diff --git a/host/Rory-laptop/configuration.nix b/host/Rory-laptop/configuration.nix
index ad060f3..39a73e4 100644
--- a/host/Rory-laptop/configuration.nix
+++ b/host/Rory-laptop/configuration.nix
@@ -20,7 +20,7 @@ args@{
#./postgres.nix
./nginx.nix
- #./edu/vmware.nix
+ ./edu/vmware.nix
#./edu/nodejs-dev.nix
# hardware-specific imports
@@ -77,6 +77,7 @@ args@{
i18n.defaultLocale = "en_US.UTF-8";
services = {
+ blueman.enable = true;
resolved.enable = true;
mullvad-vpn = {
enable = true;
@@ -125,7 +126,13 @@ args@{
(jetbrains.plugins.addPlugins jetbrains.webstorm [ "github-copilot" ])
(jetbrains.plugins.addPlugins jetbrains.idea-ultimate [ "github-copilot" ])
- (jetbrains.plugins.addPlugins jetbrains.clion [ "github-copilot" ])
+ (jetbrains.plugins.addPlugins jetbrains.clion [
+ "github-copilot"
+ "string-manipulation"
+ "nixidea"
+ "visual-studio-keymap"
+ ])
+ binutils
dbeaver-bin
vscode
@@ -140,9 +147,6 @@ args@{
#games
osu-lazer-bin
- #steam
- steam-run
- steam-acf
# extra packages
dmenu
@@ -177,26 +181,74 @@ args@{
thunderbird
- p11-kit
- opensc
- eid-mw
jitsi-meet-electron
- nixd
+ # nixd # broken 24/03/2025
mullvad-vpn
+ blueman
+ ft2-clone
];
environment.etc."pkcs11/modules/opensc-pkcs11".text = ''
module: ${pkgs.opensc}/lib/opensc-pkcs11.so
'';
+ boot.initrd.systemd.emergencyAccess = true;
+
+ # Speed up boot
+ boot.initrd.systemd.network.wait-online.enable = false;
+ systemd.network.wait-online.enable = false;
services.power-profiles-daemon.enable = true;
- programs.steam = {
- enable = true;
- gamescopeSession.enable = true;
- extraCompatPackages = with pkgs; [
- steam-play-none
- proton-ge-bin
- ];
- };
+ systemd.services."NetworkManager-wait-online".enable = false;
+ virtualisation.libvirtd.onBoot = "ignore";
+
+# systemd.services."systemd-rfkill".serviceConfig.Type = "simple"; # maybe exec?
+ systemd.services."NetworkManager".serviceConfig.Type = "exec"; # maybe exec?
+# systemd.services."home-manager-Rory".serviceConfig.Type = lib.mkForce "exec";
+# systemd.services."systemd-backlight@backlight:intel_backlight".serviceConfig.Type = "exec";
+# systemd.services."wpa_supplicant".serviceConfig.Type = "exec";
+# systemd.services."libvirtd".serviceConfig.Type = lib.mkForce "exec";
+# systemd.services."nginx".serviceConfig.Type = "exec";
+# systemd.services."grafana".serviceConfig.Type = "exec";
+# systemd.services."prometheus".serviceConfig.Type = "exec";
+# systemd.services."bluetooth".serviceConfig.Type = "exec";
+# systemd.services."vmware-usbarbitrator".enable = false;
+# systemd.services."vmware-authdlauncher".enable = false;
+# systemd.services."waydroid-container".enable = false;
+# systemd.services."NetworkManager".serviceConfig.TimeoutStartSec = 10;
+ boot.kernelParams = [
+ #"quiet"
+ "loglevel=8" #3
+ #"systemd.show_status=auto"
+ #"rd.udev.log_level=3"
+ #"libahci.ignore_sss=1"
+ ];
+
+ # Simplfy initrd
+ #boot.bcache.enable = false;
+ #boot.initrd.services.bcache.enable = false;
+ #services.lvm.enable = false;
+ #boot.initrd.services.resolved.enable = false;
+ #boot.initrd.network.udhcpc.enable = false;
+ #boot.initrd.network.enable = false;
+ #boot.initrd.services.lvm.enable = false;
+ #boot.initrd.compressor = "cat";
+#
+ #boot.initrd.systemd.units."systemd-backlight@.service".enable = false;
+ #boot.initrd.systemd.units."dev-ttyS0.device".enable = false;
+ #boot.initrd.systemd.units."dev-ttyS1.device".enable = false;
+ #boot.initrd.systemd.units."dev-ttyS2.device".enable = false;
+ #boot.initrd.systemd.units."dev-ttyS3.device".enable = false;
+ #boot.initrd.systemd.units."dev-ttyS4.device".enable = false;
+ #boot.initrd.systemd.units."dev-sda.device".enable = false;
+ #boot.initrd.systemd.units."dev-sda1.device".enable = false;
+ #boot.initrd.systemd.units."dev-sda2.device".enable = false;
+ #
+ #boot.initrd.includeDefaultModules = false;
+ #boot.initrd.availableKernelModules = [
+ # "nvme"
+ #];
+#
+ #services.orca.enable = true;
+
virtualisation.waydroid.enable = true;
xdg = {
@@ -222,7 +274,6 @@ args@{
};
fonts = {
packages = with pkgs; [
- #(nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
nerd-fonts.jetbrains-mono
noto-fonts-monochrome-emoji
];
@@ -258,6 +309,10 @@ args@{
hardware = {
pulseaudio.enable = false;
+ bluetooth = {
+ enable = true;
+ powerOnBoot = true;
+ };
};
programs.dconf.enable = true;
@@ -272,6 +327,7 @@ args@{
enable = true;
qemu = {
swtpm.enable = true;
+ ovmf.enable = true;
};
};
programs.virt-manager.enable = true;
@@ -292,7 +348,6 @@ args@{
enable = true;
memoryPercent = 200;
};
- services.pcscd.enable = true;
virtualisation.vmVariant = {
users = {
diff --git a/host/Rory-ovh/services/wireguard/wireguard.nix b/host/Rory-ovh/services/wireguard/wireguard.nix
new file mode 100644
index 0000000..d2f7025
--- /dev/null
+++ b/host/Rory-ovh/services/wireguard/wireguard.nix
@@ -0,0 +1,39 @@
+{ pkgs, ... }:
+{
+ # enable NAT
+ networking.nat.enable = true;
+ networking.nat.externalInterface = "eth0";
+ networking.nat.internalInterfaces = [ "wg0" ];
+ networking.firewall = {
+ allowedUDPPorts = [ 51820 ];
+ };
+
+ networking.wireguard.enable = true;
+ networking.wireguard.interfaces = {
+ wg0 = {
+ ips = [ "10.100.0.1/24" ];
+ listenPort = 51820;
+
+ postSetup = ''
+ ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
+ '';
+
+ postShutdown = ''
+ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
+ '';
+
+ privateKeyFile = "path to private key file";
+
+ peers = [
+ {
+ publicKey = "{client public key}";
+ allowedIPs = [ "10.100.0.2/32" ];
+ }
+ {
+ publicKey = "{john doe's public key}";
+ allowedIPs = [ "10.100.0.3/32" ];
+ }
+ ];
+ };
+ };
+}
|
