2021-08-31 16:01:29 +00:00
|
|
|
{
|
2021-09-01 14:37:36 +00:00
|
|
|
lib, pkgs
|
|
|
|
}:
|
|
|
|
|
|
|
|
config: {
|
2021-08-31 16:01:29 +00:00
|
|
|
userName
|
|
|
|
, hostName
|
|
|
|
, wireless ? false
|
2021-09-04 18:39:04 +00:00
|
|
|
, wifiInterface ? ""
|
2021-08-31 16:01:29 +00:00
|
|
|
, overlays ? []
|
|
|
|
, hardwareImports ? [ "generic" ]
|
|
|
|
, programImports ? []
|
|
|
|
, extraImports ? []
|
2021-08-31 16:25:24 +00:00
|
|
|
, isVM ? false
|
2021-08-31 16:01:29 +00:00
|
|
|
, fileSystems
|
|
|
|
, swapDevices ? []
|
|
|
|
, extraPackages ? pkgs: []
|
|
|
|
, extraOptions ? old: {}
|
|
|
|
}:
|
|
|
|
|
|
|
|
let
|
|
|
|
overlaysSet = import ../overlays { pkgs = pkgs; lib = lib; };
|
2021-08-31 16:25:24 +00:00
|
|
|
network = import ./network.nix;
|
2021-08-31 16:01:29 +00:00
|
|
|
home-manager = builtins.fetchGit {
|
|
|
|
url = "https://github.com/nix-community/home-manager.git";
|
|
|
|
rev = "35a24648d155843a4d162de98c17b1afd5db51e4";
|
|
|
|
ref = "release-21.05";
|
|
|
|
};
|
|
|
|
baseConfig = {
|
|
|
|
# Install home-manager
|
|
|
|
imports = [
|
|
|
|
"${home-manager}/nixos"
|
|
|
|
./users # For system.singleUser
|
|
|
|
(./users + "/${userName}.nix")
|
|
|
|
] ++ (map (item: ./programs + "/${item}") programImports)
|
|
|
|
++ (map (item: ./hardware + "/${item}.nix") hardwareImports)
|
2021-09-04 18:39:04 +00:00
|
|
|
++ lib.optional wireless ./hardware/wifi.nix
|
2021-08-31 16:01:29 +00:00
|
|
|
++ (map (item: ./. + "/${item}") extraImports);
|
|
|
|
home-manager.useGlobalPkgs = true;
|
|
|
|
|
|
|
|
nixpkgs.overlays = (map (item: lib.getAttr item overlaysSet) overlays);
|
|
|
|
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
networking = {
|
|
|
|
useDHCP = false; # Done by the network manager
|
|
|
|
networkmanager.enable = false;
|
|
|
|
|
|
|
|
#interfaces.*.useDHCP = false;
|
|
|
|
|
|
|
|
hostName = hostName;
|
|
|
|
wireless.enable = (if wireless then true else lib.mkForce false);
|
2021-08-31 16:25:24 +00:00
|
|
|
|
|
|
|
hosts = lib.mkIf (!isVM) {
|
|
|
|
"${network.miku}" = [ "miku.local" ];
|
|
|
|
"${network.nishimiya}" = [ "nishimiya.local" ];
|
|
|
|
"${network.ayame}" = [ "ayame.local" ];
|
|
|
|
"${network.tamaki}" = [ "tamaki.local" ];
|
2021-09-11 18:06:19 +00:00
|
|
|
"${network.mashu}" = [ "mashu.local" ];
|
|
|
|
};
|
|
|
|
|
|
|
|
firewall = {
|
|
|
|
enable = true;
|
|
|
|
extraCommands = lib.concatStringsSep "\n"
|
|
|
|
(map (item: "iptables -A INPUT --source ${item} -j ACCEPT")
|
|
|
|
(with network; [
|
|
|
|
miku nishimiya tamaki ayame mashu
|
|
|
|
]));
|
2021-08-31 16:25:24 +00:00
|
|
|
};
|
2021-08-31 16:01:29 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
i18n.defaultLocale = "en_GB.UTF-8";
|
|
|
|
console = {
|
|
|
|
font = "Lat2-Terminus16";
|
|
|
|
keyMap = "de";
|
|
|
|
};
|
|
|
|
|
|
|
|
users = {
|
|
|
|
mutableUsers = false;
|
|
|
|
|
|
|
|
extraUsers = {
|
|
|
|
root = {
|
|
|
|
# Disable root login
|
|
|
|
hashedPassword = "*";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
environment = {
|
|
|
|
systemPackages = with pkgs; [
|
|
|
|
htop
|
|
|
|
vim
|
|
|
|
git # Otherwise we cannot install home-manager
|
|
|
|
git-crypt
|
|
|
|
gnupg
|
|
|
|
python3
|
2021-08-31 16:25:24 +00:00
|
|
|
|
2021-08-31 16:01:29 +00:00
|
|
|
# RT scheduling
|
|
|
|
rtkit
|
2021-08-31 16:25:24 +00:00
|
|
|
] ++ extraPackages pkgs
|
|
|
|
++ lib.optionals (!isVM) (with pkgs; [ gopass ]);
|
2021-08-31 16:01:29 +00:00
|
|
|
|
|
|
|
sessionVariables = {
|
|
|
|
# Prevent us from having to always type it out
|
|
|
|
NIXOS_CONFIG = "/home/${config.system.singleUser}/Development/Personal/nixos-config/hosts/${config.networking.hostName}.nix";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2021-09-07 09:57:04 +00:00
|
|
|
fonts.fonts = with pkgs; [
|
|
|
|
# CJK fonts
|
|
|
|
source-han-sans source-han-serif
|
|
|
|
];
|
|
|
|
|
2021-08-31 16:01:29 +00:00
|
|
|
# We don't tolerate non-free software, except for Steam and Linux firmware
|
|
|
|
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
2021-08-31 16:15:06 +00:00
|
|
|
"firmwareLinuxNonfree" "microcodeAmd" "microcodeIntel"
|
2021-08-31 16:01:29 +00:00
|
|
|
"steam" "steam-original" "steam-runtime"
|
|
|
|
"discord"
|
|
|
|
];
|
|
|
|
|
|
|
|
services = {
|
|
|
|
connman = {
|
|
|
|
enable = true;
|
|
|
|
extraFlags = [ "--nodnsproxy" ];
|
|
|
|
|
|
|
|
wifi = lib.mkIf wireless {
|
|
|
|
# TODO: Maybe try out iwd
|
|
|
|
backend = "wpa_supplicant";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
# TODO: Is this correct? Maybe run once
|
|
|
|
timesyncd.enable = false;
|
|
|
|
|
|
|
|
# Everyone needs sound
|
|
|
|
pipewire = {
|
|
|
|
enable = true;
|
|
|
|
pulse.enable = true;
|
|
|
|
alsa.enable = true;
|
|
|
|
alsa.support32Bit = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
# On desktop: Monitor keyboards, mice, ...
|
|
|
|
# On portable devices: Monitor their battery
|
|
|
|
upower.enable = true;
|
|
|
|
|
|
|
|
# What generated entropy?
|
|
|
|
haveged.enable = true;
|
|
|
|
|
|
|
|
printing.enable = lib.mkDefault false;
|
|
|
|
avahi.enable = false;
|
|
|
|
|
|
|
|
# For debugging.
|
|
|
|
# TODO: Lock to known IPs and keys
|
|
|
|
sshd.enable = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
# Don't wait for a network connection
|
|
|
|
systemd.services.NetworkManager-wait-online.enable = false;
|
|
|
|
|
|
|
|
security.sudo.extraConfig = ''
|
|
|
|
Defaults env_keep += "NIXOS_CONFIG"
|
|
|
|
'';
|
|
|
|
|
|
|
|
hardware = {
|
|
|
|
enableRedistributableFirmware = true;
|
|
|
|
# This is a Pipewire household!
|
|
|
|
pulseaudio.enable = false;
|
|
|
|
|
|
|
|
opengl = {
|
|
|
|
enable = true;
|
|
|
|
driSupport32Bit = true;
|
|
|
|
driSupport = true;
|
|
|
|
extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ];
|
|
|
|
};
|
|
|
|
|
|
|
|
# Only a subset of my devices have bluetooth
|
|
|
|
bluetooth = lib.mkIf wireless {
|
|
|
|
enable = true;
|
|
|
|
};
|
2021-09-06 13:45:23 +00:00
|
|
|
} // (if wireless then {
|
|
|
|
wifiInterface = wifiInterface;
|
|
|
|
} else {});
|
2021-08-31 16:01:29 +00:00
|
|
|
|
|
|
|
boot = {
|
|
|
|
loader = {
|
|
|
|
systemd-boot.enable = true;
|
|
|
|
efi.canTouchEfiVariables = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
fileSystems = fileSystems;
|
|
|
|
swapDevices = swapDevices;
|
|
|
|
|
|
|
|
system.stateVersion = "21.05";
|
|
|
|
};
|
|
|
|
in lib.attrsets.recursiveUpdate baseConfig (extraOptions baseConfig)
|