cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

some more network and bluetooth-fu

Browse source
This commit is contained in:
Cy Pokhrel 2024-11-25 20:10:53 -05:00
parent 55a46df583
commit b6a5f08110
No known key found for this signature in database
GPG key ID: 1200FBE36C2ADE2E
1 changed files with 66 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

72
nix/configuration.nix
View file

@ -18,9 +18,10 @@
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "ytnix"; networking = {
networking.nftables.enable = true; hostName = "ytnix";
networking.wireless.iwd = { # nftables.enable = true;
wireless.iwd = {
enable = true; enable = true;
settings = { settings = {
Rank = { Rank = {
@ -30,10 +31,18 @@
}; };
}; };
}; };
networking.networkmanager = { networkmanager = {
enable = true; enable = true;
dns = "none";
wifi.backend = "iwd"; wifi.backend = "iwd";
}; };
nameservers = [ "127.0.0.1" "::1" ];
resolvconf.enable = true;
firewall = {
trustedInterfaces = [ "wgnord" ];
};
};
programs.nm-applet.enable = true;
time.timeZone = "America/Toronto"; time.timeZone = "America/Toronto";
security.rtkit.enable = true; security.rtkit.enable = true;
@ -42,8 +51,7 @@
pulse.enable = true; pulse.enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
}; wireplumber.extraConfig.bluetoothEnhancements = {
services.pipewire.wireplumber.extraConfig.bluetoothEnhancements = {
"wireplumber.settings" = { "wireplumber.settings" = {
"bluetooth.autoswitch-to-headset-profile" = false; "bluetooth.autoswitch-to-headset-profile" = false;
}; };
@ -54,6 +62,7 @@
"bluez5.roles" = [ "a2dp_sink" "a2dp_source" ]; "bluez5.roles" = [ "a2dp_sink" "a2dp_source" ];
}; };
}; };
};
services.libinput.enable = true; services.libinput.enable = true;
@ -86,6 +95,9 @@
cosign cosign
azure-cli azure-cli
pavucontrol pavucontrol
btop
stockfish
cutechess
]; ];
}; };
@ -113,7 +125,6 @@
veracrypt veracrypt
bluetuith bluetuith
libimobiledevice libimobiledevice
networkmanagerapplet
pass-wayland pass-wayland
htop htop
file file
@ -125,8 +136,11 @@
traceroute traceroute
sops sops
restic restic
nyx
]; ];
environment.sessionVariables.NIXOS_OZONE_WL = "1";
system.stateVersion = "24.05"; system.stateVersion = "24.05";
services.gnome.gnome-keyring.enable = true; services.gnome.gnome-keyring.enable = true;
@ -144,7 +158,13 @@
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
nerdfonts nerdfonts
]; ];
nixpkgs.config.allowUnfree = true; nixpkgs.config = {
allowUnfree = true;
chromium = {
enableWideVine = true;
commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland --force-dark-mode --enable-features=WebUIDarkMode";
};
};
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
@ -160,7 +180,7 @@
}; };
services.borgbackup.jobs.ytnixRsync = { services.borgbackup.jobs.ytnixRsync = {
paths = [ "/root" "/home" "/var/lib" "/opt" "/etc" ]; paths = [ "/root" "/home" "/var/lib" "/var/log" "/opt" "/etc" ];
exclude = [ exclude = [
".git" ".git"
"**/.cache" "**/.cache"
@ -191,7 +211,7 @@
}; };
services.restic.backups.ytazure = { services.restic.backups.ytazure = {
paths = [ "/root" "/home" "/var/lib" "/opt" "/etc" ]; paths = [ "/root" "/home" "/var/lib" "/var/log" "/opt" "/etc" ];
exclude = [ exclude = [
".git" ".git"
"**/.cache" "**/.cache"
@ -222,13 +242,14 @@
}; };
}; };
services.btrbk.instances.local.settings = { services.btrbk.instances.local = {
snapshot_preserve = "14d"; onCalendar = "hourly";
settings = {
snapshot_preserve = "8w 12m";
snapshot_preserve_min = "2d"; snapshot_preserve_min = "2d";
volume."/" = { snapshot_dir = "/snapshots";
target = "/snapshots";
subvolume = { subvolume = {
home = {}; "/home" = {};
"/" = {}; "/" = {};
}; };
}; };
@ -265,16 +286,19 @@
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;
programs.virt-manager.enable = true; programs.virt-manager.enable = true;
# https-dns-proxy doesn't work without this :( services.dnscrypt-proxy2 = {
services.resolved.enable = true;
services.https-dns-proxy = {
enable = true; enable = true;
provider = { settings = {
url = "https://dns.cy7.sh/dns-query/yt-linux"; ipv6_servers = true;
kind = "custom"; require_dnssec = true;
ips = [ "1.1.1.1" "8.8.8.8" ]; sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
}; };
# doesn't work otherwise :(
preferIPv4 = true;
}; };
} }