpu.nix b/nixos/modules/hardware/gpu.nix new file mode 100644 index 0000000..28060d2 --- /dev/null +++ b/nixos/modules/hardware/gpu.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + hardware.graphics = { + enable = true; + enable32Bit = true; + }; +} diff --git a/nixos/modules/hardware/power.nix b/nixos/modules/hardware/power.nix new file mode 100644 index 0000000..a187dc0 --- /dev/null +++ b/nixos/modules/hardware/power.nix @@ -0,0 +1,6 @@ +{ ... }: + +{ + services.upower.enable = true; + services.power-profiles-daemon.enable = true; +} diff --git a/nixos/modules/hardware/rtl-sdr.nix b/nixos/modules/hardware/rtl-sdr.nix new file mode 100644 index 0000000..94f3109 --- /dev/null +++ b/nixos/modules/hardware/rtl-sdr.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + hardware.rtl-sdr.enable = true; + + boot.blacklistedKernelModules = [ + "dvb_usb_rtl28xxu" + "rtl2832" + "rtl2830" + ]; +} diff --git a/nixos/modules/hardware/scanner.nix b/nixos/modules/hardware/scanner.nix new file mode 100644 index 0000000..966ca88 --- /dev/null +++ b/nixos/modules/hardware/scanner.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + hardware.sane.enable = true; + + environment.etc."sane.d/epsonds.conf".text = '' + net EPSOND80395.local + ''; +} diff --git a/nixos/modules/hardware/tablet.nix b/nixos/modules/hardware/tablet.nix new file mode 100644 index 0000000..7992d7b --- /dev/null +++ b/nixos/modules/hardware/tablet.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + hardware.opentabletdriver.enable = true; + hardware.uinput.enable = true; + boot.kernelModules = [ "uinput" ]; +} diff --git a/nixos/modules/hardware/udev.nix b/nixos/modules/hardware/udev.nix new file mode 100644 index 0000000..0e157b8 --- /dev/null +++ b/nixos/modules/hardware/udev.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: + +{ + services.udev.packages = [ + (pkgs.writeTextFile { + name = "probe-rs-udev-rules"; + destination = "/etc/udev/rules.d/69-probe-rs.rules"; + text = builtins.readFile ../../udev-rules/69-probe-rs.rules; + }) + ]; +} diff --git a/nixos/modules/networking/general.nix b/nixos/modules/networking/general.nix new file mode 100644 index 0000000..7dd2a5c --- /dev/null +++ b/nixos/modules/networking/general.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + networking.hostName = "lusia-laptop"; + networking.networkmanager.enable = true; + networking.networkmanager.wifi.powersave = true; + + networking.nameservers = [ "9.9.9.9" ]; + + services.resolved.enable = true; +} diff --git a/nixos/modules/networking/tailscale.nix b/nixos/modules/networking/tailscale.nix new file mode 100644 index 0000000..d5a7964 --- /dev/null +++ b/nixos/modules/networking/tailscale.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + services.tailscale.enable = true; + + networking.firewall.trustedInterfaces = [ "tailscale0" ]; + + boot.kernel.sysctl = { + "net.ipv4.conf.tailscale0.rp_filter" = 0; + }; +} diff --git a/nixos/modules/networking/vpn.nix b/nixos/modules/networking/vpn.nix new file mode 100644 index 0000000..91f2555 --- /dev/null +++ b/nixos/modules/networking/vpn.nix @@ -0,0 +1,55 @@ +{ pkgs, ... }: + +{ + # VSTech VPN (with DNS for bgs.local domain) + services.openvpn.servers.vstech = { + config = '' + client + remote 51.83.143.81 + proto udp + port 649 + dev tun + topology subnet + ca /home/lusia/VSTech-vpn/ca.crt + cert /home/lusia/VSTech-vpn/Klient251.crt + key /home/lusia/VSTech-vpn/Klient251.inline + tls-crypt /home/lusia/VSTech-vpn/ta.key + + auth sha512 + data-ciphers aes-256-cbc + data-ciphers-fallback aes-256-cbc + key-direction 1 + keepalive 10 120 + ''; + updateResolvConf = false; + + up = '' + ${pkgs.systemd}/bin/resolvectl dns $dev 10.10.10.1 + ${pkgs.systemd}/bin/resolvectl domain $dev bgs.local + ''; + + down = '' + ${pkgs.systemd}/bin/resolvectl revert $dev + ''; + }; + + # CAT VPN + services.openvpn.servers.cat = { + config = '' + client + remote 79.133.193.211 + proto tcp + port 1194 + dev tun + topology subnet + ca /home/lusia/vpn/ca.crt + cert /home/lusia/vpn/client18.crt + key /home/lusia/vpn/client18.key + + auth sha256 + data-ciphers AES-256-CBC + key-direction 1 + ''; + updateResolvConf = true; + }; +} diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix new file mode 100644 index 0000000..751fffe --- /dev/null +++ b/nixos/modules/packages.nix @@ -0,0 +1,25 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + git + curl + wget + vim + fish + kitty + powertop + openvpn + nodejs + gnumake + gcc + cmake + xwayland-satellite + busybox + libdecor + file + cifs-utils + samba + gvfs + ]; +} diff --git a/nixos/modules/services/flatpak.nix b/nixos/modules/services/flatpak.nix new file mode 100644 index 0000000..e785c3f --- /dev/null +++ b/nixos/modules/services/flatpak.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + services.flatpak.enable = true; +} diff --git a/nixos/modules/services/printing.nix b/nixos/modules/services/printing.nix new file mode 100644 index 0000000..a18666a --- /dev/null +++ b/nixos/modules/services/printing.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: + +{ + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + + services.printing = { + enable = true; + drivers = with pkgs; [ + cups-filters + cups-browsed + ]; + }; +} diff --git a/nixos/modules/services/smb.nix b/nixos/modules/services/smb.nix new file mode 100644 index 0000000..820af2f --- /dev/null +++ b/nixos/modules/services/smb.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + services.gvfs.enable = true; +} diff --git a/nixos/modules/services/ssh.nix b/nixos/modules/services/ssh.nix new file mode 100644 index 0000000..f29c3fe --- /dev/null +++ b/nixos/modules/services/ssh.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + services.openssh.enable = true; +} diff --git a/nixos/modules/users.nix b/nixos/modules/users.nix new file mode 100644 index 0000000..ea0dfbe --- /dev/null +++ b/nixos/modules/users.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: + +{ + users.groups.plugdev = {}; + + users.users.lusia = { + isNormalUser = true; + description = "Lukrecja"; + extraGroups = [ "wheel" "networkmanager" "docker" "plugdev" "scanner" "lp" "wireshark" "libvirtd" "kvm" "vboxusers" "dialout" ]; + initialPassword = "pass"; + shell = pkgs.fish; + }; + + programs.fish.enable = true; + security.sudo.enable = true; +} diff --git a/nixos/modules/virtualization.nix b/nixos/modules/virtualization.nix new file mode 100644 index 0000000..a87aee1 --- /dev/null +++ b/nixos/modules/virtualization.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + virtualisation.libvirtd.enable = true; + + virtualisation.virtualbox.host.enable = true; + virtualisation.virtualbox.host.enableExtensionPack = true; + + virtualisation.docker.enable = true; + + boot.kernelModules = [ "kvm-amd" ]; +} diff --git a/nixos/modules/wireshark.nix b/nixos/modules/wireshark.nix new file mode 100644 index 0000000..c55d73c --- /dev/null +++ b/nixos/modules/wireshark.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: + +{ + programs.wireshark.enable = true; + programs.wireshark.package = pkgs.wireshark; +}