nly/nixos-config - Change N36OZC57VXYPRLQ4MS3QZCXQMRWWXI77CWMIICXEY5TDKDLVVGKAC

nixos config

a working uf system
Created by lylyly on February 13, 2021
N36OZC57VXYPRLQ4MS3QZCXQMRWWXI77CWMIICXEY5TDKDLVVGKAC
In channels

main
Change contents

File addition: configuration.nix (----------)

[1.0]
# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, ... }:
{
  imports =
    [ ./mod/hardware-configuration.nix
      ./guix-daemon.nix
    ];
  boot.loader.grub = {
    enable = true;
    copyKernels = true;                      # for ZFS
    zfsSupport = true;
    devices =
      [ "/dev/disk/by-id/ata-INTEL_SSDSA2MH080G1GN_CVEM850401CK080DGN"
        "/dev/disk/by-id/usb-WD_My_Passport_25E1_57584B3145323636414E4357-0:0"
      ];
    version = 2;
  };
  programs.sway.enable = true;
  services.xserver.videoDrivers = [ "amdgpu" ];
  boot.blacklistedKernelModules = [ ];       # ask.fedora
  boot = {
    # kernelParams = [ "nomodeset" ];        # the GPU was stuck at boot
    # boot.kernelPackages = pkgs.linuxPackages_latest;
    supportedFilesystems = [ "zfs" ];
  };
  networking = {
    hostId = "818f063f";                     # hex; for ZFS; taken from uuidgen.
    hostName = "uf";
    wireless.enable = true;
    # wireless.userControlled.enable = true;
    wireless.extraConfig = "";
    wireless.networks.FF.pskRaw = "d5ff8b82eb2e8da73dccc7052d170b4163947dc580a52fc0a9ef1d0e9acb3799";
    useDHCP = false;        # deprecated; use per-interface
    interfaces.enp2s0.useDHCP = true;
    interfaces.wlp1s0.useDHCP = true;
    # Open ports in the firewall.
    # Or disable the firewall altogether.
    # networking.firewall.enable = false;
    # iptables -t nat -A OUTPUT -o lo -d 127.192.0.0/10 -p tcp -j REDIRECT --to-ports 8118
 };
  time.timeZone = "Asia/Kolkata";
  console = {
    font = "latarcyrheb-sun16";
    keyMap = "dvorak";
  };
  users.users = {
    nly = {
      extraGroups = [ "wheel" "video" "audio" "jackaudio" ];
      isNormalUser = true;
      uid = 1001;
    };
    vits = {
      extraGroups = [ "wheel" "video" ];
      isNormalUser = true;
      uid = 1666;
    };
    jagga = {
      isNormalUser = true;
      uid = 1313;
    };
  };
  security.pam.services.su.requireWheel = true;
  environment = {
    systemPackages = with pkgs; [
      emacs git dhcpcd file unbound gnupg i2pd bind
      linuxPackages.bcc cscope global linuxPackages.perf perf-tools
      man-pages
    ];
    loginShellInit = "
init_guix () {
        # system's guix, user's guix, and user's profile
        local s u p
        s=/var/guix/profiles/per-user/root/current-guix/etc/profile
        u=~/.config/guix/current/etc/profile
        p=~/.guix-profile/etc/profile
        if [ -f $u ]; then source $u; else source $s; fi
        if [ -f $p ]; then source $p; fi
}; init_guix";
  };
  services.privoxy = {
    enable = true;
    extraConfig = "
accept-intercepted-requests 1
forward .i2p 127.0.0.1:4444
";
  };
  networking.firewall = {
    enable = true;
    extraCommands = "
iptables -t nat -A OUTPUT -o lo -d 127.192.0.0/10 -p tcp -j REDIRECT --to-ports 9040
ip6tables -t nat -A OUTPUT -o lo -d FE80::/10 -p tcp -j REDIRECT --to-ports 9040
";
    allowedTCPPorts = [ 30000 22 80 8080 ];
    allowedUDPPorts = [ 30000 22 80 8080 ];
  };
  services.unbound = {
    enable = true;
    extraConfig = "
server:
  interface: 0.0.0.0
  interface: ::0
  Access-control: 127.0.0.0/8 allow
  access-control: 192.168.0.0/24 allow
  access-control: 192.168.1.0/24 allow
domain-insecure: \"onion\"
private-domain: \"onion\"
do-not-query-localhost: no
local-zone: \"onion.\" nodefault
forward-zone:
  name: \".\"
  forward-addr: 208.67.222.222
  forward-addr: 208.67.220.220
forward-zone:
  name: \"onion\"
  forward-addr: 127.0.0.1@5300
";
  };
  services = {
    dnsmasq = {
      enable = false;
      extraConfig = "
local-service
server=192.168.1.1
server=/onion/127.0.0.1@5300
";
    };
    openssh = {
      enable = true;
      allowSFTP = true;
      challengeResponseAuthentication = false;        # what's it?
      forwardX11 = false;                             # not secure?
      permitRootLogin = "no";
      passwordAuthentication = false;
    };
    i2pd.enable = true;                               # no extra config
    tor = {
      enable = true;
      extraConfig = "
DNSPort 0.0.0.0:5300
TransPort 9040
AutomapHostsOnResolve 1
VirtualAddrNetworkIPv4 127.192.0.0/10
VirtualAddrNetworkIPv6 [FE80::]/10
# Hidden Service SSH
HiddenServiceDir /var/lib/tor/ssh-service/
HiddenServicePort 22
";
    };
  };
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "21.03"; # Did you read the comment?
}