initial commit

2026-03-30 13:10:42 +07:00 · 2026-03-30 13:10:42 +07:00 · 90cff4f16a
commit 90cff4f16a
59 changed files with 6855 additions and 0 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -0,0 +1,176 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./stylix.nix
+    # ./Hyprsuck/hyprsuck.nix
+    ./Suckless/suckless.nix
+    ./ryzenadj.nix
+    # ./virtualisation.nix
+    # ./Hetzner/setup.nix
+  ];
+
+  nix.settings = {
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+    # Axium binary caches
+    substituters = [
+      "https://cache.nixos.org"
+      "https://axium.cachix.org"
+      "https://cache.axiomania.org/main"
+    ];
+
+    http-connections = 128;
+    max-substitution-jobs = 128;
+    max-jobs = "auto";
+
+    trusted-public-keys = [
+      "axium.cachix.org-1:BfzPfRTbbCYmaQrVLSWchgsR4ScA9ZCZ389FyWspUH8="
+      "main:Uz5F0MbXItVx2XCmBbEAMmQ0T6+DZDgLaXWalh1k++o="
+    ];
+  };
+
+  nix.distributedBuilds = true;
+
+  # Required for home-manager xdg.portal with useUserPackages
+  environment.pathsToLink = [
+    "/share/applications"
+    "/share/xdg-desktop-portal"
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.systemd-boot.configurationLimit = 10;
+  boot.loader.timeout = 1;
+
+  networking.hostName = "v3";
+
+  networking.networkmanager.enable = true;
+  hardware.bluetooth.enable = true;
+
+  time.timeZone = "Asia/Ho_Chi_Minh";
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_US.UTF-8";
+    LC_IDENTIFICATION = "en_US.UTF-8";
+    LC_MEASUREMENT = "en_US.UTF-8";
+    LC_MONETARY = "en_US.UTF-8";
+    LC_NAME = "en_US.UTF-8";
+    LC_NUMERIC = "en_US.UTF-8";
+    LC_PAPER = "en_US.UTF-8";
+    LC_TELEPHONE = "en_US.UTF-8";
+    LC_TIME = "en_US.UTF-8";
+  };
+
+  services.getty.autologinUser = "lebowski";
+
+  programs.nix-ld.enable = true;
+
+  services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+
+  users.users.lebowski = {
+    isNormalUser = true;
+    description = "Antoine Lespinasse";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+      "input"
+    ];
+  };
+
+  # GVfs - for Nautilus trash, network shares, MTP devices
+  services.gvfs.enable = true;
+
+  # UPower - battery/power device monitoring
+  services.upower.enable = true;
+
+  # Power Profiles Daemon - power management (performance/balanced/power-saver)
+  services.power-profiles-daemon.enable = true;
+
+  # System packages (stable for core tools)
+  environment.systemPackages = with pkgs; [
+    wget
+    git
+    bat
+    btop
+    ncdu
+    nmap
+    neofetch
+    xdotool
+    jq
+    attic-client
+    wireguard-tools
+    sox
+
+    ffmpegthumbnailer
+    gdk-pixbuf
+    librsvg
+    evince
+    libgsf
+    libjxl
+    libavif
+
+    # Disk utilities
+    gparted
+    gnome-disk-utility
+
+    # Image / PDF viewers
+    kdePackages.gwenview
+    kdePackages.okular
+
+    # File browser
+    xfce.thunar
+    xfce.thunar-volman
+    xfce.tumbler # thumbnails
+  ];
+
+  # ============================================================================
+  # WireGuard VPN profiles
+  # ============================================================================
+  # Generate keys: wg genkey | sudo tee /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
+  # Then add the public key as a peer on the VPS.
+  # Start/stop: sudo systemctl start/stop wg-quick-wg-services / wg-quick-wg-vpn
+
+  # Profile 1: Internal services only (split tunnel)
+  networking.wg-quick.interfaces.wg-services = {
+    autostart = false;
+    address = [ "10.100.0.2/24" ];
+    privateKeyFile = "/etc/wireguard/private.key";
+    peers = [{
+      publicKey = "F2hvz4vx9VrM6IZ2zMUG2FMPMCMwmfxGH9qocbe4q3U=";
+      endpoint = "178.104.15.221:51820";
+      allowedIPs = [ "10.100.0.0/24" "178.104.15.221/32" ];
+      persistentKeepalive = 25;
+    }];
+  };
+
+  # Profile 2: Full VPN + AdGuard DNS ad-blocking
+  networking.wg-quick.interfaces.wg-vpn = {
+    autostart = false;
+    address = [ "10.100.0.2/24" ];
+    dns = [ "10.100.0.1" ];
+    privateKeyFile = "/etc/wireguard/private.key";
+    peers = [{
+      publicKey = "F2hvz4vx9VrM6IZ2zMUG2FMPMCMwmfxGH9qocbe4q3U=";
+      endpoint = "178.104.15.221:51820";
+      allowedIPs = [ "0.0.0.0/0" ];
+      persistentKeepalive = 25;
+    }];
+  };
+
+  system.stateVersion = "25.11";
+}