Harald Hoyer
54f03ed782
Re-enabled the default vscode package and commented out the custom vscode-with-extensions override. This simplifies the configuration by relying on the standard vscode setup.
145 lines
3.3 KiB
Nix
145 lines
3.3 KiB
Nix
{ pkgs, lib, config, ... }:
|
|
with lib;
|
|
with lib.metacfg;
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
# ./ipu.nix
|
|
];
|
|
|
|
sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];
|
|
sops.secrets."wg".sopsFile = ../../../.secrets/x1/files.yaml;
|
|
sops.secrets."wg".mode = "0444";
|
|
sops.secrets."hosts".sopsFile = ../../../.secrets/x1/files.yaml;
|
|
sops.secrets."hosts".mode = "0444";
|
|
|
|
environment.etc."wg0.backup.conf".source = config.sops.secrets."wg".path;
|
|
environment.etc."hosts.backup".source = config.sops.secrets."hosts".path;
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
hostKeys = [
|
|
{
|
|
path = "/var/lib/secrets/ssh_host_ed25519_key";
|
|
type = "ed25519";
|
|
}
|
|
{
|
|
path = "/var/lib/secrets/ssh_host_rsa_key";
|
|
type = "rsa";
|
|
bits = 4096;
|
|
}
|
|
];
|
|
};
|
|
|
|
hardware.bluetooth.input.General.ClassicBondedOnly = false;
|
|
services.udev.extraRules = ''
|
|
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="342d", ATTRS{idProduct}=="e4c5", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
|
|
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="342d", ATTRS{idProduct}=="e489", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
|
|
'';
|
|
|
|
metacfg = {
|
|
base.enable = true;
|
|
gui.enable = true;
|
|
nix-ld.enable = true;
|
|
nix.enable = true;
|
|
podman.enable = true;
|
|
secureboot.enable = true;
|
|
homeprinter.enable = true;
|
|
|
|
system = {
|
|
limits = {
|
|
enable = true;
|
|
nofileLimit = 32768;
|
|
memlockLimit = 32768;
|
|
};
|
|
};
|
|
|
|
# User configuration
|
|
tools = {
|
|
direnv.enable = true;
|
|
};
|
|
user.extraGroups = [
|
|
"docker"
|
|
"dialout"
|
|
];
|
|
};
|
|
|
|
nixpkgs.config.permittedInsecurePackages = [
|
|
"electron-27.3.11"
|
|
];
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
azure-cli
|
|
cloudflare-warp
|
|
desktop-file-utils
|
|
kubectl
|
|
kubectx
|
|
k9s
|
|
attic-client
|
|
ollama
|
|
piper
|
|
klavaro
|
|
tipp10
|
|
gtypist
|
|
logseq
|
|
claude-code
|
|
claude-desktop-with-fhs
|
|
goose-cli
|
|
aider-chat
|
|
vscode
|
|
# (vscode-with-extensions.override {
|
|
# vscodeExtensions = with vscode-extensions; [
|
|
# rooveterinaryinc.roo-cline
|
|
# rust-lang.rust-analyzer
|
|
# github.copilot
|
|
# ms-python.python
|
|
# ms-azuretools.vscode-docker
|
|
# ms-vscode-remote.remote-ssh
|
|
# ];
|
|
# })
|
|
];
|
|
|
|
zramSwap.enable = true;
|
|
|
|
services.ratbagd.enable = true;
|
|
|
|
services.resolved.enable = true;
|
|
#services.resolved.dnssec = "allow-downgrade";
|
|
#services.resolved.extraConfig = ''
|
|
# ResolveUnicastSingleLabel=yes
|
|
#'';
|
|
|
|
systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli
|
|
|
|
virtualisation = {
|
|
docker.enable = true;
|
|
libvirtd.enable = true;
|
|
podman.dockerCompat = false;
|
|
};
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
operation = "boot";
|
|
allowReboot = false;
|
|
};
|
|
|
|
services.trezord.enable = true;
|
|
|
|
services.ollama = {
|
|
enable = false;
|
|
acceleration = "rocm";
|
|
environmentVariables = {
|
|
HSA_OVERRIDE_GFX_VERSION = "10.1.0";
|
|
};
|
|
};
|
|
|
|
environment.sessionVariables = {
|
|
LIBVA_DRIVER_NAME = "iHD";
|
|
# NIXOS_OZONE_WL = "1";
|
|
# DRI_PRIME = "pci-0000_24_00_0";
|
|
DRI_PRIME = "pci-0000_00_02_0";
|
|
};
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|