2024-03-28 22:09:19 +01:00
|
|
|
{ pkgs, ... }:
|
2022-12-18 17:01:34 +01:00
|
|
|
{
|
2022-12-29 20:48:40 +01:00
|
|
|
|
2022-12-18 17:07:40 +01:00
|
|
|
imports =
|
|
|
|
|
[
|
|
|
|
|
./hardware-configuration.nix
|
2023-11-07 19:56:10 +01:00
|
|
|
./modules/backup
|
2023-11-24 09:57:15 +01:00
|
|
|
./modules/graphics
|
2023-04-06 11:00:53 +02:00
|
|
|
./modules/greetd
|
2023-11-24 09:57:15 +01:00
|
|
|
./modules/networks
|
2023-12-01 15:07:47 +01:00
|
|
|
./modules/printing
|
2023-11-24 09:57:15 +01:00
|
|
|
./modules/security
|
|
|
|
|
./modules/sound
|
2023-07-03 10:19:14 +02:00
|
|
|
./modules/virtualisation
|
2022-12-18 17:07:40 +01:00
|
|
|
];
|
|
|
|
|
|
2024-01-04 00:13:46 +01:00
|
|
|
nix.settings.system-features = [ "gccarch-tigerlake" ];
|
2024-01-29 23:50:34 +01:00
|
|
|
systemd.additionalUpstreamSystemUnits = [
|
|
|
|
|
"soft-reboot.target"
|
|
|
|
|
"systemd-soft-reboot.service"
|
|
|
|
|
];
|
2022-12-18 17:07:40 +01:00
|
|
|
# Use the systemd-boot EFI boot loader.
|
2023-01-28 14:53:23 +01:00
|
|
|
boot = {
|
2023-12-01 15:07:47 +01:00
|
|
|
kernelModules = [ "v4l2loopback" ];
|
2024-03-22 17:24:57 +01:00
|
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
2024-03-23 00:31:32 +01:00
|
|
|
# extraModulePackages = [
|
|
|
|
|
# config.boot.kernelPackages.v4l2loopback
|
|
|
|
|
# ];
|
|
|
|
|
# extraModprobeConfig = ''
|
|
|
|
|
# options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
|
|
|
|
|
# '';
|
2023-04-16 13:43:30 +02:00
|
|
|
tmp.useTmpfs = true;
|
2023-01-28 14:53:23 +01:00
|
|
|
};
|
2022-12-18 17:07:40 +01:00
|
|
|
|
2023-08-02 20:28:22 +02:00
|
|
|
environment.persistence."/nix/persist/system" = {
|
|
|
|
|
directories = [
|
|
|
|
|
"/etc/nixos" # bind mounted from /nix/persist/system/etc/nixos to /etc/nixos
|
|
|
|
|
"/etc/ssh"
|
|
|
|
|
"/etc/secureboot"
|
|
|
|
|
"/root/.ssh"
|
2023-08-06 22:24:01 +02:00
|
|
|
"/root/.borgmatic"
|
2023-08-03 13:30:40 +02:00
|
|
|
"/root/.local/share/zsh"
|
2023-08-02 20:28:22 +02:00
|
|
|
];
|
|
|
|
|
files = [
|
|
|
|
|
"/etc/machine-id"
|
2025-01-28 21:12:11 +01:00
|
|
|
# fix for systemd v257 panicking when /usr is empty
|
|
|
|
|
"/usr/dummy"
|
2023-08-02 20:28:22 +02:00
|
|
|
];
|
|
|
|
|
};
|
2023-05-20 16:21:20 +02:00
|
|
|
|
2022-12-18 17:07:40 +01:00
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
2024-12-31 16:02:29 +01:00
|
|
|
programs.direnv = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
2023-01-21 14:44:23 +01:00
|
|
|
|
2023-11-24 09:57:15 +01:00
|
|
|
console.keyMap = "dvorak";
|
2022-12-31 12:28:53 +01:00
|
|
|
|
2022-12-19 19:30:32 +01:00
|
|
|
|
2024-09-26 17:48:59 +02:00
|
|
|
# services.openldap = {
|
|
|
|
|
# enable = true;
|
|
|
|
|
# urlList = [ "ldap:///" ];
|
|
|
|
|
# settings = {
|
|
|
|
|
# attrs = {
|
|
|
|
|
# olcLogLevel = "conns config";
|
|
|
|
|
# };
|
|
|
|
|
# children = {
|
|
|
|
|
# "cn=schema".includes = [
|
|
|
|
|
# "${pkgs.openldap}/etc/schema/core.ldif"
|
|
|
|
|
# # attributetype ( 9999.1.1 NAME 'isMemberOf'
|
|
|
|
|
# # DESC 'back-reference to groups this user is a member of'
|
|
|
|
|
# # SUP distinguishedName )
|
|
|
|
|
# "${pkgs.openldap}/etc/schema/cosine.ldif"
|
|
|
|
|
# "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
|
|
|
|
|
# "${pkgs.openldap}/etc/schema/nis.ldif"
|
2025-01-28 21:12:11 +01:00
|
|
|
# # "${pkgs.writeText "openssh.ldif" ''
|
|
|
|
|
# # dn: cn={4}openssh
|
|
|
|
|
# # objectClass: olcSchemaConfig
|
|
|
|
|
# # cn: {4}openssh
|
2024-09-26 17:48:59 +02:00
|
|
|
# # attributetype ( 9999.1.2 NAME 'sshPublicKey'
|
|
|
|
|
# # DESC 'SSH public key used by this user'
|
|
|
|
|
# # SUP name )
|
|
|
|
|
# # ''}"
|
2025-01-28 21:12:11 +01:00
|
|
|
# "${pkgs.writeText "openssh.ldif" ''
|
|
|
|
|
# dn: cn=openssh,cn=schema,cn=config
|
|
|
|
|
# objectClass: olcSchemaConfig
|
|
|
|
|
# cn: openssh
|
|
|
|
|
# olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
|
|
|
|
|
# DESC 'MANDATORY: OpenSSH Public key'
|
|
|
|
|
# EQUALITY octetStringMatch
|
|
|
|
|
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
|
|
|
|
|
# ''}"
|
2024-09-26 17:48:59 +02:00
|
|
|
# ];
|
|
|
|
|
|
|
|
|
|
# "olcDatabase={1}mdb".attrs = {
|
|
|
|
|
# objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
|
|
|
|
|
|
|
|
|
|
# olcDatabase = "{1}mdb";
|
|
|
|
|
# olcDbDirectory = "/var/lib/openldap/data";
|
|
|
|
|
|
|
|
|
|
# olcSuffix = "dc=ifsr,dc=de";
|
|
|
|
|
|
|
|
|
|
# /* your admin account, do not use writeText on a production system */
|
|
|
|
|
# olcRootDN = "cn=portunus,dc=ifsr,dc=de";
|
2025-01-28 21:12:11 +01:00
|
|
|
# olcRootPW = "test";
|
2024-09-26 17:48:59 +02:00
|
|
|
|
|
|
|
|
# olcAccess = [
|
|
|
|
|
# /* custom access rules for userPassword attributes */
|
|
|
|
|
# ''{0}to attrs=userPassword
|
|
|
|
|
# by self write
|
|
|
|
|
# by anonymous auth
|
|
|
|
|
# by * none''
|
|
|
|
|
|
|
|
|
|
# /* allow read on anything else */
|
|
|
|
|
# ''{1}to *
|
|
|
|
|
# by * read''
|
|
|
|
|
# ];
|
|
|
|
|
# };
|
2025-01-28 21:12:11 +01:00
|
|
|
|
|
|
|
|
# "olcOverlay={3}memberof,olcDatabase={1}mdb".attrs = {
|
|
|
|
|
# objectClass = [ "olcConfig" "olcOverlayConfig" "olcMemberOf" "top" ];
|
|
|
|
|
# olcOverlay = "{3}memberof";
|
|
|
|
|
# olcMemberOfRefInt = "TRUE";
|
|
|
|
|
# olcMemberOfDangling = "ignore";
|
|
|
|
|
# olcMemberOfGroupOC = "groupOfNames";
|
|
|
|
|
# olcMemberOfMemberAD = "member";
|
|
|
|
|
# olcMemberOfMemberOfAD = "memberOf";
|
|
|
|
|
# };
|
|
|
|
|
|
|
|
|
|
# "olcOverlay={4}refint,olcDatabase={1}mdb".attrs = {
|
|
|
|
|
# objectClass = [ "olcOverlayConfig" "olcRefintConfig" "top" ];
|
|
|
|
|
# olcOverlay = "{4}refint";
|
|
|
|
|
# olcRefintAttribute = "memberof member manager owner";
|
|
|
|
|
# };
|
|
|
|
|
|
|
|
|
|
|
2024-09-26 17:48:59 +02:00
|
|
|
# };
|
|
|
|
|
# };
|
|
|
|
|
# };
|
2024-07-31 14:16:33 +02:00
|
|
|
|
|
|
|
|
|
2022-12-19 19:30:32 +01:00
|
|
|
services = {
|
2024-08-22 11:39:42 +02:00
|
|
|
envfs.enable = true; #usr/bin fixes
|
2022-12-27 18:21:33 +01:00
|
|
|
blueman.enable = true; # bluetooth
|
|
|
|
|
devmon.enable = true; # automount stuff
|
2023-12-29 19:40:10 +01:00
|
|
|
upower.enable = true;
|
2023-03-04 19:56:45 +01:00
|
|
|
fwupd.enable = true; # firmware updates
|
2025-01-22 13:36:08 +01:00
|
|
|
avahi.enable = true;
|
2024-03-22 17:24:57 +01:00
|
|
|
btrfs.autoScrub.enable = true;
|
2024-05-13 12:00:21 +02:00
|
|
|
mullvad-vpn = {
|
|
|
|
|
enable = true;
|
|
|
|
|
enableExcludeWrapper = false;
|
|
|
|
|
};
|
2022-12-19 19:30:32 +01:00
|
|
|
};
|
2024-01-22 01:07:30 +01:00
|
|
|
hardware.bluetooth = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings = {
|
|
|
|
|
General = {
|
|
|
|
|
Experimental = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-02-14 21:50:36 +01:00
|
|
|
|
2023-02-28 20:48:06 +01:00
|
|
|
services.logind = {
|
2023-03-06 15:05:35 +01:00
|
|
|
lidSwitch = "suspend-then-hibernate";
|
2023-12-12 17:43:16 +01:00
|
|
|
lidSwitchDocked = "suspend";
|
2023-03-06 15:05:35 +01:00
|
|
|
lidSwitchExternalPower = "suspend";
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
HandlePowerKey = ignore
|
|
|
|
|
'';
|
|
|
|
|
};
|
2023-11-24 09:57:15 +01:00
|
|
|
|
2023-03-06 15:05:35 +01:00
|
|
|
services.tlp = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings = {
|
|
|
|
|
START_CHARGE_THRESH_BAT0 = 70;
|
2023-04-24 15:15:01 +02:00
|
|
|
STOP_CHARGE_THRESH_BAT0 = 90;
|
2023-12-29 19:40:10 +01:00
|
|
|
RESTORE_DEVICE_STATE_ON_STARTUP = 1;
|
2023-03-06 15:05:35 +01:00
|
|
|
};
|
2023-02-28 20:48:06 +01:00
|
|
|
};
|
2023-01-10 11:31:33 +01:00
|
|
|
|
2024-01-27 23:03:53 +01:00
|
|
|
documentation = {
|
|
|
|
|
dev.enable = true;
|
|
|
|
|
};
|
2024-03-13 16:22:01 +01:00
|
|
|
environment.systemPackages = [ pkgs.man-pages ];
|
2022-12-27 18:21:33 +01:00
|
|
|
system.stateVersion = "22.11";
|
2022-12-18 17:01:34 +01:00
|
|
|
}
|
