2024-03-21 15:00:36 +01:00
|
|
|
{ options
|
|
|
|
, config
|
|
|
|
, lib
|
|
|
|
, pkgs
|
|
|
|
, ...
|
|
|
|
}:
|
|
|
|
with lib;
|
|
|
|
with lib.metacfg;
|
|
|
|
let
|
|
|
|
cfg = config.metacfg.base;
|
|
|
|
gitconfig = pkgs.writeText "gitconfig" ''
|
|
|
|
[filter "rot8000"]
|
|
|
|
smudge = ${pkgs.metacfg.rot8000}/bin/rot8000
|
|
|
|
clean = ${pkgs.metacfg.rot8000}/bin/rot8000
|
|
|
|
'';
|
|
|
|
in
|
|
|
|
{
|
|
|
|
options.metacfg.base = with types; {
|
|
|
|
enable = mkBoolOpt false "Whether or not to enable the base config.";
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
# Configure console keymap
|
|
|
|
console.keyMap = lib.mkDefault "us";
|
|
|
|
|
|
|
|
# Select internationalisation properties.
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
i18n.extraLocaleSettings = {
|
|
|
|
LC_ADDRESS = "de_DE.UTF-8";
|
|
|
|
LC_IDENTIFICATION = "de_DE.UTF-8";
|
|
|
|
LC_MEASUREMENT = "de_DE.UTF-8";
|
|
|
|
LC_MESSAGES = "en_US.UTF-8";
|
|
|
|
LC_MONETARY = "de_DE.UTF-8";
|
|
|
|
LC_NAME = "de_DE.UTF-8";
|
|
|
|
LC_NUMERIC = "de_DE.UTF-8";
|
|
|
|
LC_TELEPHONE = "de_DE.UTF-8";
|
|
|
|
LC_TIME = "de_DE.UTF-8";
|
|
|
|
};
|
|
|
|
|
|
|
|
environment = {
|
2024-03-26 09:51:09 +01:00
|
|
|
sessionVariables = { PATH = "$HOME/bin"; };
|
2024-03-21 15:00:36 +01:00
|
|
|
systemPackages = with pkgs; [
|
|
|
|
age
|
|
|
|
bash
|
|
|
|
cifs-utils
|
|
|
|
clevis
|
|
|
|
delta
|
|
|
|
efibootmgr
|
|
|
|
git
|
|
|
|
git-crypt
|
|
|
|
git-delete-merged-branches
|
|
|
|
home-manager
|
|
|
|
htop
|
|
|
|
mosh
|
|
|
|
nixpkgs-fmt
|
|
|
|
openssl
|
|
|
|
restic
|
|
|
|
rrsync
|
|
|
|
sbctl
|
|
|
|
sops
|
|
|
|
strace
|
|
|
|
tmux
|
|
|
|
tpm2-pkcs11
|
|
|
|
tpm2-pkcs11.out
|
|
|
|
tpm2-tools
|
|
|
|
vim
|
|
|
|
virt-manager
|
|
|
|
wget
|
|
|
|
];
|
|
|
|
shells = [ pkgs.fish pkgs.bash ];
|
|
|
|
};
|
|
|
|
|
|
|
|
hardware = {
|
|
|
|
cpu = {
|
|
|
|
amd.updateMicrocode = lib.mkDefault true;
|
|
|
|
intel.updateMicrocode = lib.mkDefault true;
|
|
|
|
};
|
|
|
|
enableRedistributableFirmware = lib.mkDefault true;
|
|
|
|
enableAllFirmware = true;
|
|
|
|
opengl.extraPackages = with pkgs; [ intel-compute-runtime ];
|
|
|
|
};
|
|
|
|
|
|
|
|
programs = {
|
|
|
|
dconf.enable = true;
|
|
|
|
bash = {
|
|
|
|
## shellInit = ''
|
|
|
|
interactiveShellInit = ''
|
|
|
|
bind '"\e[A": history-search-backward'
|
|
|
|
bind '"\e[B": history-search-forward'
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
starship.enable = true;
|
|
|
|
mosh.enable = true;
|
|
|
|
vim.defaultEditor = true;
|
|
|
|
fish.enable = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
# powerManagement.cpuFreqGovernor = "ondemand";
|
|
|
|
|
|
|
|
services = {
|
|
|
|
dbus.implementation = "broker";
|
|
|
|
dbus.packages = [ pkgs.gcr ];
|
|
|
|
fwupd.enable = true;
|
|
|
|
openssh = {
|
|
|
|
enable = true;
|
|
|
|
settings.PermitRootLogin = "prohibit-password";
|
|
|
|
settings.X11Forwarding = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
security = {
|
|
|
|
tpm2.enable = lib.mkDefault true;
|
|
|
|
tpm2.abrmd.enable = lib.mkDefault true;
|
|
|
|
sudo = {
|
|
|
|
enable = true;
|
|
|
|
wheelNeedsPassword = false;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
|
|
|
|
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
|
|
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
|
|
|
|
];
|
|
|
|
|
|
|
|
boot = {
|
|
|
|
tmp.cleanOnBoot = true;
|
|
|
|
loader = {
|
|
|
|
systemd-boot.enable = lib.mkDefault true;
|
|
|
|
efi.canTouchEfiVariables = true;
|
|
|
|
timeout = 2;
|
|
|
|
};
|
|
|
|
initrd.systemd.enable = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
system.autoUpgrade = {
|
|
|
|
flags = [
|
|
|
|
"--update-input"
|
|
|
|
"nixpkgs"
|
|
|
|
"--update-input"
|
|
|
|
"unstable"
|
2024-05-21 15:18:32 +02:00
|
|
|
"--update-input"
|
2024-05-21 15:22:43 +02:00
|
|
|
"nixsgx-flake"
|
2024-06-03 10:11:12 +02:00
|
|
|
"--update-input"
|
|
|
|
"home-manager"
|
2024-03-21 15:00:36 +01:00
|
|
|
"--no-write-lock-file"
|
|
|
|
"-L"
|
|
|
|
];
|
2024-06-03 10:11:12 +02:00
|
|
|
flake = lib.mkDefault "git+https://git.hoyer.xyz/harald/nixcfg";
|
2024-03-21 15:00:36 +01:00
|
|
|
};
|
|
|
|
systemd.services.nixos-upgrade = {
|
|
|
|
path = [ pkgs.metacfg.rot8000 ];
|
|
|
|
environment.GIT_CONFIG_GLOBAL = toString gitconfig;
|
|
|
|
};
|
|
|
|
|
|
|
|
virtualisation.libvirtd.enable = true;
|
|
|
|
|
|
|
|
};
|
|
|
|
}
|