My NixOS dotfiles
pci.express
1{ config, lib, pkgs, ... }: {
2 imports = [ ./hardware.nix ];
3
4 # Boot
5 boot = {
6 supportedFilesystems = [ "bcachefs" ];
7 loader.efi.canTouchEfiVariables = true;
8 loader.systemd-boot.enable = lib.mkForce false;
9 loader.limine = {
10 enable = true;
11 efiSupport = true;
12 style.wallpapers = [];
13 extraEntries = builtins.readFile ./limine.extra.conf;
14 secureBoot.enable = true;
15 };
16 initrd.systemd.enable = true;
17 kernelPackages = pkgs.linuxPackages_latest;
18 binfmt.emulatedSystems = [ "aarch64-linux" ];
19 initrd.kernelModules = [ "i915" ];
20 };
21
22 # Networking
23 networking = {
24 hostName = "riptide";
25 networkmanager = {
26 enable = true;
27 wifi.backend = "iwd";
28 };
29 firewall = {
30 allowedUDPPorts = [ 51820 ];
31 };
32 wireguard.enable = true;
33 wireguard.interfaces = {
34 wg0 = {
35 ips = [ "192.168.69.3/24" ];
36 privateKeyFile = "/root/wireguard-keys/private";
37 listenPort = 51820;
38 peers = [
39 {
40 publicKey = "gDSnymmeuX4a8az4kUHcoltMMHb8mdJCti/TYV62kwA=";
41 allowedIPs = [ "192.168.69.0/24" ];
42 endpoint = "185.44.83.60:12345";
43 persistentKeepalive = 25;
44 }
45 ];
46 };
47 };
48 };
49 hardware.bluetooth.enable = false;
50 hardware.bluetooth.powerOnBoot = false;
51
52 # Services
53 systemd.services.NetworkManager-wait-online.enable = false;
54 services = {
55 openssh.enable = true;
56 openssh.openFirewall = true;
57 openssh.settings.PasswordAuthentication = false;
58 usbmuxd = {
59 enable = true;
60 package = pkgs.usbmuxd2;
61 };
62 fwupd.enable = true;
63 pipewire = {
64 enable = true;
65 alsa.enable = true;
66 alsa.support32Bit = true;
67 pulse.enable = true;
68 jack.enable = true;
69 };
70
71 # Graphical Settings
72 desktopManager.plasma6.enable = true;
73 displayManager.sddm = {
74 enable = true;
75 wayland.enable = true;
76 wayland.compositor = "kwin";
77 };
78 xserver = {
79 xkb.layout = "us";
80 xkb.variant = "dvorak";
81 };
82 gvfs.enable = true;
83 };
84
85 # User Account Setup
86 users.groups.plugdev = { };
87 users.users.sydney = {
88 isNormalUser = true;
89 extraGroups = [
90 "wheel"
91 "wireshark"
92 "plugdev"
93 "adbusers"
94 "libvirtd"
95 ];
96 shell = pkgs.zsh;
97 description = "Sydney";
98 packages = with pkgs; [
99 ghidra
100 jujutsu
101 zig_0_15
102 zed-editor
103 fastfetch
104 hyfetch
105 firefox
106 tmux
107 texlive.combined.scheme-small
108 (python3.withPackages (
109 ppkgs: with ppkgs; [
110 pwntools
111 scapy
112 pycryptodome
113 ]
114 ))
115 thunderbird-latest
116 libreoffice-qt6-fresh
117 fragments
118 vlc
119 lean4
120 ripgrep
121 clang-tools
122 winetricks
123 wineWowPackages.stable
124 darktable
125 zoom-us
126 corefonts
127 vistafonts
128 kicad
129 ghostty
130 hut
131 tor-browser
132 ];
133 };
134
135 # System Packages and Fonts
136 environment.systemPackages = with pkgs; [
137 kdePackages.sddm-kcm
138 pciutils
139 usbutils
140 sbctl
141 lutris
142 ifuse
143 libimobiledevice
144 idevicerestore
145 ];
146 fonts.packages = with pkgs; [
147 nerd-fonts.fira-code
148 nerd-fonts.blex-mono
149 noto-fonts-cjk-sans
150 noto-fonts-emoji
151 ibm-plex
152 maple-mono.truetype-autohint
153 ];
154
155 # Program Settings
156 programs.adb.enable = true;
157 programs.nix-ld.enable = true;
158 programs.dconf.enable = true;
159 programs.wireshark.enable = true;
160 programs.wireshark.package = pkgs.wireshark;
161
162 # Misc
163 security.rtkit.enable = true;
164 hardware.graphics = {
165 enable = true;
166 enable32Bit = true;
167 extraPackages = with pkgs; [
168 intel-compute-runtime
169 intel-media-driver
170 ocl-icd
171 rocmPackages.clr.icd
172 ];
173 extraPackages32 = with pkgs.pkgsi686Linux; [
174 intel-media-driver
175 ];
176 };
177
178 virtualisation.libvirtd = {
179 enable = true;
180 qemu = {
181 package = pkgs.qemu_kvm;
182 runAsRoot = true;
183 swtpm.enable = true;
184 ovmf = {
185 enable = true;
186 packages = [(pkgs.OVMF.override {
187 secureBoot = true;
188 tpmSupport = true;
189 }).fd];
190 };
191 };
192 };
193
194 system.stateVersion = "24.05";
195}