nix-config/hosts/cube.nix

180 lines
4.5 KiB
Nix
Raw Normal View History

2024-01-30 17:29:47 +01:00
{ config, pkgs, ... }:
{
imports =
[
./cube-hardware-configuration.nix
2024-08-13 12:49:24 +02:00
./common.nix
2024-01-30 17:29:47 +01:00
];
# Bootloader.
boot.loader.systemd-boot.enable = false;
boot.loader.grub = {
enable = true;
device = "nodev";
efiSupport = true;
useOSProber = true;
};
2024-01-30 17:29:47 +01:00
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "cube"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
2024-01-30 17:29:47 +01:00
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
2024-11-28 18:16:12 +01:00
networking.hosts = {
# "178.63.121.197" = ["www.boell.de"];
"127.0.0.1" = ["muhh.local"];
};
# Workaround for broken networkmanager/systemd thing
# https://github.com/NixOS/nixpkgs/issues/180175#issuecomment-1658731959
systemd.services.NetworkManager-wait-online = {
serviceConfig = {
ExecStart = [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
};
};
2024-05-20 17:37:28 +02:00
security = {
pam.services.swaylock = {};
polkit.enable = true;
rtkit.enable = true;
2024-10-01 15:58:14 +02:00
sudo = {
wheelNeedsPassword = true;
2024-10-14 19:38:11 +02:00
};
2024-05-20 17:37:28 +02:00
};
services.envfs.enable = true;
2024-01-30 17:29:47 +01:00
services.flatpak.enable = true;
services.fwupd.enable = true;
2024-05-20 17:33:39 +02:00
services.openssh.enable = true;
2024-01-30 17:29:47 +01:00
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
2024-08-13 12:48:34 +02:00
wireplumber.enable = true;
# If you want to use JACK applications, uncomment this
# jack.enable = true;
2024-01-30 17:29:47 +01:00
};
2024-05-20 17:36:08 +02:00
services.plex = {
enable = true;
dataDir = "/var/lib/plex";
openFirewall = true;
user = "plex";
group = "plex";
};
2024-01-30 17:29:47 +01:00
services.tailscale = {
enable = true;
2024-05-20 17:35:31 +02:00
authKeyFile = config.sops.secrets.tailscale_auth_key.path;
2024-01-30 17:29:47 +01:00
};
# Configure keymap in X11
services.xserver = {
xkb.layout = "eu";
xkb.options = "compose:ralt";
};
2024-05-20 17:35:31 +02:00
sops.defaultSopsFile = ../secrets/secrets.yaml;
sops.age.keyFile = "/home/muhh/.config/sops/age/keys.txt";
sops.secrets.tailscale_auth_key = {};
2024-01-30 17:29:47 +01:00
# Define a user account. Don't forget to set a password with passwd.
users.users.muhh = {
isNormalUser = true;
name = "muhh";
description = "Markus Heurung";
2024-12-06 18:04:50 +01:00
extraGroups = [ "audio" "docker" "libvirtd" "input" "networkmanager" "plugdev" "qemu-libvirtd" "video" "wheel"];
2024-01-30 17:29:47 +01:00
shell = pkgs.fish;
linger = true;
};
nixpkgs.config = {
allowUnfree = true;
allowUnfreePredicate = pkg: true;
};
2024-01-30 17:29:47 +01:00
environment.shells = with pkgs; [ bash fish zsh ];
environment.systemPackages = with pkgs; [
git
2024-03-06 12:10:11 +01:00
home-manager
2024-01-30 17:29:47 +01:00
toolbox
vim
2024-03-06 12:10:11 +01:00
wget
2024-01-30 17:29:47 +01:00
];
fonts.packages = with pkgs; [
atkinson-hyperlegible
iosevka
2024-11-28 18:16:12 +01:00
# secret-config.packages.x86_64-linux.default
2024-01-30 17:29:47 +01:00
];
2024-11-28 18:16:12 +01:00
2024-01-30 17:29:47 +01:00
programs = {
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = ["muhh"];
};
2024-01-30 17:29:47 +01:00
fish.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
light = {
enable = true;
brightnessKeys.enable = true;
};
2024-11-28 18:16:12 +01:00
hyprland.enable = true;
niri.enable = true;
2024-01-30 17:29:47 +01:00
sway.enable = true;
2024-11-28 18:16:12 +01:00
# ssh = {
# pubkeyAcceptedKeyTypes = ["ssh-ed25519" "ssh-rsa"];
# hostKeyAlgorithms = ["ssh-ed25519" "ssh-rsa"];
# };
2024-01-30 17:29:47 +01:00
};
2024-05-17 16:38:19 +02:00
virtualisation = {
2024-12-05 16:53:58 +01:00
docker.enable = true;
2024-05-17 16:38:19 +02:00
libvirtd = {
enable = true;
};
podman = {
2024-12-05 16:53:58 +01:00
enable = false;
2024-05-17 16:38:19 +02:00
dockerCompat = true;
};
2024-01-30 17:29:47 +01:00
};
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
};
};
2024-01-30 17:29:47 +01:00
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# FIREWALL IS ENABLED BY DEFAULT - muhh
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
2024-03-06 12:10:11 +01:00
system.stateVersion = "23.11"; # Did you read the comment?
2024-01-30 17:29:47 +01:00
}