nixos-configuration/machines/common.nix

240 lines
5.3 KiB
Nix
Raw Normal View History

2022-02-15 15:44:40 +01:00
inputs:
2022-02-18 12:13:34 +01:00
{ config, lib, pkgs, ... }: {
2022-02-15 15:44:40 +01:00
nix = {
2024-06-15 16:02:25 +02:00
package = pkgs.nixStable;
2022-02-15 15:44:40 +01:00
extraOptions = ''
experimental-features = nix-command flakes
'';
2022-11-14 00:18:05 +01:00
settings = {
substituters = lib.mkForce [
"https://cache.nixos.org/"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
2022-02-18 12:13:34 +01:00
# nix shell and nix build should use the same channel as the flake
registry.nixpkgs.flake = inputs.nixpkgs;
2022-02-15 15:44:40 +01:00
};
nixpkgs.config.allowUnfree = true;
networking = {
networkmanager.enable = true;
};
i18n.defaultLocale = "en_GB.UTF-8";
time.timeZone = "Europe/Berlin";
2023-12-03 14:01:10 +01:00
#sound.enable = true;
2022-02-15 15:44:40 +01:00
hardware = {
2022-02-18 17:12:39 +01:00
# TODO: remove
enableAllFirmware = true;
2023-12-03 14:01:10 +01:00
#pulseaudio = {
2022-02-18 12:13:34 +01:00
# TODO: pipewire
2023-12-03 14:01:10 +01:00
#enable = true;
2022-02-15 15:44:40 +01:00
# stop mumble from muting other processes
2023-12-03 14:01:10 +01:00
#extraConfig = "unload-module module-role-cork";
#};
2024-11-23 14:33:36 +01:00
graphics = {
2022-02-15 15:44:40 +01:00
enable = true;
2022-02-18 17:12:39 +01:00
# driSupport = true;
2024-11-23 14:33:36 +01:00
enable32Bit = true;
2022-02-15 15:44:40 +01:00
};
};
services = {
2023-04-21 17:03:29 +02:00
tailscale.enable = true;
2022-10-09 12:19:48 +02:00
# yubikey smartcard mode
pcscd.enable = true;
2022-02-15 15:44:40 +01:00
dbus.packages = with pkgs; [ gcr ];
2022-10-09 12:19:48 +02:00
# for u2f stick and yubikey
udev.packages = with pkgs; [ libu2f-host yubikey-personalization ];
2022-02-18 17:12:39 +01:00
davfs2.enable = true;
/* local caching DNS resolver */
/* unbound.enable = true; */
resolved.enable = true;
2023-02-01 00:24:35 +01:00
/* mount as user */
2022-02-15 15:44:40 +01:00
udisks2.enable = true;
2023-02-01 00:24:35 +01:00
gvfs = {
enable = true;
package = pkgs.gvfs;
};
2022-02-15 15:44:40 +01:00
# Enable CUPS to print documents.
printing.enable = true;
2023-12-03 14:01:10 +01:00
2022-02-15 15:44:40 +01:00
pipewire = {
2023-12-03 14:01:10 +01:00
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
2022-02-15 15:44:40 +01:00
pulse.enable = true;
2023-12-03 14:01:10 +01:00
wireplumber.enable = true;
2022-02-15 15:44:40 +01:00
};
# required for nextcloud
gnome.gnome-keyring.enable = true;
# faster entropy generation
haveged.enable = true;
2022-02-18 17:12:39 +01:00
mullvad-vpn.enable = true;
2022-02-15 15:44:40 +01:00
2023-03-06 12:11:08 +01:00
fwupd = {
enable = true;
};
2024-06-15 16:02:25 +02:00
displayManager = {
2024-08-10 12:27:56 +02:00
#defaultSession = "none+i3";
defaultSession = "sway";
2024-06-15 16:02:25 +02:00
};
2022-02-15 15:44:40 +01:00
xserver = {
enable = true;
2024-06-15 16:02:25 +02:00
xkb = {
options = "caps:escape";
layout = "eu";
};
2022-02-15 15:44:40 +01:00
displayManager = {
2024-08-05 13:32:13 +02:00
gdm.enable = true;
2022-02-15 15:44:40 +01:00
};
windowManager.i3 = {
enable = true;
};
};
};
2022-02-18 17:12:39 +01:00
2022-02-15 15:44:40 +01:00
systemd.tmpfiles.rules = [
"L+ /lib64/ld-linux-x86-64.so.2 - - - - ${pkgs.glibc}/lib64/ld-linux-x86-64.so.2"
2022-02-15 15:44:40 +01:00
];
2023-12-03 14:01:10 +01:00
# pipewire bluetooth config (https://nixos.wiki/wiki/PipeWire#Bluetooth_Configuration)
environment.etc = {
"wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.enable-hw-volume"] = true,
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'';
};
2022-02-15 15:44:40 +01:00
environment.systemPackages = with pkgs; [
2022-11-09 20:17:18 +01:00
alacritty
2022-02-15 15:44:40 +01:00
arandr
git
keepassxc
lxappearance
2022-02-18 17:12:39 +01:00
mullvad-vpn
2022-02-15 15:44:40 +01:00
networkmanagerapplet
nextcloud-client
pavucontrol
termite
vim
2022-02-18 17:12:39 +01:00
wget
2022-02-15 15:44:40 +01:00
which
gvfs
2022-10-09 12:19:48 +02:00
# yubikey packages
yubikey-manager-qt
yubikey-personalization-gui
2022-12-18 08:27:13 +01:00
yubioath-flutter
2022-02-15 15:44:40 +01:00
];
virtualisation = {
2023-08-04 12:47:06 +02:00
docker = {
2024-02-10 14:45:57 +01:00
enable = false;
2022-11-10 11:10:47 +01:00
};
2023-08-04 12:47:06 +02:00
2024-02-10 14:45:57 +01:00
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings = {
/* to make networking in docker-compose work */
dns_enabled = true;
};
dockerSocket.enable = true;
};
2022-02-15 15:44:40 +01:00
# lxd.enable = true;
# virtualbox.host.enable = true;
# virtualbox.host.enableExtensionPack = true;
};
2024-07-10 12:59:26 +02:00
# virt-manager
virtualisation.libvirtd.enable = true;
programs.virt-manager.enable = true;
#dconf.settings = {
#"org/virt-manager/virt-manager/connections" = {
#autoconnect = ["qemu:///system"];
#uris = ["qemu:///system"];
#};
#};
2022-02-15 15:44:40 +01:00
programs = {
# enable zsh globally
zsh.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
2024-06-15 16:02:25 +02:00
pinentryPackage = pkgs.pinentry-curses;
2022-02-15 15:44:40 +01:00
};
2023-02-01 00:24:35 +01:00
thunar = {
enable = true;
plugins = with pkgs.xfce; [ thunar-archive-plugin thunar-volman ];
};
2023-12-29 13:53:28 +01:00
kdeconnect.enable = true;
2022-02-15 15:44:40 +01:00
};
environment.sessionVariables = {
XKB_DEFAULT_OPTIONS = "caps:escape";
XKB_DEFAULT_LAYOUT = "eu";
};
# required for i3
environment.pathsToLink = [ "/libexec" ]; # links /libexec from derivations to /run/current-system/sw
fonts = {
2023-12-03 14:02:50 +01:00
enableDefaultPackages = true;
packages = with pkgs; [
2022-03-15 11:29:42 +01:00
font-awesome
2022-02-15 15:44:40 +01:00
nerdfonts
2022-03-15 11:29:42 +01:00
noto-fonts
2024-11-23 14:33:36 +01:00
noto-fonts-cjk-sans
2022-02-15 15:44:40 +01:00
noto-fonts-emoji
powerline-fonts
2022-03-15 11:29:42 +01:00
material-icons
2022-02-15 15:44:40 +01:00
];
fontconfig = {
defaultFonts = {
2022-02-18 18:29:01 +01:00
monospace = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" "FontAwesome" ];
sansSerif = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" "FontAwesome" ];
serif = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" "FontAwesome" ];
2022-02-15 15:44:40 +01:00
};
};
2022-02-18 12:13:34 +01:00
};
2022-10-09 12:19:48 +02:00
2023-10-29 10:06:16 +01:00
security = {
# generate login settings
# ykman otp chalresp --touch --generate 2
pam.yubico = {
enable = true;
# debug = true;
mode = "challenge-response";
};
sudo = {
package = pkgs.sudo.override { withInsults = true; };
};
2023-12-03 14:01:10 +01:00
# rtkit is optional but recommended for pipewire
rtkit.enable = true;
2022-10-09 12:19:48 +02:00
};
2023-10-29 10:06:16 +01:00
2022-02-15 15:44:40 +01:00
}