2023-01-21 17:30:50 +01:00
|
|
|
|
{
|
|
|
|
|
|
config,
|
|
|
|
|
|
pkgs,
|
2023-01-28 02:50:14 +01:00
|
|
|
|
lib,
|
2023-01-21 17:30:50 +01:00
|
|
|
|
...
|
2023-02-15 16:09:53 +01:00
|
|
|
|
}: let
|
|
|
|
|
|
shell = pkgs.zsh;
|
|
|
|
|
|
in {
|
2023-01-21 17:30:50 +01:00
|
|
|
|
imports = [
|
|
|
|
|
|
# Include the results of the hardware scan.
|
|
|
|
|
|
./hardware-configuration.nix
|
|
|
|
|
|
#user home configuration
|
|
|
|
|
|
./users
|
2023-01-28 02:50:14 +01:00
|
|
|
|
#
|
|
|
|
|
|
./modules/pipewire.nix
|
|
|
|
|
|
./modules/rekey.nix
|
2023-02-10 17:41:37 +01:00
|
|
|
|
./modules/nvidia.nix
|
2023-02-12 17:50:44 +01:00
|
|
|
|
./modules/wireguard.nix
|
2023-02-14 01:33:38 +01:00
|
|
|
|
./modules/smb-mounts.nix
|
2023-02-27 03:56:37 +01:00
|
|
|
|
./modules/networking.nix
|
|
|
|
|
|
./modules/nix.nix
|
|
|
|
|
|
./modules/xserver.nix
|
2023-01-21 17:30:50 +01:00
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
|
|
|
|
|
|
|
|
networking.hostName = "patricknix"; # Define your hostname.
|
|
|
|
|
|
networking.hostId = "68438432";
|
2023-01-28 02:50:14 +01:00
|
|
|
|
|
2023-01-21 17:30:50 +01:00
|
|
|
|
# Set your time zone.
|
2023-02-27 03:56:37 +01:00
|
|
|
|
time.timeZone = "Asia/Seoul";
|
2023-01-21 17:30:50 +01:00
|
|
|
|
|
|
|
|
|
|
# Select internationalisation properties.
|
|
|
|
|
|
i18n.defaultLocale = "C.UTF-8";
|
|
|
|
|
|
console = {
|
|
|
|
|
|
font = "ter-v28n";
|
|
|
|
|
|
packages = with pkgs; [terminus_font];
|
|
|
|
|
|
useXkbConfig = true; # use xkbOptions in tty.
|
|
|
|
|
|
};
|
2023-02-27 03:56:37 +01:00
|
|
|
|
# Identities with which all secrets are encrypted
|
|
|
|
|
|
rekey.masterIdentityPaths = [./secrets/NIXOSc.key ./secrets/NIXOSa.key];
|
2023-01-21 17:30:50 +01:00
|
|
|
|
|
2023-02-27 03:56:37 +01:00
|
|
|
|
rekey.pubKey = ./keys + "/${config.networking.hostName}.pub";
|
2023-01-21 17:30:50 +01:00
|
|
|
|
|
2023-02-15 16:09:53 +01:00
|
|
|
|
hardware.opengl.enable = true;
|
|
|
|
|
|
|
2023-01-21 17:30:50 +01:00
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
|
|
2023-01-28 18:41:31 +01:00
|
|
|
|
powerManagement.powertop.enable = true;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
|
2023-02-07 14:30:39 +01:00
|
|
|
|
# Disable mutable Users, any option can only be set by the nix config
|
|
|
|
|
|
users.mutableUsers = false;
|
|
|
|
|
|
|
|
|
|
|
|
rekey.secrets.patrick.file = ./secrets/patrick.passwd.age;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
|
|
|
|
|
users.users.patrick = {
|
2023-02-15 16:09:53 +01:00
|
|
|
|
inherit shell;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
isNormalUser = true;
|
|
|
|
|
|
uid = 1000;
|
|
|
|
|
|
createHome = true;
|
2023-02-07 14:30:39 +01:00
|
|
|
|
extraGroups = ["wheel" "audio" "video" "input"];
|
2023-01-21 17:30:50 +01:00
|
|
|
|
group = "patrick";
|
2023-02-07 21:37:02 +01:00
|
|
|
|
passwordFile = config.rekey.secrets.patrick.path;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
};
|
|
|
|
|
|
users.groups.patrick.gid = 1000;
|
|
|
|
|
|
|
2023-02-07 14:30:39 +01:00
|
|
|
|
rekey.secrets.root.file = ./secrets/root.passwd.age;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
users.users.root = {
|
2023-02-15 16:09:53 +01:00
|
|
|
|
inherit shell;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM"
|
2023-01-22 14:17:51 +01:00
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxD4GOrwrBTG4/qQhm5hoSB2CP7W9g1LPWP11oLGOjQ"
|
2023-01-21 17:30:50 +01:00
|
|
|
|
];
|
2023-02-07 21:37:02 +01:00
|
|
|
|
passwordFile = config.rekey.secrets.root.path;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
security.sudo.enable = false;
|
|
|
|
|
|
|
|
|
|
|
|
# List packages installed in system profile. To search, run:
|
|
|
|
|
|
# $ nix search wget
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
|
xterm
|
|
|
|
|
|
wget
|
|
|
|
|
|
gcc
|
2023-01-28 02:50:14 +01:00
|
|
|
|
tree
|
|
|
|
|
|
age-plugin-yubikey
|
|
|
|
|
|
rage
|
2023-02-07 21:37:02 +01:00
|
|
|
|
file
|
2023-02-10 18:31:08 +01:00
|
|
|
|
# xournalpp needs this or else it will crash
|
|
|
|
|
|
gnome3.adwaita-icon-theme
|
2023-01-21 17:30:50 +01:00
|
|
|
|
];
|
2023-02-21 00:30:21 +01:00
|
|
|
|
programs.zsh.enable = true;
|
2023-01-21 17:30:50 +01:00
|
|
|
|
|
2023-02-15 16:09:53 +01:00
|
|
|
|
programs.steam = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
package = pkgs.steam.override {
|
|
|
|
|
|
extraPkgs = pkgs:
|
|
|
|
|
|
with pkgs; [
|
|
|
|
|
|
libgdiplus
|
|
|
|
|
|
cups
|
|
|
|
|
|
];
|
|
|
|
|
|
};
|
|
|
|
|
|
};
|
2023-02-10 18:16:39 +01:00
|
|
|
|
|
2023-01-21 17:30:50 +01:00
|
|
|
|
# List services that you want to enable:
|
|
|
|
|
|
|
|
|
|
|
|
# Enable the OpenSSH daemon.
|
|
|
|
|
|
services.openssh = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
settings = {
|
|
|
|
|
|
PasswordAuthentication = false;
|
|
|
|
|
|
KbdInteractiveAuthentication = false;
|
|
|
|
|
|
PermitRootLogin = "yes";
|
|
|
|
|
|
};
|
|
|
|
|
|
hostKeys = [
|
|
|
|
|
|
{
|
2023-01-28 02:50:14 +01:00
|
|
|
|
# never set this to an actual nix type path
|
|
|
|
|
|
# or else .....
|
|
|
|
|
|
# it will end up in the nix store
|
2023-01-21 17:30:50 +01:00
|
|
|
|
path = "/etc/ssh/ssh_host_ed25519_key";
|
|
|
|
|
|
type = "ed25519";
|
|
|
|
|
|
}
|
|
|
|
|
|
];
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
services.thermald.enable = true;
|
|
|
|
|
|
services.pcscd.enable = true;
|
|
|
|
|
|
services.fstrim.enable = true;
|
|
|
|
|
|
hardware.cpu.intel.updateMicrocode = true;
|
|
|
|
|
|
|
|
|
|
|
|
services.udev.packages = with pkgs; [yubikey-personalization libu2f-host];
|
|
|
|
|
|
|
|
|
|
|
|
environment.shellInit = ''
|
2023-02-15 16:09:53 +01:00
|
|
|
|
gpg-connect-agent /bye
|
|
|
|
|
|
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
|
|
|
|
|
|
umask 077
|
2023-01-21 17:30:50 +01:00
|
|
|
|
'';
|
|
|
|
|
|
}
|
