2024-05-21 22:49:37 +02:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
lib,
|
2024-08-10 17:56:30 +02:00
|
|
|
inputs,
|
2024-05-21 22:49:37 +02:00
|
|
|
...
|
|
|
|
|
}:
|
2023-11-02 11:10:24 +01:00
|
|
|
{
|
2023-11-09 10:55:23 +01:00
|
|
|
imports = [
|
|
|
|
|
./hardware.nix
|
|
|
|
|
./home-julien.nix
|
2025-01-20 22:28:28 +01:00
|
|
|
./syncthing.nix
|
2023-11-09 10:55:23 +01:00
|
|
|
];
|
2023-11-02 11:10:24 +01:00
|
|
|
|
2024-08-10 17:56:30 +02:00
|
|
|
machine.meta = {
|
|
|
|
|
arch = "x86_64-linux";
|
2024-11-25 19:34:37 +01:00
|
|
|
nixpkgs_version = inputs.unstable;
|
2024-08-10 17:56:30 +02:00
|
|
|
hm_version = inputs.home-manager-unstable;
|
|
|
|
|
# TODO: Fix colmena deployment
|
2024-08-12 18:12:00 +02:00
|
|
|
ips.public.ipv4 = "127.0.0.1";
|
2024-10-13 13:33:11 +02:00
|
|
|
ips.vpn.ipv4 = "100.100.45.11";
|
2024-08-10 17:56:30 +02:00
|
|
|
};
|
|
|
|
|
|
2023-11-09 10:55:23 +01:00
|
|
|
# Boot stuff
|
2023-11-02 17:23:53 +01:00
|
|
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
|
|
|
|
boot.lanzaboote = {
|
|
|
|
|
enable = true;
|
|
|
|
|
pkiBundle = "/etc/secureboot";
|
|
|
|
|
};
|
2023-11-02 11:10:24 +01:00
|
|
|
boot.initrd.systemd.enable = true;
|
2023-11-09 10:55:23 +01:00
|
|
|
boot.initrd.clevis = {
|
|
|
|
|
enable = true;
|
|
|
|
|
devices."cryptroot".secretFile = ./root.jwe;
|
|
|
|
|
};
|
2024-10-13 12:41:38 +02:00
|
|
|
boot.initrd.systemd.tpm2.enable = true;
|
2023-11-09 10:55:23 +01:00
|
|
|
|
2023-11-02 11:10:24 +01:00
|
|
|
services.pipewire = {
|
|
|
|
|
enable = true;
|
|
|
|
|
alsa.enable = true;
|
|
|
|
|
alsa.support32Bit = true;
|
|
|
|
|
pulse.enable = true;
|
|
|
|
|
# If you want to use JACK applications, uncomment this
|
|
|
|
|
#jack.enable = true;
|
|
|
|
|
|
|
|
|
|
# use the example session manager (no others are packaged yet so this is enabled by default,
|
|
|
|
|
# no need to redefine it in your config for now)
|
|
|
|
|
#media-session.enable = true;
|
|
|
|
|
wireplumber.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
2023-11-22 18:11:16 +01:00
|
|
|
networking.hostName = "fischer";
|
2023-11-02 11:10:24 +01:00
|
|
|
|
2024-03-30 12:08:34 +01:00
|
|
|
services.blueman.enable = true;
|
|
|
|
|
hardware.bluetooth.enable = true;
|
2024-05-21 22:49:37 +02:00
|
|
|
environment.sessionVariables = {
|
|
|
|
|
LIBSEAT_BACKEND = "logind";
|
|
|
|
|
};
|
2023-11-02 11:10:24 +01:00
|
|
|
|
|
|
|
|
services.tailscale.enable = true;
|
2023-11-28 14:25:50 +01:00
|
|
|
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
|
2023-11-02 11:10:24 +01:00
|
|
|
|
|
|
|
|
networking.networkmanager.dns = "systemd-resolved";
|
|
|
|
|
services.resolved.enable = true;
|
|
|
|
|
|
2023-11-09 10:55:23 +01:00
|
|
|
# Select internationalisation properties.
|
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
|
console = {
|
|
|
|
|
useXkbConfig = true; # use xkbOptions in tty.
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Enable OpenGL
|
2024-06-28 11:16:58 +02:00
|
|
|
hardware.graphics.enable = true;
|
2023-11-06 10:20:46 +01:00
|
|
|
|
2023-11-09 10:55:23 +01:00
|
|
|
# Load nvidia driver for Xorg and Wayland
|
|
|
|
|
services.xserver.videoDrivers = [ "nvidia" ];
|
2023-11-06 10:20:46 +01:00
|
|
|
|
2023-11-09 10:55:23 +01:00
|
|
|
hardware.nvidia = {
|
2023-11-06 10:20:46 +01:00
|
|
|
|
2023-11-09 10:55:23 +01:00
|
|
|
# Modesetting is required.
|
|
|
|
|
modesetting.enable = true;
|
2023-11-02 11:10:24 +01:00
|
|
|
|
2023-11-09 10:55:23 +01:00
|
|
|
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
|
|
|
|
|
powerManagement.enable = false;
|
|
|
|
|
# Fine-grained power management. Turns off GPU when not in use.
|
|
|
|
|
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
|
|
|
|
|
powerManagement.finegrained = false;
|
2023-11-02 11:10:24 +01:00
|
|
|
|
2023-11-09 10:55:23 +01:00
|
|
|
# Use the NVidia open source kernel module (not to be confused with the
|
|
|
|
|
# independent third-party "nouveau" open source driver).
|
2025-01-20 22:28:28 +01:00
|
|
|
# Support is limited to the Turing and later architectures. Full list of
|
|
|
|
|
# supported GPUs is at:
|
|
|
|
|
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
|
2023-11-09 10:55:23 +01:00
|
|
|
# Only available from driver 515.43.04+
|
|
|
|
|
# Do not disable this unless your GPU is unsupported or if you have a good reason to.
|
|
|
|
|
open = true;
|
|
|
|
|
|
|
|
|
|
# Enable the Nvidia settings menu,
|
|
|
|
|
# accessible via `nvidia-settings`.
|
|
|
|
|
nvidiaSettings = true;
|
|
|
|
|
|
|
|
|
|
# Optionally, you may need to select the appropriate driver version for your specific GPU.
|
|
|
|
|
package = config.boot.kernelPackages.nvidiaPackages.beta;
|
2023-11-02 11:10:24 +01:00
|
|
|
};
|
|
|
|
|
|
2023-11-09 10:55:23 +01:00
|
|
|
boot.initrd.kernelModules = [ "nvidia" ];
|
|
|
|
|
boot.extraModulePackages = [ config.boot.kernelPackages.nvidia_x11 ];
|
2023-11-02 11:10:24 +01:00
|
|
|
|
|
|
|
|
programs.dconf.enable = true;
|
|
|
|
|
|
|
|
|
|
security.polkit.enable = true;
|
|
|
|
|
|
|
|
|
|
security.tpm2.enable = true;
|
2024-05-21 22:49:37 +02:00
|
|
|
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
|
|
|
|
|
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
|
|
|
|
|
users.users.julien.extraGroups = [ "tss" ]; # tss group has access to TPM devices
|
2023-11-22 18:10:14 +01:00
|
|
|
|
2024-02-13 10:49:22 +01:00
|
|
|
services.postgresql.enable = true;
|
|
|
|
|
|
2023-11-02 11:10:24 +01:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
tailscale
|
|
|
|
|
brightnessctl
|
2023-11-09 10:55:23 +01:00
|
|
|
unstable.diffoscope
|
2023-11-02 11:10:24 +01:00
|
|
|
sbctl
|
|
|
|
|
wl-mirror
|
2023-11-09 10:55:23 +01:00
|
|
|
texlive.combined.scheme-full
|
2024-10-22 22:51:46 +02:00
|
|
|
mu
|
2023-11-02 11:10:24 +01:00
|
|
|
];
|
|
|
|
|
|
2023-11-21 11:21:51 +01:00
|
|
|
services.printing = {
|
|
|
|
|
enable = true;
|
|
|
|
|
extraConf = ''
|
|
|
|
|
JobPrivateAccess all
|
|
|
|
|
JobPrivateValues none
|
|
|
|
|
'';
|
|
|
|
|
clientConf = ''
|
|
|
|
|
ServerName localhost
|
|
|
|
|
Encryption Required
|
|
|
|
|
User jmalka
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2024-05-21 22:49:37 +02:00
|
|
|
environment.variables = {
|
|
|
|
|
CUPS_USER = "jmalka";
|
|
|
|
|
};
|
2023-11-21 11:21:51 +01:00
|
|
|
|
2023-11-02 11:10:24 +01:00
|
|
|
security.pam.services.swaylock = { };
|
|
|
|
|
|
|
|
|
|
programs.ssh.startAgent = true;
|
|
|
|
|
|
|
|
|
|
services.gnome.gnome-keyring.enable = true;
|
|
|
|
|
|
2023-11-02 17:23:53 +01:00
|
|
|
services.openssh.extraConfig = ''
|
|
|
|
|
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
|
|
|
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
|
|
|
TrustedUserCAKeys /etc/ssh/ssh_user_key.pub
|
|
|
|
|
MaxAuthTries 20
|
|
|
|
|
'';
|
|
|
|
|
|
2024-12-09 09:52:19 +01:00
|
|
|
virtualisation.docker.enable = true;
|
|
|
|
|
|
2025-01-14 16:33:43 +01:00
|
|
|
services.pcscd.enable = true;
|
|
|
|
|
services.udev.packages = [ pkgs.yubikey-personalization ];
|
|
|
|
|
|
2024-11-25 19:06:20 +01:00
|
|
|
services.zerotierone = {
|
|
|
|
|
enable = true;
|
|
|
|
|
joinNetworks = [
|
|
|
|
|
"ebe7fbd4451442b0"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
2024-05-22 13:45:40 +02:00
|
|
|
# Desktop environment
|
|
|
|
|
programs.xwayland.enable = true;
|
|
|
|
|
programs.hyprland = {
|
|
|
|
|
enable = true;
|
2024-09-02 14:16:36 +02:00
|
|
|
package = pkgs.hyprland;
|
|
|
|
|
portalPackage = pkgs.xdg-desktop-portal-hyprland;
|
2024-05-22 13:45:40 +02:00
|
|
|
};
|
2024-08-09 17:00:53 +02:00
|
|
|
xdg.portal = {
|
|
|
|
|
enable = true;
|
|
|
|
|
wlr.enable = true;
|
|
|
|
|
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
|
|
|
|
|
};
|
2023-11-02 11:10:24 +01:00
|
|
|
system.stateVersion = "23.05";
|
|
|
|
|
}
|
