dotfiles/hosts/msft-laptop/default.nix

105 lines
1.9 KiB
Nix
Raw Normal View History

{ pkgs, ... }:
{
imports = [
./hardware-configuration.nix
];
my = {
user = {
username = "errie";
homeModule = ./home;
extraGroups = [ "dialout" ];
};
secure-boot.enable = true;
bootloader.type = "systemdBoot";
fs = {
luks.enable = true;
ssd.enable = true;
bootPartition = true;
snapshots = true;
type = "btrfs";
};
laptop = {
enable = true;
amd.enable = true;
};
networking = {
networkManager.enable = true;
i2p.enable = true;
eddie = let
forwardedPorts = [ 14110 50459 ];
in {
enable = true;
allowedTCPPorts = forwardedPorts;
allowedUDPPorts = forwardedPorts;
};
};
bin-compat.enable = true;
docker.enable = true;
interception.enable = true;
location.enable = true;
virt-manager.enable = true;
wireshark.enable = true;
syncthing = {
enable = true;
asUser = true;
};
cli = {
fish.enable = true;
nix-index.enable = true;
sudo.insults.enable = true;
};
desktop = {
enable = true;
audio.enable = true;
bluetooth.enable = true;
gaming.enable = true;
hyprland.enable = true;
# TODO: reenable after cve is addressed (too lazy to check if actually affected)
printing.enable = false;
};
};
boot.kernelPackages = pkgs.linuxPackages;
environment.systemPackages = with pkgs; [
dos2unix
amdgpu_top
framework-tool
fw-ectool
(p7zip.override {enableUnfree = true;})
];
programs = {
git.package = pkgs.gitFull;
};
hardware.sensor.iio.enable = true;
services = {
fwupd.enable = true;
fprintd.enable = true;
flatpak.enable = true;
openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
};
};
system.stateVersion = "23.11";
}