2024-03-25 08:26:48 +00:00
|
|
|
|
{ config, pkgs, lib, ... }:
|
2023-03-29 13:14:37 +00:00
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
imports =
|
|
|
|
|
[
|
|
|
|
|
# Include the results of the hardware scan.
|
|
|
|
|
./hardware-configuration.nix
|
2023-04-22 17:42:40 +00:00
|
|
|
|
./network.nix
|
2023-04-19 06:16:39 +00:00
|
|
|
|
../sops.nix
|
2023-03-29 13:14:37 +00:00
|
|
|
|
];
|
|
|
|
|
|
2024-07-17 07:52:30 +00:00
|
|
|
|
commonSettings = {
|
2024-07-18 03:44:09 +00:00
|
|
|
|
nix = {
|
|
|
|
|
enableMirrors = true;
|
|
|
|
|
signing.enable = true;
|
|
|
|
|
};
|
2024-07-17 07:52:30 +00:00
|
|
|
|
};
|
|
|
|
|
|
2023-03-29 13:14:37 +00:00
|
|
|
|
# Bootloader.
|
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
|
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
|
|
|
|
# boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
|
boot.kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" ];
|
2023-04-22 17:42:40 +00:00
|
|
|
|
boot.supportedFilesystems = [ "ntfs" ];
|
2023-09-28 11:16:45 +00:00
|
|
|
|
boot.binfmt.emulatedSystems = ["aarch64-linux"];
|
2023-03-29 13:14:37 +00:00
|
|
|
|
|
2023-11-28 13:38:50 +00:00
|
|
|
|
security.tpm2 = {
|
|
|
|
|
enable = true;
|
|
|
|
|
# expose /run/current-system/sw/lib/libtpm2_pkcs11.so
|
|
|
|
|
pkcs11.enable = true;
|
2024-03-25 08:26:48 +00:00
|
|
|
|
# TODO: Need this until fapi-config is fixed in NixOS
|
|
|
|
|
pkcs11.package = pkgs.tpm2-pkcs11.override { fapiSupport = false; };
|
2023-11-28 13:38:50 +00:00
|
|
|
|
# TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
|
|
|
|
|
tctiEnvironment.enable = true;
|
|
|
|
|
};
|
2024-03-25 08:26:48 +00:00
|
|
|
|
services.gnome.gnome-keyring.enable = lib.mkForce false;
|
|
|
|
|
security.pam.services.login.enableGnomeKeyring = lib.mkForce false;
|
|
|
|
|
services.ssh-tpm-agent.enable = true;
|
|
|
|
|
|
|
|
|
|
programs.ssh.agentPKCS11Whitelist = "${config.security.tpm2.pkcs11.package}/lib/libtpm_pkcs11.so";
|
2023-11-28 13:38:50 +00:00
|
|
|
|
|
2023-04-22 17:42:40 +00:00
|
|
|
|
networking.hostName = "calcite";
|
2023-03-29 13:14:37 +00:00
|
|
|
|
|
2024-01-07 13:41:01 +00:00
|
|
|
|
programs.steam = {
|
|
|
|
|
enable = true;
|
|
|
|
|
gamescopeSession = { enable = true; };
|
|
|
|
|
};
|
|
|
|
|
|
2024-07-09 13:17:10 +00:00
|
|
|
|
programs.oidc-agent.enable = true;
|
|
|
|
|
programs.oidc-agent.providers = [
|
|
|
|
|
{ issuer = "https://home.xinyang.life:9201";
|
|
|
|
|
pubclient = {
|
|
|
|
|
client_id = "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69";
|
|
|
|
|
client_secret = "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh";
|
|
|
|
|
scope = "openid offline_access profile email";
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
|
2023-04-22 17:42:40 +00:00
|
|
|
|
programs.vim.defaultEditor = true;
|
2023-03-29 13:14:37 +00:00
|
|
|
|
|
2023-04-22 17:42:40 +00:00
|
|
|
|
# Keep this even if enabled in home manager
|
|
|
|
|
programs.fish.enable = true;
|
|
|
|
|
environment.shells = [ pkgs.fish ];
|
|
|
|
|
users.defaultUserShell = pkgs.fish;
|
2023-04-19 06:16:39 +00:00
|
|
|
|
|
2023-03-29 13:14:37 +00:00
|
|
|
|
# Setup wireguard
|
|
|
|
|
# Set your time zone.
|
|
|
|
|
time.timeZone = "Asia/Shanghai";
|
|
|
|
|
|
|
|
|
|
# Select internationalisation properties.
|
|
|
|
|
i18n.defaultLocale = "en_US.utf8";
|
|
|
|
|
|
|
|
|
|
i18n.extraLocaleSettings = {
|
|
|
|
|
LC_ADDRESS = "zh_CN.utf8";
|
|
|
|
|
LC_IDENTIFICATION = "zh_CN.utf8";
|
|
|
|
|
LC_MEASUREMENT = "zh_CN.utf8";
|
|
|
|
|
LC_MONETARY = "zh_CN.utf8";
|
|
|
|
|
LC_NAME = "zh_CN.utf8";
|
|
|
|
|
LC_NUMERIC = "zh_CN.utf8";
|
|
|
|
|
LC_PAPER = "zh_CN.utf8";
|
|
|
|
|
LC_TELEPHONE = "zh_CN.utf8";
|
|
|
|
|
LC_TIME = "en_US.utf8";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Enable the X11 windowing system.
|
|
|
|
|
services.xserver.enable = true;
|
|
|
|
|
|
|
|
|
|
# Enable the GNOME Desktop Environment.
|
|
|
|
|
services.xserver.displayManager.gdm.enable = true;
|
|
|
|
|
services.xserver.desktopManager.gnome.enable = true;
|
|
|
|
|
|
2024-06-11 10:18:07 +00:00
|
|
|
|
|
2023-03-29 13:14:37 +00:00
|
|
|
|
# Configure keymap in X11
|
|
|
|
|
services.xserver = {
|
2024-03-07 04:03:59 +00:00
|
|
|
|
xkb.layout = "us";
|
|
|
|
|
xkb.variant = "";
|
2023-03-29 13:14:37 +00:00
|
|
|
|
};
|
2023-12-19 06:25:22 +00:00
|
|
|
|
# Keyboard mapping on internal keyboard
|
|
|
|
|
services.keyd = {
|
|
|
|
|
enable = true;
|
|
|
|
|
keyboards = {
|
|
|
|
|
"internal" = {
|
|
|
|
|
ids = [ "0b05:1866" ];
|
|
|
|
|
settings = {
|
|
|
|
|
main = {
|
|
|
|
|
capslock = "overload(control, esc)";
|
|
|
|
|
leftcontrol = "capslock";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-03-29 13:14:37 +00:00
|
|
|
|
|
|
|
|
|
# Enable CUPS to print documents.
|
|
|
|
|
services.printing.enable = true;
|
2024-07-09 13:17:10 +00:00
|
|
|
|
# services.printing.drivers = [ pkgs.hplip ];
|
2023-03-29 13:14:37 +00:00
|
|
|
|
|
|
|
|
|
hardware.pulseaudio.enable = false;
|
|
|
|
|
security.rtkit.enable = true;
|
|
|
|
|
services.pipewire = {
|
|
|
|
|
enable = true;
|
|
|
|
|
wireplumber.enable = true;
|
|
|
|
|
alsa.enable = true;
|
2024-01-07 13:41:01 +00:00
|
|
|
|
alsa.support32Bit = true;
|
2023-03-29 13:14:37 +00:00
|
|
|
|
pulse.enable = true;
|
|
|
|
|
# If you want to use JACK applications, uncomment this
|
|
|
|
|
jack.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
|
|
|
|
users.users.xin = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
description = "xin";
|
2023-11-28 13:38:50 +00:00
|
|
|
|
extraGroups = [ "networkmanager" "wheel" "wireshark" "tss" ];
|
2023-03-29 13:14:37 +00:00
|
|
|
|
};
|
|
|
|
|
|
2024-01-07 13:41:01 +00:00
|
|
|
|
services.kanidm = {
|
|
|
|
|
enableClient = true;
|
|
|
|
|
clientSettings = {
|
|
|
|
|
uri = "https://auth.xinyang.life";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-03-29 13:14:37 +00:00
|
|
|
|
# Enable automatic login for the user.
|
2024-06-11 10:18:07 +00:00
|
|
|
|
services.displayManager.autoLogin.enable = true;
|
|
|
|
|
services.displayManager.autoLogin.user = "xin";
|
2023-03-29 13:14:37 +00:00
|
|
|
|
|
2023-05-27 01:39:16 +00:00
|
|
|
|
# Smart services
|
|
|
|
|
services.smartd.enable = true;
|
|
|
|
|
|
2023-03-29 13:14:37 +00:00
|
|
|
|
# Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
|
|
|
|
|
systemd.services."getty@tty1".enable = false;
|
|
|
|
|
systemd.services."autovt@tty1".enable = false;
|
|
|
|
|
|
|
|
|
|
# Allow unfree packages
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
2023-04-22 17:42:40 +00:00
|
|
|
|
nixpkgs.config.permittedInsecurePackages = [
|
|
|
|
|
];
|
2023-03-29 13:14:37 +00:00
|
|
|
|
# List packages installed in system profile. To search, run:
|
|
|
|
|
# $ nix search wget
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
2024-07-09 13:17:10 +00:00
|
|
|
|
oidc-agent
|
2023-03-29 13:14:37 +00:00
|
|
|
|
# Filesystem
|
2023-12-15 13:24:46 +00:00
|
|
|
|
owncloud-client
|
2023-03-29 13:14:37 +00:00
|
|
|
|
nfs-utils
|
|
|
|
|
|
|
|
|
|
# tesseract5 # ocr
|
2023-04-03 02:01:42 +00:00
|
|
|
|
ocrmypdf # pdfocr
|
2023-03-29 13:14:37 +00:00
|
|
|
|
|
2023-05-27 01:39:16 +00:00
|
|
|
|
# ==== Development ==== #
|
2023-03-29 13:14:37 +00:00
|
|
|
|
# Python
|
|
|
|
|
# reference: https://nixos.wiki/wiki/Python
|
|
|
|
|
(
|
|
|
|
|
let
|
|
|
|
|
my-python-packages = python-packages: with python-packages; [
|
|
|
|
|
pandas
|
|
|
|
|
requests
|
|
|
|
|
numpy
|
|
|
|
|
pyyaml
|
2024-06-11 10:18:07 +00:00
|
|
|
|
setuptools
|
2023-03-29 13:14:37 +00:00
|
|
|
|
];
|
|
|
|
|
python-with-my-packages = python3.withPackages my-python-packages;
|
|
|
|
|
in
|
|
|
|
|
python-with-my-packages
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# ==== GUI Softwares ==== #
|
2023-07-21 17:20:55 +00:00
|
|
|
|
|
2023-03-29 13:14:37 +00:00
|
|
|
|
# Gnome tweaks
|
2023-11-30 04:07:23 +00:00
|
|
|
|
gnomeExtensions.paperwm
|
2023-12-01 14:22:43 +00:00
|
|
|
|
gnomeExtensions.search-light
|
2024-06-11 10:18:07 +00:00
|
|
|
|
gnomeExtensions.appindicator
|
2024-07-14 06:04:52 +00:00
|
|
|
|
gnomeExtensions.pano
|
|
|
|
|
gnome-tweaks
|
|
|
|
|
gnome-themes-extra
|
2024-06-11 10:18:07 +00:00
|
|
|
|
gnome.gnome-remote-desktop
|
|
|
|
|
bibata-cursors
|
2023-03-29 13:14:37 +00:00
|
|
|
|
gthumb
|
2024-01-07 13:41:01 +00:00
|
|
|
|
oculante
|
2023-03-29 13:14:37 +00:00
|
|
|
|
|
|
|
|
|
# Multimedia
|
|
|
|
|
vlc
|
|
|
|
|
obs-studio
|
|
|
|
|
spotify
|
|
|
|
|
# IM
|
2023-12-06 14:54:22 +00:00
|
|
|
|
element-desktop
|
2023-03-29 13:14:37 +00:00
|
|
|
|
tdesktop
|
|
|
|
|
qq
|
2024-07-14 06:04:52 +00:00
|
|
|
|
feishu
|
2023-03-29 13:14:37 +00:00
|
|
|
|
|
|
|
|
|
# Password manager
|
2023-11-24 12:49:18 +00:00
|
|
|
|
bitwarden
|
2023-03-29 13:14:37 +00:00
|
|
|
|
|
|
|
|
|
# Browser
|
|
|
|
|
firefox
|
2024-06-11 10:18:07 +00:00
|
|
|
|
(chromium.override {
|
|
|
|
|
commandLineArgs = [
|
|
|
|
|
"--ozone-platform-hint=auto"
|
|
|
|
|
"--enable-wayland-ime"
|
|
|
|
|
];
|
|
|
|
|
})
|
2023-09-26 15:32:52 +00:00
|
|
|
|
brave
|
2023-03-29 13:14:37 +00:00
|
|
|
|
|
|
|
|
|
# Writting
|
|
|
|
|
zotero
|
2024-06-11 10:18:07 +00:00
|
|
|
|
# onlyoffice-bin
|
2024-01-07 13:41:01 +00:00
|
|
|
|
wpsoffice
|
2024-06-11 10:18:07 +00:00
|
|
|
|
zed-editor
|
2023-03-29 13:14:37 +00:00
|
|
|
|
|
|
|
|
|
config.nur.repos.linyinfeng.wemeet
|
|
|
|
|
|
|
|
|
|
virt-manager
|
|
|
|
|
];
|
|
|
|
|
|
2023-04-22 17:42:40 +00:00
|
|
|
|
system.stateVersion = "22.05";
|
2023-03-29 13:14:37 +00:00
|
|
|
|
|
2023-07-22 14:56:46 +00:00
|
|
|
|
nix.extraOptions = ''
|
|
|
|
|
!include "${config.sops.secrets.github_public_token.path}"
|
|
|
|
|
'';
|
2023-12-01 14:22:43 +00:00
|
|
|
|
|
|
|
|
|
sops.secrets = {
|
|
|
|
|
restic_repo_calcite_password = {
|
2023-07-22 14:56:46 +00:00
|
|
|
|
owner = "xin";
|
2023-12-01 14:22:43 +00:00
|
|
|
|
sopsFile = ./secrets.yaml;
|
|
|
|
|
};
|
|
|
|
|
restic_repo_calcite = {
|
|
|
|
|
owner = "xin";
|
|
|
|
|
sopsFile = ./secrets.yaml;
|
2023-07-22 14:56:46 +00:00
|
|
|
|
};
|
2024-01-07 17:03:42 +00:00
|
|
|
|
sing_box_url = {
|
|
|
|
|
owner = "root";
|
|
|
|
|
sopsFile = ./secrets.yaml;
|
|
|
|
|
};
|
2024-03-25 17:56:59 +00:00
|
|
|
|
gitea_env = {
|
|
|
|
|
owner = "root";
|
|
|
|
|
sopsFile = ./secrets.yaml;
|
|
|
|
|
};
|
2023-07-22 14:56:46 +00:00
|
|
|
|
};
|
2023-12-01 17:33:20 +00:00
|
|
|
|
custom.restic.enable = true;
|
2023-12-01 14:22:43 +00:00
|
|
|
|
custom.restic.repositoryFile = config.sops.secrets.restic_repo_calcite.path;
|
|
|
|
|
custom.restic.passwordFile = config.sops.secrets.restic_repo_calcite_password.path;
|
|
|
|
|
|
2024-03-25 17:56:59 +00:00
|
|
|
|
custom.forgejo-actions-runner.enable = true;
|
|
|
|
|
custom.forgejo-actions-runner.tokenFile = config.sops.secrets.gitea_env.path;
|
2023-03-29 13:14:37 +00:00
|
|
|
|
|
2024-07-31 07:38:24 +00:00
|
|
|
|
custom.prometheus = {
|
|
|
|
|
enable = true;
|
|
|
|
|
exporters.blackbox.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
2023-03-29 13:14:37 +00:00
|
|
|
|
# MTP support
|
|
|
|
|
services.gvfs.enable = true;
|
|
|
|
|
|
|
|
|
|
# Fonts
|
|
|
|
|
fonts = {
|
2023-09-22 17:12:38 +00:00
|
|
|
|
packages = with pkgs; [
|
2023-04-22 17:42:40 +00:00
|
|
|
|
(nerdfonts.override { fonts = [ "FiraCode" ]; })
|
2023-03-29 13:14:37 +00:00
|
|
|
|
noto-fonts
|
|
|
|
|
noto-fonts-emoji
|
|
|
|
|
liberation_ttf
|
|
|
|
|
mplus-outline-fonts.githubRelease
|
|
|
|
|
dina-font
|
|
|
|
|
proggyfonts
|
|
|
|
|
ubuntu_font_family
|
|
|
|
|
# Chinese
|
|
|
|
|
wqy_microhei
|
|
|
|
|
wqy_zenhei
|
|
|
|
|
noto-fonts-cjk-sans
|
|
|
|
|
noto-fonts-cjk-serif
|
|
|
|
|
source-han-sans
|
|
|
|
|
source-han-serif
|
|
|
|
|
];
|
|
|
|
|
fontconfig = {
|
|
|
|
|
defaultFonts = {
|
|
|
|
|
serif = [ "Noto Serif CJK SC" "Ubuntu" ];
|
|
|
|
|
sansSerif = [ "Noto Sans CJK SC" "Ubuntu" ];
|
2024-01-07 13:41:01 +00:00
|
|
|
|
monospace = [ "FiraCode NerdFont Mono" "Noto Sans Mono CJK SC" "Ubuntu" ];
|
2023-03-29 13:14:37 +00:00
|
|
|
|
};
|
|
|
|
|
};
|
2024-01-07 13:41:01 +00:00
|
|
|
|
enableDefaultPackages = true;
|
2023-03-29 13:14:37 +00:00
|
|
|
|
};
|
|
|
|
|
# Virtualization
|
|
|
|
|
virtualisation = {
|
|
|
|
|
libvirtd.enable = true;
|
|
|
|
|
podman = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
2023-04-16 02:30:45 +00:00
|
|
|
|
docker = {
|
|
|
|
|
enable = true;
|
|
|
|
|
autoPrune.enable = true;
|
|
|
|
|
};
|
2023-03-29 13:14:37 +00:00
|
|
|
|
};
|
2024-07-14 06:04:52 +00:00
|
|
|
|
|
|
|
|
|
services.nixseparatedebuginfod.enable = true;
|
2023-03-29 13:14:37 +00:00
|
|
|
|
}
|