{ config , lib , pkgs , inputs , system , self , ... }: let commitid = if (self ? shortRev) then self.shortRev else "dirty"; in { system.switch = { enable = false; enableNg = true; }; system.image = { id = "tristnix"; version = commitid; }; # system.nixos.tags = [ "tristnix_${commitid}" ]; nixpkgs.buildPlatform = { inherit system; }; nixpkgs.hostPlatform = { inherit system; }; # nixpkgs.hostPlatform = { # inherit system; # gcc = { # arch = lib.mkDefault builtins.throw "no arch set"; # tune = config.nixpkgs.hostPlatform.gcc.arch; # }; # }; boot.tmp.useTmpfs = true; systemd.services.nix-daemon = { environment.TMPDIR = "/var/tmp"; }; nix = { settings = { auto-optimise-store = true; allow-import-from-derivation = true; }; package = pkgs.nixVersions.stable; extraOptions = '' experimental-features = nix-command flakes ''; }; home-manager.backupFileExtension = "bak"; # locale time.timeZone = "Europe/Berlin"; i18n = { defaultLocale = "en_US.UTF-8"; extraLocaleSettings = { LANG = "en_US.UTF-8"; LC_ADDRESS = "de_DE.UTF-8"; LC_COLLATE = "de_DE.UTF-8"; LC_CTYPE = "en_US.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; LC_MEASUREMENT = "de_DE.UTF-8"; LC_MESSAGES = "en_US.UTF-8"; LC_MONETARY = "de_DE.UTF-8"; LC_NAME = "de_DE.UTF-8"; LC_NUMERIC = "de_DE.UTF-8"; LC_PAPER = "de_DE.UTF-8"; LC_TELEPHONE = "de_DE.UTF-8"; LC_TIME = "de_DE.UTF-8"; }; }; #################### security = { pki.certificates = [ (lib.readFile ../../ext/internal-ca.crt) ]; rtkit.enable = true; sudo.enable = false; sudo-rs = { enable = true; wheelNeedsPassword = lib.mkDefault false; execWheelOnly = true; }; }; environment.sessionVariables = { EDITOR = "nvim"; }; environment.systemPackages = with pkgs; [ fclones curl fish figlet neovim # editor nix-alien git vim # fallback ed wget ## MONITORING TOOLS ## btop # for CPU, RAM, and Disk monitoring iotop # for disk I/O monitoring iftop # for network I/O monitoring ]; fileSystems."/etc/nixos" = { device = lib.mkDefault "/home/tristand/nix"; fsType = "none"; options = [ "bind" ]; }; programs = { nh = { enable = true; clean.enable = true; clean.extraArgs = "--keep-since 30d --keep 16"; flake = "/home/tristand/nix"; }; rust-motd = { # enable = true; # broken atm enableMotdInSSHD = true; settings = { banner = { color = "green"; command = '' ${pkgs.inetutils}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant ''; }; uptime = { prefix = "Up"; }; global = { progress_full_character = "="; progress_empty_character = "-"; progress_prefix = "["; progress_suffix = "]"; }; filesystems = { root = "/"; home = "/home"; }; memory.swap_pos = "beside"; last_login = builtins.listToAttrs (map (user: { name = user; value = 2; }) (builtins.attrNames config.home-manager.users)); }; order = [ "global" "banner" "uptime" "memory" "filesystems" "last_login" ]; }; nix-ld.enable = true; # nix-ld.package = pkgs.nix-ld-rs; # Lazy Tempfix nix-ld.package = pkgs.nix-ld; command-not-found.enable = false; nix-index-database.comma.enable = true; fish.enable = true; gnupg.agent = { enable = true; # enableSSHSupport = true; # breaks gitea foo pinentryPackage = lib.mkForce pkgs.pinentry-qt; }; }; services = { fwupd.enable = true; fwupd.extraRemotes = [ "lvfs-testing" ]; # envfs.enable = true; # not needed due to flake timesyncd.enable = false; ntp.enable = false; ntpd-rs.enable = true; openssh = { enable = true; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; PubKeyAuthentication = true; X11Forwarding = false; # KexAlgorithms = [ # "sntrup761x25519-sha512@openssh.com" # ]; # TODO Check what juicessh needs }; # X11UseLocalhost no extraConfig = '' AllowTcpForwarding yes AllowAgentForwarding no AllowStreamLocalForwarding yes AuthenticationMethods publickey ''; }; gvfs.enable = true; avahi.enable = true; avahi.nssmdns4 = true; }; networking.firewall = { extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; allowedTCPPorts = [ 22 # 54817 ]; }; # TODO Extract into stylix module services.kmscon.enable = true; services.kmscon.hwRender = config.hardware.amdgpu.initrd.enable; fonts.packages = with pkgs.nerd-fonts; [ iosevka iosevka-term fira-code droid-sans-mono symbols-only ]; stylix = let # TODO extract this config somewhere and allow easily generating wallpaper with nixpkgs stable and place it in the local repo # wallpaper = pkgs.nix-wallpaper.override { # logoSize = 24; # preset = "gruvbox-dark-rainbow"; # width = 6960; # height = 4320; # }; # wallpaperPath = "${wallpaper}/share/wallpapers/nixos-wallpaper.png"; # fontpkg = pkgs.nerd-fonts.override { fonts = [ "Iosevka" "IosevkaTerm" "Recursive" "FiraCode" "DroidSansMono" "NerdFontsSymbolsOnly" ]; }; in { enable = true; image = ../../ext/background.png; polarity = "dark"; base16Scheme = lib.mkForce "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml"; autoEnable = false; cursor = { package = pkgs.kdePackages.breeze; name = "breeze_cursors"; size = 24; }; opacity.terminal = 0.88; fonts = { serif = config.stylix.fonts.sansSerif; sansSerif = { package = pkgs.nerd-fonts.iosevka; name = "Iosevka Nerd Font Propo"; }; monospace = { package = pkgs.nerd-fonts.iosevka; name = "Iosevka Nerd Font Mono"; }; emoji = { package = pkgs.noto-fonts-emoji; name = "Noto Color Emoji"; }; }; targets = { console.enable = true; fish.enable = true; gtk.enable = true; kmscon.enable = true; nixos-icons.enable = true; }; }; }