diffu/machines/calcite/configuration.nix

308 lines
7 KiB
Nix
Raw Normal View History

{ config, pkgs, ... }:
2023-03-29 13:14:37 +00:00
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
./network.nix
2023-04-19 06:16:39 +00:00
../sops.nix
2023-03-29 13:14:37 +00:00
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
# boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" ];
boot.supportedFilesystems = [ "ntfs" ];
2023-09-28 11:16:45 +00:00
boot.binfmt.emulatedSystems = ["aarch64-linux"];
2023-03-29 13:14:37 +00:00
2023-11-28 13:38:50 +00:00
security.tpm2 = {
enable = true;
# expose /run/current-system/sw/lib/libtpm2_pkcs11.so
pkcs11.enable = true;
# TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
tctiEnvironment.enable = true;
};
networking.hostName = "calcite";
2023-03-29 13:14:37 +00:00
2024-01-07 13:41:01 +00:00
programs.steam = {
enable = true;
gamescopeSession = { enable = true; };
};
programs.vim.defaultEditor = true;
2023-03-29 13:14:37 +00:00
# Keep this even if enabled in home manager
programs.fish.enable = true;
environment.shells = [ pkgs.fish ];
users.defaultUserShell = pkgs.fish;
2023-04-19 06:16:39 +00:00
2023-03-29 13:14:37 +00:00
# Setup wireguard
# Set your time zone.
time.timeZone = "Asia/Shanghai";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.utf8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "zh_CN.utf8";
LC_IDENTIFICATION = "zh_CN.utf8";
LC_MEASUREMENT = "zh_CN.utf8";
LC_MONETARY = "zh_CN.utf8";
LC_NAME = "zh_CN.utf8";
LC_NUMERIC = "zh_CN.utf8";
LC_PAPER = "zh_CN.utf8";
LC_TELEPHONE = "zh_CN.utf8";
LC_TIME = "en_US.utf8";
};
2023-05-27 01:39:16 +00:00
i18n.inputMethod = {
enabled = "fcitx5";
fcitx5.addons = with pkgs; [ fcitx5-rime ];
};
2023-03-29 13:14:37 +00:00
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
services.xserver = {
layout = "us";
xkbVariant = "";
};
# Keyboard mapping on internal keyboard
services.keyd = {
enable = true;
keyboards = {
"internal" = {
ids = [ "0b05:1866" ];
settings = {
main = {
capslock = "overload(control, esc)";
leftcontrol = "capslock";
};
};
};
};
};
2023-03-29 13:14:37 +00:00
# Enable CUPS to print documents.
services.printing.enable = true;
services.printing.drivers = [ pkgs.hplip ];
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
wireplumber.enable = true;
alsa.enable = true;
2024-01-07 13:41:01 +00:00
alsa.support32Bit = true;
2023-03-29 13:14:37 +00:00
pulse.enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
};
# Define a user account. Don't forget to set a password with passwd.
users.users.xin = {
isNormalUser = true;
description = "xin";
2023-11-28 13:38:50 +00:00
extraGroups = [ "networkmanager" "wheel" "wireshark" "tss" ];
2023-03-29 13:14:37 +00:00
};
2024-01-07 13:41:01 +00:00
services.kanidm = {
enableClient = true;
enablePam = true;
clientSettings = {
uri = "https://auth.xinyang.life";
};
unixSettings = {
pam_allowed_login_groups = [ "linux_users" "xin@auth.xinyang.life" "test" ];
};
};
2023-03-29 13:14:37 +00:00
# Enable automatic login for the user.
services.xserver.displayManager.autoLogin.enable = true;
services.xserver.displayManager.autoLogin.user = "xin";
2023-05-27 01:39:16 +00:00
# Smart services
services.smartd.enable = true;
2023-03-29 13:14:37 +00:00
# Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1w"
# For wechat-uos
"electron-19.1.9"
2024-01-07 13:41:01 +00:00
"electron-25.9.0"
];
2023-03-29 13:14:37 +00:00
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# Filesystem
2023-12-15 13:24:46 +00:00
owncloud-client
2023-03-29 13:14:37 +00:00
nfs-utils
winetricks
wineWowPackages.waylandFull
faudio
# tesseract5 # ocr
ocrmypdf # pdfocr
2023-03-29 13:14:37 +00:00
2023-05-27 01:39:16 +00:00
# ==== Development ==== #
2023-03-29 13:14:37 +00:00
# Python
# reference: https://nixos.wiki/wiki/Python
(
let
my-python-packages = python-packages: with python-packages; [
pandas
requests
numpy
pyyaml
];
python-with-my-packages = python3.withPackages my-python-packages;
in
python-with-my-packages
)
# ==== GUI Softwares ==== #
2023-07-21 17:20:55 +00:00
2023-03-29 13:14:37 +00:00
# Gnome tweaks
2023-11-30 04:07:23 +00:00
gnomeExtensions.paperwm
2023-12-01 14:22:43 +00:00
gnomeExtensions.search-light
gnomeExtensions.tray-icons-reloaded
2023-03-29 13:14:37 +00:00
gnome.gnome-tweaks
gthumb
2024-01-07 13:41:01 +00:00
oculante
2023-03-29 13:14:37 +00:00
# Multimedia
vlc
obs-studio
spotify
2024-01-07 13:41:01 +00:00
rawtherapee
2023-03-29 13:14:37 +00:00
digikam
# IM
2023-12-06 14:54:22 +00:00
element-desktop
2023-03-29 13:14:37 +00:00
tdesktop
qq
# Password manager
bitwarden
2023-03-29 13:14:37 +00:00
# Browser
firefox
chromium
2023-09-26 15:32:52 +00:00
brave
2023-03-29 13:14:37 +00:00
# Writting
obsidian
zotero
2023-05-27 01:39:16 +00:00
onlyoffice-bin
2024-01-07 13:41:01 +00:00
wpsoffice
2023-03-29 13:14:37 +00:00
config.nur.repos.linyinfeng.wemeet
virt-manager
];
system.stateVersion = "22.05";
2023-03-29 13:14:37 +00:00
# Use mirror for binary cache
nix.settings.substituters = [
"https://mirrors.bfsu.edu.cn/nix-channels/store"
2023-03-29 13:14:37 +00:00
"https://mirrors.ustc.edu.cn/nix-channels/store"
];
2023-07-21 17:20:55 +00:00
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
2023-12-15 13:24:46 +00:00
nix.optimise.automatic = true;
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
trusted-users = [ "xin" "root" ];
};
2023-07-22 14:56:46 +00:00
nix.extraOptions = ''
!include "${config.sops.secrets.github_public_token.path}"
'';
2023-12-01 14:22:43 +00:00
sops.secrets = {
restic_repo_calcite_password = {
2023-07-22 14:56:46 +00:00
owner = "xin";
2023-12-01 14:22:43 +00:00
sopsFile = ./secrets.yaml;
};
restic_repo_calcite = {
owner = "xin";
sopsFile = ./secrets.yaml;
2023-07-22 14:56:46 +00:00
};
2024-01-07 17:03:42 +00:00
sing_box_url = {
owner = "root";
sopsFile = ./secrets.yaml;
};
2023-07-22 14:56:46 +00:00
};
2023-12-01 17:33:20 +00:00
custom.restic.enable = true;
2023-12-01 14:22:43 +00:00
custom.restic.repositoryFile = config.sops.secrets.restic_repo_calcite.path;
custom.restic.passwordFile = config.sops.secrets.restic_repo_calcite_password.path;
2023-03-29 13:14:37 +00:00
# MTP support
services.gvfs.enable = true;
# Fonts
fonts = {
packages = with pkgs; [
(nerdfonts.override { fonts = [ "FiraCode" ]; })
2023-03-29 13:14:37 +00:00
noto-fonts
noto-fonts-emoji
liberation_ttf
mplus-outline-fonts.githubRelease
dina-font
proggyfonts
ubuntu_font_family
# Chinese
wqy_microhei
wqy_zenhei
noto-fonts-cjk-sans
noto-fonts-cjk-serif
source-han-sans
source-han-serif
];
fontconfig = {
defaultFonts = {
serif = [ "Noto Serif CJK SC" "Ubuntu" ];
sansSerif = [ "Noto Sans CJK SC" "Ubuntu" ];
2024-01-07 13:41:01 +00:00
monospace = [ "FiraCode NerdFont Mono" "Noto Sans Mono CJK SC" "Ubuntu" ];
2023-03-29 13:14:37 +00:00
};
};
2024-01-07 13:41:01 +00:00
enableDefaultPackages = true;
2023-03-29 13:14:37 +00:00
};
# Virtualization
virtualisation = {
libvirtd.enable = true;
podman = {
enable = true;
enableNvidia = true;
};
2023-04-16 02:30:45 +00:00
docker = {
enable = true;
autoPrune.enable = true;
};
2023-03-29 13:14:37 +00:00
};
}