schmittlauch/nixconfigs
2
0
Fork 0
Code Issues 2 Pull requests Releases Wiki Activity
nixconfigs/common/default.nix
Trolli Schmittlauch 0bdd004824 angrr: add as NixOS and nix-darwin module 
pulled in as flake because the darwin module has not been upstreamed
yet, anf or consistency sake take all modules from the same source then
2026-02-07 03:55:08 +01:00

271 lines
6.5 KiB
Nix
Raw Blame History

{
config,
pkgs,
lib,
...
}:
let
inputs = config.inputInjection.flake-inputs;
unstable = inputs.nixos-unstable;
in
{
imports = [
./packages.nix
./nitrokey.nix
./nix-settings.nix
./upgrade-diff.nix
./guest.nix
./audio-sharing.nix
./angrr.nix
];
services.davfs2.enable = true;
# exfat support
#boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
# make the boot look good
boot.plymouth.enable = true;
# configure console
console = {
keyMap = "de";
};
# Select internationalisation properties.
i18n = {
defaultLocale = "de_DE.UTF-8";
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.bash.completion.enable = true;
programs.wireshark = {
enable = true;
package = pkgs.wireshark;
};
programs.adb.enable = true;
programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
programs.ausweisapp = {
enable = true;
openFirewall = true;
};
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
programs.ssh.startAgent = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
networking.networkmanager = {
enable = true;
# FIXME: move into own file, use SOPS for secrets
ensureProfiles.profiles = {
"37C3" = {
connection = {
id = "37C3";
type = "wifi";
interface-name = "wlan0";
};
wifi = {
mode = "infrastructure";
ssid = "37C3";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-eap";
};
"802-1x" = {
anonymous-identity = "37C3";
eap = "ttls;";
identity = "37C3";
password = "37C3";
phase2-auth = "pap";
altsubject-matches = "DNS:radius.c3noc.net";
ca-cert = "${builtins.fetchurl {
url = "https://letsencrypt.org/certs/isrgrootx1.pem";
sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92";
}}";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
};
};
plugins = with pkgs; [
networkmanager-openvpn
];
};
services.avahi.enable = true;
# Enable CUPS to print documents.
services.printing = {
enable = true;
drivers = [ pkgs.hplip ];
};
# scanners
hardware.sane = {
enable = true;
extraBackends = [ pkgs.hplip ];
};
# Bluetooth
hardware.bluetooth = {
enable = true;
settings.General.Disable = "Headset"; # disable headset profile
};
# FIXME: at some point, hide GUI and sound (desktop vs. server) behind an option
# Enable the X11 windowing system.
services.xserver = {
enable = true;
xkb.layout = "de";
xkb.options = "eurosign:e";
};
# Enable touchpad support.
services.libinput.enable = true;
# while libinput also supports graphic tablets, enable more-specific wacom driver
services.xserver.wacom.enable = true;
# Enable the KDE Desktop Environment.
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
};
services.desktopManager.plasma6.enable = true;
# TODO: move out into a plasma.nix module
programs.kde-pim = {
enable = true;
kmail = true;
kontact = true;
merkuro = true;
};
# additional standalone versions of kontact components
environment.systemPackages = with pkgs.kdePackages; [
korganizer
kaddressbook
pkgs.ktimetracker
];
programs.kdeconnect.enable = true;
# enable wayland for Chromium and Electron
environment.sessionVariables.NIXOS_OZONE_WL = "1";
# dconf required for several Gnome applications
programs.dconf.enable = true;
programs.firefox.enable = true; # enables support for automatically setting additionsl nativeMessagingHosts
# Flatpak support
services.flatpak.enable = true;
xdg.portal.extraPortals = [ pkgs.kdePackages.xdg-desktop-portal-kde ];
# Define a user account. Don't forget to set a password with `passwd`.
users.users.spiollinux = {
isNormalUser = true;
uid = 1000;
extraGroups = [
"vboxusers"
"wheel"
"networkmanager"
"scanner"
"lp"
"wireshark"
"dialout"
"cdrom"
"input"
"adbusers"
];
shell = pkgs.zsh;
};
# enable virtualbox support
virtualisation.virtualbox.host = {
enable = true;
#enableExtensionPack = true;
};
# allow PUEL license
nixpkgs.config.whitelistedLicenses = [ pkgs.lib.licenses.virtualbox-puel ];
users.extraGroups.vboxusers.members = [ "spiollinux" ];
programs.zsh = {
enable = true;
autosuggestions.enable = true;
};
# profile sync daemon
services.psd.enable = true;
fonts = {
fontDir.enable = true;
fontconfig.enable = true;
fontconfig.includeUserConf = true;
};
# Enable all sysrq functions (useful to recover from some issues):
boot.kernel.sysctl."kernel.sysrq" = 1; # NixOS default: 16 (only the sync command)
nix.package = pkgs.lix;
nix.settings.trusted-users = [ "spiollinux" ];
# override tmpdir for daemon
#systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";
# remote builders
#nix.buildMachines = [
# {
# hostName = "build01.nix-community.org";
# sshUser = "ssh-ng://schmittlauch";
# sshKey = "/root/.ssh/remote_builder_key";
# system = "x86_64-linux";
# maxJobs = 64;
# supportedFeatures = [
# "big-parallel"
# "kvm"
# "nixos-test"
# ];
# }
#];
programs.ssh.knownHosts."build01.nix-community.org".publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElIQ54qAy7Dh63rBudYKdbzJHrrbrrMXLYl7Pkmk88H";
# package debugging
# programs.sysdig.enable = true;
# declarative containers
containers = {
# hash2PubSim = import ./Hash2PubTestbed.nix
# {
# inherit pkgs config;
# experimentUid = config.users.users.spiollinux.uid;
# projectDir = "/home/spiollinux/Seafile/Studium/Semester11/INF-PM-FP-ANW";
# };
};
# stop NetworkManager from managing virtual interfaces
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
services.dbus.implementation = "broker";
system.rebuild.enableNg = true;
}
Reference in a new issue View git blame Copy permalink