diffu/machines/calcite/configuration.nix

309 lines
7.4 KiB
Nix
Raw Normal View History

2024-03-25 08:26:48 +00:00
{ config, pkgs, lib, ... }:
2023-03-29 13:14:37 +00:00
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
./network.nix
2023-04-19 06:16:39 +00:00
../sops.nix
2023-03-29 13:14:37 +00:00
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
# boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" ];
boot.supportedFilesystems = [ "ntfs" ];
2023-09-28 11:16:45 +00:00
boot.binfmt.emulatedSystems = ["aarch64-linux"];
2023-03-29 13:14:37 +00:00
2023-11-28 13:38:50 +00:00
security.tpm2 = {
enable = true;
# expose /run/current-system/sw/lib/libtpm2_pkcs11.so
pkcs11.enable = true;
2024-03-25 08:26:48 +00:00
# TODO: Need this until fapi-config is fixed in NixOS
pkcs11.package = pkgs.tpm2-pkcs11.override { fapiSupport = false; };
2023-11-28 13:38:50 +00:00
# TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
tctiEnvironment.enable = true;
};
2024-03-25 08:26:48 +00:00
services.gnome.gnome-keyring.enable = lib.mkForce false;
security.pam.services.login.enableGnomeKeyring = lib.mkForce false;
services.ssh-tpm-agent.enable = true;
programs.ssh.agentPKCS11Whitelist = "${config.security.tpm2.pkcs11.package}/lib/libtpm_pkcs11.so";
2023-11-28 13:38:50 +00:00
networking.hostName = "calcite";
2023-03-29 13:14:37 +00:00
2024-01-07 13:41:01 +00:00
programs.steam = {
enable = true;
gamescopeSession = { enable = true; };
};
programs.vim.defaultEditor = true;
2023-03-29 13:14:37 +00:00
# Keep this even if enabled in home manager
programs.fish.enable = true;
environment.shells = [ pkgs.fish ];
users.defaultUserShell = pkgs.fish;
2023-04-19 06:16:39 +00:00
2023-03-29 13:14:37 +00:00
# Setup wireguard
# Set your time zone.
time.timeZone = "Asia/Shanghai";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.utf8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "zh_CN.utf8";
LC_IDENTIFICATION = "zh_CN.utf8";
LC_MEASUREMENT = "zh_CN.utf8";
LC_MONETARY = "zh_CN.utf8";
LC_NAME = "zh_CN.utf8";
LC_NUMERIC = "zh_CN.utf8";
LC_PAPER = "zh_CN.utf8";
LC_TELEPHONE = "zh_CN.utf8";
LC_TIME = "en_US.utf8";
};
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
2024-06-11 10:18:07 +00:00
2023-03-29 13:14:37 +00:00
# Configure keymap in X11
services.xserver = {
xkb.layout = "us";
xkb.variant = "";
2023-03-29 13:14:37 +00:00
};
# Keyboard mapping on internal keyboard
services.keyd = {
enable = true;
keyboards = {
"internal" = {
ids = [ "0b05:1866" ];
settings = {
main = {
capslock = "overload(control, esc)";
leftcontrol = "capslock";
};
};
};
};
};
2023-03-29 13:14:37 +00:00
# Enable CUPS to print documents.
services.printing.enable = true;
services.printing.drivers = [ pkgs.hplip ];
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
wireplumber.enable = true;
alsa.enable = true;
2024-01-07 13:41:01 +00:00
alsa.support32Bit = true;
2023-03-29 13:14:37 +00:00
pulse.enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
};
# Define a user account. Don't forget to set a password with passwd.
users.users.xin = {
isNormalUser = true;
description = "xin";
2023-11-28 13:38:50 +00:00
extraGroups = [ "networkmanager" "wheel" "wireshark" "tss" ];
2023-03-29 13:14:37 +00:00
};
2024-01-07 13:41:01 +00:00
services.kanidm = {
enableClient = true;
clientSettings = {
uri = "https://auth.xinyang.life";
};
};
2023-03-29 13:14:37 +00:00
# Enable automatic login for the user.
2024-06-11 10:18:07 +00:00
services.displayManager.autoLogin.enable = true;
services.displayManager.autoLogin.user = "xin";
2023-03-29 13:14:37 +00:00
2023-05-27 01:39:16 +00:00
# Smart services
services.smartd.enable = true;
2023-03-29 13:14:37 +00:00
# Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
];
2023-03-29 13:14:37 +00:00
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# Filesystem
2023-12-15 13:24:46 +00:00
owncloud-client
2023-03-29 13:14:37 +00:00
nfs-utils
# tesseract5 # ocr
ocrmypdf # pdfocr
2023-03-29 13:14:37 +00:00
2023-05-27 01:39:16 +00:00
# ==== Development ==== #
2023-03-29 13:14:37 +00:00
# Python
# reference: https://nixos.wiki/wiki/Python
(
let
my-python-packages = python-packages: with python-packages; [
pandas
requests
numpy
pyyaml
2024-06-11 10:18:07 +00:00
setuptools
2023-03-29 13:14:37 +00:00
];
python-with-my-packages = python3.withPackages my-python-packages;
in
python-with-my-packages
)
# ==== GUI Softwares ==== #
2023-07-21 17:20:55 +00:00
2023-03-29 13:14:37 +00:00
# Gnome tweaks
2023-11-30 04:07:23 +00:00
gnomeExtensions.paperwm
2023-12-01 14:22:43 +00:00
gnomeExtensions.search-light
2024-06-11 10:18:07 +00:00
gnomeExtensions.appindicator
2023-03-29 13:14:37 +00:00
gnome.gnome-tweaks
2024-02-27 04:58:29 +00:00
gnome.gnome-themes-extra
2024-06-11 10:18:07 +00:00
gnome.gnome-remote-desktop
bibata-cursors
2023-03-29 13:14:37 +00:00
gthumb
2024-01-07 13:41:01 +00:00
oculante
2023-03-29 13:14:37 +00:00
# Multimedia
vlc
obs-studio
spotify
# IM
2023-12-06 14:54:22 +00:00
element-desktop
2023-03-29 13:14:37 +00:00
tdesktop
qq
# Password manager
bitwarden
2023-03-29 13:14:37 +00:00
# Browser
firefox
2024-06-11 10:18:07 +00:00
(chromium.override {
commandLineArgs = [
"--ozone-platform-hint=auto"
"--enable-wayland-ime"
];
})
2023-09-26 15:32:52 +00:00
brave
2023-03-29 13:14:37 +00:00
# Writting
zotero
2024-06-11 10:18:07 +00:00
# onlyoffice-bin
2024-01-07 13:41:01 +00:00
wpsoffice
2024-06-11 10:18:07 +00:00
zed-editor
2023-03-29 13:14:37 +00:00
config.nur.repos.linyinfeng.wemeet
virt-manager
];
system.stateVersion = "22.05";
2023-03-29 13:14:37 +00:00
# Use mirror for binary cache
nix.settings.substituters = [
"https://mirrors.bfsu.edu.cn/nix-channels/store"
2023-03-29 13:14:37 +00:00
"https://mirrors.ustc.edu.cn/nix-channels/store"
];
2023-07-21 17:20:55 +00:00
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
2023-12-15 13:24:46 +00:00
nix.optimise.automatic = true;
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
trusted-users = [ "xin" "root" ];
};
2023-07-22 14:56:46 +00:00
nix.extraOptions = ''
!include "${config.sops.secrets.github_public_token.path}"
'';
2023-12-01 14:22:43 +00:00
sops.secrets = {
restic_repo_calcite_password = {
2023-07-22 14:56:46 +00:00
owner = "xin";
2023-12-01 14:22:43 +00:00
sopsFile = ./secrets.yaml;
};
restic_repo_calcite = {
owner = "xin";
sopsFile = ./secrets.yaml;
2023-07-22 14:56:46 +00:00
};
2024-01-07 17:03:42 +00:00
sing_box_url = {
owner = "root";
sopsFile = ./secrets.yaml;
};
2024-03-25 17:56:59 +00:00
gitea_env = {
owner = "root";
sopsFile = ./secrets.yaml;
};
2023-07-22 14:56:46 +00:00
};
2023-12-01 17:33:20 +00:00
custom.restic.enable = true;
2023-12-01 14:22:43 +00:00
custom.restic.repositoryFile = config.sops.secrets.restic_repo_calcite.path;
custom.restic.passwordFile = config.sops.secrets.restic_repo_calcite_password.path;
2024-03-25 17:56:59 +00:00
custom.forgejo-actions-runner.enable = true;
custom.forgejo-actions-runner.tokenFile = config.sops.secrets.gitea_env.path;
2023-03-29 13:14:37 +00:00
# MTP support
services.gvfs.enable = true;
# Fonts
fonts = {
packages = with pkgs; [
(nerdfonts.override { fonts = [ "FiraCode" ]; })
2023-03-29 13:14:37 +00:00
noto-fonts
noto-fonts-emoji
liberation_ttf
mplus-outline-fonts.githubRelease
dina-font
proggyfonts
ubuntu_font_family
# Chinese
wqy_microhei
wqy_zenhei
noto-fonts-cjk-sans
noto-fonts-cjk-serif
source-han-sans
source-han-serif
];
fontconfig = {
defaultFonts = {
serif = [ "Noto Serif CJK SC" "Ubuntu" ];
sansSerif = [ "Noto Sans CJK SC" "Ubuntu" ];
2024-01-07 13:41:01 +00:00
monospace = [ "FiraCode NerdFont Mono" "Noto Sans Mono CJK SC" "Ubuntu" ];
2023-03-29 13:14:37 +00:00
};
};
2024-01-07 13:41:01 +00:00
enableDefaultPackages = true;
2023-03-29 13:14:37 +00:00
};
# Virtualization
virtualisation = {
libvirtd.enable = true;
podman = {
enable = true;
};
2023-04-16 02:30:45 +00:00
docker = {
enable = true;
autoPrune.enable = true;
};
2023-03-29 13:14:37 +00:00
};
}