dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions
nix-config/nixos/gorgon/configuration.nix
Tim Schubert 96dcd17947
Some checks are pending
Continuous Integration / Checks (push) Waiting to run
Details
feat(gorgon): enable ssh-agent
2024-12-08 13:10:22 +01:00

230 lines
5.3 KiB
Nix
Raw Blame History

{ config
, pkgs
, lib
, ...
}:
let
xilinxJtag = pkgs.writeTextFile {
name = "xilinx-jtag";
text = ''
ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", TAG+="uaccess"
'';
destination = "/etc/udev/rules.d/61-xilinx-jtag.rules";
};
saleaeLogic = pkgs.writeTextFile {
name = "saleae-logic";
text = ''
# Saleae Logic analyzer (USB Based)
ATTRS{idVendor}=="21a9", ATTRS{idProduct}=="1006", TAG+="uaccess"
'';
destination = "/etc/udev/rules.d/61-saleae-logic.rules";
};
keychron = pkgs.writeTextFile {
name = "keychron";
text = ''
# Saleae Logic analyzer (USB Based)
ATTRS{idVendor}=="3434", ATTRS{idProduct}=="0280", TAG+="uaccess"
'';
destination = "/etc/udev/rules.d/61-keychron.rules";
};
in
{
imports = [
../modules/profiles/laptop.nix
./hardware-configuration.nix
];
dadada.backupClient.bs.enable = false;
dadada.backupClient.backup1.enable = true;
dadada.backupClient.backup2 = {
enable = true;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup";
};
programs.ssh.startAgent = true;
nix.extraOptions = ''
experimental-features = nix-command flakes
# Prevent garbage collection for nix shell and direnv
keep-outputs = true
keep-derivations = true
'';
boot = {
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
kernelParams = [ "resume=/dev/disk/by-label/swap" ];
initrd = {
systemd.enable = true;
luks.devices = {
root = {
device = "/dev/disk/by-uuid/3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4";
preLVM = true;
allowDiscards = true;
crypttabExtraOpts = [ "fido2-device=auto" ];
};
};
};
kernel.sysctl = {
"vm.swappiness" = 90;
};
};
networking.hostName = "gorgon";
dadada = {
steam.enable = true;
yubikey.enable = true;
};
programs.adb.enable = true;
programs.firefox = {
enable = true;
package = pkgs.firefox-wayland;
};
programs.wireshark.enable = true;
services.avahi.enable = true;
services.smartd.enable = true;
services.tor = {
enable = true;
client.enable = true;
};
services.paperless = {
enable = true;
passwordFile = config.age.secrets.paperless.path;
};
systemd.tmpfiles.rules = let cfg = config.services.paperless; in [
(if cfg.consumptionDirIsPublic then
"d '${cfg.consumptionDir}' 777 - - - -"
else
"d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
)
];
age.secrets.paperless = {
file = "${config.dadada.secrets.path}/paperless.age";
mode = "700";
owner = "paperless";
};
# Enable CUPS to print documents.
services.printing = {
enable = true;
browsing = true;
drivers = with pkgs; [
hplip
brlaser
brgenml1lpr
brgenml1cupswrapper
];
};
environment.systemPackages = with pkgs; [
ghostscript
smartmontools
dmenu
grim # screenshot functionality
slurp # screenshot functionality
mako # notification system developed by swaywm maintainer
pulseaudio
];
networking.firewall = {
enable = true;
allowedTCPPorts = [
22000 # Syncthing
];
allowedUDPPorts = [
21027 # Syncthing
];
};
systemd.services.modem-manager.enable = lib.mkForce false;
systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false;
systemd.sleep.extraConfig = ''
HibernateDelaySec=1h
'';
services.udev.packages = [
xilinxJtag
saleaeLogic
keychron
pkgs.libsigrok
]; #noMtpUdevRules ];
virtualisation.libvirtd.enable = true;
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
users.users = {
dadada = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" "dialout" "wireshark" "paperless" ];
shell = "/run/current-system/sw/bin/zsh";
};
};
networking.hosts = {
"127.0.0.2" = [ "kanboard.dadada.li" ];
};
services.gnome.gnome-keyring.enable = lib.mkForce false;
programs.gnupg.agent.enable = true;
#services.xserver.enable = true;
#services.xserver.desktopManager.gnome.enable = true;
#services.xserver.displayManager.gdm.enable = true;
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway";
user = "greeter";
};
};
};
systemd.user.services.kanshi = {
enable = true;
description = "kanshi daemon";
environment = {
WAYLAND_DISPLAY = "wayland-1";
DISPLAY = ":0";
};
serviceConfig = {
Type = "simple";
ExecStart = ''${pkgs.kanshi}/bin/kanshi'';
};
};
# enable Sway window manager
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
programs.light.enable = true;
xdg.portal.wlr.enable = true;
hardware.bluetooth.enable = true;
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
];
};
system.stateVersion = "23.11";
}
Reference in a new issue View git blame Copy permalink