notgne2/nixfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

steam firewall openings, more defaulting, move some packages, cleanup

Browse Source
This commit is contained in:
notgne2 2021-10-05 10:28:08 -07:00
parent fdbb796a33
commit a23f6db0ef
No known key found for this signature in database
GPG Key ID: BB661E172B42A7F8
5 changed files with 71 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
common.nix
View File

@ -6,33 +6,35 @@
]; ];
config = { config = {
services.haveged.enable = true; services.haveged.enable = lib.mkDefault true;
security.rtkit.enable = true; security.rtkit.enable = lib.mkDefault true;
services.smartd.enable = true; services.smartd.enable = lib.mkDefault true;
hardware.enableAllFirmware = true; hardware.enableAllFirmware = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = true; hardware.cpu.amd.updateMicrocode = lib.mkDefault true;
services.earlyoom.enable = true; services.earlyoom.enable = lib.mkDefault true;
# based mosh # based mosh
programs.mosh.enable = true; programs.mosh.enable = lib.mkDefault true;
systemd.services.nix-daemon.serviceConfig.IOSchedulingClass = 3; # Make Nix things not ruin my life when using a HDD
systemd.services.nix-daemon.serviceConfig.IOSchedulingClass = lib.mkDefault 3;
systemd.services.nix-gc.serviceConfig.IOSchedulingClass = lib.mkDefault 3;
nix = { nix = {
package = lib.mkDefault pkgs.nixUnstable; package = lib.mkDefault pkgs.nixUnstable;
gc = { gc = {
automatic = true; automatic = lib.mkDefault true;
dates = "20:00"; dates = lib.mkDefault "20:00";
options = "--delete-older-than 40d"; options = lib.mkDefault "--delete-older-than 40d";
}; };
daemonIONiceLevel = 7; daemonIONiceLevel = lib.mkDefault 7;
daemonNiceLevel = 19; daemonNiceLevel = lib.mkDefault 19;
trustedUsers = [ "root" "builder" "@wheel" ]; trustedUsers = [ "root" "builder" "@wheel" ];
extraOptions = '' extraOptions = ''
@ -45,9 +47,9 @@
# make nginx have good logging and defaults # make nginx have good logging and defaults
services.nginx = { services.nginx = {
recommendedGzipSettings = true; recommendedGzipSettings = lib.mkDefault true;
recommendedOptimisation = true; recommendedOptimisation = lib.mkDefault true;
recommendedProxySettings = true; recommendedProxySettings = lib.mkDefault true;
appendHttpConfig = '' appendHttpConfig = ''
error_log stderr; error_log stderr;
access_log syslog:server=unix:/dev/log combined; access_log syslog:server=unix:/dev/log combined;
@ -55,50 +57,38 @@
}; };
# allow reverse ssh port shit to be public sometimes # allow reverse ssh port shit to be public sometimes
services.openssh.gatewayPorts = "clientspecified"; services.openssh.gatewayPorts = lib.mkDefault "clientspecified";
# no homo # no homo
nixpkgs.config.oraclejdk.accept_license = true; nixpkgs.config.oraclejdk.accept_license = lib.mkDefault true;
# set some basic system props # set some basic system props
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = lib.mkDefault false;
networking.networkmanager.enable = lib.mkDefault true; networking.networkmanager.enable = lib.mkDefault true;
networking.nameservers = [ "1.1.1.1" "1.0.0.1" ]; networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
time.timeZone = lib.mkDefault "America/Phoenix"; time.timeZone = lib.mkDefault "America/Phoenix";
# package list # package list
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wget
vim
nano
curl
httpie
git
unzip
htop
(python37Full.withPackages (ps: with ps; [ pip setuptools ]))
neofetch
ripgrep
lsd
lm_sensors
rsync
bind
file
iotop
psmisc psmisc
usbutils usbutils
pciutils pciutils
iotop
htop
exfat
]; ];
# Allow ssh # Allow ssh
services.openssh.enable = true; services.openssh.enable = lib.mkDefault true;
services.openssh.passwordAuthentication = false; services.openssh.passwordAuthentication = lib.mkDefault false;
# Use a firewall # Use a firewall
networking.firewall.enable = lib.mkDefault true; networking.firewall.enable = lib.mkDefault true;
networking.firewall.allowedTCPPorts = [ 22 443 80 ]; networking.firewall.allowedTCPPorts = [ 22 443 80 ];
programs.fish.enable = true; programs.fish.enable = lib.mkDefault true;
users.defaultUserShell = pkgs.fish; users.defaultUserShell = lib.mkOverride 900 pkgs.fish;
}; };
} }

8
flake.nix
View File

@ -22,6 +22,14 @@
url = "github:glacambre/firenvim"; url = "github:glacambre/firenvim";
flake = false; flake = false;
}; };
bobthefish = {
url = "github:oh-my-fish/theme-bobthefish";
flake = false;
};
done = {
url = "github:franciscolourenco/done";
flake = false;
};
}; };
outputs = { self, nixpkgs, ... }@inputs: { outputs = { self, nixpkgs, ... }@inputs: {

47
home-manager/common.nix
View File

@ -4,6 +4,26 @@ inputs:
{ {
imports = [ (import ./modules inputs) ]; imports = [ (import ./modules inputs) ];
home.packages = with pkgs; [
wget
curl
httpie
nano
git
ripgrep
lsd
file
lm_sensors
# for fish-done
libnotify
notify-desktop
];
programs.vim = { programs.vim = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
@ -15,16 +35,7 @@ inputs:
home.sessionVariables = { TERM = "xterm-256color"; }; home.sessionVariables = { TERM = "xterm-256color"; };
programs.bat.enable = true; programs.fish = {
programs.fish =
let
bobthefish = builtins.fetchGit {
url = "https://github.com/oh-my-fish/theme-bobthefish.git";
rev = "a2ad38aa051aaed25ae3bd6129986e7f27d42d7b";
};
in
{
enable = true; enable = true;
shellAliases = { shellAliases = {
cat = "bat"; cat = "bat";
@ -32,14 +43,11 @@ inputs:
plugins = [ plugins = [
{ {
name = "done"; name = "done";
src = builtins.fetchGit { src = inputs.done;
url = "https://github.com/franciscolourenco/done.git";
rev = "9351f5a9f4ae6c73dd6f18e41364e63a77be5d90";
};
} }
{ {
name = "bobthefish"; name = "bobthefish";
src = bobthefish; src = inputs.bobthefish;
} }
]; ];
interactiveShellInit = '' interactiveShellInit = ''
@ -51,9 +59,8 @@ inputs:
end end
set -U __done_min_cmd_duration 2000 set -U __done_min_cmd_duration 2000
set -U __done_notification_command '${pkgs.espeak}/bin/espeak yyyyyi'
source ${bobthefish}/fish_prompt.fish source ${inputs.bobthefish}/fish_prompt.fish
set -Ua fish_user_paths ~/.bin set -Ua fish_user_paths ~/.bin
set -Ua fish_user_paths ~/.local/bin set -Ua fish_user_paths ~/.local/bin
@ -63,13 +70,7 @@ inputs:
set -U fish_key_bindings fish_default_key_bindings set -U fish_key_bindings fish_default_key_bindings
set -g theme_nerd_fonts yes set -g theme_nerd_fonts yes
function fish_greeting
begin ${pkgs.figlet}/bin/figlet -f mini heh; echo ""; uptime; uname -a; end | ${pkgs.lolcat}/bin/lolcat
end
eval (${pkgs.direnv}/bin/direnv hook fish) eval (${pkgs.direnv}/bin/direnv hook fish)
${pkgs.thefuck}/bin/thefuck --alias | source
''; '';
}; };
} }

1
home-manager/modules/ezpcusr.nix
View File

@ -671,7 +671,6 @@ in
ark ark
notify-osd notify-osd
libnotify
ffmpeg ffmpeg
id3v2 id3v2
imagemagick imagemagick

15
modules/workstation.nix
View File

@ -151,14 +151,22 @@ in
networking.networkmanager.wifi.macAddress = lib.mkDefault "random"; networking.networkmanager.wifi.macAddress = lib.mkDefault "random";
networking.networkmanager.wifi.scanRandMacAddress = lib.mkDefault true; networking.networkmanager.wifi.scanRandMacAddress = lib.mkDefault true;
# Used for chromecast bullshit
networking.firewall.allowedUDPPortRanges = [ networking.firewall.allowedUDPPortRanges = [
# Used for chromecast bullshit
{ {
from = 32768; from = 32768;
to = 60999; to = 60999;
} }
# Steam remote play
{
from = 27031;
to = 27036;
}
]; ];
# Steam remote play
networking.firewall.allowedTCPPorts = [ 27036 ];
# Used for upnp or something? # Used for upnp or something?
networking.firewall.allowedUDPPorts = [ 1900 ]; networking.firewall.allowedUDPPorts = [ 1900 ];
@ -168,11 +176,6 @@ in
# better default swap # better default swap
boot.kernel.sysctl = { "vm.swappiness" = lib.mkDefault 45; }; boot.kernel.sysctl = { "vm.swappiness" = lib.mkDefault 45; };
# you probably want this system wide?
environment.systemPackages = with pkgs; [
exfat
];
# self explanatory # self explanatory
fuckingprint.enable = lib.mkDefault true; fuckingprint.enable = lib.mkDefault true;