{ pkgs, ... }: { imports = [ ./hardware-configuration.nix ./stylix.nix # ./Hyprsuck/hyprsuck.nix ./Suckless/suckless.nix ./ryzenadj.nix # ./virtualisation.nix # ./Hetzner/setup.nix ]; nix.settings = { experimental-features = [ "nix-command" "flakes" ]; # Axium binary caches substituters = [ "https://cache.nixos.org" "https://axium.cachix.org" "https://cache.axiomania.org/main" ]; http-connections = 128; max-substitution-jobs = 128; max-jobs = "auto"; trusted-public-keys = [ "axium.cachix.org-1:BfzPfRTbbCYmaQrVLSWchgsR4ScA9ZCZ389FyWspUH8=" "main:Uz5F0MbXItVx2XCmBbEAMmQ0T6+DZDgLaXWalh1k++o=" ]; }; nix.distributedBuilds = true; # Required for home-manager xdg.portal with useUserPackages environment.pathsToLink = [ "/share/applications" "/share/xdg-desktop-portal" ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.loader.systemd-boot.configurationLimit = 10; boot.loader.timeout = 1; networking.hostName = "v3"; networking.networkmanager.enable = true; hardware.bluetooth.enable = true; time.timeZone = "Asia/Ho_Chi_Minh"; i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8"; }; services.getty.autologinUser = "lebowski"; programs.nix-ld.enable = true; services.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; users.users.lebowski = { isNormalUser = true; description = "Antoine Lespinasse"; extraGroups = [ "networkmanager" "wheel" "input" ]; }; # GVfs - for Nautilus trash, network shares, MTP devices services.gvfs.enable = true; # UPower - battery/power device monitoring services.upower.enable = true; # Power Profiles Daemon - power management (performance/balanced/power-saver) services.power-profiles-daemon.enable = true; # System packages (stable for core tools) environment.systemPackages = with pkgs; [ wget git bat btop ncdu nmap neofetch xdotool jq attic-client wireguard-tools sox ffmpegthumbnailer gdk-pixbuf librsvg evince libgsf libjxl libavif # Disk utilities gparted gnome-disk-utility # Image / PDF viewers kdePackages.gwenview kdePackages.okular # File browser xfce.thunar xfce.thunar-volman xfce.tumbler # thumbnails ]; # ============================================================================ # WireGuard VPN profiles # ============================================================================ # Generate keys: wg genkey | sudo tee /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key # Then add the public key as a peer on the VPS. # Start/stop: sudo systemctl start/stop wg-quick-wg-services / wg-quick-wg-vpn # Profile 1: Internal services only (split tunnel) networking.wg-quick.interfaces.wg-services = { autostart = false; address = [ "10.100.0.2/24" ]; privateKeyFile = "/etc/wireguard/private.key"; peers = [{ publicKey = "F2hvz4vx9VrM6IZ2zMUG2FMPMCMwmfxGH9qocbe4q3U="; endpoint = "178.104.15.221:51820"; allowedIPs = [ "10.100.0.0/24" "178.104.15.221/32" ]; persistentKeepalive = 25; }]; }; # Profile 2: Full VPN + AdGuard DNS ad-blocking networking.wg-quick.interfaces.wg-vpn = { autostart = false; address = [ "10.100.0.2/24" ]; dns = [ "10.100.0.1" ]; privateKeyFile = "/etc/wireguard/private.key"; peers = [{ publicKey = "F2hvz4vx9VrM6IZ2zMUG2FMPMCMwmfxGH9qocbe4q3U="; endpoint = "178.104.15.221:51820"; allowedIPs = [ "0.0.0.0/0" ]; persistentKeepalive = 25; }]; }; system.stateVersion = "25.11"; }