mirror of
https://github.com/JulienMalka/snowfield.git
synced 2025-03-31 17:20:53 +02:00
138 lines
3 KiB
Nix
138 lines
3 KiB
Nix
{ config, pkgs, lib, inputs, ... }:
|
|
|
|
{
|
|
imports =
|
|
[
|
|
./hardware.nix
|
|
./home-julien.nix
|
|
../../users/julien.nix
|
|
../../users/default.nix
|
|
];
|
|
|
|
|
|
|
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
|
boot.lanzaboote = {
|
|
enable = true;
|
|
pkiBundle = "/etc/secureboot";
|
|
};
|
|
|
|
boot.initrd.systemd.enable = true;
|
|
sound.enable = true;
|
|
#hardware.pulseaudio.enable = true;
|
|
services.pipewire = {
|
|
enable = true;
|
|
alsa.enable = true;
|
|
alsa.support32Bit = true;
|
|
pulse.enable = true;
|
|
# If you want to use JACK applications, uncomment this
|
|
#jack.enable = true;
|
|
|
|
# use the example session manager (no others are packaged yet so this is enabled by default,
|
|
# no need to redefine it in your config for now)
|
|
#media-session.enable = true;
|
|
wireplumber.enable = true;
|
|
|
|
};
|
|
|
|
services.postgresql.enable = true;
|
|
|
|
networking.hostName = "telecom";
|
|
|
|
networking.wireless.enable = false;
|
|
|
|
environment.sessionVariables = {
|
|
LIBSEAT_BACKEND = "logind";
|
|
};
|
|
|
|
services.xserver = {
|
|
enable = true;
|
|
layout = "fr";
|
|
displayManager.gdm.enable = true;
|
|
displayManager.gdm.wayland = true;
|
|
};
|
|
|
|
programs.sway.enable = true;
|
|
|
|
nixpkgs.config.permittedInsecurePackages = [
|
|
"zotero-6.0.27"
|
|
];
|
|
|
|
services.tailscale.enable = true;
|
|
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
|
|
|
|
networking.networkmanager.dns = "systemd-resolved";
|
|
services.resolved.enable = true;
|
|
|
|
boot.initrd.clevis = {
|
|
enable = true;
|
|
devices."cryptroot".secretFile = ./root.jwe;
|
|
};
|
|
|
|
boot.initrd.systemd.enableTpm2 = true;
|
|
|
|
|
|
|
|
time.timeZone = "Europe/Paris";
|
|
|
|
# Select internationalisation properties.
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
console = {
|
|
useXkbConfig = true; # use xkbOptions in tty.
|
|
};
|
|
|
|
hardware.opengl.enable = true;
|
|
hardware.opengl.driSupport = true;
|
|
|
|
programs.dconf.enable = true;
|
|
|
|
security.polkit.enable = true;
|
|
|
|
services.tlp.enable = true;
|
|
|
|
security.tpm2.enable = true;
|
|
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
|
|
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
|
|
users.users.julien.extraGroups = [ "tss" ]; # tss group has access to TPM devices
|
|
|
|
hardware.bluetooth.enable = true;
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
tailscale
|
|
brightnessctl
|
|
sbctl
|
|
wl-mirror
|
|
];
|
|
|
|
services.printing.enable = true;
|
|
services.avahi.enable = true;
|
|
services.avahi.nssmdns = true;
|
|
# for a WiFi printer
|
|
services.avahi.openFirewall = true;
|
|
|
|
|
|
security.pam.services.swaylock = { };
|
|
|
|
programs.ssh.startAgent = true;
|
|
|
|
programs.adb.enable = true;
|
|
services.udev.packages = [
|
|
pkgs.android-udev-rules
|
|
];
|
|
services.gnome.gnome-keyring.enable = true;
|
|
|
|
services.openssh.extraConfig = ''
|
|
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
TrustedUserCAKeys /etc/ssh/ssh_user_key.pub
|
|
MaxAuthTries 20
|
|
'';
|
|
|
|
|
|
|
|
system.stateVersion = "23.05";
|
|
|
|
}
|
|
|
|
|
|
|