{ config, pkgs, ... }:
{
# Enable networking
networking.networkmanager.enable = true;
# virtual file system
services.gvfs.enable = true;
#disable power save for better latency
networking.networkmanager.wifi.powersave = false;
#stop systemd from taking too long to time out
systemd.settings.Manager = {
DefaultTimeoutStopSec="10s";
};
systemd.user.extraConfig = "DefaultTimeoutStopSec=10s";
networking.firewall.enable = false;
networking.extraHosts =
''
255.255.255.255 wpad
255.255.255.255 wpad.lan
'';
# Enable CUPS to print documents.
#services.printing.enable = true;
# Enable automatic login for the user.
services.displayManager.autoLogin.enable = true;
services.displayManager.autoLogin.user = "iopq";
services.xserver.enable = true;
#kde
services.desktopManager.plasma6.enable = true;
security.pam.services.sddm.enableKwallet = true;
#sddm
services.displayManager.sddm.enable = true;
services.displayManager.sddm.wayland.enable = true;
services.flatpak.enable = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
hardware.bluetooth.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
};
/* services.pulseaudio.enable = true;
services.pulseaudio.support32Bit = true;
services.pulseaudio.daemon.config = {
avoid-resampling = "yes";
resample-method = "soxr-vhq";
};
*/
#services.pipewire.package = (pkgs.pipewire.override { alsa-lib = pkgs.alsa-lib.overrideAttrs { separateDebugInfo = true; }; }).overrideAttrs { separateDebugInfo = true; };
# graphics
hardware.graphics = {
enable = true;
enable32Bit = true;
};
#fonts
fonts.packages = with pkgs; [
noto-fonts-cjk-sans
babelstone-han
];
programs.steam = {
enable = true;
};
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {
extraPkgs = pkgs: with pkgs; [
libgdiplus
];
};
};
#fingerprint reader
services.fprintd = {
enable = true;
};
i18n.inputMethod = {
enable = true;
type = "fcitx5";
fcitx5.waylandFrontend = true;
fcitx5.addons = with pkgs; [
rime-data
fcitx5-gtk
fcitx5-rime
fcitx5-hangul
];
};
# services.daed.enable = true;
services.speechd.enable = true; #firefox error
#programs.ssh.startAgent = true;
#GnuPG
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.pcscd.enable = true;
services.tlp.enable = true;
services.power-profiles-daemon.enable = false; # avoid conflicts
services.xray.settingsFile = "/etc/nixos/scripts/config.json";
services.xray.enable = true;
systemd.services.xray.serviceConfig = {
User="xray_tproxy";
};
users.users.xray_tproxy.linger = true;
users.users.xray_tproxy.isSystemUser= true;
users.users.xray_tproxy.group = "xray_tproxy";
users.groups.xray_tproxy = {
gid = 988;
};
systemd.services.tproxy-rules = {
enable = true;
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
description = "Tproxy rules";
path = [
pkgs.nftables
pkgs.iptables
pkgs.iproute2]; #realpath $(which ip)
serviceConfig = {
EnvironmentFile = "/etc/nixos/scripts/.env";
Type = "oneshot";
RemainAfterExit="yes";
ExecStart = "/etc/nixos/scripts/tproxy-rules.sh";
ExecStop=''/etc/nixos/scripts/ipclean.sh ; \
/run/current-system/sw/bin/ip route del local default dev lo table 100 ; /run/current-system/sw/bin/ip rule del table 100'';
};
};
systemd.services.udp2raw = {
enable = true;
description = "Run udp2raw as a tproxy user";
wantedBy = [ "multi-user.target" ];
after = [ "tproxy-rules.service" ];
serviceConfig = {
EnvironmentFile = "/etc/nixos/scripts/.env";
ExecStart = ''/etc/nixos/scripts/udp2raw.sh'';
User="xray_tproxy";
};
};
systemd.services.udpspeeder = {
enable = true;
description = "Run udpspeeder as a tproxy user";
wantedBy = [ "multi-user.target" ];
after = [ "tproxy-rules.service" ];
serviceConfig = {
EnvironmentFile = "/etc/nixos/scripts/.env";
ExecStart = ''/etc/speederv2_binaries/speederv2_amd64 -c -l 0.0.0.0:7443 -r 127.0.0.1:6443 -k $SPEEDER_PWD -f2:2,20:8,50:15 --timeout 4 --mode 0 --log-level 5'';
User="xray_tproxy";
};
};
/*
services.samba = {
enable = true;
settings = {
myshare = {
path = "/home/iopq/Public/";
writable = true;
"browseable" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "iopq";
guestOk = true;
};
};
};*/
}