pogrupowanie konfiguracji oraz dodanie serwerów dns i DNS-over-TLS
This commit is contained in:
installer
@@ -31,8 +31,10 @@ in {
|
||||
"vm.max_map_count" = 2147483642;
|
||||
};
|
||||
# Bootloader.
|
||||
loader.systemd-boot.enable = true;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
# Make /tmp a tmpfs
|
||||
tmp = {
|
||||
useTmpfs = false;
|
||||
@@ -74,9 +76,11 @@ in {
|
||||
# };
|
||||
polarity = "dark";
|
||||
opacity.terminal = 0.8;
|
||||
cursor.package = pkgs.bibata-cursors;
|
||||
cursor.name = "Bibata-Modern-Ice";
|
||||
cursor.size = 24;
|
||||
cursor = {
|
||||
package = pkgs.bibata-cursors;
|
||||
name = "Bibata-Modern-Ice";
|
||||
size = 24;
|
||||
};
|
||||
fonts = {
|
||||
monospace = {
|
||||
package = pkgs.nerdfonts.override {fonts = ["JetBrainsMono"];};
|
||||
@@ -100,21 +104,39 @@ in {
|
||||
};
|
||||
|
||||
# Extra Module Options
|
||||
drivers.amdgpu.enable = true;
|
||||
drivers.nvidia.enable = false;
|
||||
drivers.nvidia-prime = {
|
||||
enable = false;
|
||||
intelBusID = "";
|
||||
nvidiaBusID = "";
|
||||
drivers = {
|
||||
amdgpu.enable = true;
|
||||
nvidia.enable = false;
|
||||
nvidia-prime = {
|
||||
enable = false;
|
||||
intelBusID = "";
|
||||
nvidiaBusID = "";
|
||||
};
|
||||
intel.enable = false;
|
||||
};
|
||||
drivers.intel.enable = false;
|
||||
vm.guest-services.enable = false;
|
||||
local.hardware-clock.enable = false;
|
||||
|
||||
services.resolved = {
|
||||
enable = true;
|
||||
dnssec = "true";
|
||||
domains = ["~."]; # "use as default interface for all requests"
|
||||
# (see man resolved.conf)
|
||||
# let Avahi handle mDNS publication
|
||||
extraConfig = ''
|
||||
DNSOverTLS=opportunistic
|
||||
MulticastDNS=resolve
|
||||
'';
|
||||
llmnr = "true";
|
||||
};
|
||||
|
||||
# Enable networking
|
||||
networking.networkmanager.enable = true;
|
||||
networking.hostName = host;
|
||||
networking.timeServers = options.networking.timeServers.default ++ ["pool.ntp.org"];
|
||||
networking = {
|
||||
nameservers = ["176.9.1.117" "213.196.191.96" "2a01:4f8:151:34aa::198"];
|
||||
networkmanager.enable = true;
|
||||
hostName = host;
|
||||
timeServers = options.networking.timeServers.default ++ ["pool.ntp.org"];
|
||||
};
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Warsaw";
|
||||
@@ -408,38 +430,49 @@ in {
|
||||
disabledDefaultBackends = ["escl"];
|
||||
};
|
||||
|
||||
# Extra Logitech Support
|
||||
hardware.logitech.wireless.enable = false;
|
||||
hardware.logitech.wireless.enableGraphical = false;
|
||||
|
||||
# Bluetooth Support
|
||||
hardware.bluetooth.enable = true;
|
||||
hardware.bluetooth.powerOnBoot = true;
|
||||
hardware = {
|
||||
logitech = {
|
||||
wireless = {
|
||||
enable = false;
|
||||
enableGraphical = false;
|
||||
};
|
||||
};
|
||||
bluetooth = {
|
||||
enable = true;
|
||||
powerOnBoot = true;
|
||||
};
|
||||
pulseaudio = {
|
||||
enable = false;
|
||||
};
|
||||
graphics = {
|
||||
enable = true;
|
||||
enable32Bit = true;
|
||||
};
|
||||
};
|
||||
services.blueman.enable = true;
|
||||
|
||||
# Enable sound with pipewire.
|
||||
hardware.pulseaudio.enable = false;
|
||||
|
||||
# Security / Polkit
|
||||
security = {
|
||||
rtkit.enable = true;
|
||||
polkit.enable = true;
|
||||
polkit.extraConfig = ''
|
||||
polkit.addRule(function(action, subject) {
|
||||
if (
|
||||
subject.isInGroup("users")
|
||||
&& (
|
||||
action.id == "org.freedesktop.login1.reboot" ||
|
||||
action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
|
||||
action.id == "org.freedesktop.login1.power-off" ||
|
||||
action.id == "org.freedesktop.login1.power-off-multiple-sessions"
|
||||
polkit = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
polkit.addRule(function(action, subject) {
|
||||
if (
|
||||
subject.isInGroup("users")
|
||||
&& (
|
||||
action.id == "org.freedesktop.login1.reboot" ||
|
||||
action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
|
||||
action.id == "org.freedesktop.login1.power-off" ||
|
||||
action.id == "org.freedesktop.login1.power-off-multiple-sessions"
|
||||
)
|
||||
)
|
||||
)
|
||||
{
|
||||
return polkit.Result.YES;
|
||||
}
|
||||
})
|
||||
'';
|
||||
{
|
||||
return polkit.Result.YES;
|
||||
}
|
||||
})
|
||||
'';
|
||||
};
|
||||
pam.services.swaylock = {
|
||||
text = ''
|
||||
auth include login
|
||||
@@ -469,22 +502,17 @@ in {
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
|
||||
nixPath = ["nixpkgs=${inputs.nixpkgs}"];
|
||||
};
|
||||
|
||||
# Virtualization / Containers
|
||||
virtualisation.libvirtd.enable = true;
|
||||
virtualisation.podman = {
|
||||
enable = true;
|
||||
dockerCompat = true;
|
||||
defaultNetwork.settings.dns_enabled = true;
|
||||
};
|
||||
|
||||
# OpenGL
|
||||
hardware.graphics = {
|
||||
enable = true;
|
||||
enable32Bit = true;
|
||||
virtualisation = {
|
||||
libvirtd.enable = true;
|
||||
podman = {
|
||||
enable = true;
|
||||
dockerCompat = true;
|
||||
defaultNetwork.settings.dns_enabled = true;
|
||||
};
|
||||
};
|
||||
|
||||
console.keyMap = "${keyboardLayout}";
|
||||
|
||||
Reference in New Issue
Block a user