steam firewall openings, more defaulting, move some packages, cleanup
This commit is contained in:
parent
fdbb796a33
commit
a23f6db0ef
70
common.nix
70
common.nix
@ -6,33 +6,35 @@
|
||||
];
|
||||
|
||||
config = {
|
||||
services.haveged.enable = true;
|
||||
services.haveged.enable = lib.mkDefault true;
|
||||
|
||||
security.rtkit.enable = true;
|
||||
security.rtkit.enable = lib.mkDefault true;
|
||||
|
||||
services.smartd.enable = true;
|
||||
services.smartd.enable = lib.mkDefault true;
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
hardware.enableAllFirmware = lib.mkDefault true;
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault true;
|
||||
|
||||
services.earlyoom.enable = true;
|
||||
services.earlyoom.enable = lib.mkDefault true;
|
||||
|
||||
# based mosh
|
||||
programs.mosh.enable = true;
|
||||
programs.mosh.enable = lib.mkDefault true;
|
||||
|
||||
systemd.services.nix-daemon.serviceConfig.IOSchedulingClass = 3;
|
||||
# Make Nix things not ruin my life when using a HDD
|
||||
systemd.services.nix-daemon.serviceConfig.IOSchedulingClass = lib.mkDefault 3;
|
||||
systemd.services.nix-gc.serviceConfig.IOSchedulingClass = lib.mkDefault 3;
|
||||
|
||||
nix = {
|
||||
package = lib.mkDefault pkgs.nixUnstable;
|
||||
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "20:00";
|
||||
options = "--delete-older-than 40d";
|
||||
automatic = lib.mkDefault true;
|
||||
dates = lib.mkDefault "20:00";
|
||||
options = lib.mkDefault "--delete-older-than 40d";
|
||||
};
|
||||
|
||||
daemonIONiceLevel = 7;
|
||||
daemonNiceLevel = 19;
|
||||
daemonIONiceLevel = lib.mkDefault 7;
|
||||
daemonNiceLevel = lib.mkDefault 19;
|
||||
trustedUsers = [ "root" "builder" "@wheel" ];
|
||||
|
||||
extraOptions = ''
|
||||
@ -45,9 +47,9 @@
|
||||
|
||||
# make nginx have good logging and defaults
|
||||
services.nginx = {
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedGzipSettings = lib.mkDefault true;
|
||||
recommendedOptimisation = lib.mkDefault true;
|
||||
recommendedProxySettings = lib.mkDefault true;
|
||||
appendHttpConfig = ''
|
||||
error_log stderr;
|
||||
access_log syslog:server=unix:/dev/log combined;
|
||||
@ -55,50 +57,38 @@
|
||||
};
|
||||
|
||||
# allow reverse ssh port shit to be public sometimes
|
||||
services.openssh.gatewayPorts = "clientspecified";
|
||||
services.openssh.gatewayPorts = lib.mkDefault "clientspecified";
|
||||
|
||||
# no homo
|
||||
nixpkgs.config.oraclejdk.accept_license = true;
|
||||
nixpkgs.config.oraclejdk.accept_license = lib.mkDefault true;
|
||||
|
||||
# set some basic system props
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
security.sudo.wheelNeedsPassword = lib.mkDefault false;
|
||||
networking.networkmanager.enable = lib.mkDefault true;
|
||||
networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
|
||||
time.timeZone = lib.mkDefault "America/Phoenix";
|
||||
|
||||
# package list
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget
|
||||
vim
|
||||
nano
|
||||
curl
|
||||
httpie
|
||||
git
|
||||
unzip
|
||||
htop
|
||||
(python37Full.withPackages (ps: with ps; [ pip setuptools ]))
|
||||
neofetch
|
||||
ripgrep
|
||||
lsd
|
||||
lm_sensors
|
||||
rsync
|
||||
bind
|
||||
file
|
||||
iotop
|
||||
psmisc
|
||||
usbutils
|
||||
pciutils
|
||||
|
||||
iotop
|
||||
htop
|
||||
|
||||
exfat
|
||||
];
|
||||
|
||||
# Allow ssh
|
||||
services.openssh.enable = true;
|
||||
services.openssh.passwordAuthentication = false;
|
||||
services.openssh.enable = lib.mkDefault true;
|
||||
services.openssh.passwordAuthentication = lib.mkDefault false;
|
||||
|
||||
# Use a firewall
|
||||
networking.firewall.enable = lib.mkDefault true;
|
||||
networking.firewall.allowedTCPPorts = [ 22 443 80 ];
|
||||
|
||||
programs.fish.enable = true;
|
||||
users.defaultUserShell = pkgs.fish;
|
||||
programs.fish.enable = lib.mkDefault true;
|
||||
users.defaultUserShell = lib.mkOverride 900 pkgs.fish;
|
||||
};
|
||||
}
|
||||
|
||||
@ -22,6 +22,14 @@
|
||||
url = "github:glacambre/firenvim";
|
||||
flake = false;
|
||||
};
|
||||
bobthefish = {
|
||||
url = "github:oh-my-fish/theme-bobthefish";
|
||||
flake = false;
|
||||
};
|
||||
done = {
|
||||
url = "github:franciscolourenco/done";
|
||||
flake = false;
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, ... }@inputs: {
|
||||
|
||||
@ -4,6 +4,26 @@ inputs:
|
||||
{
|
||||
imports = [ (import ./modules inputs) ];
|
||||
|
||||
home.packages = with pkgs; [
|
||||
wget
|
||||
curl
|
||||
httpie
|
||||
|
||||
nano
|
||||
|
||||
git
|
||||
|
||||
ripgrep
|
||||
lsd
|
||||
file
|
||||
|
||||
lm_sensors
|
||||
|
||||
# for fish-done
|
||||
libnotify
|
||||
notify-desktop
|
||||
];
|
||||
|
||||
programs.vim = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
@ -15,16 +35,7 @@ inputs:
|
||||
|
||||
home.sessionVariables = { TERM = "xterm-256color"; };
|
||||
|
||||
programs.bat.enable = true;
|
||||
|
||||
programs.fish =
|
||||
let
|
||||
bobthefish = builtins.fetchGit {
|
||||
url = "https://github.com/oh-my-fish/theme-bobthefish.git";
|
||||
rev = "a2ad38aa051aaed25ae3bd6129986e7f27d42d7b";
|
||||
};
|
||||
in
|
||||
{
|
||||
programs.fish = {
|
||||
enable = true;
|
||||
shellAliases = {
|
||||
cat = "bat";
|
||||
@ -32,14 +43,11 @@ inputs:
|
||||
plugins = [
|
||||
{
|
||||
name = "done";
|
||||
src = builtins.fetchGit {
|
||||
url = "https://github.com/franciscolourenco/done.git";
|
||||
rev = "9351f5a9f4ae6c73dd6f18e41364e63a77be5d90";
|
||||
};
|
||||
src = inputs.done;
|
||||
}
|
||||
{
|
||||
name = "bobthefish";
|
||||
src = bobthefish;
|
||||
src = inputs.bobthefish;
|
||||
}
|
||||
];
|
||||
interactiveShellInit = ''
|
||||
@ -51,9 +59,8 @@ inputs:
|
||||
end
|
||||
|
||||
set -U __done_min_cmd_duration 2000
|
||||
set -U __done_notification_command '${pkgs.espeak}/bin/espeak yyyyyi'
|
||||
|
||||
source ${bobthefish}/fish_prompt.fish
|
||||
source ${inputs.bobthefish}/fish_prompt.fish
|
||||
|
||||
set -Ua fish_user_paths ~/.bin
|
||||
set -Ua fish_user_paths ~/.local/bin
|
||||
@ -63,13 +70,7 @@ inputs:
|
||||
set -U fish_key_bindings fish_default_key_bindings
|
||||
set -g theme_nerd_fonts yes
|
||||
|
||||
function fish_greeting
|
||||
begin ${pkgs.figlet}/bin/figlet -f mini heh; echo ""; uptime; uname -a; end | ${pkgs.lolcat}/bin/lolcat
|
||||
end
|
||||
|
||||
eval (${pkgs.direnv}/bin/direnv hook fish)
|
||||
|
||||
${pkgs.thefuck}/bin/thefuck --alias | source
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
||||
@ -671,7 +671,6 @@ in
|
||||
|
||||
ark
|
||||
notify-osd
|
||||
libnotify
|
||||
ffmpeg
|
||||
id3v2
|
||||
imagemagick
|
||||
|
||||
@ -151,14 +151,22 @@ in
|
||||
networking.networkmanager.wifi.macAddress = lib.mkDefault "random";
|
||||
networking.networkmanager.wifi.scanRandMacAddress = lib.mkDefault true;
|
||||
|
||||
# Used for chromecast bullshit
|
||||
networking.firewall.allowedUDPPortRanges = [
|
||||
# Used for chromecast bullshit
|
||||
{
|
||||
from = 32768;
|
||||
to = 60999;
|
||||
}
|
||||
# Steam remote play
|
||||
{
|
||||
from = 27031;
|
||||
to = 27036;
|
||||
}
|
||||
];
|
||||
|
||||
# Steam remote play
|
||||
networking.firewall.allowedTCPPorts = [ 27036 ];
|
||||
|
||||
# Used for upnp or something?
|
||||
networking.firewall.allowedUDPPorts = [ 1900 ];
|
||||
|
||||
@ -168,11 +176,6 @@ in
|
||||
# better default swap
|
||||
boot.kernel.sysctl = { "vm.swappiness" = lib.mkDefault 45; };
|
||||
|
||||
# you probably want this system wide?
|
||||
environment.systemPackages = with pkgs; [
|
||||
exfat
|
||||
];
|
||||
|
||||
# self explanatory
|
||||
fuckingprint.enable = lib.mkDefault true;
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user