inputs: { config, lib, pkgs, ... }: { nix = { package = pkgs.nixUnstable; extraOptions = '' experimental-features = nix-command flakes ''; binaryCaches = lib.mkForce [ "https://cache.nixos.org/" "https://nix-community.cachix.org" ]; binaryCachePublicKeys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; #settings = { #substituters = lib.mkForce [ #"https://cache.nixos.org/" #"https://nix-community.cachix.org" #]; #trusted-public-keys = [ #"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" #]; #}; # nix shell and nix build should use the same channel as the flake registry.nixpkgs.flake = inputs.nixpkgs; }; nixpkgs.config.allowUnfree = true; networking = { networkmanager.enable = true; }; i18n.defaultLocale = "en_GB.UTF-8"; time.timeZone = "Europe/Berlin"; sound.enable = true; hardware = { # TODO: remove enableAllFirmware = true; pulseaudio = { # TODO: pipewire enable = true; # stop mumble from muting other processes extraConfig = "unload-module module-role-cork"; }; opengl = { enable = true; # driSupport = true; driSupport32Bit = true; }; }; services = { # yubikey smartcard mode pcscd.enable = true; dbus.packages = with pkgs; [ gcr ]; # for u2f stick and yubikey udev.packages = with pkgs; [ libu2f-host yubikey-personalization ]; davfs2.enable = true; unbound.enable = true; udisks2.enable = true; # Enable CUPS to print documents. printing.enable = true; pipewire = { enable = false; pulse.enable = true; }; # required for nextcloud gnome.gnome-keyring.enable = true; # faster entropy generation haveged.enable = true; mullvad-vpn.enable = true; xserver = { enable = true; layout = "eu"; xkbOptions = "caps:escape"; displayManager = { defaultSession = "none+i3"; lightdm.enable = true; }; windowManager.i3 = { enable = true; extraPackages = with pkgs; [ dmenu rofi i3status i3lock i3blocks ]; }; }; }; systemd.tmpfiles.rules = [ "L+ /lib64/ld-linux-x86-64.so.2 - - - - ${pkgs.glibc}/lib64/ld-linux-x86-64.so.2" ]; environment.systemPackages = with pkgs; [ arandr git keepassxc lxappearance mullvad-vpn networkmanagerapplet nextcloud-client pavucontrol termite vim wget which xfce.thunar xfce.thunar-volman gvfs # yubikey packages yubikey-manager-qt yubikey-personalization-gui yubioath-desktop ]; virtualisation = { docker = { enable = true; }; # podman = { # enable = true; # dockerCompat = true; # dockerSocket.enable = true; # }; # lxd.enable = true; # virtualbox.host.enable = true; # virtualbox.host.enableExtensionPack = true; }; programs = { # enable zsh globally zsh.enable = true; gnupg.agent = { enable = true; enableSSHSupport = true; pinentryFlavor = "curses"; }; }; environment.sessionVariables = { XKB_DEFAULT_OPTIONS = "caps:escape"; XKB_DEFAULT_LAYOUT = "eu"; }; # required for i3 environment.pathsToLink = [ "/libexec" ]; # links /libexec from derivations to /run/current-system/sw fonts = { enableDefaultFonts = true; fonts = with pkgs; [ font-awesome nerdfonts noto-fonts noto-fonts-cjk noto-fonts-emoji powerline-fonts material-icons ]; fontconfig = { defaultFonts = { monospace = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" "FontAwesome" ]; sansSerif = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" "FontAwesome" ]; serif = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" "FontAwesome" ]; }; }; }; # generate login settings # ykman otp chalresp --touch --generate 2 security.pam.yubico = { enable = true; # debug = true; mode = "challenge-response"; }; }