Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
5a20d97084a03e3777b712863c5cf6a157caa3e0
nixos/hosts/gpd-win4/configuration.nix
Dominik Polakovics 386b70314d many changes
2025-02-23 16:00:33 +01:00

183 lines
4.8 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{ config, lib, pkgs, ... }:
let
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
config = { allowUnfree = true; };
};
impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz";
in {
imports = [
"${impermanence}/nixos.nix"
./hardware-configuration.nix
# (Optional) comment out if you dont want Sway as default:
# ./modules/sway/sway.nix
./modules/nvim/default.nix
./utils/bento.nix
./utils/modules/sops.nix
./utils/modules/nur.nix
./utils/modules/autoupgrade.nix
./users
./modules/steam-deck-mode.nix
];
nixpkgs.overlays = [
(import ./utils/overlays/packages.nix)
];
services.gvfs.enable = true;
fonts.packages = with pkgs; [
git
git-lfs
open-sans
nix-prefetch
jq
oh-my-zsh
zsh-autosuggestions
zsh-completions
zsh-syntax-highlighting
zsh-history-substring-search
creality-print
];
programs.zsh = {
enable = true;
ohMyZsh = {
enable = true; # Enable Oh My Zsh
theme = "steeef"; # Set theme
plugins = [ "git" ]; # Add plugins
};
};
users.defaultUserShell = pkgs.zsh;
services.fwupd.enable = true;
environment.persistence."/nix/persist" = {
hideMounts = true;
directories = [
"/home"
];
};
environment.persistence."/nix/persist/system" = {
hideMounts = true;
directories = [
"/etc/nixos"
"/root/.ssh"
"/var/bento"
"/var/log"
"/var/lib/bluetooth"
"/var/lib/docker"
"/var/lib/nixos"
"/etc/NetworkManager/system-connections"
];
files = [
"/etc/machine-id"
{ file = "/etc/ssh/ssh_host_ed25519_key"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
{ file = "/etc/ssh/ssh_host_ed25519_key.pub"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
];
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.defaultSopsFile = ./secrets.yaml;
networking.hostName = "gpd-win4";
time.timeZone = "Europe/Vienna";
nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowBroken = true;
console.keyMap = "de";
services.openssh.enable = true;
security.polkit.enable = true;
networking.networkmanager.enable = true;
users.users.dominik = {
isNormalUser = true;
hashedPassword = "$y$j9T$btz9xel62NjCyLdQRm5ck1$iCm6R7u4wiMeSVfrB6Y.3UwoQJ/rfkXiYSrXI2RTYm/";
extraGroups = [ "wheel" "disk" "video" "audio" "mysql" "docker" "vboxusers" "networkmanager" "onepassword" "onepassword-cli" "dialout" ]; # Enable sudo for the user.
};
powerManagement.cpuFreqGovernor = "powersave";
virtualisation.docker.enable = true;
sops.secrets.epicenter_vpn_ca = {};
sops.secrets.epicenter_vpn_cert = {};
sops.secrets.epicenter_vpn_key = {};
sops.secrets.wg-cloonar-key = {};
environment.systemPackages = with pkgs; [
bento
docker-compose
drone-cli
git-filter-repo
nix-prefetch-git
vim
wget
wireguard-tools
# Fingerprint packages for normal system (enrollment, management)
fprintd
libfprint-2-tod1-goodix
];
environment.variables = {
TERMINAL_COMMAND = "alacritty";
};
services.blueman.enable = true;
networking.wireguard.interfaces = {
wg0 = {
ips = [ "10.42.98.203/32" ];
privateKeyFile = config.sops.secrets.wg-cloonar-key.path;
peers = [
{
publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=";
allowedIPs = [
"10.42.96.0/20"
"10.254.240.0/24"
"10.254.235.0/24"
"10.14.0.0/16"
"10.25.0.0/16"
];
endpoint = "vpn.cloonar.com:51820";
persistentKeepalive = 25;
}
];
postSetup = ''
printf "nameserver 10.42.97.1\nsearch cloonar.com" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0 -x
'';
};
};
nix = {
settings.auto-optimise-store = true;
settings.experimental-features = [ "nix-command" "flakes" ];
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
extraOptions = ''
min-free = 104857600
max-free = 1073741824
'';
};
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
services.displayManager.defaultSession = "gnome";
# Enable fprintd for fingerprint authentication in the OS
services.fprintd.enable = true;
# In some NixOS releases, GDM forcibly sets fprintAuth = false.
# We'll override them with mkForce. Also note that the display managers
# PAM config might be "gdm-password" rather than just "gdm".
security.pam.services."login".fprintAuth = lib.mkForce true;
security.pam.services."gdm-password".fprintAuth = lib.mkForce true;
system.stateVersion = "24.11";
}
Reference in New Issue View Git Blame Copy Permalink