{ config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ./awesome.nix ./devel.nix ./games.nix ]; boot = { supportedFilesystems = [ "btrfs" ]; loader = { efi.canTouchEfiVariables = true; grub = { enable = true; device = "nodev"; efiSupport = true; useOSProber = true; splashImage = null; }; }; }; networking = { hostName = "nix"; nameservers = [ "127.0.0.1" "::" ]; networkmanager = { dns = "none"; enable = true; }; nftables = { enable = true; ruleset = '' table inet filter { # https://www.cloudflare.com/ips-v4 set cloudflare_ipv4 { type ipv4_addr flags interval elements = { 173.245.48.0/20, 103.21.244.0/22, 103.22.200.0/22, 103.31.4.0/22, 141.101.64.0/18, 108.162.192.0/18, 190.93.240.0/20, 188.114.96.0/20, 197.234.240.0/22, 198.41.128.0/17, 162.158.0.0/15, 104.16.0.0/13, 104.24.0.0/14, 172.64.0.0/13, 131.0.72.0/22 } } # https://www.cloudflare.com/ips-v6 set cloudflare_ipv6 { type ipv6_addr flags interval elements = { 2400:cb00::/32, 2606:4700::/32, 2803:f800::/32, 2405:b500::/32, 2405:8100::/32, 2a06:98c0::/29, 2c0f:f248::/32 } } chain output { type filter hook output priority 0 policy accept ip daddr @cloudflare_ipv4 counter reject ip6 daddr @cloudflare_ipv6 counter reject } chain input { type filter hook output priority 0 policy accept ip saddr @cloudflare_ipv4 counter reject ip6 saddr @cloudflare_ipv6 counter reject } } ''; }; interfaces = { enp1s0.useDHCP = true; wlp2s0.useDHCP = true; }; # Configure network proxy if necessary # proxy.default = "http://user:password@proxy:port/"; # proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Open ports in the firewall. firewall.allowedTCPPorts = [ 59879 ]; firewall.allowedUDPPorts = [ 4001 ]; }; # Set your time zone. time.timeZone = "Asia/Seoul"; # Select internationalisation properties. # console = { # font = "Lat2-Terminus16"; # keyMap = "us"; # }; users.users.sea = { isNormalUser = true; extraGroups = [ "dialout" "ipfs" "networkmanager" "video" "wheel" ]; }; environment = { etc."resolv.conf".text = '' nameserver 127.0.0.1 nameserver :: options edns0 ''; localBinInPath = true; systemPackages = with pkgs; [ atool compsize cryptsetup htop-vim inotify-tools killall rsync unzip zip oathToolkit isync stow tor w3m wget yt-dlp imv mpv pavucontrol sent yacreader ffmpeg mkvtoolnix mediainfo simplescreenrecorder sox darktable gimp imagemagick pdftk ]; wordlist.enable = true; }; programs.iotop.enable = true; programs.udevil.enable = true; security.rtkit.enable = true; services = { dictd = { enable = true; DBs = with pkgs.dictdDBs; [ wiktionary wordnet ]; }; pipewire = { enable = true; alsa.enable = true; pulse.enable = true; }; smartdns = { enable = true; settings.server-tls = [ "137.220.55.93" "2001:19f0:b001:379:5400:3ff:fe68:1cc6" # ns1.ca "51.254.162.59" "2001:41d0:303:3adf:205::" # ns9.de "217.160.70.42" "2001:8d8:1801:86e7::1" # ns13.de "178.254.22.166" "2a00:6800:3:4bd::1" # ns16.de "81.169.136.222" "2a01:238:4231:5200::1" # ns18.de "94.16.114.254" "2a03:4000:28:365::1" # ns28.de "194.36.144.87" "2a03:4000:4d:c92:88c0:96ff:fec6:b9d" # ns29.de "185.181.61.24" "2a03:94e0:1804::1" # ns1.no "168.235.111.72" "2604:180:f3::132" # ns2.ny.us ]; # dns.opennic.glue }; udisks2.enable = true; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? }