Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-03-25 21:30:52 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
snowfield/machines/x2100/default.nix
Julien Malka 167394d54d
swaylock is back
2024-03-30 23:30:43 +01:00

147 lines
3.1 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
{
imports =
[
./hardware.nix
./home-julien.nix
../../share.nix
];
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
boot.initrd.systemd.enable = true;
sound.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
};
hardware.pulseaudio.enable = lib.mkForce false;
services.postgresql.enable = true;
networking.hostName = "x2100";
networking.wireless.enable = false;
environment.sessionVariables = {
LIBSEAT_BACKEND = "logind";
};
services.logind.lidSwitch = "suspend";
services.tailscale.enable = true;
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.networkmanager.dns = "systemd-resolved";
services.resolved.enable = true;
time.timeZone = "Europe/Paris";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = null;
useXkbConfig = true; # use xkbOptions in tty.
};
hardware.opengl.enable = true;
hardware.opengl.driSupport = true;
services.dbus.enable = true;
programs.dconf.enable = true;
security.polkit.enable = true;
services.tlp.enable = false;
security.tpm2.enable = true;
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
users.users.julien.extraGroups = [ "tss" ]; # tss group has access to TPM devices
nix = {
distributedBuilds = true;
buildMachines = [
{
hostName = "epyc.infra.newtype.fr";
maxJobs = 100;
systems = [ "x86_64-linux" ];
sshUser = "root";
supportedFeatures = [ "kvm" "nixos-test" ];
sshKey = "/home/julien/.ssh/id_ed25519";
speedFactor = 2;
}
];
};
environment.systemPackages = with pkgs; [
tailscale
brightnessctl
sbctl
wl-mirror
];
networking.wireguard.interfaces.rezo = {
ips = [ "fd81:fb3a:50cc::200/128" ];
privateKeyFile = "/root/wg-private";
peers = [
{
publicKey = "srQPT9ZjXBKyJ7R1mvXYMZNy+NcnHMy5qE1WGZDfmnc=";
allowedIPs = [ "fd81:fb3a:50cc::/48" ];
endpoint = "129.199.146.230:25351";
}
];
};
security.pam.services.swaylock = { };
services.hash-collection = {
enable = true;
retries = 1;
collection-url = "http://localhost:8000";
tokenFile = "/home/julien/token";
};
services.printing.enable = true;
services.avahi.enable = true;
services.avahi.nssmdns4 = true;
# for a WiFi printer
services.avahi.openFirewall = true;
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
# programs.sway.package = null;
programs.ssh.startAgent = true;
services.gnome.gnome-keyring.enable = true;
nixpkgs.config.permittedInsecurePackages = [
"electron-24.8.6"
"zotero-6.0.27"
];
system.stateVersion = "23.05";
}
Reference in a new issue View git blame Copy permalink