mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 06:18:52 +08:00
249 lines
6.7 KiB
Nix
249 lines
6.7 KiB
Nix
|
{ config, pkgs, lib, ... } @inputs:
|
||
|
|
||
|
{
|
||
|
# 基本设置
|
||
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||
|
networking.hostName = "chn-PC";
|
||
|
networking.networkmanager.enable = true;
|
||
|
time.timeZone = "Asia/Shanghai";
|
||
|
i18n =
|
||
|
{
|
||
|
defaultLocale = "zh_CN.UTF-8";
|
||
|
supportedLocales = ["zh_CN.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "C.UTF-8/UTF-8"];
|
||
|
};
|
||
|
system.stateVersion = "22.11";
|
||
|
|
||
|
# 输入法
|
||
|
i18n.inputMethod =
|
||
|
{
|
||
|
enabled = "fcitx5";
|
||
|
fcitx5.addons = with pkgs; [fcitx5-rime fcitx5-chinese-addons fcitx5-mozc];
|
||
|
};
|
||
|
|
||
|
# 图形界面
|
||
|
services.xserver =
|
||
|
{
|
||
|
enable = true;
|
||
|
displayManager.sddm.enable = true;
|
||
|
desktopManager.plasma5.enable = true;
|
||
|
};
|
||
|
|
||
|
# 打印机
|
||
|
services.printing.enable = true;
|
||
|
|
||
|
# 声音
|
||
|
sound.enable = true;
|
||
|
hardware.pulseaudio.enable = false;
|
||
|
security.rtkit.enable = true;
|
||
|
services.pipewire =
|
||
|
{
|
||
|
enable = true;
|
||
|
alsa.enable = true;
|
||
|
alsa.support32Bit = true;
|
||
|
pulse.enable = true;
|
||
|
};
|
||
|
|
||
|
# 虚拟机(作为顾客)
|
||
|
services.qemuGuest.enable = true;
|
||
|
services.spice-vdagentd.enable = true;
|
||
|
|
||
|
# waydroid
|
||
|
virtualisation.waydroid.enable = true;
|
||
|
|
||
|
# 用户
|
||
|
users.users.chn =
|
||
|
{
|
||
|
isNormalUser = true;
|
||
|
extraGroups = [ "networkmanager" "wheel" "wireshark" ];
|
||
|
passwordFile = config.sops.secrets."password/chn".path;
|
||
|
shell = pkgs.zsh;
|
||
|
};
|
||
|
users.mutableUsers = false;
|
||
|
sops.secrets."password/chn".neededForUsers = true;
|
||
|
home-manager.useGlobalPkgs = true;
|
||
|
home-manager.useUserPackages = true;
|
||
|
home-manager.users.chn = { pkgs, ... }:
|
||
|
{
|
||
|
home.stateVersion = "22.11";
|
||
|
programs.zsh =
|
||
|
{
|
||
|
enable = true;
|
||
|
initExtraBeforeCompInit =
|
||
|
''
|
||
|
# p10k instant prompt
|
||
|
P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
|
||
|
[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
|
||
|
'';
|
||
|
|
||
|
plugins =
|
||
|
[
|
||
|
{
|
||
|
file = "powerlevel10k.zsh-theme";
|
||
|
name = "powerlevel10k";
|
||
|
src = "${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
|
||
|
}
|
||
|
{
|
||
|
file = "p10k.zsh";
|
||
|
name = "powerlevel10k-config";
|
||
|
src = ./p10k-config;
|
||
|
}
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
|
||
|
# 软件包
|
||
|
environment.systemPackages = with pkgs;
|
||
|
[
|
||
|
beep neofetch screen dos2unix tldr gnugrep
|
||
|
zsh ksh zsh-powerlevel10k zsh-autosuggestions zsh-syntax-highlighting
|
||
|
vim nano
|
||
|
(
|
||
|
vscode-with-extensions.override
|
||
|
{
|
||
|
vscodeExtensions = with vscode-extensions;
|
||
|
[
|
||
|
ms-vscode.cpptools
|
||
|
llvm-vs-code-extensions.vscode-clangd
|
||
|
# twxs.cmake
|
||
|
ms-vscode.cmake-tools
|
||
|
ms-ceintl.vscode-language-pack-zh-hans
|
||
|
github.copilot
|
||
|
github.github-vscode-theme
|
||
|
ms-vscode.hexeditor
|
||
|
oderwat.indent-rainbow
|
||
|
james-yu.latex-workshop
|
||
|
pkief.material-icon-theme
|
||
|
ms-vscode-remote.remote-ssh
|
||
|
]
|
||
|
++ pkgs.vscode-utils.extensionsFromVscodeMarketplace
|
||
|
[
|
||
|
{
|
||
|
name = "cpptools-themes";
|
||
|
publisher = "ms-vscode";
|
||
|
version = "2.0.0";
|
||
|
sha256 = "05r7hfphhlns2i7zdplzrad2224vdkgzb0dbxg40nwiyq193jq31";
|
||
|
}
|
||
|
{
|
||
|
name = "cpp-reference";
|
||
|
publisher = "Guyutongxue";
|
||
|
version = "0.2.3";
|
||
|
sha256 = "1cdwps1qikvzqpdx4hrxgi3lxg6335q24hhra959h8qnqcvnlg4p";
|
||
|
}
|
||
|
];
|
||
|
}
|
||
|
)
|
||
|
wget aria2 curl yt-dlp qbittorrent
|
||
|
tree git autojump
|
||
|
nix-output-monitor comma
|
||
|
docker docker-compose
|
||
|
apacheHttpd certbot-full
|
||
|
pigz rar unrar upx
|
||
|
util-linux snapper gparted snapper-gui
|
||
|
firefox google-chrome
|
||
|
qemu_full virt-manager
|
||
|
zotero ocrmypdf pdfgrep texlive.combined.scheme-full libreoffice-qt
|
||
|
ovito paraview gimp # vsim vesta
|
||
|
(python3.withPackages (ps: with ps; [ phonopy ]))
|
||
|
element-desktop tdesktop discord qq config.nur.repos.xddxdd.wechat-uos
|
||
|
remmina
|
||
|
bitwarden openssl ssh-to-age gnupg age sops
|
||
|
spotify yesplaymusic # netease-cloud-music-gtk config.nur.repos.eh5.netease-cloud-music
|
||
|
crow-translate
|
||
|
scrcpy
|
||
|
ipset iptables iproute2 wireshark dig nettools
|
||
|
touchix.v2ray-forwarder
|
||
|
mathematica
|
||
|
]
|
||
|
++ (with lib; filter isDerivation (attrValues pkgs.plasma5Packages.kdeGear));
|
||
|
programs.wireshark.enable = true;
|
||
|
programs.anime-game-launcher.enable = true;
|
||
|
programs.honkers-railway-launcher.enable = true;
|
||
|
programs.nix-index-database.comma.enable = true;
|
||
|
programs.nix-index.enable = true;
|
||
|
programs.command-not-found.enable = false;
|
||
|
programs.steam.enable = true;
|
||
|
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1t" "electron-19.0.7" ];
|
||
|
nix.settings.substituters = [ "https://xddxdd.cachix.org" ];
|
||
|
nix.settings.trusted-public-keys = [ "xddxdd.cachix.org-1:ay1HJyNDYmlSwj5NXQG065C8LfoqqKaTNCyzeixGjf8=" ];
|
||
|
|
||
|
# 字体
|
||
|
fonts =
|
||
|
{
|
||
|
fontDir.enable = true;
|
||
|
fonts = with pkgs;
|
||
|
[ noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono nerdfonts ];
|
||
|
fontconfig.defaultFonts =
|
||
|
{
|
||
|
emoji = [ "Noto Color Emoji" ];
|
||
|
monospace = [ "Noto Sans Mono CJK SC" "Sarasa Mono SC" "DejaVu Sans Mono"];
|
||
|
sansSerif = ["Noto Sans CJK SC" "Source Han Sans SC" "DejaVu Sans"];
|
||
|
serif = ["Noto Serif CJK SC" "Source Han Serif SC" "DejaVu Serif"];
|
||
|
};
|
||
|
};
|
||
|
|
||
|
# zsh
|
||
|
programs.zsh =
|
||
|
{
|
||
|
enable = true;
|
||
|
syntaxHighlighting.enable = true;
|
||
|
autosuggestions.enable = true;
|
||
|
enableCompletion = true;
|
||
|
};
|
||
|
|
||
|
# ssh security?
|
||
|
services.openssh.enable = true;
|
||
|
|
||
|
# firewall
|
||
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||
|
|
||
|
# sops
|
||
|
sops = { defaultSopsFile = ./secrets/chn-PC.yaml; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; };
|
||
|
|
||
|
# 翻墙
|
||
|
services.dnsmasq =
|
||
|
{
|
||
|
enable = true;
|
||
|
settings = {
|
||
|
no-poll = true;
|
||
|
server = [ "127.0.0.1#10853" ];
|
||
|
listen-address = "127.0.0.1";
|
||
|
bind-interfaces = true;
|
||
|
address = [
|
||
|
"/mirism.one/216.24.188.24"
|
||
|
"/beta.mirism.one/216.24.188.24"
|
||
|
"/ng01.mirism.one/216.24.188.24"
|
||
|
"/debug.mirism.one/127.0.0.1"
|
||
|
"/public-data-api.mihoyo.com/0.0.0.0"
|
||
|
];
|
||
|
ipset = [
|
||
|
"/developer.download.nvidia.com/noproxy_net"
|
||
|
"/yuanshen.com/noproxy_net"
|
||
|
"/zoom.us/noproxy_net"
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
services.xray = { enable = true; settingsFile = config.sops.secrets."xray.json".path; };
|
||
|
sops.secrets."xray.json" = { mode = "0440"; owner = "v2ray"; group = "v2ray"; restartUnits = [ "xray.service" ]; };
|
||
|
systemd.services.xray.serviceConfig =
|
||
|
{
|
||
|
DynamicUser = lib.mkForce false;
|
||
|
User = "v2ray";
|
||
|
Group = "v2ray";
|
||
|
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
|
||
|
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
|
||
|
};
|
||
|
users.users.v2ray = { isSystemUser = true; group = "v2ray"; uid = lib.mkForce 997; };
|
||
|
users.groups.v2ray = {};
|
||
|
services.v2ray-forwarder = { enable = true; proxyPort = 10880; xmuPort = 10881; };
|
||
|
boot.kernel.sysctl =
|
||
|
{
|
||
|
"net.ipv4.conf.all.route_localnet" = true;
|
||
|
"net.ipv4.conf.default.route_localnet" = true;
|
||
|
"net.ipv4.conf.all.accept_local" = true;
|
||
|
"net.ipv4.conf.default.accept_local" = true;
|
||
|
"net.ipv4.ip_forward" = true;
|
||
|
"net.ipv4.ip_nonlocal_bind" = true;
|
||
|
};
|
||
|
}
|