2022-02-15 15:44:40 +01:00
|
|
|
inputs:
|
2022-02-18 12:13:34 +01:00
|
|
|
{ config, lib, pkgs, ... }: {
|
2022-02-15 15:44:40 +01:00
|
|
|
nix = {
|
2022-02-18 17:12:39 +01:00
|
|
|
package = pkgs.nixUnstable;
|
2022-02-15 15:44:40 +01:00
|
|
|
extraOptions = ''
|
|
|
|
experimental-features = nix-command flakes
|
|
|
|
'';
|
2022-11-14 00:18:05 +01:00
|
|
|
settings = {
|
|
|
|
substituters = lib.mkForce [
|
|
|
|
"https://cache.nixos.org/"
|
|
|
|
"https://nix-community.cachix.org"
|
|
|
|
];
|
|
|
|
trusted-public-keys = [
|
|
|
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
|
|
];
|
|
|
|
};
|
2022-02-18 12:13:34 +01:00
|
|
|
# nix shell and nix build should use the same channel as the flake
|
2022-02-18 12:18:09 +01:00
|
|
|
registry.nixpkgs.flake = inputs.nixpkgs;
|
2022-02-15 15:44:40 +01:00
|
|
|
};
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
networkmanager.enable = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
i18n.defaultLocale = "en_GB.UTF-8";
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
|
2023-12-03 14:01:10 +01:00
|
|
|
#sound.enable = true;
|
2022-02-15 15:44:40 +01:00
|
|
|
|
|
|
|
hardware = {
|
2022-02-18 17:12:39 +01:00
|
|
|
# TODO: remove
|
|
|
|
enableAllFirmware = true;
|
2023-12-03 14:01:10 +01:00
|
|
|
#pulseaudio = {
|
2022-02-18 12:13:34 +01:00
|
|
|
# TODO: pipewire
|
2023-12-03 14:01:10 +01:00
|
|
|
#enable = true;
|
2022-02-15 15:44:40 +01:00
|
|
|
# stop mumble from muting other processes
|
2023-12-03 14:01:10 +01:00
|
|
|
#extraConfig = "unload-module module-role-cork";
|
|
|
|
#};
|
2022-02-15 15:44:40 +01:00
|
|
|
opengl = {
|
|
|
|
enable = true;
|
2022-02-18 17:12:39 +01:00
|
|
|
# driSupport = true;
|
2022-02-15 15:44:40 +01:00
|
|
|
driSupport32Bit = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
services = {
|
2023-04-21 17:03:29 +02:00
|
|
|
tailscale.enable = true;
|
2022-10-09 12:19:48 +02:00
|
|
|
# yubikey smartcard mode
|
|
|
|
pcscd.enable = true;
|
2022-02-15 15:44:40 +01:00
|
|
|
dbus.packages = with pkgs; [ gcr ];
|
2022-10-09 12:19:48 +02:00
|
|
|
# for u2f stick and yubikey
|
|
|
|
udev.packages = with pkgs; [ libu2f-host yubikey-personalization ];
|
2022-02-18 17:12:39 +01:00
|
|
|
davfs2.enable = true;
|
2023-01-20 16:24:18 +01:00
|
|
|
|
|
|
|
/* local caching DNS resolver */
|
|
|
|
/* unbound.enable = true; */
|
|
|
|
resolved.enable = true;
|
|
|
|
|
2023-02-01 00:24:35 +01:00
|
|
|
/* mount as user */
|
2022-02-15 15:44:40 +01:00
|
|
|
udisks2.enable = true;
|
2023-02-01 00:24:35 +01:00
|
|
|
gvfs = {
|
|
|
|
enable = true;
|
|
|
|
package = pkgs.gvfs;
|
|
|
|
};
|
|
|
|
|
2022-02-15 15:44:40 +01:00
|
|
|
# Enable CUPS to print documents.
|
|
|
|
printing.enable = true;
|
2023-12-03 14:01:10 +01:00
|
|
|
|
2022-02-15 15:44:40 +01:00
|
|
|
pipewire = {
|
2023-12-03 14:01:10 +01:00
|
|
|
enable = true;
|
|
|
|
alsa.enable = true;
|
|
|
|
alsa.support32Bit = true;
|
2022-02-15 15:44:40 +01:00
|
|
|
pulse.enable = true;
|
2023-12-03 14:01:10 +01:00
|
|
|
wireplumber.enable = true;
|
2022-02-15 15:44:40 +01:00
|
|
|
};
|
|
|
|
# required for nextcloud
|
|
|
|
gnome.gnome-keyring.enable = true;
|
|
|
|
|
|
|
|
# faster entropy generation
|
|
|
|
haveged.enable = true;
|
|
|
|
|
2022-02-18 17:12:39 +01:00
|
|
|
mullvad-vpn.enable = true;
|
2022-02-15 15:44:40 +01:00
|
|
|
|
2023-03-06 12:11:08 +01:00
|
|
|
fwupd = {
|
|
|
|
enable = true;
|
|
|
|
};
|
|
|
|
|
2022-02-15 15:44:40 +01:00
|
|
|
xserver = {
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
layout = "eu";
|
|
|
|
xkbOptions = "caps:escape";
|
|
|
|
|
|
|
|
displayManager = {
|
|
|
|
defaultSession = "none+i3";
|
|
|
|
lightdm.enable = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
windowManager.i3 = {
|
|
|
|
enable = true;
|
|
|
|
extraPackages = with pkgs; [
|
|
|
|
dmenu
|
|
|
|
rofi
|
|
|
|
i3status
|
2023-08-04 12:47:06 +02:00
|
|
|
# i3lock
|
2022-02-15 15:44:40 +01:00
|
|
|
i3blocks
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2022-02-18 17:12:39 +01:00
|
|
|
|
2022-02-15 15:44:40 +01:00
|
|
|
systemd.tmpfiles.rules = [
|
2022-06-13 19:22:06 +02:00
|
|
|
"L+ /lib64/ld-linux-x86-64.so.2 - - - - ${pkgs.glibc}/lib64/ld-linux-x86-64.so.2"
|
2022-02-15 15:44:40 +01:00
|
|
|
];
|
|
|
|
|
2023-12-03 14:01:10 +01:00
|
|
|
# pipewire bluetooth config (https://nixos.wiki/wiki/PipeWire#Bluetooth_Configuration)
|
|
|
|
environment.etc = {
|
|
|
|
"wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
|
|
|
|
bluez_monitor.properties = {
|
|
|
|
["bluez5.enable-sbc-xq"] = true,
|
|
|
|
["bluez5.enable-msbc"] = true,
|
|
|
|
["bluez5.enable-hw-volume"] = true,
|
|
|
|
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2022-02-15 15:44:40 +01:00
|
|
|
environment.systemPackages = with pkgs; [
|
2022-11-09 20:17:18 +01:00
|
|
|
alacritty
|
2022-02-15 15:44:40 +01:00
|
|
|
arandr
|
|
|
|
git
|
|
|
|
keepassxc
|
|
|
|
lxappearance
|
2022-02-18 17:12:39 +01:00
|
|
|
mullvad-vpn
|
2022-02-15 15:44:40 +01:00
|
|
|
networkmanagerapplet
|
|
|
|
nextcloud-client
|
|
|
|
pavucontrol
|
|
|
|
termite
|
|
|
|
vim
|
2022-02-18 17:12:39 +01:00
|
|
|
wget
|
2022-02-15 15:44:40 +01:00
|
|
|
which
|
|
|
|
|
|
|
|
gvfs
|
2022-10-09 12:19:48 +02:00
|
|
|
|
|
|
|
# yubikey packages
|
|
|
|
yubikey-manager-qt
|
|
|
|
yubikey-personalization-gui
|
2022-12-18 08:27:13 +01:00
|
|
|
yubioath-flutter
|
2022-02-15 15:44:40 +01:00
|
|
|
];
|
|
|
|
|
|
|
|
virtualisation = {
|
2023-08-04 12:47:06 +02:00
|
|
|
docker = {
|
2022-11-10 11:10:47 +01:00
|
|
|
enable = true;
|
|
|
|
};
|
2023-08-04 12:47:06 +02:00
|
|
|
|
|
|
|
# podman = {
|
|
|
|
# enable = true;
|
|
|
|
# dockerCompat = true;
|
|
|
|
# defaultNetwork.settings = {
|
|
|
|
# /* to make networking in docker-compose work */
|
|
|
|
# dns_enabled = true;
|
|
|
|
# };
|
|
|
|
# dockerSocket.enable = true;
|
|
|
|
# };
|
2022-02-15 15:44:40 +01:00
|
|
|
# lxd.enable = true;
|
|
|
|
# virtualbox.host.enable = true;
|
|
|
|
# virtualbox.host.enableExtensionPack = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
programs = {
|
|
|
|
# enable zsh globally
|
|
|
|
zsh.enable = true;
|
|
|
|
gnupg.agent = {
|
|
|
|
enable = true;
|
|
|
|
enableSSHSupport = true;
|
|
|
|
pinentryFlavor = "curses";
|
|
|
|
};
|
2023-02-01 00:24:35 +01:00
|
|
|
thunar = {
|
|
|
|
enable = true;
|
|
|
|
plugins = with pkgs.xfce; [ thunar-archive-plugin thunar-volman ];
|
|
|
|
};
|
2022-02-15 15:44:40 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
environment.sessionVariables = {
|
|
|
|
XKB_DEFAULT_OPTIONS = "caps:escape";
|
|
|
|
XKB_DEFAULT_LAYOUT = "eu";
|
|
|
|
};
|
|
|
|
|
|
|
|
# required for i3
|
|
|
|
environment.pathsToLink = [ "/libexec" ]; # links /libexec from derivations to /run/current-system/sw
|
|
|
|
|
|
|
|
fonts = {
|
|
|
|
enableDefaultFonts = true;
|
|
|
|
fonts = with pkgs; [
|
2022-03-15 11:29:42 +01:00
|
|
|
font-awesome
|
2022-02-15 15:44:40 +01:00
|
|
|
nerdfonts
|
2022-03-15 11:29:42 +01:00
|
|
|
noto-fonts
|
2022-02-15 15:44:40 +01:00
|
|
|
noto-fonts-cjk
|
|
|
|
noto-fonts-emoji
|
|
|
|
powerline-fonts
|
2022-03-15 11:29:42 +01:00
|
|
|
material-icons
|
2022-02-15 15:44:40 +01:00
|
|
|
];
|
|
|
|
fontconfig = {
|
|
|
|
defaultFonts = {
|
2022-02-18 18:29:01 +01:00
|
|
|
monospace = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" "FontAwesome" ];
|
|
|
|
sansSerif = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" "FontAwesome" ];
|
|
|
|
serif = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" "FontAwesome" ];
|
2022-02-15 15:44:40 +01:00
|
|
|
};
|
|
|
|
};
|
2022-02-18 12:13:34 +01:00
|
|
|
};
|
2022-10-09 12:19:48 +02:00
|
|
|
|
2023-10-29 10:06:16 +01:00
|
|
|
security = {
|
|
|
|
# generate login settings
|
|
|
|
# ykman otp chalresp --touch --generate 2
|
|
|
|
pam.yubico = {
|
|
|
|
enable = true;
|
|
|
|
# debug = true;
|
|
|
|
mode = "challenge-response";
|
|
|
|
};
|
|
|
|
sudo = {
|
|
|
|
package = pkgs.sudo.override { withInsults = true; };
|
|
|
|
};
|
2023-12-03 14:01:10 +01:00
|
|
|
|
|
|
|
# rtkit is optional but recommended for pipewire
|
|
|
|
rtkit.enable = true;
|
2022-10-09 12:19:48 +02:00
|
|
|
};
|
2023-10-29 10:06:16 +01:00
|
|
|
|
2022-02-15 15:44:40 +01:00
|
|
|
}
|