2022-11-19 21:38:55 +01:00
|
|
|
#
|
|
|
|
|
# Main system configuration. More information available in configuration.nix(5) man page.
|
|
|
|
|
#
|
|
|
|
|
# flake.nix
|
|
|
|
|
# ├─ ./hosts
|
|
|
|
|
# │ └─ configuration.nix *
|
|
|
|
|
# └─ ./modules
|
|
|
|
|
# └─ ./editors
|
|
|
|
|
# └─ ./nvim
|
|
|
|
|
# └─ default.nix
|
|
|
|
|
#
|
|
|
|
|
|
2022-12-18 13:15:40 +01:00
|
|
|
{ config, lib, pkgs, inputs, user, location, agenix, ... }:
|
2022-11-19 21:38:55 +01:00
|
|
|
|
|
|
|
|
{
|
|
|
|
|
imports = # Import window or display manager.
|
|
|
|
|
[
|
|
|
|
|
#../modules/editors/nvim # ! Comment this out on first install !
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
users.users.${user} = { # System User
|
|
|
|
|
isNormalUser = true;
|
2023-05-19 10:03:23 +02:00
|
|
|
extraGroups = [ "wheel" "video" "audio" "camera" "networkmanager" "lp" "kvm" "libvirtd" "adb" "dialout" "tss" ];
|
2022-11-19 21:38:55 +01:00
|
|
|
shell = pkgs.zsh; # Default shell
|
|
|
|
|
uid = 2000;
|
|
|
|
|
# initialPassword = "password95";
|
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
|
|
|
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
|
|
|
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
|
|
|
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
time.timeZone = "Europe/Berlin"; # Time zone and internationalisation
|
|
|
|
|
i18n = {
|
|
|
|
|
defaultLocale = "en_US.UTF-8";
|
|
|
|
|
extraLocaleSettings = { # Extra locale settings that need to be overwritten
|
|
|
|
|
LC_TIME = "de_DE.UTF-8";
|
|
|
|
|
LC_MONETARY = "de_DE.UTF-8";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
console = {
|
|
|
|
|
font = "Lat2-Terminus16";
|
|
|
|
|
keyMap = "us"; # or us/azerty/etc
|
|
|
|
|
};
|
|
|
|
|
|
2023-05-19 10:03:23 +02:00
|
|
|
security = {
|
|
|
|
|
rtkit.enable = true;
|
|
|
|
|
pki.certificateFiles = [
|
2022-11-19 21:38:55 +01:00
|
|
|
./rootCA.pem
|
2023-05-19 10:03:23 +02:00
|
|
|
];
|
2023-07-23 20:12:02 +02:00
|
|
|
#tpm2 = {
|
|
|
|
|
# enable = true;
|
|
|
|
|
# pkcs11.enable = true;
|
|
|
|
|
# tctiEnvironment.enable = true;
|
|
|
|
|
# };
|
2023-05-19 10:03:23 +02:00
|
|
|
};
|
2022-11-19 21:38:55 +01:00
|
|
|
|
|
|
|
|
sound = { # ALSA sound enable
|
2023-07-27 21:26:41 +02:00
|
|
|
#enable = true;
|
2022-11-19 21:38:55 +01:00
|
|
|
mediaKeys = { # Keyboard Media Keys (for minimal desktop) enable = true;
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fonts.fonts = with pkgs; [ # Fonts
|
|
|
|
|
carlito # NixOS
|
|
|
|
|
vegur # NixOS
|
|
|
|
|
source-code-pro
|
|
|
|
|
jetbrains-mono
|
|
|
|
|
font-awesome # Icons
|
|
|
|
|
hack-font
|
|
|
|
|
corefonts # MS
|
|
|
|
|
(nerdfonts.override { # Nerdfont Icons override
|
|
|
|
|
fonts = [
|
|
|
|
|
"FiraCode"
|
|
|
|
|
];
|
|
|
|
|
})
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
environment = {
|
|
|
|
|
variables = {
|
|
|
|
|
TERMINAL = "alacritty";
|
|
|
|
|
EDITOR = "nvim";
|
|
|
|
|
VISUAL = "nvim";
|
|
|
|
|
BROWSER = "firefox";
|
|
|
|
|
};
|
|
|
|
|
systemPackages = with pkgs; [ # Default packages install system-wide
|
|
|
|
|
vim
|
|
|
|
|
git
|
|
|
|
|
killall
|
|
|
|
|
pciutils
|
|
|
|
|
usbutils
|
|
|
|
|
wget
|
|
|
|
|
powertop
|
|
|
|
|
cpufrequtils
|
|
|
|
|
lm_sensors
|
|
|
|
|
libva-utils
|
|
|
|
|
at-spi2-core
|
2022-11-26 20:31:45 +01:00
|
|
|
bind
|
|
|
|
|
dig
|
2022-12-06 22:24:15 +01:00
|
|
|
qmk-udev-rules
|
2022-12-17 20:08:38 +01:00
|
|
|
gptfdisk
|
2023-02-04 08:50:56 +01:00
|
|
|
agenix.packages.x86_64-linux.default
|
2022-12-21 21:50:20 +01:00
|
|
|
age-plugin-yubikey
|
2022-12-27 20:30:10 +01:00
|
|
|
pwgen
|
2023-01-08 12:19:10 +01:00
|
|
|
cryptsetup
|
2023-05-08 21:23:57 +02:00
|
|
|
powerline
|
|
|
|
|
powerline-fonts
|
|
|
|
|
powerline-symbols
|
|
|
|
|
tree
|
2023-07-07 10:57:02 +02:00
|
|
|
direnv
|
2022-11-19 21:38:55 +01:00
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services = {
|
|
|
|
|
pipewire = { # Sound
|
|
|
|
|
enable = true;
|
2022-11-27 10:37:40 +01:00
|
|
|
alsa = {
|
|
|
|
|
enable = true;
|
2022-11-19 21:38:55 +01:00
|
|
|
# support32Bit = true;
|
2022-11-27 10:37:40 +01:00
|
|
|
};
|
2022-11-19 21:38:55 +01:00
|
|
|
pulse.enable = true;
|
|
|
|
|
wireplumber.enable = true;
|
|
|
|
|
};
|
|
|
|
|
openssh = { # SSH: secure shell (remote connection to shell of server)
|
|
|
|
|
enable = true; # local: $ ssh <user>@<ip>
|
|
|
|
|
# public:
|
|
|
|
|
# - port forward 22 TCP to server
|
|
|
|
|
# - in case you want to use the domain name insted of the ip:
|
|
|
|
|
# - for me, via cloudflare, create an A record with name "ssh" to the correct ip without proxy
|
|
|
|
|
# - connect via ssh <user>@<ip or ssh.domain>
|
|
|
|
|
# generating a key:
|
|
|
|
|
# - $ ssh-keygen | ssh-copy-id <ip/domain> | ssh-add
|
|
|
|
|
# - if ssh-add does not work: $ eval `ssh-agent -s`
|
|
|
|
|
# allowSFTP = true; # SFTP: secure file transfer protocol (send file to server)
|
|
|
|
|
# connect: $ sftp <user>@<ip/domain>
|
|
|
|
|
# commands:
|
|
|
|
|
# - lpwd & pwd = print (local) parent working directory
|
|
|
|
|
# - put/get <filename> = send or receive file
|
|
|
|
|
# extraConfig = ''
|
|
|
|
|
# HostKeyAlgorithms +ssh-rsa
|
|
|
|
|
# ''; # Temporary extra config so ssh will work in guacamole
|
2023-06-03 11:28:10 +02:00
|
|
|
settings.PasswordAuthentication = false;
|
2022-11-19 21:38:55 +01:00
|
|
|
};
|
2022-12-23 15:49:51 +01:00
|
|
|
pcscd.enable = true;
|
|
|
|
|
yubikey-agent.enable = true;
|
2022-11-19 21:38:55 +01:00
|
|
|
udev.packages = [ pkgs.yubikey-personalization ];
|
|
|
|
|
#flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
|
|
|
|
|
# sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
|
|
|
|
|
# List:
|
|
|
|
|
# com.obsproject.Studio
|
|
|
|
|
# com.parsecgaming.parsec
|
|
|
|
|
# com.usebottles.bottles
|
2022-11-26 20:31:45 +01:00
|
|
|
gvfs.enable = true;
|
2023-04-19 12:58:37 +02:00
|
|
|
fwupd.enable = true;
|
2022-11-19 21:38:55 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#xdg.portal = { # Required for flatpak
|
|
|
|
|
# enable = true;
|
|
|
|
|
# extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
|
|
|
|
|
#};
|
|
|
|
|
|
|
|
|
|
nix = { # Nix Package Manager settings
|
|
|
|
|
settings ={
|
|
|
|
|
auto-optimise-store = true; # Optimise syslinks
|
|
|
|
|
};
|
|
|
|
|
gc = { # Automatic garbage collection
|
|
|
|
|
automatic = true;
|
|
|
|
|
dates = "weekly";
|
|
|
|
|
options = "--delete-older-than 7d";
|
|
|
|
|
};
|
|
|
|
|
package = pkgs.nixVersions.stable; # Enable nixFlakes on system
|
|
|
|
|
registry.nixpkgs.flake = inputs.nixpkgs;
|
|
|
|
|
extraOptions = ''
|
|
|
|
|
experimental-features = nix-command flakes
|
|
|
|
|
keep-outputs = true
|
|
|
|
|
keep-derivations = true
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
nixpkgs.config.allowUnfree = true; # Allow proprietary software.
|
|
|
|
|
nixpkgs.config.packageOverrides = pkgs: {
|
|
|
|
|
nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
|
|
|
|
|
inherit pkgs;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
system = { # NixOS settings
|
|
|
|
|
# autoUpgrade = { # Allow auto update
|
|
|
|
|
# enable = true;
|
|
|
|
|
# channel = "https://nixos.org/channels/nixos-unstable";
|
|
|
|
|
# };
|
|
|
|
|
stateVersion = "22.05";
|
|
|
|
|
};
|
|
|
|
|
}
|
