{ lib, pkgs }: config: { userName , hostName , wireless ? false , wifiInterface ? "" , overlays ? [] , hardwareImports ? [ "generic" ] , programImports ? [] , extraImports ? [] , isVM ? false , fileSystems , swapDevices ? [] , extraPackages ? pkgs: [] , extraOptions ? old: {} }: let overlaysSet = import ../overlays { pkgs = pkgs; lib = lib; }; network = import ./network.nix; home-manager = builtins.fetchGit { url = "https://github.com/nix-community/home-manager.git"; rev = "35a24648d155843a4d162de98c17b1afd5db51e4"; ref = "release-21.05"; }; baseConfig = { # Install home-manager imports = [ "${home-manager}/nixos" ./users # For system.singleUser (./users + "/${userName}.nix") ] ++ (map (item: ./programs + "/${item}") programImports) ++ (map (item: ./hardware + "/${item}.nix") hardwareImports) ++ lib.optional wireless ./hardware/wifi.nix ++ (map (item: ./. + "/${item}") extraImports); home-manager.useGlobalPkgs = true; nixpkgs.overlays = (map (item: lib.getAttr item overlaysSet) overlays); time.timeZone = "Europe/Berlin"; networking = { useDHCP = false; # Done by the network manager networkmanager.enable = false; #interfaces.*.useDHCP = false; hostName = hostName; wireless.enable = (if wireless then true else lib.mkForce false); hosts = lib.mkIf (!isVM) { "${network.miku}" = [ "miku.local" ]; "${network.nishimiya}" = [ "nishimiya.local" ]; "${network.ayame}" = [ "ayame.local" ]; "${network.tamaki}" = [ "tamaki.local" ]; "${network.mashu}" = [ "mashu.local" ]; }; firewall = { enable = true; extraCommands = lib.concatStringsSep "\n" (map (item: "iptables -A INPUT --source ${item} -j ACCEPT") (with network; [ miku nishimiya tamaki ayame mashu ])); }; }; i18n.defaultLocale = "en_GB.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "de"; }; users = { mutableUsers = false; extraUsers = { root = { # Disable root login hashedPassword = "*"; }; }; }; environment = { systemPackages = with pkgs; [ htop vim git # Otherwise we cannot install home-manager git-crypt gnupg python3 # RT scheduling rtkit ] ++ extraPackages pkgs ++ lib.optionals (!isVM) (with pkgs; [ gopass ]); sessionVariables = { # Prevent us from having to always type it out NIXOS_CONFIG = "/home/${config.system.singleUser}/Development/Personal/nixos-config/hosts/${config.networking.hostName}.nix"; }; }; fonts.fonts = with pkgs; [ # CJK fonts source-han-sans source-han-serif ]; # We don't tolerate non-free software, except for Steam and Linux firmware nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "firmwareLinuxNonfree" "microcodeAmd" "microcodeIntel" "steam" "steam-original" "steam-runtime" "discord" ]; services = { connman = { enable = true; extraFlags = [ "--nodnsproxy" ]; wifi = lib.mkIf wireless { # TODO: Maybe try out iwd backend = "wpa_supplicant"; }; }; # TODO: Is this correct? Maybe run once timesyncd.enable = false; # Everyone needs sound pipewire = { enable = true; pulse.enable = true; alsa.enable = true; alsa.support32Bit = true; }; # On desktop: Monitor keyboards, mice, ... # On portable devices: Monitor their battery upower.enable = true; # What generated entropy? haveged.enable = true; printing.enable = lib.mkDefault false; avahi.enable = false; # For debugging. # TODO: Lock to known IPs and keys sshd.enable = true; }; # Don't wait for a network connection systemd.services.NetworkManager-wait-online.enable = false; security.sudo.extraConfig = '' Defaults env_keep += "NIXOS_CONFIG" ''; hardware = { enableRedistributableFirmware = true; # This is a Pipewire household! pulseaudio.enable = false; opengl = { enable = true; driSupport32Bit = true; driSupport = true; extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; }; # Only a subset of my devices have bluetooth bluetooth = lib.mkIf wireless { enable = true; }; } // (if wireless then { wifiInterface = wifiInterface; } else {}); boot = { loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; }; fileSystems = fileSystems; swapDevices = swapDevices; system.stateVersion = "21.05"; }; in lib.attrsets.recursiveUpdate baseConfig (extraOptions baseConfig)