codingcoffee/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nix/systems/x86_64-linux/zephyrus/default.nix

150 lines
6.5 KiB
Nix
Raw Normal View History

feat: init Signed-off-by: Ameya Shenoy <shenoy.ameya@gmail.com>
2024-11-10 20:17:02 +00:00
{
# An instance of `pkgs` with your overlays and packages applied is also available.
pkgs, inputs, ... }: {
imports = [
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.asus-zephyrus-ga402x-nvidia
];
specialisation = {
amd.configuration = {
imports =
[ inputs.nixos-hardware.nixosModules.asus-zephyrus-ga402x-amdgpu ];
disabledModules =
[ inputs.nixos-hardware.nixosModules.asus-zephyrus-ga402x-nvidia ];
environment.etc."specialisation".text = "amd";
};
};
# basic setup
time.timeZone = "Asia/Kolkata";
networking = {
hostName = "zephyrus";
firewall = {
enable = true;
allowedTCPPorts = [
53317 # localsend
];
allowedUDPPorts = [
53317 # localsend
];
allowedTCPPortRanges = [
# KDE Connect
{
from = 1714;
to = 1764;
}
];
};
};
snowflake = {
locale = "en_US.UTF-8";
core = {
openssh.enable = true;
usbguard = {
enable = true;
serviceEnable = true;
rules = ''
allow id 1d6b:0002 serial "0000:65:00.3" name "xHCI Host Controller" hash "WzNerMjWOkFgAWCzXluD4lHtKgE+JDIqv97YjnIaxVg=" parent-hash "+g49kFA/DLPqqT4vRVfh/J3qcZm1eDYtwEhM+g/uLPE=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:65:00.3" name "xHCI Host Controller" hash "mIzU4fq70wRZa1T12gqLMSw7U2q9oA7P9dJxsssOayY=" parent-hash "+g49kFA/DLPqqT4vRVfh/J3qcZm1eDYtwEhM+g/uLPE=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0002 serial "0000:65:00.4" name "xHCI Host Controller" hash "NmYNS6NdTvXYWgsPKd+yQpw3t1mmAxiU8d4XQUBkH3I=" parent-hash "Znd9qz9Qs25cZtzXKrrJ7cTtJEGnWeuCGwYOaXme9ek=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:65:00.4" name "xHCI Host Controller" hash "y9Nk9H3fHo5epOhAW7s82MOJnnWZ/yFxSfccOQ/9Qzs=" parent-hash "Znd9qz9Qs25cZtzXKrrJ7cTtJEGnWeuCGwYOaXme9ek=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0002 serial "0000:67:00.4" name "xHCI Host Controller" hash "Cc+/NRzwn5FbQnzCQnJg0Sk0j05oRhcuKMUgVhlscSo=" parent-hash "e1e8cr4KK9QwD6zkfzdDwCklou0xWP10uuDzXNbqcl8=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:67:00.4" name "xHCI Host Controller" hash "q/cXrlPF1ME1cca1ODj3Zw2+KvUlO/AyHWhLBLcXEY0=" parent-hash "e1e8cr4KK9QwD6zkfzdDwCklou0xWP10uuDzXNbqcl8=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0002 serial "0000:67:00.3" name "xHCI Host Controller" hash "vrNNUIIcgkYEpDuGVktyyzvajURe8f8q0r+bX4UUOAU=" parent-hash "vBDAY9DPeKU7PmpNjjQF6BFGmMMUf5GcWT7mUBq3V/w=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:67:00.3" name "xHCI Host Controller" hash "oH0wqHMpez4C8qzE5sAEzaOFyHBgpK0tboegCmyJUKQ=" parent-hash "vBDAY9DPeKU7PmpNjjQF6BFGmMMUf5GcWT7mUBq3V/w=" with-interface 09:00:00 with-connect-type ""
allow id 0b05:19b6 serial "" name "N-KEY Device" hash "uOF2q+JtR+N2zPqqjWBZF2mtj4k1P288Y14Bc3Ys5nw=" parent-hash "WzNerMjWOkFgAWCzXluD4lHtKgE+JDIqv97YjnIaxVg=" via-port "1-3" with-interface 03:01:01 with-connect-type "not used"
allow id 0b05:193b serial "" name "ITE Device(8295)" hash "ftvLuhqr/PFdJv9LZ1cPFK4Dsl7PKfHvYU5ppnsFwko=" parent-hash "WzNerMjWOkFgAWCzXluD4lHtKgE+JDIqv97YjnIaxVg=" via-port "1-4" with-interface 03:01:01 with-connect-type "not used"
allow id 0489:e0f6 serial "000000000" name "Wireless_Device" hash "2zGpttB3IyVW7/frL+KK/GcLAB1X5tL3KIC+iKRyWjs=" parent-hash "WzNerMjWOkFgAWCzXluD4lHtKgE+JDIqv97YjnIaxVg=" with-interface { e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 } with-connect-type "hardwired"
allow id 3277:0018 serial "" name "USB2.0 FHD UVC WebCam" hash "JlgFONxs2KZ0CHsZ+/w7pTukZMabSq1ATObpw8H6LbI=" parent-hash "NmYNS6NdTvXYWgsPKd+yQpw3t1mmAxiU8d4XQUBkH3I=" via-port "3-1" with-interface { 0e:01:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:01:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 } with-connect-type "hardwired"
'';
};
latestKernel = true;
};
networking = {
networkmanager = { enable = true; };
netbirdClient = { enable = true; };
};
hardware = {
isEfi = true;
xbootldrMountPoint = "/boot";
efiSysMountPoint = "/efi";
diskDevice = "/dev/nvme0n1";
isInitrdLuksUnlockingEnabled = true;
laptop = {
enable = true;
lidSwitch = "lock";
};
};
services = {
asus.enable = true;
syncthing = {
enable = true;
user = "cc";
password = "xxxxxxxxxx";
dataDir = "/home/cc/Documents";
configDir = "/home/cc/.config/syncthing";
};
};
workstation = {
enable = true;
isDevMachine = true;
desktop = {
enable = true;
autoLoginUser = "cc";
};
networking.profiles.enable = true;
};
virtualisation = {
docker.enable = true;
kvm.enable = true;
};
user = {
enable = true;
users = {
cc = {
isNormalUser = true;
shell = pkgs.zsh;
description = "Ameya Shenoy";
extraGroups = [
"wheel" # for sudo access
"audio"
"networkmanager" # for modifying WiFi without sudo
"docker" # for docker cli without root
"input"
"kvm" # for kvm VMs
"libvirtd" # for kvm VMs
];
initialHashedPassword =
"$y$j9T$cfmQcJ67WPKPEhsIbH2aC.$m8bDYq5dZrfx8NdU57jKbRc1nFuSB7iKdnAka6/u9R0";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C eden-thinkpad-zephyrus-cell"
];
};
};
};
};
environment.etc = {
# wireguaard config
"wireguard/gvine.conf".source = ../../../conf/wireguard/gvine.conf;
"wireguard/kryo.conf".source = ../../../conf/wireguard/kryo.conf;
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}
Reference in a new issue Copy permalink