{ config, pkgs, lib, inputs, ... }: let unstable = inputs.nixos-unstable; in { imports = [ ./packages.nix ./nitrokey.nix ]; services.davfs2.enable = true; # try newer kernels #boot.kernelPackages = pkgs.linuxPackages_latest; # exfat support #boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; # make the boot look good boot.plymouth.enable = true; # configure console console = { font = "Lat2-Terminus16"; keyMap = "de"; }; # Select internationalisation properties. i18n = { defaultLocale = "de_DE.UTF-8"; }; # Set your time zone. time.timeZone = "Europe/Berlin"; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. programs.bash.enableCompletion = true; programs.wireshark = { enable = true; package = pkgs.wireshark; }; programs.adb.enable = true; programs.mtr.enable = true; # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # List services that you want to enable: # Enable the OpenSSH daemon. # services.openssh.enable = true; programs.ssh.startAgent = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; networking.firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }]; networking.firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; # for KDE connect # FIXME: kdeconnect module # Or disable the firewall altogether. # networking.firewall.enable = false; networking.networkmanager = { enable = true; # FIXME: move into own file, use SOPS for secrets ensureProfiles.profiles = { "37C3" = { connection = { id = "37C3"; type = "wifi"; interface-name = "wlan0"; }; wifi = { mode = "infrastructure"; ssid = "37C3"; }; wifi-security = { auth-alg = "open"; key-mgmt = "wpa-eap"; }; "802-1x" = { anonymous-identity = "37C3"; eap = "ttls;"; identity = "37C3"; password = "37C3"; phase2-auth = "pap"; altsubject-matches = "DNS:radius.c3noc.net"; ca-cert = "${builtins.fetchurl { url = "https://letsencrypt.org/certs/isrgrootx1.pem"; sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92"; }}"; }; ipv4 = { method = "auto"; }; ipv6 = { addr-gen-mode = "default"; method = "auto"; }; }; }; }; services.avahi.enable = true; # Enable CUPS to print documents. services.printing = { enable = true; drivers = [ pkgs.hplip ]; }; # scanners hardware.sane = { enable = true; extraBackends = [ pkgs.hplip ]; }; # Enable sound. sound.enable = true; hardware.pulseaudio = { enable = true; # decouple pulseaudio application and sink volumes daemon.config = { flat-volumes = "no"; }; # C3D2 hq music zeroconf.discovery.enable = true; zeroconf.publish.enable = true; }; # Bluetooth hardware.bluetooth = { enable = true; settings.General.Disable = "Headset"; # disable headset profile }; hardware.pulseaudio = { package = pkgs.pulseaudioFull; }; # FIXME: at some point, hide GUI and sound (desktop vs. server) behind an option # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.layout = "de"; services.xserver.xkbOptions = "eurosign:e"; # Enable touchpad support. services.xserver.libinput.enable = true; # while libinput also supports graphic tablets, enable more-specific wacom driver services.xserver.wacom.enable = true; # Enable the KDE Desktop Environment. services.xserver.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; # dconf required for several Gnome applications programs.dconf.enable = true; programs.firefox.enable = true; # enables support for automatically setting additionsl nativeMessagingHosts # Flatpak support services.flatpak.enable = true; xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ]; # Define a user account. Don't forget to set a password with `passwd`. users.users.spiollinux = { isNormalUser = true; uid = 1000; extraGroups = [ "vboxusers" "wheel" "networkmanager" "scanner" "lp" "wireshark" "dialout" "cdrom" "input" "adbusers" ]; shell = pkgs.zsh; }; # enable virtualbox support virtualisation.virtualbox.host = { enable = true; #enableExtensionPack = true; }; # allow PUEL license nixpkgs.config.whitelistedLicenses = [ pkgs.lib.licenses.virtualbox-puel ]; users.extraGroups.vboxusers.members = [ "spiollinux" ]; programs.zsh = { enable = true; autosuggestions.enable = true; }; # profile sync daemon services.psd.enable = true; services.smartd = { enable = true; devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }]; }; fonts = { fontDir.enable = true; fontconfig.enable = true; fontconfig.includeUserConf = true; }; # Enable all sysrq functions (useful to recover from some issues): boot.kernel.sysctl."kernel.sysrq" = 1; # NixOS default: 16 (only the sync command) nix = { # expose all flake inputs through nix Path and registry registry = (lib.mapAttrs (_: value: { flake = value; }) inputs) // { nixpkgs.flake = inputs.nixpkgs; }; nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; # keep build-time deps around for offline-rebuilding settings = { # keep around all inputs necessary for offline-rebuilding the system keep-outputs = true; keep-derivations = true; trusted-users = [ "spiollinux" ]; experimental-features = [ "nix-command" "flakes" "repl-flake" ]; # use all cores for building cores = 0; }; }; # override tmpdir for daemon #systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp"; # remote builders #nix.buildMachines = [ # { # hostName = "build01.nix-community.org"; # sshUser = "ssh-ng://schmittlauch"; # sshKey = "/root/.ssh/remote_builder_key"; # system = "x86_64-linux"; # maxJobs = 64; # supportedFeatures = [ # "big-parallel" # "kvm" # "nixos-test" # ]; # } #]; programs.ssh.knownHosts."build01.nix-community.org".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElIQ54qAy7Dh63rBudYKdbzJHrrbrrMXLYl7Pkmk88H"; # package debugging # programs.sysdig.enable = true; # declarative containers containers = { # hash2PubSim = import ./Hash2PubTestbed.nix # { # inherit pkgs config; # experimentUid = config.users.users.spiollinux.uid; # projectDir = "/home/spiollinux/Seafile/Studium/Semester11/INF-PM-FP-ANW"; # }; }; # stop NetworkManager from managing virtual interfaces networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; }