Harald Hoyer
195a721d19
Introduced hardware and system configurations for the aarch64 NixOS system. Includes hardware setup, base system packages, and enabling key services such as Docker and Podman. This establishes the foundation for managing ARM-based systems.
197 lines
4.8 KiB
Nix
197 lines
4.8 KiB
Nix
{
|
|
options,
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
with lib;
|
|
with lib.metacfg;
|
|
let
|
|
cfg = config.metacfg.base;
|
|
in
|
|
{
|
|
options.metacfg.base = with types; {
|
|
enable = mkBoolOpt false "Whether or not to enable the base config.";
|
|
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
# Configure console keymap
|
|
console.keyMap = lib.mkDefault "us";
|
|
|
|
# Select internationalisation properties.
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
i18n.extraLocaleSettings = {
|
|
LC_ADDRESS = "de_DE.UTF-8";
|
|
LC_IDENTIFICATION = "de_DE.UTF-8";
|
|
LC_MEASUREMENT = "de_DE.UTF-8";
|
|
LC_MESSAGES = "en_US.UTF-8";
|
|
LC_MONETARY = "de_DE.UTF-8";
|
|
LC_NAME = "de_DE.UTF-8";
|
|
LC_NUMERIC = "de_DE.UTF-8";
|
|
LC_TELEPHONE = "de_DE.UTF-8";
|
|
LC_TIME = "de_DE.UTF-8";
|
|
};
|
|
|
|
environment = {
|
|
sessionVariables = {
|
|
PATH = "$HOME/bin";
|
|
};
|
|
systemPackages =
|
|
with pkgs;
|
|
[
|
|
age
|
|
bash
|
|
cifs-utils
|
|
clevis
|
|
delta
|
|
efibootmgr
|
|
git
|
|
git-crypt
|
|
git-delete-merged-branches
|
|
home-manager
|
|
htop
|
|
mosh
|
|
nixpkgs-fmt
|
|
openssl
|
|
restic
|
|
rrsync
|
|
sbctl
|
|
sops
|
|
strace
|
|
tmux
|
|
vim
|
|
virt-manager
|
|
wget
|
|
(pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" ''
|
|
qemu-system-x86_64 \
|
|
-bios ${pkgs.OVMF.fd}/FV/OVMF.fd \
|
|
"$@"
|
|
'')
|
|
]
|
|
++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 (
|
|
with pkgs;
|
|
[
|
|
tpm2-pkcs11
|
|
tpm2-pkcs11.out
|
|
tpm2-tools
|
|
]
|
|
);
|
|
shells = [
|
|
pkgs.fish
|
|
pkgs.bash
|
|
];
|
|
};
|
|
|
|
hardware = {
|
|
|
|
cpu = {
|
|
amd.updateMicrocode = pkgs.stdenv.targetPlatform.isx86_64;
|
|
intel.updateMicrocode = pkgs.stdenv.targetPlatform.isx86_64;
|
|
};
|
|
|
|
enableRedistributableFirmware = lib.mkDefault true;
|
|
enableAllFirmware = true;
|
|
};
|
|
|
|
programs = {
|
|
dconf.enable = true;
|
|
bash = {
|
|
## shellInit = ''
|
|
interactiveShellInit = ''
|
|
bind '"\e[A": history-search-backward'
|
|
bind '"\e[B": history-search-forward'
|
|
'';
|
|
};
|
|
starship.enable = true;
|
|
mosh.enable = true;
|
|
vim = {
|
|
defaultEditor = true;
|
|
enable = true;
|
|
};
|
|
fish.enable = true;
|
|
};
|
|
|
|
documentation.man.generateCaches = false;
|
|
# powerManagement.cpuFreqGovernor = "ondemand";
|
|
|
|
services = {
|
|
dbus.implementation = "broker";
|
|
dbus.packages = [ pkgs.gcr ];
|
|
fwupd.enable = true;
|
|
openssh = {
|
|
enable = true;
|
|
settings.PermitRootLogin = "prohibit-password";
|
|
settings.X11Forwarding = true;
|
|
};
|
|
};
|
|
|
|
security = {
|
|
tpm2.enable = lib.mkDefault true;
|
|
tpm2.abrmd.enable = lib.mkDefault true;
|
|
sudo = {
|
|
enable = true;
|
|
wheelNeedsPassword = lib.mkDefault true;
|
|
};
|
|
};
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
|
|
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
|
|
];
|
|
|
|
boot = {
|
|
tmp.cleanOnBoot = true;
|
|
loader = {
|
|
systemd-boot.enable = lib.mkDefault true;
|
|
efi.canTouchEfiVariables = true;
|
|
timeout = 2;
|
|
};
|
|
initrd.systemd.enable = true;
|
|
};
|
|
|
|
system.autoUpgrade = {
|
|
flags = [
|
|
"--update-input"
|
|
"nixpkgs"
|
|
"--update-input"
|
|
"unstable"
|
|
"--update-input"
|
|
"nixsgx-flake"
|
|
"--update-input"
|
|
"home-manager"
|
|
"--no-write-lock-file"
|
|
"-L"
|
|
];
|
|
flake = lib.mkDefault "git+https://git.hoyer.xyz/harald/nixcfg";
|
|
};
|
|
|
|
systemd.services.nixos-upgrade = {
|
|
path = [ pkgs.metacfg.rot8000 ];
|
|
environment.GIT_CONFIG_GLOBAL = "${config.environment.etc.gitconfig.source}";
|
|
environment.GIT_CONFIG_SYSTEM = "${config.environment.etc.gitconfig.source}";
|
|
environment.GIT_CONFIG = "${config.environment.etc.gitconfig.source}";
|
|
};
|
|
|
|
programs.git.enable = true;
|
|
|
|
programs.git.config = {
|
|
"filter \"rot8000\"" = {
|
|
smudge = "${pkgs.metacfg.rot8000}/bin/rot8000";
|
|
clean = "${pkgs.metacfg.rot8000}/bin/rot8000";
|
|
};
|
|
};
|
|
|
|
virtualisation.libvirtd.enable = true;
|
|
|
|
boot.tmp.useTmpfs = true;
|
|
systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";
|
|
|
|
services.fstrim.enable = true;
|
|
};
|
|
}
|