First flake

2022-04-06 09:44:31 +02:00 · 2022-04-06 09:44:31 +02:00 · becab7b6f3
commit becab7b6f3
parent c3b30c56ef
4 changed files with 341 additions and 0 deletions
--- a/thor/configuration.nix
+++ b/thor/configuration.nix
@ -0,0 +1,198 @@
+{ config, pkgs, lib, ... }:
+{
+  imports = [
+    # <nixos-hardware/common/cpu/amd>
+    # <nixos-hardware/common/pc/ssd>
+    ./hardware-configuration.nix
+    # ./pro_audio.nix
+  ];
+
+  boot = {
+    binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ];
+    extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+    initrd = {
+      checkJournalingFS = true;
+      luks.devices = {
+        root = {
+          device = "/dev/nvme0n1p2";
+          preLVM = true;
+          allowDiscards = true;
+        };
+      };
+    };
+  };
+
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  environment = {
+    pathsToLink = [ "/share/zsh" ];
+    systemPackages = with pkgs; [
+      kakoune
+      tmux
+      vim
+    ];
+  };
+
+  hardware = {
+    bluetooth.enable = true;
+    enableRedistributableFirmware = true;
+    pulseaudio.enable = false;
+    # nvidia.modesetting.enable = true;
+  };
+
+  i18n.defaultLocale = "it_IT.UTF-8";
+
+  programs = {
+    dconf.enable = true;
+    flashrom.enable = true;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+    steam = {
+      enable = true;
+    };
+    zsh = {
+      enable = true;
+      syntaxHighlighting.enable = true;
+    };
+  };
+
+  networking = {
+    hostName = "thor"; # Define your hostname.
+    interfaces = {
+      eno1.useDHCP = true;
+      wlp5s0.useDHCP = true;
+    };
+    networkmanager.enable = true;
+    useDHCP = false;
+    hosts = {
+      "*.engine.sesar.int" = [ "172.20.28.210" ];
+      "vcenter.sesar.int" = [ "172.20.28.20" ];
+    };
+  };
+
+  time.timeZone = "Europe/Rome";
+
+  services = {
+    avahi = {
+      enable = true;
+      openFirewall = true;
+      nssmdns = true;
+      publish = {
+        enable = true;
+        addresses = true;
+        domain = true;
+        userServices = true;
+        workstation = true;
+      };
+      extraServiceFiles = {
+        ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
+      };
+    };
+    clamav = { daemon.enable = true; updater.enable = true; };
+    dbus.packages = with pkgs; [ gnome.dconf ];
+    gnome.gnome-keyring.enable = true;
+    gvfs = { enable = true; package = pkgs.gnome3.gvfs; };
+    fwupd.enable = true;
+    openssh = { enable = true; openFirewall = true; permitRootLogin = "no"; passwordAuthentication = false; forwardX11 = true; };
+    pipewire = {
+      enable = true;
+      pulse.enable = true;
+      jack.enable = true;
+      alsa = {
+        enable = true;
+        support32Bit = true;
+      };
+      media-session.enable = true;
+    };
+    power-profiles-daemon.enable = true;
+    smartd = { enable = true; notifications.x11.enable = true; };
+    snapper = {
+      configs =
+        let
+          common = {
+            extraConfig = ''
+              ALLOW_USERS="bertof"
+              TIMELINE_CREATE=yes
+              TIMELINE_CLEANUP=yes
+            '';
+          };
+        in
+        {
+          bertof_home = common // { subvolume = "/home/bertof"; };
+        };
+    };
+    thermald.enable = true;
+    xserver = {
+      enable = true;
+      desktopManager = {
+        # gnome.enable = true;
+        # cinnamon.enable = true;
+        plasma5 = {
+          enable = true;
+          runUsingSystemd = true;
+          useQtScaling = true;
+        };
+      };
+      # displayManager.gdm = { enable = true; nvidiaWayland = true; };
+      displayManager.sddm.enable = true;
+      layout = "us";
+      videoDrivers = [ "nvidia" ];
+      xkbOptions = "eurosign:e";
+    };
+    # gnome.gnome-remote-desktop.enable = true;
+    zerotierone = { enable = true; joinNetworks = [ "8056c2e21cf9c753" ]; };
+  };
+
+  services.teamviewer.enable = true;
+
+  security = {
+    rtkit.enable = true;
+    sudo.extraConfig = ''
+      Defaults pwfeedback
+    '';
+  };
+
+  sound.enable = false;
+
+  users.users.bertof = {
+    isNormalUser = true;
+    extraGroups = [ "audio" "input" "docker" "flashrom" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ];
+    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ];
+    shell = pkgs.zsh;
+    useDefaultShell = false;
+  };
+
+  virtualisation = {
+    docker.enable = true;
+    kvmgt.enable = true;
+    libvirtd.enable = true;
+    podman.enable = true;
+    virtualbox.host.enable = true;
+  };
+
+  nixpkgs.config = {
+    allowUnfree = true;
+    packageOverrides = pkgs: {
+      steam = pkgs.steam.override {
+        extraPkgs = pkgs: with pkgs; [ icu ];
+      };
+    };
+    # cudaSupport = true;
+  };
+  nix = {
+    package = pkgs.nixFlakes;
+    extraOptions = "experimental-features = nix-command flakes";
+    gc.automatic = true;
+  };
+
+  system.stateVersion = "21.05"; # Did you read the comment?
+}