# https://search.nixos.org/options user: { inputs, config, pkgs, lib, ... }: { home-manager.users.${user}.imports = [ ./home.nix ]; nix = { settings = { experimental-features = ["nix-command" "flakes"]; }; settings.trusted-users = ["root" user]; registry.nixpkgs.flake = inputs.nixpkgs; }; nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.networkmanager.enable = true; programs.nm-applet.enable = true; services.tailscale.enable = true; time.timeZone = "Europe/London"; console = { font = "Lat2-Terminus16"; useXkbConfig = true; }; # use pipewire hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; }; # pipewire raop networking.firewall.allowedUDPPorts = [6002 6001]; # network streaming networking.firewall.allowedTCPPorts = [4713]; # kde connect networking.firewall.allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; networking.firewall.allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; networking.firewall.interfaces.tailscale0 = { allowedTCPPortRanges = [ { from = 0; to = 65535; } ]; }; services.avahi.enable = true; security.pam.services.swaylock = {}; security.polkit.enable = true; systemd.user.services.polkit-gnome-authentication-agent-1 = { description = "polkit-gnome-authentication-agent-1"; wantedBy = ["graphical-session.target"]; wants = ["graphical-session.target"]; after = ["graphical-session.target"]; serviceConfig = { Type = "simple"; ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; Restart = "on-failure"; RestartSec = 1; TimeoutStopSec = 10; }; }; i18n.defaultLocale = lib.mkDefault "en_GB.UTF-8"; services.xserver = { layout = lib.mkDefault "gb"; xkbOptions = "caps:escape"; }; system.configurationRevision = pkgs.lib.mkIf (inputs.self ? rev) inputs.self.rev; hardware.opentabletdriver.enable = true; qt.enable = true; qt.platformTheme = "gtk2"; qt.style = "gtk2"; services.printing.enable = true; users.users.${user} = { isNormalUser = true; extraGroups = ["wheel" "video" "networkmanager"]; initialPassword = "pass"; shell = pkgs.fish; }; programs.fish.enable = true; environment.variables = { EDITOR = "nvim"; VISUAL = "nvim"; TERMINAL = "foot"; }; services.gvfs.enable = true; environment.systemPackages = with pkgs; [ foot tealdeer alsa-utils pcmanfm pavucontrol trash-cli wget unzip ]; services.dbus.enable = true; programs.light.enable = true; programs.dconf.enable = true; programs.tmux.enable = true; programs.tmux.extraConfig = '' set escape-time 0 set -g default-terminal screen bind -n M-s split-window -v bind -n M-v split-window -h bind -n M-Enter split-window -h bind -n M-h select-pane -L bind -n M-j select-pane -D bind -n M-k select-pane -U bind -n M-l select-pane -R bind -n M-q kill-pane bind -n M-< resize-pane -L 10 bind -n M-> resize-pane -R 10 bind -n M-- resize-pane -D 10 bind -n M-+ resize-pane -U 10 bind -n M-u copy-mode bind -n M-p paste-buffer set-window-option -g mode-keys vi bind-key -T copy-mode-vi v send-keys -X begin-selection bind-key -T copy-mode-vi y send-keys -X copy-selection ''; boot.kernel.sysctl = { "net.ipv4.ip_unprivileged_port_start" = 53; }; services.tlp.enable = true; hardware.bluetooth.enable = true; services.blueman.enable = true; services.prometheus.exporters.node.enable = true; networking.networkmanager.insertNameservers = ["1.1.1.1" "1.0.0.1"]; }