nix/os-mods/common/default.nix

{ config
, lib
, pkgs
, inputs
, system
, ...
}: {
  nixpkgs.hostPlatform = lib.mkDefault system;

  nix = {
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 2w";
      randomizedDelaySec = "45min";
    };
    settings.auto-optimise-store = true;
    package = pkgs.nixFlakes;
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
  };

  home-manager.backupFileExtension = "bak";

  # locale
  time.timeZone = "Europe/Berlin";

  i18n = {
    defaultLocale = "en_US.UTF-8";

    extraLocaleSettings = {
      LANG = "en_US.UTF-8";
      LC_ADDRESS = "de_DE.UTF-8";
      LC_COLLATE = "de_DE.UTF-8";
      LC_CTYPE = "en_US.UTF-8";
      LC_IDENTIFICATION = "de_DE.UTF-8";
      LC_MEASUREMENT = "de_DE.UTF-8";
      LC_MESSAGES = "en_US.UTF-8";
      LC_MONETARY = "de_DE.UTF-8";
      LC_NAME = "de_DE.UTF-8";
      LC_NUMERIC = "de_DE.UTF-8";
      LC_PAPER = "de_DE.UTF-8";
      LC_TELEPHONE = "de_DE.UTF-8";
      LC_TIME = "de_DE.UTF-8";
    };
  };
  ####################

  security = {
    pki.certificates = [
      (lib.readFile ../../ext/internal-ca.crt)
    ];
    rtkit.enable = true;

    sudo.enable = false;
    sudo-rs = {
      enable = true;
      wheelNeedsPassword = false;
      execWheelOnly = true;
    };
  };

  environment.sessionVariables = {
    EDITOR = "nvim";
  };

  environment.systemPackages = with pkgs; [
    fclones
    curl
    fish
    figlet
    neovim # editor
    nix-alien
    veracrypt
    git
    vim # fallback ed
    wget

    ## MONITORING TOOLS ##
    btop # for CPU, RAM, and Disk monitoring
    iotop # for disk I/O monitoring
    iftop # for network I/O monitoring
  ];

  fileSystems."/etc/nixos" = {
    device = lib.mkDefault "/home/tristand/nix";
    fsType = "none";
    options = [ "bind" ];
  };

  programs = {
    rust-motd = {
      enable = true;
      enableMotdInSSHD = true;
      settings = {
        banner = {
          color = "green";
          command = ''
            ${pkgs.inetutils}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant
          '';
        };

        uptime = {
          prefix = "Up";
        };

        global = {
          progress_full_character = "=";
          progress_empty_character = "-";
          progress_prefix = "[";
          progress_suffix = "]";
        };

        filesystems = {
          root = "/";
          home = "/home";
        };

        memory.swap_pos = "beside";
        last_login = builtins.listToAttrs (map
          (user: {
            name = user;
            value = 2;
          })
          (builtins.attrNames config.home-manager.users));
      };
      order = [
        "global"
        "banner"
        "uptime"
        "memory"
        "filesystems"
        "last_login"
      ];
    };
    nix-ld.enable = true;
    nix-ld.package = pkgs.nix-ld-rs;
    command-not-found.enable = false;
    nix-index-database.comma.enable = true;

    fish.enable = true;
    gnupg.agent = {
      enable = true;
      # enableSSHSupport = true; # breaks gitea foo
      pinentryPackage = lib.mkForce pkgs.pinentry-qt;
    };
  };

  services = {
    fwupd.enable = true;

    # envfs.enable = true; # not needed due to flake
    timesyncd.enable = false;
    ntp.enable = false;
    ntpd-rs.enable = true;

    openssh = {
      enable = true;
      settings = {
        PasswordAuthentication = false;
        KbdInteractiveAuthentication = false;
        PubKeyAuthentication = true;
      };
      extraConfig = ''
        AllowTcpForwarding yes
        X11Forwarding no
        AllowAgentForwarding no
        AllowStreamLocalForwarding yes
        AuthenticationMethods publickey
      '';
    };

    gvfs.enable = true;
    avahi.enable = true;
    avahi.nssmdns4 = true;
  };

  networking.firewall = {
    extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
    allowedTCPPortRanges = [
      {
        from = 22;
        to = 22;
      } # ssh
    ];
  };
}
Another reformatting & refactor - fix all statix lints - format with nixpkgs-fmt instead of alejandro 2023-10-17 14:12:26 +02:00			`{ config`
WIP - Allow kde connect in firewall - Add neofetch theme - modularize amdgpu stuff - add rbw bw cli - switch to firefox beta - add krita & mpv - add monero to desktop - add corectrl - update flakes - add protonup-qt 2023-11-04 03:41:14 +01:00			`, lib`
Another reformatting & refactor - fix all statix lints - format with nixpkgs-fmt instead of alejandro 2023-10-17 14:12:26 +02:00			`, pkgs`
WIP - Allow kde connect in firewall - Add neofetch theme - modularize amdgpu stuff - add rbw bw cli - switch to firefox beta - add krita & mpv - add monero to desktop - add corectrl - update flakes - add protonup-qt 2023-11-04 03:41:14 +01:00			`, inputs`
			`, system`
Another reformatting & refactor - fix all statix lints - format with nixpkgs-fmt instead of alejandro 2023-10-17 14:12:26 +02:00			`, ...`
Refactor as prep for multiple hosts 2023-10-16 23:54:37 +02:00			`}: {`
WIP - Allow kde connect in firewall - Add neofetch theme - modularize amdgpu stuff - add rbw bw cli - switch to firefox beta - add krita & mpv - add monero to desktop - add corectrl - update flakes - add protonup-qt 2023-11-04 03:41:14 +01:00			`nixpkgs.hostPlatform = lib.mkDefault system;`
Split up Desktop confs 2023-12-10 05:19:43 +01:00
Refactor as prep for multiple hosts 2023-10-16 23:54:37 +02:00			`nix = {`
			`gc = {`
			`automatic = true;`
			`dates = "weekly";`
			`options = "--delete-older-than 2w";`
Update & tweak flakes 2024-03-06 10:30:13 +01:00			`randomizedDelaySec = "45min";`
Refactor as prep for multiple hosts 2023-10-16 23:54:37 +02:00			`};`
			`settings.auto-optimise-store = true;`
			`package = pkgs.nixFlakes;`
			`extraOptions = ''`
			`experimental-features = nix-command flakes`
			`'';`
			`};`

WIP - Allow kde connect in firewall - Add neofetch theme - modularize amdgpu stuff - add rbw bw cli - switch to firefox beta - add krita & mpv - add monero to desktop - add corectrl - update flakes - add protonup-qt 2023-11-04 03:41:14 +01:00			`home-manager.backupFileExtension = "bak";`

Refactor as prep for multiple hosts 2023-10-16 23:54:37 +02:00			`# locale`
			`time.timeZone = "Europe/Berlin";`

			`i18n = {`
			`defaultLocale = "en_US.UTF-8";`

			`extraLocaleSettings = {`
			`LANG = "en_US.UTF-8";`
			`LC_ADDRESS = "de_DE.UTF-8";`
			`LC_COLLATE = "de_DE.UTF-8";`
			`LC_CTYPE = "en_US.UTF-8";`
			`LC_IDENTIFICATION = "de_DE.UTF-8";`
			`LC_MEASUREMENT = "de_DE.UTF-8";`
			`LC_MESSAGES = "en_US.UTF-8";`
			`LC_MONETARY = "de_DE.UTF-8";`
			`LC_NAME = "de_DE.UTF-8";`
			`LC_NUMERIC = "de_DE.UTF-8";`
			`LC_PAPER = "de_DE.UTF-8";`
			`LC_TELEPHONE = "de_DE.UTF-8";`
			`LC_TIME = "de_DE.UTF-8";`
			`};`
			`};`
			`####################`

Fix statix suggestions 2024-01-22 21:09:28 +01:00			`security = {`
			`pki.certificates = [`
			`(lib.readFile ../../ext/internal-ca.crt)`
			`];`
			`rtkit.enable = true;`
WIP #3 2023-11-07 23:49:32 +01:00
Switch to sudo-rs 2024-01-29 19:58:08 +01:00			`sudo.enable = false;`
			`sudo-rs = {`
			`enable = true;`
Fix statix suggestions 2024-01-22 21:09:28 +01:00			`wheelNeedsPassword = false;`
			`execWheelOnly = true;`
			`};`
WIP #3 2023-11-07 23:49:32 +01:00			`};`
Refactor as prep for multiple hosts 2023-10-16 23:54:37 +02:00
			`environment.sessionVariables = {`
			`EDITOR = "nvim";`
			`};`

			`environment.systemPackages = with pkgs; [`
Fix gitea ssh 2024-04-29 12:01:32 +02:00			`fclones`
Split up Desktop confs 2023-12-10 05:19:43 +01:00			`curl`
			`fish`
			`figlet`
Refactor as prep for multiple hosts 2023-10-16 23:54:37 +02:00			`neovim # editor`
Various tweaks - add nix-alien - switch to nix-ld-rs from nix-ld - fix envfs by upgrading to flake version from nixpkgs - add rustdesk to nix-pulse - fix rust-motd config for other systems 2024-01-18 18:08:19 +01:00			`nix-alien`
Refactor as prep for multiple hosts 2023-10-16 23:54:37 +02:00			`veracrypt`
WIP 2023-12-07 18:02:10 +01:00			`git`
Split up Desktop confs 2023-12-10 05:19:43 +01:00			`vim # fallback ed`
			`wget`
Update flakes with electron workaround 2024-04-11 17:48:21 +02:00
			`## MONITORING TOOLS ##`
			`btop # for CPU, RAM, and Disk monitoring`
			`iotop # for disk I/O monitoring`
			`iftop # for network I/O monitoring`
Refactor as prep for multiple hosts 2023-10-16 23:54:37 +02:00			`];`

Add various small tweaks - utilized specialArgs - mount /home/tristand/nix at /etc/nixos - added work /etc/hosts - use ids instead of paths for disk mounting - and more 2023-11-04 00:02:01 +01:00			`fileSystems."/etc/nixos" = {`
Add nixos-docker system 2023-12-07 12:02:50 +01:00			`device = lib.mkDefault "/home/tristand/nix";`
Add various small tweaks - utilized specialArgs - mount /home/tristand/nix at /etc/nixos - added work /etc/hosts - use ids instead of paths for disk mounting - and more 2023-11-04 00:02:01 +01:00			`fsType = "none";`
			`options = [ "bind" ];`
			`};`

Another reformatting & refactor - fix all statix lints - format with nixpkgs-fmt instead of alejandro 2023-10-17 14:12:26 +02:00			`programs = {`
Split up Desktop confs 2023-12-10 05:19:43 +01:00			`rust-motd = {`
			`enable = true;`
			`enableMotdInSSHD = true;`
			`settings = {`
			`banner = {`
			`color = "green";`
			`command = ''`
			`${pkgs.inetutils}/bin/hostname \| ${pkgs.figlet}/bin/figlet -f slant`
			`'';`
			`};`

			`uptime = {`
			`prefix = "Up";`
			`};`

			`global = {`
			`progress_full_character = "=";`
			`progress_empty_character = "-";`
			`progress_prefix = "[";`
			`progress_suffix = "]";`
			`};`

			`filesystems = {`
Various tweaks - add nix-alien - switch to nix-ld-rs from nix-ld - fix envfs by upgrading to flake version from nixpkgs - add rustdesk to nix-pulse - fix rust-motd config for other systems 2024-01-18 18:08:19 +01:00			`root = "/";`
			`home = "/home";`
Split up Desktop confs 2023-12-10 05:19:43 +01:00			`};`

			`memory.swap_pos = "beside";`
			`last_login = builtins.listToAttrs (map`
			`(user: {`
			`name = user;`
			`value = 2;`
			`})`
			`(builtins.attrNames config.home-manager.users));`
			`};`
			`order = [`
			`"global"`
			`"banner"`
			`"uptime"`
			`"memory"`
			`"filesystems"`
			`"last_login"`
			`];`
			`};`
WIP: Replace nix-ld with nixpkgs version & downgrade bitwarden 2023-12-15 02:21:35 +01:00			`nix-ld.enable = true;`
Various tweaks - add nix-alien - switch to nix-ld-rs from nix-ld - fix envfs by upgrading to flake version from nixpkgs - add rustdesk to nix-pulse - fix rust-motd config for other systems 2024-01-18 18:08:19 +01:00			`nix-ld.package = pkgs.nix-ld-rs;`
Another reformatting & refactor - fix all statix lints - format with nixpkgs-fmt instead of alejandro 2023-10-17 14:12:26 +02:00			`command-not-found.enable = false;`
			`nix-index-database.comma.enable = true;`
Refactor as prep for multiple hosts 2023-10-16 23:54:37 +02:00
Another reformatting & refactor - fix all statix lints - format with nixpkgs-fmt instead of alejandro 2023-10-17 14:12:26 +02:00			`fish.enable = true;`
			`gnupg.agent = {`
			`enable = true;`
Fix gitea ssh 2024-04-29 12:01:32 +02:00			`# enableSSHSupport = true; # breaks gitea foo`
Add foss games & fix pinentry 2024-03-21 17:12:22 +01:00			`pinentryPackage = lib.mkForce pkgs.pinentry-qt;`
Another reformatting & refactor - fix all statix lints - format with nixpkgs-fmt instead of alejandro 2023-10-17 14:12:26 +02:00			`};`
Refactor as prep for multiple hosts 2023-10-16 23:54:37 +02:00			`};`

Another reformatting & refactor - fix all statix lints - format with nixpkgs-fmt instead of alejandro 2023-10-17 14:12:26 +02:00			`services = {`
			`fwupd.enable = true;`

Update flakes 2024-03-22 16:15:44 +01:00			`# envfs.enable = true; # not needed due to flake`
WIP Some tweaks 2024-05-12 19:57:23 +02:00			`timesyncd.enable = false;`
			`ntp.enable = false;`
Add ntpd-rs 2024-03-11 03:46:50 +01:00			`ntpd-rs.enable = true;`
Refactor as prep for multiple hosts 2023-10-16 23:54:37 +02:00
Disable ssh password auth 2023-11-04 01:17:25 +01:00			`openssh = {`
			`enable = true;`
WIP: Rename nixos-docker to nixos-karl-kvm-guest 2023-12-08 01:57:30 +01:00			`settings = {`
			`PasswordAuthentication = false;`
			`KbdInteractiveAuthentication = false;`
			`PubKeyAuthentication = true;`
			`};`
Split up Desktop confs 2023-12-10 05:19:43 +01:00			`extraConfig = ''`
			`AllowTcpForwarding yes`
			`X11Forwarding no`
			`AllowAgentForwarding no`
Add waypipe & fix ssh conf for it 2024-05-03 18:56:35 +02:00			`AllowStreamLocalForwarding yes`
Split up Desktop confs 2023-12-10 05:19:43 +01:00			`AuthenticationMethods publickey`
			`'';`
Disable ssh password auth 2023-11-04 01:17:25 +01:00			`};`
Another reformatting & refactor - fix all statix lints - format with nixpkgs-fmt instead of alejandro 2023-10-17 14:12:26 +02:00
			`gvfs.enable = true;`
			`avahi.enable = true;`
WIP Switch to unstable 2024-02-02 16:13:55 +01:00			`avahi.nssmdns4 = true;`
Another reformatting & refactor - fix all statix lints - format with nixpkgs-fmt instead of alejandro 2023-10-17 14:12:26 +02:00			`};`
Refactor as prep for multiple hosts 2023-10-16 23:54:37 +02:00
WIP - Allow kde connect in firewall - Add neofetch theme - modularize amdgpu stuff - add rbw bw cli - switch to firefox beta - add krita & mpv - add monero to desktop - add corectrl - update flakes - add protonup-qt 2023-11-04 03:41:14 +01:00			`networking.firewall = {`
			`extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';`
			`allowedTCPPortRanges = [`
			`{`
			`from = 22;`
			`to = 22;`
			`} # ssh`
			`];`
			`};`
Refactor as prep for multiple hosts 2023-10-16 23:54:37 +02:00			`}`