Harald Hoyer
4622c52d5b
Create 6 new NixOS modules to reduce duplication across system configs: - hardware/wooting: Wooting keyboard udev rules and Bluetooth compat - services/nginx-base: Common nginx server settings - services/acme-base: ACME certificate defaults - services/xremap: Key remapping with sensible defaults - system/no-sleep: Disable sleep/suspend/hibernate targets - system/kernel-tweaks: PM freeze timeout and zram configuration Update system configuration files to use these new modules. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
139 lines
2.5 KiB
Nix
139 lines
2.5 KiB
Nix
{
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
with lib;
|
|
with lib.metacfg;
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
./xremap.nix
|
|
];
|
|
|
|
services.rustdesk-server.signal.enable = false;
|
|
networking.firewall.allowedTCPPorts = [
|
|
22000
|
|
];
|
|
|
|
programs.ccache.enable = true;
|
|
nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
|
|
|
|
services.cratedocs-mcp.enable = true;
|
|
|
|
sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];
|
|
sops.secrets."wg".sopsFile = ../../../.secrets/x1/files.yaml;
|
|
sops.secrets."wg".mode = "0444";
|
|
|
|
environment.etc."wg0.backup.conf".source = config.sops.secrets."wg".path;
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
hostKeys = [
|
|
{
|
|
path = "/var/lib/secrets/ssh_host_ed25519_key";
|
|
type = "ed25519";
|
|
}
|
|
{
|
|
path = "/var/lib/secrets/ssh_host_rsa_key";
|
|
type = "rsa";
|
|
bits = 4096;
|
|
}
|
|
];
|
|
};
|
|
|
|
services.tailscale.enable = true;
|
|
services.resolved.enable = true;
|
|
|
|
metacfg = {
|
|
hardware.wooting.enable = true;
|
|
base.enable = true;
|
|
gui.enable = true;
|
|
nix-ld.enable = true;
|
|
nix.enable = true;
|
|
podman.enable = true;
|
|
secureboot.enable = true;
|
|
homeprinter.enable = true;
|
|
|
|
system = {
|
|
limits = {
|
|
enable = true;
|
|
nofileLimit = 32768;
|
|
memlockLimit = 32768;
|
|
};
|
|
};
|
|
|
|
# User configuration
|
|
tools = {
|
|
direnv.enable = true;
|
|
};
|
|
user.extraGroups = [
|
|
"docker"
|
|
"dialout"
|
|
"tss"
|
|
];
|
|
system.kernelTweaks.enable = true;
|
|
};
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
operation = "boot";
|
|
allowReboot = false;
|
|
};
|
|
|
|
nixpkgs.config.permittedInsecurePackages = [
|
|
"electron-27.3.11"
|
|
];
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
attic-client
|
|
azure-cli
|
|
claude-code
|
|
claude-desktop-with-fhs
|
|
desktop-file-utils
|
|
fabric-ai
|
|
gemini-cli
|
|
gnome-terminal
|
|
gnome-remote-desktop
|
|
gtypist
|
|
k9s
|
|
klavaro
|
|
kubectl
|
|
kubectx
|
|
libcamera
|
|
logseq
|
|
obsidian
|
|
piper-tts
|
|
tipp10
|
|
uv
|
|
vscode
|
|
];
|
|
|
|
services.ratbagd.enable = true;
|
|
|
|
virtualisation = {
|
|
libvirtd.enable = true;
|
|
};
|
|
|
|
services.trezord.enable = true;
|
|
|
|
services.ollama = {
|
|
enable = false;
|
|
acceleration = "rocm";
|
|
environmentVariables = {
|
|
HSA_OVERRIDE_GFX_VERSION = "10.1.0";
|
|
};
|
|
};
|
|
|
|
/*
|
|
environment.sessionVariables = {
|
|
LIBVA_DRIVER_NAME = "iHD";
|
|
# NIXOS_OZONE_WL = "1";
|
|
# DRI_PRIME = "pci-0000_24_00_0";
|
|
DRI_PRIME = "pci-0000_00_02_0";
|
|
};
|
|
*/
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|