LOTS of stuff

configuration.nix

@@ -9,6 +9,7 @@
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
       ./nix-alien.nix
+      ./wireguard.nix
     ];
 
   # Bootloader.
@@ -100,7 +101,6 @@
   services.printing.enable = true;
 
   # Enable sound with pipewire.
-  sound.enable = true;
   hardware.pulseaudio.enable = false;
   security.rtkit.enable = true;
   services.pipewire = {
@@ -132,14 +132,14 @@
       CPU_MIN_PERF_ON_BAT = 0;
       CPU_MAX_PERF_ON_BAT = 20;
 
+      USB_EXCLUDE_BTUSB = 1;
+
       #Optional helps save long term battery health
       START_CHARGE_THRESH_BAT0 = 40; # 40 and bellow it starts to charge
       STOP_CHARGE_THRESH_BAT0 = 80; # 80 and above it stops charging
 
     };
   };
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.venya = {
@@ -147,7 +147,6 @@
     description = "Dmitry Chumak";
     extraGroups = [ "networkmanager" "wheel" ];
     packages = with pkgs; [
-    #  thunderbird
     ];
   };
 
@@ -161,8 +160,6 @@
     remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
     dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
   };
-  #programs.java.enable = true;
-  #programs.steam.package = pkgs.steam.override { withJava = true; };
 
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
@@ -170,37 +167,101 @@
   services.flatpak.enable = true;
   # List packages installed in system profile. To search, run:
   # $ nix search wget
+
+  services.syncthing = {
+    enable = true;
+    user = "venya";
+    dataDir = "/home/venya/Documents";    # Default folder for new synced folders
+    configDir = "/home/venya/.config/syncthing";   # Folder for Syncthing's settings and keys
+  };
+
   environment.systemPackages = with pkgs; [
+    nix-search-cli
     alacritty
     vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    neovim
+    ripgrep
+    gnumake
+    dconf-editor
     git
+    pstree
+    jq
+    bfg-repo-cleaner
     lazygit
     tmux
     ripgrep
     dig
     xclip
     wget
+    nekoray
+    nix-index
+    inetutils
+    pciutils
+    tcpdump
     gparted
     inkscape
+    flameshot
+    thunderbird-128
     cpupower-gui
     ryzenadj
     powertop
+    gcc
     python312
+    python312Packages.nsz
+    python312Packages.detect-secrets
     nodejs_20
-    linuxKernel.packages.linux_6_10.cpupower
-    linuxKernel.packages.linux_6_10.ryzen-smu
+    go_1_23
+    jdk
+    linuxKernel.packages.linux_6_12.cpupower
+    linuxKernel.packages.linux_6_12.ryzen-smu
+    appimage-run
+    desktop-file-utils
     vimix-cursors
     vimix-icon-theme
     vimix-gtk-themes
   ];
 
-  fonts.packages = with pkgs; [
-    iosevka
-    ubuntu_font_family
-    hack-font
-    cascadia-code
-  ];
 
+  fonts = {
+    # https://www.programmingfonts.org/#roboto to check fonts visually
+    fontDir = {
+      enable = true;
+    };
+    fontconfig = {
+      defaultFonts = {
+        monospace = [
+	  "RecMonoLinear Nerd Font Mono"
+	  "Ubuntu Mono"
+	];
+      };
+      localConf = ''
+        <alias>
+          <family>RecMonoLinear Nerd Font Mono</family>
+          <prefer>
+            <family>Roboto Mono</family>
+          </prefer>
+        </alias>
+      '';
+    };
+    packages = with pkgs; [
+      iosevka
+      ubuntu_font_family
+      hack-font
+      cascadia-code
+      roboto-mono
+      (nerdfonts.override {
+          fonts = [
+            # symbols icon only
+            "NerdFontsSymbolsOnly"
+            # Characters
+            "FiraCode"
+            "Recursive"
+            "Iosevka"
+          ];
+        })
+    ];
+
+  };
 
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.

wireguard.nix

@@ -0,0 +1,18 @@
+# { config, pkgs, lib, ... }:{
+#   networking.firewall.checkReversePath = "loose"; 
+# }
+{ config, pkgs, lib, ... }:{
+  networking.firewall = {
+   # if packets are still dropped, they will show up in dmesg
+   logReversePathDrops = true;
+   # wireguard trips rpfilter up
+   extraCommands = ''
+     ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 16632 -j RETURN
+     ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 16632 -j RETURN
+   '';
+   extraStopCommands = ''
+     ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 16632 -j RETURN || true
+     ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 16632 -j RETURN || true
+   '';
+  };
+}