tristan/nix
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity
nix/os-mods/common/default.nix

290 lines
6.6 KiB
Nix
Raw Blame History

{ config
, lib
, pkgs
, inputs
, system
, self
, ...
}:
let
commitid =
if (self ? shortRev)
then self.shortRev
else "dirty";
in
{
system.switch = {
enable = false;
enableNg = true;
};
system.image = {
id = "tristnix";
version = commitid;
};
# system.nixos.tags = [ "tristnix_${commitid}" ];
nixpkgs.buildPlatform = {
inherit system;
};
nixpkgs.hostPlatform = {
inherit system;
};
# nixpkgs.hostPlatform = {
# inherit system;
# gcc = {
# arch = lib.mkDefault builtins.throw "no arch set";
# tune = config.nixpkgs.hostPlatform.gcc.arch;
# };
# };
boot.tmp.useTmpfs = true;
systemd.services.nix-daemon = {
environment.TMPDIR = "/var/tmp";
};
nix = {
settings = {
auto-optimise-store = true;
allow-import-from-derivation = true;
};
package = pkgs.nixVersions.stable;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
home-manager.backupFileExtension = "bak";
# locale
time.timeZone = "Europe/Berlin";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LANG = "en_US.UTF-8";
LC_ADDRESS = "de_DE.UTF-8";
LC_COLLATE = "de_DE.UTF-8";
LC_CTYPE = "en_US.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MESSAGES = "en_US.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
};
####################
security = {
pki.certificates = [
(lib.readFile ../../ext/internal-ca.crt)
];
rtkit.enable = true;
sudo.enable = false;
sudo-rs = {
enable = true;
wheelNeedsPassword = lib.mkDefault false;
execWheelOnly = true;
};
};
environment.sessionVariables = {
EDITOR = "nvim";
};
environment.systemPackages = with pkgs; [
fclones
curl
fish
figlet
neovim # editor
nix-alien
git
vim # fallback ed
wget
## MONITORING TOOLS ##
btop # for CPU, RAM, and Disk monitoring
iotop # for disk I/O monitoring
iftop # for network I/O monitoring
];
fileSystems."/etc/nixos" = {
device = lib.mkDefault "/home/tristand/nix";
fsType = "none";
options = [ "bind" ];
};
programs = {
nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 30d --keep 16";
flake = "/home/tristand/nix";
};
rust-motd = {
# enable = true; # broken atm
enableMotdInSSHD = true;
settings = {
banner = {
color = "green";
command = ''
${pkgs.inetutils}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant
'';
};
uptime = {
prefix = "Up";
};
global = {
progress_full_character = "=";
progress_empty_character = "-";
progress_prefix = "[";
progress_suffix = "]";
};
filesystems = {
root = "/";
home = "/home";
};
memory.swap_pos = "beside";
last_login = builtins.listToAttrs (map
(user: {
name = user;
value = 2;
})
(builtins.attrNames config.home-manager.users));
};
order = [
"global"
"banner"
"uptime"
"memory"
"filesystems"
"last_login"
];
};
nix-ld.enable = true;
# nix-ld.package = pkgs.nix-ld-rs; # Lazy Tempfix
nix-ld.package = pkgs.nix-ld;
command-not-found.enable = false;
nix-index-database.comma.enable = true;
fish.enable = true;
gnupg.agent = {
enable = true;
# enableSSHSupport = true; # breaks gitea foo
pinentryPackage = lib.mkForce pkgs.pinentry-qt;
};
};
services = {
fwupd.enable = true;
fwupd.extraRemotes = [
"lvfs-testing"
];
# envfs.enable = true; # not needed due to flake
timesyncd.enable = false;
ntp.enable = false;
ntpd-rs.enable = true;
openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PubKeyAuthentication = true;
X11Forwarding = false;
# KexAlgorithms = [
# "sntrup761x25519-sha512@openssh.com"
# ]; # TODO Check what juicessh needs
};
# X11UseLocalhost no
extraConfig = ''
AllowTcpForwarding yes
AllowAgentForwarding no
AllowStreamLocalForwarding yes
AuthenticationMethods publickey
'';
};
gvfs.enable = true;
avahi.enable = true;
avahi.nssmdns4 = true;
};
networking.firewall = {
extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
allowedTCPPorts = [
22
# 54817
];
};
# TODO Extract into stylix module
services.kmscon.enable = true;
services.kmscon.hwRender = config.hardware.amdgpu.initrd.enable;
fonts.packages = with pkgs.nerd-fonts; [
iosevka
iosevka-term
fira-code
droid-sans-mono
symbols-only
];
stylix =
let
# TODO extract this config somewhere and allow easily generating wallpaper with nixpkgs stable and place it in the local repo
# wallpaper = pkgs.nix-wallpaper.override {
# logoSize = 24;
# preset = "gruvbox-dark-rainbow";
# width = 6960;
# height = 4320;
# };
# wallpaperPath = "${wallpaper}/share/wallpapers/nixos-wallpaper.png";
# fontpkg = pkgs.nerd-fonts.override { fonts = [ "Iosevka" "IosevkaTerm" "Recursive" "FiraCode" "DroidSansMono" "NerdFontsSymbolsOnly" ]; };
in
{
enable = true;
image = ../../ext/background.png;
polarity = "dark";
base16Scheme = lib.mkForce "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml";
autoEnable = false;
cursor = {
package = pkgs.kdePackages.breeze;
name = "breeze_cursors";
size = 24;
};
opacity.terminal = 0.88;
fonts = {
serif = config.stylix.fonts.sansSerif;
sansSerif = {
package = pkgs.nerd-fonts.iosevka;
name = "Iosevka Nerd Font Propo";
};
monospace = {
package = pkgs.nerd-fonts.iosevka;
name = "Iosevka Nerd Font Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
targets = {
console.enable = true;
fish.enable = true;
gtk.enable = true;
kmscon.enable = true;
nixos-icons.enable = true;
};
};
}
Reference in a new issue View git blame Copy permalink