142 lines
3.5 KiB
Nix
142 lines
3.5 KiB
Nix
{ pkgs, ... }:
|
|
{
|
|
environment.sessionVariables.NIXOS_OZONE_WL = "1"; # hint electron apps to use wayland:
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
security.polkit.enable = true;
|
|
security.rtkit.enable = true;
|
|
programs.zsh.enable = true;
|
|
networking.firewall.enable = false;
|
|
programs.nix-ld = {
|
|
enable = true;
|
|
libraries = with pkgs; [
|
|
# Toolchain / C++ runtime
|
|
stdenv.cc.cc # libc, libgcc, libstdc++
|
|
stdenv.cc.cc.lib # sometimes needed explicitly
|
|
|
|
# Compression / archive
|
|
zlib
|
|
zstd
|
|
xz
|
|
bzip2
|
|
|
|
# Crypto / TLS / networking
|
|
openssl
|
|
curl
|
|
libssh
|
|
|
|
# Core system libs
|
|
attr
|
|
acl
|
|
util-linux
|
|
libsodium
|
|
systemd # libudev, libsystemd
|
|
libxml2
|
|
expat
|
|
|
|
# Graphics / X11 / desktop
|
|
xorg.libX11
|
|
xorg.libXext
|
|
xorg.libXfixes
|
|
xorg.libXdamage
|
|
xorg.libXcomposite
|
|
xorg.libXrandr
|
|
xorg.libxcb
|
|
libdrm
|
|
mesa
|
|
libxkbcommon
|
|
|
|
# Audio / desktop integration
|
|
alsa-lib
|
|
dbus
|
|
cups
|
|
|
|
# GLib / GTK stack (lots of GUI apps, Electron, etc.)
|
|
glib
|
|
gdk-pixbuf
|
|
pango
|
|
cairo
|
|
atk
|
|
gtk3
|
|
|
|
# NSS/NSPR (Firefox, Electron, many apps)
|
|
nspr
|
|
nss
|
|
];
|
|
};
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.systemd-boot.memtest86.enable = true;
|
|
boot.loader.systemd-boot.netbootxyz.enable = true;
|
|
boot.loader.timeout = 1;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
systemd.settings.Manager.DefaultTimeoutStopSec = "10s";
|
|
systemd.settings.Manager.DefaultTimeoutStartSec = "10s";
|
|
systemd.settings.Manager.DefaultTimeoutAbortSec = "10s";
|
|
systemd.settings.Manager.DefaultDeviceTimeoutSec = "10s";
|
|
systemd.services.systemd-user-sessions.enable = false;
|
|
boot.tmp.cleanOnBoot = true;
|
|
|
|
powerManagement.enable = true;
|
|
services.thermald.enable = true;
|
|
services.pcscd.enable = true;
|
|
services.fwupd.enable = true;
|
|
services.gvfs.enable = true;
|
|
services.fstrim.enable = true;
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
};
|
|
};
|
|
|
|
fonts.packages = with pkgs; [
|
|
noto-fonts
|
|
noto-fonts-cjk-sans
|
|
noto-fonts-color-emoji
|
|
iosevka
|
|
roboto
|
|
font-awesome
|
|
jetbrains-mono
|
|
nerd-fonts.fira-code
|
|
nerd-fonts.ubuntu
|
|
nerd-fonts.zed-mono
|
|
];
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
virtiofsd
|
|
wget
|
|
curl
|
|
git
|
|
lm_sensors
|
|
wireguard-tools
|
|
|
|
# Podman
|
|
dive
|
|
podman-tui
|
|
docker-compose
|
|
];
|
|
|
|
nix.gc = {
|
|
automatic = true;
|
|
dates = "daily";
|
|
options = "--delete-older-than 2d";
|
|
};
|
|
|
|
virtualisation.containers.enable = true;
|
|
virtualisation = {
|
|
podman = {
|
|
enable = true;
|
|
dockerCompat = true;
|
|
defaultNetwork.settings.dns_enabled = true;
|
|
};
|
|
};
|
|
|
|
services.resolved = {
|
|
enable = pkgs.lib.mkDefault true;
|
|
fallbackDns = [ "1.1.1.1" "1.0.0.1" ];
|
|
};
|
|
networking.nameservers = pkgs.lib.mkDefault ["1.1.1.1" "1.0.0.1"];
|
|
}
|