|
14 | 14 | # https://discourse.nixos.org/t/differences-between-nix-channels/13998 |
15 | 15 |
|
16 | 16 | { |
| 17 | + # https://nixos.wiki/wiki/NixOS_modules |
17 | 18 | imports = |
18 | 19 | [ # Include the results of the hardware scan. |
19 | 20 | ./hardware-configuration.nix |
20 | 21 | # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz home-manager |
21 | 22 | # sudo nix-channel --update |
22 | 23 | <home-manager/nixos> |
| 24 | + # |
| 25 | + ./sysctl.nix |
| 26 | + ./wireless.nix |
| 27 | + ./hosts.nix |
| 28 | + ./firewall.nix |
| 29 | + ./il8n.nix |
| 30 | + ./systemPackages.nix |
| 31 | + ./home-manager.nix |
23 | 32 | ]; |
24 | 33 |
|
25 | 34 | # Bootloader. |
|
30 | 39 | boot.kernelPackages = pkgs.linuxPackages_latest; |
31 | 40 | #boot.kernelPackages = pkgs.linuxPackages_rpi4 |
32 | 41 |
|
33 | | - # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html |
34 | | - boot.kernel.sysctl = { |
35 | | - # detect dead connections more quickly |
36 | | - "net.ipv4.tcp_keepalive_intvl" = 30; |
37 | | - #net.ipv4.tcp_keepalive_intvl = 75 |
38 | | - "net.ipv4.tcp_keepalive_probes" = 4; |
39 | | - #net.ipv4.tcp_keepalive_probes = 9 |
40 | | - "net.ipv4.tcp_keepalive_time" = 120; |
41 | | - #net.ipv4.tcp_keepalive_time = 7200 |
42 | | - # 30 * 4 = 120 seconds. / 60 = 2 minutes |
43 | | - # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes |
44 | | - "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; |
45 | | - "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; |
46 | | - #net.ipv4.tcp_rmem = 4096 131072 6291456 |
47 | | - #net.ipv4.tcp_wmem = 4096 16384 4194304 |
48 | | - # enable Enable reuse of TIME-WAIT sockets globally |
49 | | - "net.ipv4.tcp_tw_reuse" = 1; |
50 | | - #net.ipv4.tcp_tw_reuse=2 |
51 | | - "net.ipv4.tcp_timestamps" = 1; |
52 | | - "net.ipv4.tcp_ecn" = 1; |
53 | | - "net.core.rmem_default" = 26214400; |
54 | | - "net.core.rmem_max" = 26214400; |
55 | | - "net.core.wmem_default" = 26214400; |
56 | | - "net.core.wmem_max" = 26214400; |
57 | | - #net.core.optmem_max = 20480 |
58 | | - #net.core.rmem_default = 212992 |
59 | | - #net.core.rmem_max = 212992 |
60 | | - #net.core.wmem_default = 212992 |
61 | | - #net.core.wmem_max = 212992 |
62 | | - "net.ipv4.ip_local_port_range" = "1025 65535"; |
63 | | - #net.ipv4.ip_local_port_range ="32768 60999" |
64 | | - }; |
65 | | - |
66 | 42 | # https://nixos.wiki/wiki/Networking |
67 | 43 | # https://nlewo.github.io/nixos-manual-sphinx/configuration/ipv4-config.xml.html |
68 | 44 | networking.hostName = "hp0"; |
69 | | - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. |
70 | | - networking.wireless = { |
71 | | - enable = true; # Enables wireless support via wpa_supplicant. |
72 | | - environmentFile = "/home/das/wireless.env"; |
73 | | - networks."devices".psk = "performance"; |
74 | | - #networks."devices".psk = "@PSK_DEVICES@"; |
75 | | - extraConfig = "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel"; |
76 | | - # output ends up in /run/wpa_supplicant/wpa_supplicant.conf |
77 | | - }; |
78 | | - # https://linux.die.net/man/5/wpa_supplicant.conf |
79 | | - # https://nixos.wiki/wiki/Wpa_supplicant |
80 | | - # https://nixos.org/manual/nixos/stable/options#opt-networking.wireless.environmentFile |
81 | | - # https://blog.stigok.com/2021/05/04/getting-wpa-cli-to-work-in-nixos.html |
82 | 45 |
|
83 | 46 | # Configure network proxy if necessary |
84 | 47 | # networking.proxy.default = "http://user:password@proxy:port/"; |
85 | 48 | # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; |
86 | 49 |
|
87 | | - # Enable networking |
88 | 50 | networking.networkmanager.enable = false; |
89 | | - #networking.networkmanager.enable = true; |
90 | | - |
91 | | - networking.hosts = { |
92 | | - "172.16.40.198" = ["hp0eth"]; |
93 | | - "172.16.40.152" = ["hp0wifi"]; |
94 | | - "172.16.40.146" = ["hp3eth"]; |
95 | | - "172.16.40.130" = ["hp3wifi"]; |
96 | | - }; |
97 | 51 |
|
98 | 52 | # Set your time zone. |
99 | 53 | time.timeZone = "America/Los_Angeles"; |
100 | 54 |
|
101 | | - # Select internationalisation properties. |
102 | | - i18n.defaultLocale = "en_US.UTF-8"; |
103 | | - |
104 | | - i18n.extraLocaleSettings = { |
105 | | - LC_ADDRESS = "en_US.UTF-8"; |
106 | | - LC_IDENTIFICATION = "en_US.UTF-8"; |
107 | | - LC_MEASUREMENT = "en_US.UTF-8"; |
108 | | - LC_MONETARY = "en_US.UTF-8"; |
109 | | - LC_NAME = "en_US.UTF-8"; |
110 | | - LC_NUMERIC = "en_US.UTF-8"; |
111 | | - LC_PAPER = "en_US.UTF-8"; |
112 | | - LC_TELEPHONE = "en_US.UTF-8"; |
113 | | - LC_TIME = "en_US.UTF-8"; |
114 | | - }; |
115 | | - |
116 | 55 | # Enable touchpad support (enabled default in most desktopManager). |
117 | 56 | # services.xserver.libinput.enable = true; |
118 | 57 |
|
|
129 | 68 | ]; |
130 | 69 | }; |
131 | 70 |
|
132 | | - # https://nix-community.github.io/home-manager/index.xhtml#ch-installation |
133 | | - users.users.eve.isNormalUser = true; |
134 | | - home-manager.users.das = { pkgs, ... }: { |
135 | | - home.packages = with pkgs; [ |
136 | | - # |
137 | | - tmux |
138 | | - screen |
139 | | - # |
140 | | - libgcc |
141 | | - # https://nixos.wiki/wiki/C |
142 | | - # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc |
143 | | - gcc |
144 | | - automake |
145 | | - gnumake |
146 | | - pkg-config |
147 | | - # |
148 | | - perl |
149 | | - python3 |
150 | | - # |
151 | | - gawk |
152 | | - jq |
153 | | - git |
154 | | - htop |
155 | | - minicom |
156 | | - # |
157 | | - ethtool |
158 | | - iproute2 |
159 | | - vlan |
160 | | - tcpdump |
161 | | - wireshark |
162 | | - iperf2 |
163 | | - netperf |
164 | | - flent |
165 | | - bpftools |
166 | | - iw |
167 | | - wirelesstools |
168 | | - wpa_supplicant_ro_ssids |
169 | | - # |
170 | | - hwloc |
171 | | - # go |
172 | | - # https://nixos.wiki/wiki/Go |
173 | | - # https://nixos.org/manual/nixpkgs/stable/#sec-language-go |
174 | | - # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F |
175 | | - libcap |
176 | | - gcc |
177 | | - # thunderbird |
178 | | - go |
179 | | - # rust |
180 | | - # https://nixos.wiki/wiki/Rust |
181 | | - pkgs.cargo |
182 | | - pkgs.rustc |
183 | | - ]; |
184 | | - |
185 | | - programs.bash.enable = true; |
186 | | - home.stateVersion = "23.11"; |
187 | | - |
188 | | - programs.vim = { |
189 | | - enable = true; |
190 | | - plugins = with pkgs.vimPlugins; [ vim-airline ]; |
191 | | - settings = { ignorecase = true; }; |
192 | | - extraConfig = '' |
193 | | - set mouse=a |
194 | | - ''; |
195 | | - }; |
196 | | - #ldflags = [ |
197 | | - # "-X main.Version=${version}" |
198 | | - # "-X main.Commit=${version}" |
199 | | - #]; |
200 | | - |
201 | | - programs.git = { |
202 | | - enable = true; |
203 | | - userEmail = "dave.seddon.ca@gmail.com"; |
204 | | - userName = "randomizedcoder "; |
205 | | - #signing.key = "GPG-KEY-ID"; |
206 | | - #signing.signByDefault = true; |
207 | | - }; |
208 | | - nixpkgs.config.allowUnfree = true; |
209 | | - }; |
210 | | - |
211 | | - # Allow unfree packages |
212 | | - nixpkgs.config.allowUnfree = true; |
213 | | - |
214 | | - # List packages installed in system profile. To search, run: |
215 | | - # $ nix search wget |
216 | | - environment.systemPackages = with pkgs; [ |
217 | | - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. |
218 | | - # wget |
219 | | - vim |
220 | | - curl |
221 | | - wget |
222 | | - tcpdump |
223 | | - iproute2 |
224 | | - nftables |
225 | | - iptables |
226 | | - pciutils |
227 | | - usbutils |
228 | | - iw |
229 | | - wirelesstools |
230 | | - wpa_supplicant_ro_ssids |
231 | | - ]; |
232 | | - |
233 | 71 | # Some programs need SUID wrappers, can be configured further or are |
234 | 72 | # started in user sessions. |
235 | 73 | # programs.mtr.enable = true; |
|
244 | 82 |
|
245 | 83 | services.openssh.enable = true; |
246 | 84 |
|
247 | | - # Open ports in the firewall. |
248 | | - # networking.firewall.allowedTCPPorts = [ ... ]; |
249 | | - # networking.firewall.allowedUDPPorts = [ ... ]; |
250 | | - # Or disable the firewall altogether. |
251 | | - # networking.firewall.enable = false; |
252 | | - |
253 | | - # https://nixos.wiki/wiki/Firewall |
254 | | - # https://scvalex.net/posts/54/ |
255 | | - # sudo nft --stateless list table filter |
256 | | - # sudo sudo iptables-save |
257 | | - networking.firewall = { |
258 | | - enable = false; |
259 | | - allowedTCPPorts = [ |
260 | | - 22 # ssh |
261 | | - 5001 # iperf2 |
262 | | - ]; |
263 | | - # allowedTCPPorts = [ 22 5001 ]; |
264 | | - # #allowedUDPPortRanges = [ |
265 | | - # # { from = 4000; to = 4007; } |
266 | | - # # { from = 8000; to = 8010; } |
267 | | - # #]; |
268 | | - # NixOS automagically creates stateful connection tracking, which we don't want |
269 | | - # for performance reasons |
270 | | - # extraCommands = '' |
271 | | - # iptables --delete nixos-fw -m conntrack --ctstate RELATED,ESTABLISHED -j nixos-fw-accept || true |
272 | | - # ''; |
273 | | - }; |
274 | | - # networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ]; |
275 | | - |
276 | 85 | # This value determines the NixOS release from which the default |
277 | 86 | # settings for stateful data, like file locations and database versions |
278 | 87 | # on your system were taken. It‘s perfectly fine and recommended to leave |
|
286 | 95 | # services.qemuGuest.enable = true; |
287 | 96 |
|
288 | 97 | # https://wiki.nixos.org/wiki/Laptop |
289 | | - |
290 | 98 | } |
0 commit comments