{ pkgs, ... }: { services.openssh = { enable = true; settings = { PasswordAuthentication = false; PermitRootLogin = "no"; }; }; # [NFS] fileSystems."/home/rachel/music" = { device = "rachel.cafe:/srv/music"; fsType = "nfs"; options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=60" ]; }; fileSystems."/mnt/eta" = let secrets = import secrets.nix; in { device = "//192.168.30.33/users"; fsType = "cifs"; options = [ "username=${secrets.etaUser}" "password=${secrets.etaPass}" "uid=1000" "gid=1000" "x-systemd.automount" "noauto" "x-systemd.idle-timeout=60" ]; }; # [LOCALE] time.timeZone = "Europe/Stockholm"; i18n.defaultLocale = "en_GB.UTF-8"; i18n.supportedLocales = [ "sv_SE.UTF-8/UTF-8" "en_GB.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" ]; # [NIX] nix = { settings = { bash-prompt = "\\033[1m\\u\\033[0m@\\033[1m\\h\\033[0m: \\w\\n❄\\040"; experimental-features = [ "nix-command" "flakes" ]; auto-optimise-store = true; }; gc = { automatic = true; dates = "monthly"; options = "--delete-older-than 30d"; }; registry = { templates = { from = { type = "indirect"; id = "templates"; }; to = { type = "git"; url = "https://githug.xyz/xenchel/templates"; }; }; }; }; nixpkgs.config.allowUnfree = true; nixpkgs.config.permittedInsecurePackages = [ "electron-21.4.4" # needed for whalebird ]; # [DESKTOP / XORG / WAYLAND] services.xserver = { enable = true; desktopManager.plasma5.enable = true; displayManager.startx.enable = true; xkb = { layout = "fox,sus"; options = "ctrl:nocaps,grp:alt_shift_toggle"; extraLayouts.sus = { description = "Swedish US"; languages = [ "se" ]; symbolsFile = ../shared/sus.xkb; }; extraLayouts.fox = { description = "Layout suitable to be used by a fox"; languages = [ "se" ]; symbolsFile = ../shared/fox.xkb; }; }; libinput = { enable = true; touchpad = { naturalScrolling = true; accelProfile = "flat" ; tapping = false; }; }; }; # [TTY] console = { useXkbConfig = true; font = "LatGrkCyr-12x22"; }; # [SOUND] sound.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa = { enable = true; support32Bit = true; }; pulse.enable = true; jack.enable = true; wireplumber.enable = true; }; # [PACKAGES / PROGRAMS] environment.systemPackages = with pkgs; [ git neovim ]; programs.gamemode = { enable = true; settings.general.renice = 20; }; programs.steam.enable = true; ssbm.gcc = { rules.enable = true; oc-kmod.enable = true; }; # [SERVICES] services.printing.enable = true; virtualisation.docker.enable = true; # [SECURITY / FIREWALL] networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedUDPPorts = [ ]; security.doas = { enable = true; extraRules = [{ runAs = "root"; groups = [ "wheel" ]; noPass = false; keepEnv = true; }]; }; # [USER] users.users.rachel = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "video" "input" "audio" "docker" ]; }; # Done for gamemoderun security.pam.loginLimits = [ { domain = "rachel"; item = "nice"; "type" = "soft"; value = "-20"; } { domain = "rachel"; item = "nice"; "type" = "hard"; value = "-20"; } ]; }