nixcfg/systems/x86_64-linux/x1/default.nix

{ pkgs, lib, ... }:
with lib;
with lib.plusultra;
{
  imports =
    [
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  system.autoUpgrade = {
    enable = true;
    operation = "boot";
    allowReboot = false;
    flags = [ "--update-input" "nixpkgs" ];
    flake = "git+https://git.hoyer.xyz/harald/nixcfg#x1";
  };

  plusultra.gui.enable = true;
  plusultra.nix.enable = true;
  plusultra.nix.extra-substituters = {
    "https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
  };

  boot = {
    tmp.cleanOnBoot = true;
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
      timeout = 2;
    };
    initrd.systemd.enable = true;
  };

  # Configure console keymap
  console.keyMap = "us";
  i18n.extraLocaleSettings = {
    LC_MESSAGES = "en_US.UTF-8";
    LC_TIME = "de_DE.UTF-8";
  };

  environment = {
    sessionVariables = { PATH = "$HOME/bin:$HOME/.cargo/bin"; };
    systemPackages = with pkgs; [
      age
      bash
      cachix
      cifs-utils
      clevis
      delta
      efibootmgr
      git
      git-delete-merged-branches
      home-manager
      htop
      mosh
      nixpkgs-fmt
      openssl
      restic
      rrsync
      sops
      strace
      tmux
      tpm2-pkcs11
      tpm2-pkcs11.out
      tpm2-tools
      vim
      wget
    ];
    shells = [ pkgs.fish pkgs.bash ];
  };

  hardware = {
    cpu = {
      amd.updateMicrocode = lib.mkDefault true;
      intel.updateMicrocode = lib.mkDefault true;
    };
    enableRedistributableFirmware = lib.mkDefault true;
    enableAllFirmware = true;
  };

  programs = {
    dconf.enable = true;
    bash = {
      ## shellInit = ''
      interactiveShellInit = ''
        bind '"\e[A": history-search-backward'
        bind '"\e[B": history-search-forward'
      '';
    };
    starship.enable = true;
    mosh.enable = true;
    vim.defaultEditor = true;
    fish.enable = true;
  };

  # powerManagement.cpuFreqGovernor = "ondemand";

  services = {
    dbus.implementation = "broker";
    dbus.packages = [ pkgs.gcr ];
    fail2ban.enable = true;
    fwupd.enable = true;
    openssh = {
      enable = true;
      settings.PermitRootLogin = "prohibit-password";
      settings.X11Forwarding = true;
    };
  };

  security = {
    tpm2.enable = lib.mkDefault true;
    tpm2.abrmd.enable = lib.mkDefault true;
    sudo = {
      enable = true;
      wheelNeedsPassword = false;
    };
  };

  # Auto system update
  # https://search.nixos.org/options?channel=23.11&show=system.autoUpgrade
  #system.autoUpgrade = {
  #enable = true;
  #operation = "boot";
  #flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ]
  #    flake = "??";
  #	};
  system.stateVersion = "23.11";

  time.timeZone = "Europe/Berlin";

  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
    "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
    "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
  ];

  virtualisation = {
    podman = {
      enable = true;

      # Create a `docker` alias for podman, to use it as a drop-in replacement
      dockerCompat = true;

      # For Nixos version > 22.11
      defaultNetwork.settings = { dns_enabled = true; };
    };
  };

  programs.nix-ld.enable = true;

  # Sets up all the libraries to load
  programs.nix-ld.libraries = with pkgs; [
    curl
    expat
    fontconfig
    freetype
    fuse
    fuse3
    glib
    icu
    libclang.lib
    libdbusmenu
    libxcrypt-legacy
    libxml2
    nss
    openssl
    python3
    stdenv.cc.cc
    xorg.libX11
    xorg.libXcursor
    xorg.libXext
    xorg.libXi
    xorg.libXinerama
    xorg.libXrandr
    xorg.libXrender
    xorg.libXtst
    xz
    zlib
  ];

}
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 20:38:37 +01:00			`{ pkgs, lib, ... }:`
add X1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 14:09:57 +01:00			`with lib;`
			`with lib.plusultra;`
			`{`
			`imports =`
			`[`
			`# Include the results of the hardware scan.`
			`./hardware-configuration.nix`
			`];`

x1: add autoupgrade Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-05 09:45:37 +01:00			`system.autoUpgrade = {`
			`enable = true;`
			`operation = "boot";`
			`allowReboot = false;`
			`flags = [ "--update-input" "nixpkgs" ];`
fix x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-05 10:17:55 +01:00			`flake = "git+https://git.hoyer.xyz/harald/nixcfg#x1";`
x1: add autoupgrade Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-05 09:45:37 +01:00			`};`

x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 19:43:29 +01:00			`plusultra.gui.enable = true;`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-05 00:02:22 +01:00			`plusultra.nix.enable = true;`
			`plusultra.nix.extra-substituters = {`
			`"https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";`
			`};`
add X1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 14:09:57 +01:00
			`boot = {`
			`tmp.cleanOnBoot = true;`
			`loader = {`
			`systemd-boot.enable = true;`
			`efi.canTouchEfiVariables = true;`
			`timeout = 2;`
			`};`
			`initrd.systemd.enable = true;`
			`};`

			`# Configure console keymap`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 19:43:29 +01:00			`console.keyMap = "us";`
add X1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 14:09:57 +01:00			`i18n.extraLocaleSettings = {`
			`LC_MESSAGES = "en_US.UTF-8";`
			`LC_TIME = "de_DE.UTF-8";`
			`};`

			`environment = {`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-05 00:02:22 +01:00			`sessionVariables = { PATH = "$HOME/bin:$HOME/.cargo/bin"; };`
add X1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 14:09:57 +01:00			`systemPackages = with pkgs; [`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-05 00:02:22 +01:00			`age`
			`bash`
			`cachix`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 19:43:29 +01:00			`cifs-utils`
add X1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 14:09:57 +01:00			`clevis`
			`delta`
			`efibootmgr`
			`git`
			`git-delete-merged-branches`
			`home-manager`
			`htop`
			`mosh`
			`nixpkgs-fmt`
			`openssl`
			`restic`
			`rrsync`
			`sops`
			`strace`
			`tmux`
			`tpm2-pkcs11`
			`tpm2-pkcs11.out`
			`tpm2-tools`
			`vim`
			`wget`
			`];`
			`shells = [ pkgs.fish pkgs.bash ];`
			`};`

			`hardware = {`
			`cpu = {`
			`amd.updateMicrocode = lib.mkDefault true;`
			`intel.updateMicrocode = lib.mkDefault true;`
			`};`
			`enableRedistributableFirmware = lib.mkDefault true;`
			`enableAllFirmware = true;`
			`};`

			`programs = {`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 20:38:37 +01:00			`dconf.enable = true;`
add X1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 14:09:57 +01:00			`bash = {`
			`## shellInit = ''`
			`interactiveShellInit = ''`
			`bind '"\e[A": history-search-backward'`
			`bind '"\e[B": history-search-forward'`
			`'';`
			`};`
			`starship.enable = true;`
			`mosh.enable = true;`
			`vim.defaultEditor = true;`
			`fish.enable = true;`
			`};`

			`# powerManagement.cpuFreqGovernor = "ondemand";`

			`services = {`
			`dbus.implementation = "broker";`
			`dbus.packages = [ pkgs.gcr ];`
			`fail2ban.enable = true;`
			`fwupd.enable = true;`
			`openssh = {`
			`enable = true;`
			`settings.PermitRootLogin = "prohibit-password";`
			`settings.X11Forwarding = true;`
			`};`
			`};`

			`security = {`
			`tpm2.enable = lib.mkDefault true;`
			`tpm2.abrmd.enable = lib.mkDefault true;`
			`sudo = {`
			`enable = true;`
			`wheelNeedsPassword = false;`
			`};`
			`};`

			`# Auto system update`
			`# https://search.nixos.org/options?channel=23.11&show=system.autoUpgrade`
			`#system.autoUpgrade = {`
			`#enable = true;`
			`#operation = "boot";`
			`#flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ]`
			`# flake = "??";`
			`# };`
			`system.stateVersion = "23.11";`

			`time.timeZone = "Europe/Berlin";`

			`users.users.root.openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"`
			`"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"`
			`"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"`
			`];`

			`virtualisation = {`
			`podman = {`
			`enable = true;`

			# Create a `docker` alias for podman, to use it as a drop-in replacement
			`dockerCompat = true;`

			`# For Nixos version > 22.11`
			`defaultNetwork.settings = { dns_enabled = true; };`
			`};`
			`};`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 20:38:37 +01:00
			`programs.nix-ld.enable = true;`

			`# Sets up all the libraries to load`
			`programs.nix-ld.libraries = with pkgs; [`
			`curl`
			`expat`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-05 00:02:22 +01:00			`fontconfig`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 20:38:37 +01:00			`freetype`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-05 00:02:22 +01:00			`fuse`
			`fuse3`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 20:38:37 +01:00			`glib`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-05 00:02:22 +01:00			`icu`
			`libclang.lib`
			`libdbusmenu`
			`libxcrypt-legacy`
			`libxml2`
			`nss`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 20:38:37 +01:00			`openssl`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-05 00:02:22 +01:00			`python3`
			`stdenv.cc.cc`
			`xorg.libX11`
add libXcursor for rustrover Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-05 00:17:42 +01:00			`xorg.libXcursor`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-05 00:02:22 +01:00			`xorg.libXext`
			`xorg.libXi`
add libXcursor for rustrover Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-05 00:17:42 +01:00			`xorg.libXinerama`
			`xorg.libXrandr`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-05 00:02:22 +01:00			`xorg.libXrender`
			`xorg.libXtst`
			`xz`
			`zlib`
x1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 20:38:37 +01:00			`];`

add X1 Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-04 14:09:57 +01:00			`}`