nixos-config/hosts/thinkpad/default.nix

242 lines
5.3 KiB
Nix
Raw Normal View History

2023-05-20 16:21:20 +02:00
{ config, pkgs, lib, ... }:
2022-12-18 17:01:34 +01:00
{
2022-12-29 20:48:40 +01:00
2022-12-18 17:07:40 +01:00
imports =
[
./hardware-configuration.nix
2023-07-30 19:41:51 +02:00
./modules/backup
./modules/networks
2023-04-06 11:00:53 +02:00
./modules/greetd
2023-07-03 10:19:14 +02:00
./modules/virtualisation
2022-12-18 17:07:40 +01:00
];
# Use the systemd-boot EFI boot loader.
# boot.initrd.systemd.additionalUpstreamUnits = [ "systemd-vconsole-setup.service" ];
2023-01-28 14:53:23 +01:00
boot = {
2023-05-31 13:23:49 +02:00
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
loader.systemd-boot.enable = lib.mkForce false;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
configurationLimit = 10;
};
2023-07-15 11:54:30 +02:00
extraModulePackages = [
config.boot.kernelPackages.v4l2loopback.out
];
loader.systemd-boot.editor = false;
2023-01-28 14:53:23 +01:00
loader.efi.canTouchEfiVariables = true;
2023-08-02 18:04:26 +02:00
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
2023-04-16 13:43:30 +02:00
tmp.useTmpfs = true;
2023-01-28 14:53:23 +01:00
};
2022-12-18 17:07:40 +01:00
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
substituters = [
2023-06-22 14:34:05 +02:00
"ssh://nuc.lan"
];
trusted-public-keys = [
2023-06-12 20:11:19 +02:00
"nuc.lan:a9UkVw3AizAKCER1CfNGhx8UOMF4t4UGE3GJ9dmHwJc="
];
};
2023-07-20 21:35:12 +02:00
# distributedBuilds = true;
# extraOptions = ''
# builders-use-substitutes = true
# '';
2023-09-19 13:47:08 +02:00
# buildMachines = [
# {
# hostName = "nuc.lan";
# system = "x86_64-linux";
# protocol = "ssh-ng";
# maxJobs = 2;
# speedFactor = 1;
# supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
# mandatoryFeatures = [ ];
# }
# {
# hostName = "quitte.ifsr.de";
# system = "x86_64-linux";
# protocol = "ssh-ng";
# maxJobs = 12;
# sshUser = "rouven.seifert";
# speedFactor = 10;
# supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
# mandatoryFeatures = [ ];
# }
# ];
2023-03-16 21:46:12 +01:00
};
environment.persistence."/nix/persist/system" = {
directories = [
"/etc/nixos" # bind mounted from /nix/persist/system/etc/nixos to /etc/nixos
"/etc/ssh"
"/etc/secureboot"
"/root/.ssh"
2023-08-06 22:24:01 +02:00
"/root/.borgmatic"
"/root/.local/share/zsh"
];
files = [
"/etc/machine-id"
];
};
2023-05-20 16:21:20 +02:00
# impermanence fixes
sops.age.sshKeyPaths = lib.mkForce [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ];
2023-05-20 16:21:20 +02:00
sops.gnupg.sshKeyPaths = lib.mkForce [ ];
2022-12-18 17:07:40 +01:00
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
console = {
2023-01-20 12:23:05 +01:00
keyMap = "dvorak";
# font = "Lat2-Terminus16";
# earlySetup = true;
2023-04-03 12:57:31 +02:00
colors = let colors = config.home-manager.users.rouven.colorScheme.colors; in
2023-02-12 14:56:42 +01:00
[
colors.base00
colors.base08
colors.base0A
colors.base0B
colors.base0D
colors.base0E
colors.base0C
colors.base05
colors.base03
colors.base08
colors.base0A
colors.base0B
colors.base0D
colors.base0E
colors.base0C
colors.base07
];
2022-12-18 17:07:40 +01:00
};
2023-07-27 23:25:08 +02:00
fonts.packages = with pkgs; [
2023-02-25 16:30:02 +01:00
nerdfonts
2023-01-20 22:12:45 +01:00
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
dejavu_fonts
];
2022-12-18 17:07:40 +01:00
# Enable sound.
sound.enable = true;
2023-01-21 14:44:23 +01:00
#hardware.pulseaudio.enable = true;
2022-12-18 17:07:40 +01:00
hardware.bluetooth.enable = true;
2023-06-03 21:42:12 +02:00
security = {
polkit.enable = true;
};
2023-06-02 22:21:36 +02:00
2023-01-21 14:44:23 +01:00
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
2023-03-04 21:22:42 +01:00
xdg.portal = {
enable = true;
extraPortals = [
2023-06-05 19:57:19 +02:00
pkgs.xdg-desktop-portal-wlr
2023-03-04 21:22:42 +01:00
];
};
2023-01-21 14:44:23 +01:00
2022-12-31 12:28:53 +01:00
programs.dconf.enable = true;
2022-12-27 18:21:33 +01:00
# control display backlight
2022-12-19 19:30:32 +01:00
programs.light.enable = true;
services = {
2023-05-31 17:35:28 +02:00
homed.enable = true;
2022-12-27 18:21:33 +01:00
blueman.enable = true; # bluetooth
devmon.enable = true; # automount stuff
2023-03-06 18:07:49 +01:00
printing = {
enable = true;
};
2023-04-06 11:00:53 +02:00
avahi = {
# autodiscover printers
2023-03-06 18:07:49 +01:00
enable = true;
nssmdns = true;
};
2022-12-19 19:30:32 +01:00
fprintd.enable = true; # log in using fingerprint
2023-03-04 19:56:45 +01:00
fwupd.enable = true; # firmware updates
zfs.autoScrub.enable = true;
2022-12-19 19:30:32 +01:00
};
2022-12-18 17:07:40 +01:00
2022-12-27 18:21:33 +01:00
programs.steam.enable = true; # putting steam in here cause in home manager it doesn't work
2022-12-18 17:07:40 +01:00
2023-02-14 21:50:36 +01:00
programs.ausweisapp = {
enable = true;
openFirewall = true;
};
2023-04-06 11:00:53 +02:00
systemd.sleep.extraConfig = ''
HibernateDelaySec=2h
'';
2023-02-28 20:48:06 +01:00
services.logind = {
2023-03-06 15:05:35 +01:00
lidSwitch = "suspend-then-hibernate";
lidSwitchDocked = "suspend-then-hibernate";
lidSwitchExternalPower = "suspend";
extraConfig = ''
HandlePowerKey = ignore
'';
};
services.tlp = {
enable = true;
settings = {
START_CHARGE_THRESH_BAT0 = 70;
2023-04-24 15:15:01 +02:00
STOP_CHARGE_THRESH_BAT0 = 90;
2023-03-06 15:05:35 +01:00
};
2023-02-28 20:48:06 +01:00
};
2023-01-10 11:31:33 +01:00
2023-09-06 13:35:16 +02:00
security.tpm2 = {
enable = true;
pkcs11.enable = true;
abrmd.enable = true;
tctiEnvironment.enable = true;
};
2023-05-26 14:50:29 +02:00
hardware.opengl.extraPackages = with pkgs; [
intel-compute-runtime
intel-media-driver
];
2022-12-29 20:48:40 +01:00
environment.systemPackages = with pkgs; [
2023-05-21 13:50:49 +02:00
# hardware utilities
nvme-cli
intel-gpu-tools
tpm2-tools
2023-05-21 13:50:49 +02:00
# system essentials
2022-12-29 20:48:40 +01:00
wget
2023-01-28 22:28:56 +01:00
htop-vim
2022-12-29 20:48:40 +01:00
dig
traceroute
2023-05-28 13:15:29 +02:00
whois
inetutils
lsof
2022-12-29 20:48:40 +01:00
killall
2023-01-27 00:24:24 +01:00
zip
unzip
2023-07-03 10:19:14 +02:00
pciutils
2023-07-12 22:40:38 +02:00
lm_sensors
2023-05-23 20:51:02 +02:00
2023-05-31 13:23:49 +02:00
sbctl
2023-06-12 12:58:21 +02:00
deploy-rs
man-pages
man-pages-posix
2022-12-29 20:48:40 +01:00
];
2023-04-03 12:57:31 +02:00
programs.java.enable = true;
documentation.dev.enable = true;
2022-12-29 20:48:40 +01:00
2022-12-27 18:21:33 +01:00
system.stateVersion = "22.11";
2022-12-18 17:01:34 +01:00
}