nixos-configuration/machines/common.nix

188 lines
4.0 KiB
Nix

inputs:
{ config, lib, pkgs, ... }: {
nix = {
package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
'';
settings = {
substituters = lib.mkForce [
"https://cache.nixos.org/"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
# nix shell and nix build should use the same channel as the flake
registry.nixpkgs.flake = inputs.nixpkgs;
};
nixpkgs.config.allowUnfree = true;
networking = {
networkmanager.enable = true;
};
i18n.defaultLocale = "en_GB.UTF-8";
time.timeZone = "Europe/Berlin";
sound.enable = true;
hardware = {
# TODO: remove
enableAllFirmware = true;
pulseaudio = {
# TODO: pipewire
enable = true;
# stop mumble from muting other processes
extraConfig = "unload-module module-role-cork";
};
opengl = {
enable = true;
# driSupport = true;
driSupport32Bit = true;
};
};
services = {
# yubikey smartcard mode
pcscd.enable = true;
dbus.packages = with pkgs; [ gcr ];
# for u2f stick and yubikey
udev.packages = with pkgs; [ libu2f-host yubikey-personalization ];
davfs2.enable = true;
unbound.enable = true;
udisks2.enable = true;
# Enable CUPS to print documents.
printing.enable = true;
pipewire = {
enable = false;
pulse.enable = true;
};
# required for nextcloud
gnome.gnome-keyring.enable = true;
# faster entropy generation
haveged.enable = true;
mullvad-vpn.enable = true;
xserver = {
enable = true;
layout = "eu";
xkbOptions = "caps:escape";
displayManager = {
defaultSession = "none+i3";
lightdm.enable = true;
};
windowManager.i3 = {
enable = true;
extraPackages = with pkgs; [
dmenu
rofi
i3status
i3lock
i3blocks
];
};
};
};
systemd.tmpfiles.rules = [
"L+ /lib64/ld-linux-x86-64.so.2 - - - - ${pkgs.glibc}/lib64/ld-linux-x86-64.so.2"
];
environment.systemPackages = with pkgs; [
alacritty
arandr
git
keepassxc
lxappearance
mullvad-vpn
networkmanagerapplet
nextcloud-client
pavucontrol
termite
vim
wget
which
xfce.thunar
xfce.thunar-volman
gvfs
# yubikey packages
yubikey-manager-qt
yubikey-personalization-gui
yubioath-flutter
];
virtualisation = {
# docker = {
# enable = true;
# };
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings = {
/* to make networking in docker-compose work */
dns_enabled = true;
};
#dockerSocket.enable = true;
};
# lxd.enable = true;
# virtualbox.host.enable = true;
# virtualbox.host.enableExtensionPack = true;
};
programs = {
# enable zsh globally
zsh.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
environment.sessionVariables = {
XKB_DEFAULT_OPTIONS = "caps:escape";
XKB_DEFAULT_LAYOUT = "eu";
};
# required for i3
environment.pathsToLink = [ "/libexec" ]; # links /libexec from derivations to /run/current-system/sw
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [
font-awesome
nerdfonts
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
powerline-fonts
material-icons
];
fontconfig = {
defaultFonts = {
monospace = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" "FontAwesome" ];
sansSerif = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" "FontAwesome" ];
serif = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" "FontAwesome" ];
};
};
};
# generate login settings
# ykman otp chalresp --touch --generate 2
security.pam.yubico = {
enable = true;
# debug = true;
mode = "challenge-response";
};
}