codingcoffee/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nix/systems/x86_64-linux/thinkpad/default.nix
Ameya Shenoy 4998e822a7 feat: init 
Signed-off-by: Ameya Shenoy <shenoy.ameya@gmail.com>
2024-11-11 01:48:40 +05:30

153 lines
5.3 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
# An instance of `pkgs` with your overlays and packages applied is also available.
pkgs, inputs, ... }: {
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t480
];
# basic setup
time.timeZone = "Asia/Kolkata";
networking = {
hostName = "thinkpad";
firewall = {
enable = true;
allowedTCPPorts = [
53317 # localsend
];
allowedUDPPorts = [
53317 # localsend
];
allowedTCPPortRanges = [
# KDE Connect
{
from = 1714;
to = 1764;
}
];
};
};
snowflake = {
locale = "en_US.UTF-8";
extraPackages = with pkgs; [
# try airdrop
opendrop
owl
wirelesstools
# # put in monitor mode
# sudo ifconfig wlp3s0 down
# sudo iwconfig wlp3s0 mode monitor
# sudo owl -i wlp3s0 -N
# # revert
# sudo ifconfig wlp3s0 down
# ip link set wlp3s0 up
];
core = {
openssh.enable = true;
usbguard = {
enable = true;
serviceEnable = true;
rules = ''
allow id 1d6b:0002 serial "0000:00:14.0" name "xHCI Host Controller" hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:00:14.0" name "xHCI Host Controller" hash "3Wo3XWDgen1hD5xM3PSNl3P98kLp1RUTgGQ5HSxtf8k=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0002 serial "0000:3c:00.0" name "xHCI Host Controller" hash "+k9gUUE6Cnbob2WB/I//KMZ1hZ1UgvI6RrqNkIDvdmQ=" parent-hash "zCxLdr73Tn0YoKg15XR1ttIXizl8vMD+KtVAQnBZO8I=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:3c:00.0" name "xHCI Host Controller" hash "f/j0P3jeotLSPQLacl0JEBDT/k4mgTo84SKV39leYSc=" parent-hash "zCxLdr73Tn0YoKg15XR1ttIXizl8vMD+KtVAQnBZO8I=" with-interface 09:00:00 with-connect-type ""
allow id 8087:0a2b serial "" name "" hash "TtRMrWxJil9GOY/JzidUEOz0yUiwwzbLm8D7DJvGxdg=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "1-7" with-interface { e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 } with-connect-type "not used"
allow id 04f2:b604 serial "0001" name "Integrated Camera" hash "Sra5Do2lULxlGqcVOc0E68CJLWT1st8KiYXu4dbUQoQ=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" with-interface { 0e:01:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 } with-connect-type "not used"
allow id 0bda:0316 serial "20120501030900000" name "USB3.0-CRW" hash "WG1MSC3YZsmCslTNGpjTTjT2lUvhNfU4gEVvD3gIuV4=" parent-hash "3Wo3XWDgen1hD5xM3PSNl3P98kLp1RUTgGQ5HSxtf8k=" with-interface 08:06:50 with-connect-type "not used"
'';
};
latestKernel = true;
};
networking = {
networkmanager = { enable = true; };
netbirdClient = { enable = true; };
};
hardware = {
isEfi = true;
xbootldrMountPoint = "/boot";
efiSysMountPoint = "/efi";
diskDevice = "/dev/sda";
isInitrdLuksUnlockingEnabled = true;
laptop = {
enable = true;
lidSwitch = "lock";
};
};
services = {
syncthing = {
enable = true;
user = "cc";
password = "xxxxxxxxxx";
dataDir = "/home/cc/Documents";
configDir = "/home/cc/.config/syncthing";
};
restic = {
enable = true;
name = "thinkpad";
};
};
workstation = {
enable = true;
isDevMachine = true;
desktop = {
enable = true;
autoLoginUser = "cc";
};
networking.profiles.enable = true;
};
virtualisation = {
docker.enable = true;
kvm = {
enable = true;
ovmf.enable = false;
};
};
user = {
enable = true;
users = {
cc = {
isNormalUser = true;
shell = pkgs.zsh;
description = "Ameya Shenoy";
extraGroups = [
"wheel" # for sudo access
"audio"
"networkmanager" # for modifying WiFi without sudo
"docker" # for docker cli without root
"input"
"kvm" # for kvm VMs
"libvirtd" # for kvm VMs
];
initialHashedPassword =
"$y$j9T$cfmQcJ67WPKPEhsIbH2aC.$m8bDYq5dZrfx8NdU57jKbRc1nFuSB7iKdnAka6/u9R0";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C eden-thinkpad-zephyrus-cell"
];
};
};
};
};
environment.etc = {
# wireguaard config
"wireguard/gvine.conf".source = ../../../conf/wireguard/gvine.conf;
"wireguard/kryo.conf".source = ../../../conf/wireguard/kryo.conf;
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}
Reference in a new issue View git blame Copy permalink