2023-11-07 19:56:10 +01:00
|
|
|
{ config, pkgs, lib, agenix, ... }:
|
2022-12-18 17:01:34 +01:00
|
|
|
{
|
2022-12-29 20:48:40 +01:00
|
|
|
|
2022-12-18 17:07:40 +01:00
|
|
|
imports =
|
|
|
|
[
|
|
|
|
./hardware-configuration.nix
|
2023-11-07 19:56:10 +01:00
|
|
|
./modules/backup
|
2022-12-29 15:05:26 +01:00
|
|
|
./modules/networks
|
2023-04-06 11:00:53 +02:00
|
|
|
./modules/greetd
|
2023-07-03 10:19:14 +02:00
|
|
|
./modules/virtualisation
|
2022-12-18 17:07:40 +01:00
|
|
|
];
|
|
|
|
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
2023-09-29 10:32:24 +02:00
|
|
|
# boot.initrd.systemd.additionalUpstreamUnits = [ "systemd-vconsole-setup.service" ];
|
2023-01-28 14:53:23 +01:00
|
|
|
boot = {
|
2023-05-31 13:23:49 +02:00
|
|
|
# Lanzaboote currently replaces the systemd-boot module.
|
|
|
|
# This setting is usually set to true in configuration.nix
|
|
|
|
# generated at installation time. So we force it to false
|
|
|
|
# for now.
|
2023-08-02 20:28:22 +02:00
|
|
|
loader.systemd-boot.enable = lib.mkForce false;
|
|
|
|
lanzaboote = {
|
|
|
|
enable = true;
|
|
|
|
pkiBundle = "/etc/secureboot";
|
|
|
|
configurationLimit = 10;
|
|
|
|
};
|
2023-07-15 11:54:30 +02:00
|
|
|
extraModulePackages = [
|
|
|
|
config.boot.kernelPackages.v4l2loopback.out
|
|
|
|
];
|
|
|
|
|
|
|
|
|
2023-08-03 13:30:40 +02:00
|
|
|
loader.systemd-boot.editor = false;
|
2023-01-28 14:53:23 +01:00
|
|
|
loader.efi.canTouchEfiVariables = true;
|
2023-08-02 18:04:26 +02:00
|
|
|
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
2023-04-16 13:43:30 +02:00
|
|
|
tmp.useTmpfs = true;
|
2023-01-28 14:53:23 +01:00
|
|
|
};
|
2023-11-07 19:56:10 +01:00
|
|
|
systemd.package = pkgs.systemd.override { withHomed = false; };
|
2022-12-18 17:07:40 +01:00
|
|
|
|
2023-08-02 20:28:22 +02:00
|
|
|
environment.persistence."/nix/persist/system" = {
|
|
|
|
directories = [
|
|
|
|
"/etc/nixos" # bind mounted from /nix/persist/system/etc/nixos to /etc/nixos
|
|
|
|
"/etc/ssh"
|
|
|
|
"/etc/secureboot"
|
|
|
|
"/root/.ssh"
|
2023-08-06 22:24:01 +02:00
|
|
|
"/root/.borgmatic"
|
2023-08-03 13:30:40 +02:00
|
|
|
"/root/.local/share/zsh"
|
2023-08-02 20:28:22 +02:00
|
|
|
];
|
|
|
|
files = [
|
|
|
|
"/etc/machine-id"
|
|
|
|
];
|
|
|
|
};
|
2023-05-20 16:21:20 +02:00
|
|
|
# impermanence fixes
|
2023-08-02 20:28:22 +02:00
|
|
|
sops.age.sshKeyPaths = lib.mkForce [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ];
|
2023-05-20 16:21:20 +02:00
|
|
|
sops.gnupg.sshKeyPaths = lib.mkForce [ ];
|
|
|
|
|
2022-12-18 17:07:40 +01:00
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
console = {
|
2023-01-20 12:23:05 +01:00
|
|
|
keyMap = "dvorak";
|
2023-04-03 12:57:31 +02:00
|
|
|
colors = let colors = config.home-manager.users.rouven.colorScheme.colors; in
|
2023-02-12 14:56:42 +01:00
|
|
|
[
|
|
|
|
colors.base00
|
|
|
|
colors.base08
|
|
|
|
colors.base0A
|
|
|
|
colors.base0B
|
|
|
|
colors.base0D
|
|
|
|
colors.base0E
|
|
|
|
colors.base0C
|
|
|
|
colors.base05
|
|
|
|
|
|
|
|
colors.base03
|
|
|
|
colors.base08
|
|
|
|
colors.base0A
|
|
|
|
colors.base0B
|
|
|
|
colors.base0D
|
|
|
|
colors.base0E
|
|
|
|
colors.base0C
|
|
|
|
colors.base07
|
|
|
|
];
|
2022-12-18 17:07:40 +01:00
|
|
|
};
|
|
|
|
|
2023-07-27 23:25:08 +02:00
|
|
|
fonts.packages = with pkgs; [
|
2023-02-25 16:30:02 +01:00
|
|
|
nerdfonts
|
2023-01-20 22:12:45 +01:00
|
|
|
noto-fonts
|
|
|
|
noto-fonts-cjk
|
|
|
|
noto-fonts-emoji
|
|
|
|
dejavu_fonts
|
2023-11-07 19:56:10 +01:00
|
|
|
fira
|
2023-01-20 22:12:45 +01:00
|
|
|
];
|
2022-12-18 17:07:40 +01:00
|
|
|
|
|
|
|
# Enable sound.
|
|
|
|
sound.enable = true;
|
2023-01-21 14:44:23 +01:00
|
|
|
#hardware.pulseaudio.enable = true;
|
2023-10-28 15:51:25 +02:00
|
|
|
hardware.opengl.enable = true;
|
2022-12-18 17:07:40 +01:00
|
|
|
hardware.bluetooth.enable = true;
|
|
|
|
|
2023-06-03 21:42:12 +02:00
|
|
|
security = {
|
|
|
|
polkit.enable = true;
|
|
|
|
};
|
2023-06-02 22:21:36 +02:00
|
|
|
|
2023-01-21 14:44:23 +01:00
|
|
|
services.pipewire = {
|
|
|
|
enable = true;
|
|
|
|
alsa.enable = true;
|
|
|
|
alsa.support32Bit = true;
|
|
|
|
pulse.enable = true;
|
|
|
|
};
|
2023-03-04 21:22:42 +01:00
|
|
|
xdg.portal = {
|
|
|
|
enable = true;
|
|
|
|
extraPortals = [
|
2023-06-05 19:57:19 +02:00
|
|
|
pkgs.xdg-desktop-portal-wlr
|
2023-03-04 21:22:42 +01:00
|
|
|
];
|
|
|
|
};
|
2023-01-21 14:44:23 +01:00
|
|
|
|
2022-12-31 12:28:53 +01:00
|
|
|
programs.dconf.enable = true;
|
|
|
|
|
2022-12-27 18:21:33 +01:00
|
|
|
# control display backlight
|
2022-12-19 19:30:32 +01:00
|
|
|
programs.light.enable = true;
|
|
|
|
|
|
|
|
services = {
|
2023-11-07 19:56:10 +01:00
|
|
|
# homed.enable = true;
|
2022-12-27 18:21:33 +01:00
|
|
|
blueman.enable = true; # bluetooth
|
|
|
|
devmon.enable = true; # automount stuff
|
2023-11-07 19:56:10 +01:00
|
|
|
# printing = {
|
|
|
|
# enable = true;
|
|
|
|
# stateless = true;
|
|
|
|
# browsedConf = ''
|
|
|
|
# BrowsePoll tomate.local
|
|
|
|
# BrowsePoll cups.agdsn.network
|
|
|
|
# LocalQueueNamingRemoteCUPS RemoteName
|
|
|
|
# '';
|
|
|
|
# };
|
2023-04-06 11:00:53 +02:00
|
|
|
avahi = {
|
|
|
|
# autodiscover printers
|
2023-03-06 18:07:49 +01:00
|
|
|
enable = true;
|
|
|
|
nssmdns = true;
|
|
|
|
};
|
2022-12-19 19:30:32 +01:00
|
|
|
fprintd.enable = true; # log in using fingerprint
|
2023-03-04 19:56:45 +01:00
|
|
|
fwupd.enable = true; # firmware updates
|
2023-08-02 20:28:22 +02:00
|
|
|
zfs.autoScrub.enable = true;
|
2022-12-19 19:30:32 +01:00
|
|
|
};
|
2022-12-18 17:07:40 +01:00
|
|
|
|
2022-12-27 18:21:33 +01:00
|
|
|
programs.steam.enable = true; # putting steam in here cause in home manager it doesn't work
|
2022-12-18 17:07:40 +01:00
|
|
|
|
2023-02-14 21:50:36 +01:00
|
|
|
programs.ausweisapp = {
|
|
|
|
enable = true;
|
|
|
|
openFirewall = true;
|
|
|
|
};
|
|
|
|
|
2023-04-06 11:00:53 +02:00
|
|
|
systemd.sleep.extraConfig = ''
|
|
|
|
HibernateDelaySec=2h
|
|
|
|
'';
|
2023-02-28 20:48:06 +01:00
|
|
|
services.logind = {
|
2023-03-06 15:05:35 +01:00
|
|
|
lidSwitch = "suspend-then-hibernate";
|
|
|
|
lidSwitchDocked = "suspend-then-hibernate";
|
|
|
|
lidSwitchExternalPower = "suspend";
|
|
|
|
extraConfig = ''
|
|
|
|
HandlePowerKey = ignore
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
services.tlp = {
|
|
|
|
enable = true;
|
|
|
|
settings = {
|
|
|
|
START_CHARGE_THRESH_BAT0 = 70;
|
2023-04-24 15:15:01 +02:00
|
|
|
STOP_CHARGE_THRESH_BAT0 = 90;
|
2023-03-06 15:05:35 +01:00
|
|
|
};
|
2023-02-28 20:48:06 +01:00
|
|
|
};
|
2023-01-10 11:31:33 +01:00
|
|
|
|
2023-09-06 13:35:16 +02:00
|
|
|
security.tpm2 = {
|
|
|
|
enable = true;
|
|
|
|
pkcs11.enable = true;
|
|
|
|
abrmd.enable = true;
|
|
|
|
tctiEnvironment.enable = true;
|
|
|
|
};
|
2023-08-12 18:34:29 +02:00
|
|
|
|
2023-05-26 14:50:29 +02:00
|
|
|
hardware.opengl.extraPackages = with pkgs; [
|
|
|
|
intel-compute-runtime
|
|
|
|
intel-media-driver
|
|
|
|
];
|
|
|
|
|
2022-12-29 20:48:40 +01:00
|
|
|
environment.systemPackages = with pkgs; [
|
2023-05-21 13:50:49 +02:00
|
|
|
# hardware utilities
|
|
|
|
nvme-cli
|
|
|
|
intel-gpu-tools
|
2023-08-12 18:34:29 +02:00
|
|
|
tpm2-tools
|
2023-05-21 13:50:49 +02:00
|
|
|
|
|
|
|
# system essentials
|
2022-12-29 20:48:40 +01:00
|
|
|
wget
|
2023-01-28 22:28:56 +01:00
|
|
|
htop-vim
|
2022-12-29 20:48:40 +01:00
|
|
|
dig
|
|
|
|
traceroute
|
2023-05-28 13:15:29 +02:00
|
|
|
whois
|
|
|
|
inetutils
|
|
|
|
lsof
|
2022-12-29 20:48:40 +01:00
|
|
|
killall
|
2023-01-27 00:24:24 +01:00
|
|
|
zip
|
|
|
|
unzip
|
2023-07-03 10:19:14 +02:00
|
|
|
pciutils
|
2023-07-12 22:40:38 +02:00
|
|
|
lm_sensors
|
2023-05-31 13:23:49 +02:00
|
|
|
sbctl
|
2023-10-13 00:28:39 +02:00
|
|
|
man-pages
|
2023-11-07 19:56:10 +01:00
|
|
|
openssl
|
|
|
|
cups
|
|
|
|
agenix.packages.x86_64-linux.default
|
2022-12-29 20:48:40 +01:00
|
|
|
];
|
2023-11-10 11:58:46 +01:00
|
|
|
|
|
|
|
services.mysql = {
|
|
|
|
enable = true;
|
|
|
|
package = pkgs.mariadb;
|
|
|
|
ensureUsers = [
|
|
|
|
{
|
|
|
|
name = "user1";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
2023-04-03 12:57:31 +02:00
|
|
|
programs.java.enable = true;
|
2023-11-07 19:56:10 +01:00
|
|
|
programs.wireshark = {
|
|
|
|
enable = true;
|
|
|
|
package = pkgs.wireshark-qt;
|
|
|
|
};
|
|
|
|
security.wrappers.etherape = {
|
|
|
|
source = "${pkgs.etherape}/bin/etherape";
|
|
|
|
capabilities = "cap_net_raw,cap_net_admin+eip";
|
|
|
|
owner = "root";
|
|
|
|
group = "wireshark"; # too lazy to create a new one
|
|
|
|
permissions = "u+rx,g+x";
|
|
|
|
};
|
|
|
|
|
2023-10-13 00:28:39 +02:00
|
|
|
documentation.dev.enable = true;
|
|
|
|
|
2022-12-29 20:48:40 +01:00
|
|
|
|
2022-12-27 18:21:33 +01:00
|
|
|
system.stateVersion = "22.11";
|
2022-12-18 17:01:34 +01:00
|
|
|
}
|