2023-01-21 17:30:50 +01:00
|
|
|
|
{
|
|
|
|
|
|
config,
|
|
|
|
|
|
pkgs,
|
|
|
|
|
|
...
|
2023-02-15 16:09:53 +01:00
|
|
|
|
}: let
|
|
|
|
|
|
shell = pkgs.zsh;
|
|
|
|
|
|
in {
|
2023-01-21 17:30:50 +01:00
|
|
|
|
imports = [
|
|
|
|
|
|
# Include the results of the hardware scan.
|
|
|
|
|
|
./hardware-configuration.nix
|
|
|
|
|
|
#user home configuration
|
|
|
|
|
|
./users
|
2023-01-28 02:50:14 +01:00
|
|
|
|
#
|
|
|
|
|
|
./modules/pipewire.nix
|
|
|
|
|
|
./modules/rekey.nix
|
2023-02-10 17:41:37 +01:00
|
|
|
|
./modules/nvidia.nix
|
2023-02-12 17:50:44 +01:00
|
|
|
|
./modules/wireguard.nix
|
2023-02-14 01:33:38 +01:00
|
|
|
|
./modules/smb-mounts.nix
|
2023-02-27 03:56:37 +01:00
|
|
|
|
./modules/networking.nix
|
|
|
|
|
|
./modules/nix.nix
|
2023-03-12 05:55:04 +01:00
|
|
|
|
#./modules/xserver.nix
|
2023-01-21 17:30:50 +01:00
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
|
|
|
|
|
|
|
|
networking.hostName = "patricknix"; # Define your hostname.
|
|
|
|
|
|
networking.hostId = "68438432";
|
2023-01-28 02:50:14 +01:00
|
|
|
|
|
2023-01-21 17:30:50 +01:00
|
|
|
|
# Set your time zone.
|
2023-02-27 03:56:37 +01:00
|
|
|
|
time.timeZone = "Asia/Seoul";
|
2023-01-21 17:30:50 +01:00
|
|
|
|
|
|
|
|
|
|
# Select internationalisation properties.
|
|
|
|
|
|
i18n.defaultLocale = "C.UTF-8";
|
2023-03-12 05:55:04 +01:00
|
|
|
|
services.xserver = {
|
|
|
|
|
|
layout = "de";
|
|
|
|
|
|
xkbVariant = "bone";
|
|
|
|
|
|
};
|
2023-04-12 16:52:20 +02:00
|
|
|
|
programs.hyprland.enable = true;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
console = {
|
|
|
|
|
|
font = "ter-v28n";
|
|
|
|
|
|
packages = with pkgs; [terminus_font];
|
|
|
|
|
|
useXkbConfig = true; # use xkbOptions in tty.
|
|
|
|
|
|
};
|
2023-02-27 03:56:37 +01:00
|
|
|
|
# Identities with which all secrets are encrypted
|
|
|
|
|
|
rekey.masterIdentityPaths = [./secrets/NIXOSc.key ./secrets/NIXOSa.key];
|
2023-01-21 17:30:50 +01:00
|
|
|
|
|
2023-02-27 03:56:37 +01:00
|
|
|
|
rekey.pubKey = ./keys + "/${config.networking.hostName}.pub";
|
2023-01-21 17:30:50 +01:00
|
|
|
|
|
2023-02-15 16:09:53 +01:00
|
|
|
|
hardware.opengl.enable = true;
|
|
|
|
|
|
|
2023-01-21 17:30:50 +01:00
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
|
|
2023-03-30 10:15:07 +02:00
|
|
|
|
services.tlp.enable = true;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
|
2023-02-07 14:30:39 +01:00
|
|
|
|
# Disable mutable Users, any option can only be set by the nix config
|
|
|
|
|
|
users.mutableUsers = false;
|
|
|
|
|
|
|
|
|
|
|
|
rekey.secrets.patrick.file = ./secrets/patrick.passwd.age;
|
2023-03-09 05:13:08 +01:00
|
|
|
|
|
2023-03-11 10:03:55 +01:00
|
|
|
|
environment.etc.issue.text = ''
|
|
|
|
|
|
<<< Welcome to NixOS 23.05.20230304.3c5319a (\m) - \l >>>
|
|
|
|
|
|
'';
|
2023-03-09 05:13:08 +01:00
|
|
|
|
|
|
|
|
|
|
users.motd = "Guten Tach";
|
2023-01-21 17:30:50 +01:00
|
|
|
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
|
|
|
|
|
users.users.patrick = {
|
2023-02-15 16:09:53 +01:00
|
|
|
|
inherit shell;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
isNormalUser = true;
|
|
|
|
|
|
uid = 1000;
|
|
|
|
|
|
createHome = true;
|
2023-02-07 14:30:39 +01:00
|
|
|
|
extraGroups = ["wheel" "audio" "video" "input"];
|
2023-01-21 17:30:50 +01:00
|
|
|
|
group = "patrick";
|
2023-02-07 21:37:02 +01:00
|
|
|
|
passwordFile = config.rekey.secrets.patrick.path;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
};
|
|
|
|
|
|
users.groups.patrick.gid = 1000;
|
2023-03-08 08:02:39 +01:00
|
|
|
|
# Allow users in group video to edit backlight setting
|
|
|
|
|
|
services.udev.extraRules = ''
|
|
|
|
|
|
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video $sys$devpath/brightness", RUN+="${pkgs.coreutils}/bin/chmod g+w $sys$devpath/brightness"
|
|
|
|
|
|
'';
|
2023-01-21 17:30:50 +01:00
|
|
|
|
|
2023-02-07 14:30:39 +01:00
|
|
|
|
rekey.secrets.root.file = ./secrets/root.passwd.age;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
users.users.root = {
|
2023-02-15 16:09:53 +01:00
|
|
|
|
inherit shell;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM"
|
2023-01-22 14:17:51 +01:00
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxD4GOrwrBTG4/qQhm5hoSB2CP7W9g1LPWP11oLGOjQ"
|
2023-01-21 17:30:50 +01:00
|
|
|
|
];
|
2023-02-07 21:37:02 +01:00
|
|
|
|
passwordFile = config.rekey.secrets.root.path;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
security.sudo.enable = false;
|
|
|
|
|
|
|
2023-04-12 15:39:12 +02:00
|
|
|
|
documentation.dev.enable = true;
|
|
|
|
|
|
|
2023-01-21 17:30:50 +01:00
|
|
|
|
# List packages installed in system profile. To search, run:
|
|
|
|
|
|
# $ nix search wget
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
|
xterm
|
|
|
|
|
|
wget
|
|
|
|
|
|
gcc
|
2023-01-28 02:50:14 +01:00
|
|
|
|
tree
|
|
|
|
|
|
age-plugin-yubikey
|
|
|
|
|
|
rage
|
2023-02-07 21:37:02 +01:00
|
|
|
|
file
|
2023-03-11 10:03:55 +01:00
|
|
|
|
ripgrep
|
|
|
|
|
|
killall
|
|
|
|
|
|
fd
|
2023-04-12 15:39:12 +02:00
|
|
|
|
man-pages
|
|
|
|
|
|
man-pages-posix
|
2023-02-10 18:31:08 +01:00
|
|
|
|
# xournalpp needs this or else it will crash
|
|
|
|
|
|
gnome3.adwaita-icon-theme
|
2023-01-21 17:30:50 +01:00
|
|
|
|
];
|
2023-03-08 14:11:46 +01:00
|
|
|
|
# HM zsh needs this or else the startup order is fucked
|
|
|
|
|
|
# and env variables will be loaded incorrectly
|
2023-02-21 00:30:21 +01:00
|
|
|
|
programs.zsh.enable = true;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
|
2023-03-12 05:55:04 +01:00
|
|
|
|
services.physlock.enable = true;
|
|
|
|
|
|
|
2023-02-15 16:09:53 +01:00
|
|
|
|
programs.steam = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
package = pkgs.steam.override {
|
|
|
|
|
|
extraPkgs = pkgs:
|
|
|
|
|
|
with pkgs; [
|
2023-04-10 09:44:07 +02:00
|
|
|
|
# vampir überlebende braucht diese pkgs
|
2023-02-15 16:09:53 +01:00
|
|
|
|
libgdiplus
|
|
|
|
|
|
cups
|
|
|
|
|
|
];
|
|
|
|
|
|
};
|
|
|
|
|
|
};
|
2023-02-10 18:16:39 +01:00
|
|
|
|
|
2023-01-21 17:30:50 +01:00
|
|
|
|
# Enable the OpenSSH daemon.
|
|
|
|
|
|
services.openssh = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
settings = {
|
|
|
|
|
|
PasswordAuthentication = false;
|
|
|
|
|
|
KbdInteractiveAuthentication = false;
|
|
|
|
|
|
PermitRootLogin = "yes";
|
|
|
|
|
|
};
|
|
|
|
|
|
hostKeys = [
|
|
|
|
|
|
{
|
2023-01-28 02:50:14 +01:00
|
|
|
|
# never set this to an actual nix type path
|
|
|
|
|
|
# or else .....
|
|
|
|
|
|
# it will end up in the nix store
|
2023-01-21 17:30:50 +01:00
|
|
|
|
path = "/etc/ssh/ssh_host_ed25519_key";
|
|
|
|
|
|
type = "ed25519";
|
|
|
|
|
|
}
|
|
|
|
|
|
];
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
services.thermald.enable = true;
|
|
|
|
|
|
services.pcscd.enable = true;
|
|
|
|
|
|
services.fstrim.enable = true;
|
|
|
|
|
|
hardware.cpu.intel.updateMicrocode = true;
|
|
|
|
|
|
|
|
|
|
|
|
services.udev.packages = with pkgs; [yubikey-personalization libu2f-host];
|
|
|
|
|
|
|
|
|
|
|
|
environment.shellInit = ''
|
2023-03-08 14:11:46 +01:00
|
|
|
|
gpg-connect-agent /bye
|
|
|
|
|
|
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
|
2023-02-15 16:09:53 +01:00
|
|
|
|
umask 077
|
2023-01-21 17:30:50 +01:00
|
|
|
|
'';
|
2023-03-23 12:33:42 +01:00
|
|
|
|
# XDG base spec
|
2023-04-10 09:44:07 +02:00
|
|
|
|
environment.sessionVariables = rec {
|
2023-03-23 12:33:42 +01:00
|
|
|
|
XDG_CACHE_HOME = "\${HOME}/.cache";
|
|
|
|
|
|
XDG_CONFIG_HOME = "\${HOME}/.config";
|
|
|
|
|
|
XDG_STATE_HOME = "\${HOME}/.local/state";
|
|
|
|
|
|
XDG_DATA_HOME = "\${HOME}/.local/share";
|
|
|
|
|
|
# xdg ninja recommendations
|
2023-04-10 09:44:07 +02:00
|
|
|
|
CARGO_HOME = "${XDG_DATA_HOME}/cargo";
|
|
|
|
|
|
CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
|
|
|
|
|
|
RUSTUP_HOME = "${XDG_DATA_HOME}/rustup";
|
|
|
|
|
|
WINEPREFIX = "${XDG_DATA_HOME}/wine";
|
2023-03-23 12:33:42 +01:00
|
|
|
|
};
|
2023-01-21 17:30:50 +01:00
|
|
|
|
}
|
