112 lines
2.8 KiB
Nix
112 lines
2.8 KiB
Nix
{ config, pkgs, inputs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./desktop.nix
|
|
./users.nix
|
|
./programs.nix
|
|
];
|
|
|
|
# Bootloader.
|
|
boot = {
|
|
loader.systemd-boot.enable = true;
|
|
loader.efi.canTouchEfiVariables = true;
|
|
initrd.kernelModules = [ "amdgpu" ];
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
|
};
|
|
|
|
# Enable networking
|
|
networking.networkmanager.enable = true;
|
|
|
|
# Network security
|
|
# enable firewall and block all ports
|
|
networking.firewall.enable = true;
|
|
|
|
# disable coredump that could be exploited later
|
|
# and also slow down the system when something crash
|
|
systemd.coredump.enable = false;
|
|
|
|
# Set your time zone.
|
|
time.timeZone = "Europe/Stockholm";
|
|
|
|
# Select internationalisation properties.
|
|
i18n.defaultLocale = "en_GB.UTF-8";
|
|
|
|
i18n.extraLocaleSettings = {
|
|
LC_ADDRESS = "sv_SE.UTF-8";
|
|
LC_IDENTIFICATION = "sv_SE.UTF-8";
|
|
LC_MEASUREMENT = "sv_SE.UTF-8";
|
|
LC_MONETARY = "sv_SE.UTF-8";
|
|
LC_NAME = "sv_SE.UTF-8";
|
|
LC_NUMERIC = "sv_SE.UTF-8";
|
|
LC_PAPER = "sv_SE.UTF-8";
|
|
LC_TELEPHONE = "sv_SE.UTF-8";
|
|
LC_TIME = "sv_SE.UTF-8";
|
|
};
|
|
|
|
# Configure console keymap
|
|
console.keyMap = "sv-latin1";
|
|
|
|
# Enable CUPS to print documents.
|
|
services.printing.enable = false;
|
|
|
|
# Enable sound with pipewire.
|
|
services.pulseaudio.enable = false;
|
|
security.rtkit.enable = true;
|
|
services.pipewire = {
|
|
enable = true;
|
|
alsa.enable = true;
|
|
alsa.support32Bit = true;
|
|
pulse.enable = true;
|
|
};
|
|
|
|
# Allow unfree packages
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
# Enable Flakes
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
# Automatic system upgrades
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
flake = inputs.self.outPath;
|
|
flags = [
|
|
"--update-input"
|
|
"nixpkgs"
|
|
"-L" # print build logs
|
|
];
|
|
dates = "02:00";
|
|
randomizedDelaySec = "45min";
|
|
};
|
|
|
|
# Fonts
|
|
fonts.packages = with pkgs; [
|
|
intel-one-mono
|
|
];
|
|
|
|
# create system-wide executables firefox and chromium
|
|
# that will wrap the real binaries so everything work out of the box.
|
|
# enable firejail
|
|
programs.firejail = {
|
|
enable = true;
|
|
wrappedBinaries = {
|
|
firefox = {
|
|
executable = "${pkgs.lib.getBin pkgs.firefox}/bin/firefox";
|
|
profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
|
|
};
|
|
chromium = {
|
|
executable = "${pkgs.lib.getBin pkgs.chromium}/bin/chromium";
|
|
profile = "${pkgs.firejail}/etc/firejail/chromium.profile";
|
|
};
|
|
};
|
|
};
|
|
|
|
# enable antivirus clamav and keep the signatures' database updated
|
|
services.clamav.daemon.enable = true;
|
|
services.clamav.updater.enable = true;
|
|
|
|
# This value determines the NixOS release from which the default
|
|
# settings for stateful data, like file locations and database versions
|
|
# on your system were taken.
|
|
system.stateVersion = "23.11";
|
|
} |