diff --git a/homes/x86_64-linux/harald@sgx/default.nix b/homes/x86_64-linux/harald@sgx/default.nix index 970aee4..b56064c 100644 --- a/homes/x86_64-linux/harald@sgx/default.nix +++ b/homes/x86_64-linux/harald@sgx/default.nix @@ -1,4 +1,6 @@ -{ config , ... }: +{ config +, ... +}: { home.sessionPath = [ "$HOME/bin" ]; @@ -21,6 +23,41 @@ }; }; + fonts.fontconfig.enable = true; + + dconf.settings = { + # ... + "org/gnome/shell" = { + disable-user-extensions = false; + + # `gnome-extensions list` for a list + enabled-extensions = [ + "Vitals@CoreCoding.com" + "appindicatorsupport@rgcjonas.gmail.com" + "dash-to-panel@jderose9.github.com" + "hibernate-status@dromi" + ]; + + favorite-apps = [ + "org.gnome.Console.desktop" + "jetbrains-toolbox.desktop" + "org.mozilla.firefox.desktop" + "firefox.desktop" + "thunderbird.desktop" + "org.mozilla.Thunderbird.desktop" + "slack.desktop" + "keybase.desktop" + "spotify.desktop" + "org.gnome.Nautilus.desktop" + "virt-manager.desktop" + ]; + }; + "org/virt-manager/virt-manager/connections" = { + autoconnect = [ "qemu:///system" ]; + uris = [ "qemu:///system" ]; + }; + }; + xdg.enable = true; xdg.mime.enable = true; } diff --git a/systems/x86_64-linux/sgx-nixos/default.nix b/systems/x86_64-linux/sgx-nixos/default.nix index 58e5464..68f45d7 100644 --- a/systems/x86_64-linux/sgx-nixos/default.nix +++ b/systems/x86_64-linux/sgx-nixos/default.nix @@ -1,39 +1,168 @@ -{ pkgs, lib, config, host, ... }: +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, lib, ... }: with lib; with lib.plusultra; -{ - imports = [ ./hardware-configuration.nix ]; - plusultra = { - base.enable = true; - nix-ld.enable = true; - nix.enable = true; - nix.extra-substituters."https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE="; - user.extraGroups = [ "docker" ]; +{ + imports = + [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + nix.settings.experimental-features = "nix-command flakes"; + + nix.settings.trusted-users = [ "@wheel" ]; + + plusultra.user.extraGroups = [ "docker" ]; + + programs = { + bash = { + ## shellInit = '' + interactiveShellInit = '' + bind '"\e[A": history-search-backward' + bind '"\e[B": history-search-forward' + ''; + }; + starship.enable = true; + mosh.enable = true; + vim.defaultEditor = true; + fish.enable = true; }; + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "sgx-nixos"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box" + "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box" + ]; + virtualisation.docker.enable = true; + # virtualisation = { + # podman = { + # enable = true; + + # Create a `docker` alias for podman, to use it as a drop-in replacement + # dockerCompat = true; + + # For Nixos version > 22.11 + # defaultNetwork.settings = { dns_enabled = true; }; + # }; + # }; + system.autoUpgrade = { enable = true; - operation = "boot"; + operation = "switch"; allowReboot = true; - flags = [ - "--update-input" - "nixpkgs" - "--update-input" - "unstable" - ]; - flake = "git+https://git.hoyer.xyz/harald/nixcfg#${host}"; + flags = [ "--update-input" "nixpkgs" ]; + flake = "git+https://git.hoyer.xyz/harald/nixcfg#sgx-nixos"; }; - networking.hostName = "sgx-nixos"; # Define your hostname. + programs.nix-ld.enable = true; - networking.wireless.enable = false; # Enables wireless support via wpa_supplicant. + # Sets up all the libraries to load + programs.nix-ld.libraries = with pkgs; [ + stdenv.cc.cc + libclang.lib + zlib + fuse3 + icu + nss + curl + expat + freetype + glib + openssl + tmux + # ... + ]; - services.aesmd.enable = true; + security = { + sudo = { + enable = true; + wheelNeedsPassword = false; + }; + }; - powerManagement.cpuFreqGovernor = "ondemand"; + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + age + mdadm + openssl + rustup + sops + tpm2-pkcs11 + tpm2-pkcs11.out + tpm2-tools + vim + wget + clang + pkg-config + ]; + + environment.shells = [ pkgs.fish pkgs.bash ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? - system.stateVersion = "23.11"; } diff --git a/systems/x86_64-linux/sgx/default.nix b/systems/x86_64-linux/sgx/default.nix index 0f2b75a..24f31e8 100644 --- a/systems/x86_64-linux/sgx/default.nix +++ b/systems/x86_64-linux/sgx/default.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, host, ... }: +{ pkgs, lib, config, ... }: with lib; with lib.plusultra; { @@ -26,7 +26,7 @@ with lib.plusultra; "--update-input" "unstable" ]; - flake = "git+https://git.hoyer.xyz/harald/nixcfg#${host}"; + flake = "git+https://git.hoyer.xyz/harald/nixcfg#sgx"; }; networking.hostName = "sgx"; # Define your hostname. diff --git a/systems/x86_64-linux/x1/default.nix b/systems/x86_64-linux/x1/default.nix index 0ce80d4..a63875f 100644 --- a/systems/x86_64-linux/x1/default.nix +++ b/systems/x86_64-linux/x1/default.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, host, ... }: +{ pkgs, lib, ... }: with lib; with lib.plusultra; { @@ -24,7 +24,7 @@ with lib.plusultra; "--update-input" "unstable" ]; - flake = "git+https://git.hoyer.xyz/harald/nixcfg#${host}"; + flake = "git+https://git.hoyer.xyz/harald/nixcfg#x1"; }; system.stateVersion = "23.11";