2020-10-28 11:44:08 +00:00
|
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
|
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
|
|
|
|
|
2020-10-29 18:53:36 +00:00
|
|
|
|
{ config, pkgs, lib, ... }:
|
2020-10-28 11:44:08 +00:00
|
|
|
|
|
2020-10-29 18:53:36 +00:00
|
|
|
|
let
|
2021-05-24 08:33:02 +00:00
|
|
|
|
# local = import ./local.nix { inherit config pkgs lib; };
|
|
|
|
|
|
# hostName = local.networking.hostName;
|
|
|
|
|
|
# host-config = ./machines + "/${hostName}.nix";
|
|
|
|
|
|
# optionalPath = path: lib.lists.optional (builtins.pathExists path) path;
|
2020-11-21 15:40:27 +00:00
|
|
|
|
in {
|
2021-04-11 19:59:43 +00:00
|
|
|
|
imports = [
|
2021-05-24 08:33:02 +00:00
|
|
|
|
# <home-manager/nixos>
|
|
|
|
|
|
# ./hardware-configuration.nix
|
|
|
|
|
|
# ./local.nix
|
2021-04-11 19:59:43 +00:00
|
|
|
|
./cachix.nix
|
2021-05-24 08:33:02 +00:00
|
|
|
|
]; # ++ optionalPath host-config;
|
|
|
|
|
|
|
|
|
|
|
|
documentation.info.enable = lib.mkForce false;
|
2020-11-24 13:06:10 +00:00
|
|
|
|
|
|
|
|
|
|
# Nix ######################################################################
|
2020-10-29 18:53:36 +00:00
|
|
|
|
system.stateVersion = "20.03"; # Leave this alone (see configuration.nix(5))
|
|
|
|
|
|
|
2020-11-16 16:04:18 +00:00
|
|
|
|
nixpkgs.config = {
|
|
|
|
|
|
allowUnfree = true;
|
|
|
|
|
|
joypixels.acceptLicense = true;
|
2020-11-21 15:33:11 +00:00
|
|
|
|
packageOverrides = pkgs: {
|
|
|
|
|
|
nur = import (builtins.fetchTarball
|
|
|
|
|
|
"https://github.com/nix-community/NUR/archive/master.tar.gz") {
|
|
|
|
|
|
inherit pkgs;
|
|
|
|
|
|
};
|
|
|
|
|
|
};
|
2020-11-16 16:04:18 +00:00
|
|
|
|
};
|
2021-03-28 15:18:13 +00:00
|
|
|
|
nixpkgs.overlays = [
|
|
|
|
|
|
# (self: super: { libvirt = (import (builtins.fetchTarball "https://github.com/NixOS/nixpkgs/archive/066676b839a217f6b1b5d8ab05842604d33b7258.tar.gz") {}).libvirt; })
|
|
|
|
|
|
];
|
2020-11-06 16:26:20 +00:00
|
|
|
|
|
2020-11-24 13:06:10 +00:00
|
|
|
|
nix = {
|
2021-05-20 11:26:13 +00:00
|
|
|
|
package = pkgs.nixUnstable;
|
|
|
|
|
|
extraOptions = ''
|
|
|
|
|
|
experimental-features = nix-command flakes
|
|
|
|
|
|
'';
|
2020-11-24 13:06:10 +00:00
|
|
|
|
autoOptimiseStore = true;
|
|
|
|
|
|
gc = {
|
|
|
|
|
|
automatic = true;
|
|
|
|
|
|
dates = "12:00";
|
|
|
|
|
|
options = "--delete-older-than 14d";
|
|
|
|
|
|
};
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2020-11-16 16:02:48 +00:00
|
|
|
|
# Kernel ###################################################################
|
|
|
|
|
|
boot = {
|
|
|
|
|
|
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
|
|
|
|
|
|
kernelModules = [ "v4l2loopback" ];
|
2021-03-04 11:16:15 +00:00
|
|
|
|
kernel.sysctl = {
|
|
|
|
|
|
"net.core.rmem_max" = 2500000;
|
|
|
|
|
|
"vm.swappiness" = 10;
|
|
|
|
|
|
};
|
2020-11-16 16:02:48 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
2020-10-29 18:53:36 +00:00
|
|
|
|
# Users ####################################################################
|
|
|
|
|
|
users.users.jez = {
|
|
|
|
|
|
isNormalUser = true;
|
2020-10-30 20:53:50 +00:00
|
|
|
|
group = "jez";
|
2021-04-02 13:23:56 +00:00
|
|
|
|
extraGroups = [ "wheel" "video" "audio" "networkmanager" ];
|
2020-10-29 18:53:36 +00:00
|
|
|
|
shell = pkgs.zsh;
|
2020-10-30 19:32:32 +00:00
|
|
|
|
openssh.authorizedKeys.keyFiles = [ ./data/yubikey_ssh.pub ];
|
2020-10-28 11:44:08 +00:00
|
|
|
|
};
|
2020-10-30 20:53:50 +00:00
|
|
|
|
users.groups.jez = { };
|
2020-11-06 09:41:22 +00:00
|
|
|
|
users.users.elly.isNormalUser = true;
|
2020-10-28 11:44:08 +00:00
|
|
|
|
|
2021-05-24 08:33:02 +00:00
|
|
|
|
# home-manager.users.jez = import ./home/jez/home.nix;
|
2020-11-09 21:26:38 +00:00
|
|
|
|
|
2020-11-03 21:40:56 +00:00
|
|
|
|
environment.shells = with pkgs; [ bashInteractive bash fish zsh ];
|
|
|
|
|
|
|
2020-10-29 18:53:36 +00:00
|
|
|
|
# Networking ###############################################################
|
|
|
|
|
|
networking = {
|
|
|
|
|
|
useDHCP = false;
|
|
|
|
|
|
networkmanager.enable = true;
|
2020-11-03 21:41:10 +00:00
|
|
|
|
firewall = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
allowedTCPPorts = [
|
|
|
|
|
|
22000 # SyncThing
|
|
|
|
|
|
];
|
|
|
|
|
|
allowedUDPPorts = [
|
|
|
|
|
|
21027 # SyncThing
|
|
|
|
|
|
];
|
|
|
|
|
|
};
|
2020-10-29 18:53:36 +00:00
|
|
|
|
};
|
2020-10-28 11:44:08 +00:00
|
|
|
|
|
2020-10-29 18:53:36 +00:00
|
|
|
|
services.avahi = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
nssmdns = true;
|
2020-11-21 15:40:27 +00:00
|
|
|
|
publish = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
addresses = true;
|
|
|
|
|
|
};
|
2020-10-29 18:53:36 +00:00
|
|
|
|
};
|
2020-10-28 11:44:08 +00:00
|
|
|
|
|
2020-10-29 18:53:36 +00:00
|
|
|
|
services.openssh.enable = true;
|
2021-03-09 09:22:50 +00:00
|
|
|
|
programs.mosh.enable = true;
|
2020-12-18 16:30:30 +00:00
|
|
|
|
|
|
|
|
|
|
# Bluetooth ################################################################
|
|
|
|
|
|
hardware.bluetooth = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
package = pkgs.bluezFull;
|
|
|
|
|
|
};
|
|
|
|
|
|
services.blueman.enable = true;
|
2020-10-28 11:44:08 +00:00
|
|
|
|
|
2020-10-29 18:53:36 +00:00
|
|
|
|
# Security #################################################################
|
|
|
|
|
|
security.wrappers = {
|
|
|
|
|
|
ping = {
|
|
|
|
|
|
source = "${pkgs.iputils.out}/bin/ping";
|
|
|
|
|
|
owner = "nobody";
|
|
|
|
|
|
group = "nogroup";
|
|
|
|
|
|
capabilities = "cap_net_raw+ep";
|
|
|
|
|
|
};
|
|
|
|
|
|
};
|
2020-10-28 11:44:08 +00:00
|
|
|
|
|
2020-10-29 18:53:36 +00:00
|
|
|
|
# Localisation #############################################################
|
2020-10-28 11:44:08 +00:00
|
|
|
|
time.timeZone = "Europe/London";
|
2020-10-29 18:53:36 +00:00
|
|
|
|
i18n.defaultLocale = "en_GB.UTF-8";
|
|
|
|
|
|
console = {
|
2020-11-10 08:38:15 +00:00
|
|
|
|
font = "ter-124n";
|
|
|
|
|
|
packages = [ pkgs.terminus_font ];
|
2020-10-29 18:53:36 +00:00
|
|
|
|
keyMap = "us";
|
|
|
|
|
|
};
|
2020-10-28 11:44:08 +00:00
|
|
|
|
|
2020-10-29 18:53:36 +00:00
|
|
|
|
# General ##################################################################
|
2020-10-28 11:44:08 +00:00
|
|
|
|
environment.systemPackages = with pkgs; [
|
2021-04-11 19:59:43 +00:00
|
|
|
|
cachix
|
|
|
|
|
|
|
2020-11-21 15:40:27 +00:00
|
|
|
|
wget
|
|
|
|
|
|
vim
|
|
|
|
|
|
git
|
2021-03-20 22:29:18 +00:00
|
|
|
|
mercurial
|
2020-11-21 15:40:27 +00:00
|
|
|
|
tree
|
|
|
|
|
|
iputils
|
|
|
|
|
|
ripgrep
|
|
|
|
|
|
|
|
|
|
|
|
refind
|
|
|
|
|
|
terminus_font
|
2020-10-28 11:44:08 +00:00
|
|
|
|
];
|
|
|
|
|
|
|
2020-10-29 18:53:36 +00:00
|
|
|
|
documentation = {
|
|
|
|
|
|
man.generateCaches = true;
|
|
|
|
|
|
dev.enable = true;
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
# Desktop environment ####################################################
|
|
|
|
|
|
hardware.opengl.driSupport32Bit = true;
|
|
|
|
|
|
|
|
|
|
|
|
services.xserver = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
layout = "us";
|
|
|
|
|
|
libinput.enable = true;
|
2020-11-03 21:40:56 +00:00
|
|
|
|
displayManager.lightdm = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
greeters.enso.enable = true;
|
|
|
|
|
|
extraSeatDefaults = ''
|
|
|
|
|
|
greeter-hide-users = false
|
2020-11-24 17:59:15 +00:00
|
|
|
|
greeter-show-manual-login = true
|
2020-11-03 21:40:56 +00:00
|
|
|
|
'';
|
|
|
|
|
|
};
|
2021-05-20 11:26:59 +00:00
|
|
|
|
desktopManager.gnome.enable = true;
|
2020-11-21 20:09:23 +00:00
|
|
|
|
displayManager.sessionPackages = let
|
|
|
|
|
|
emacs-caged-desktop =
|
|
|
|
|
|
pkgs.writeTextDir "share/wayland-sessions/emacs-caged.desktop" ''
|
|
|
|
|
|
[Desktop Entry]
|
|
|
|
|
|
Name=Emacs, Caged
|
|
|
|
|
|
Comment=Just emacs, nothing else
|
|
|
|
|
|
Exec=${pkgs.cage}/bin/cage -- ${pkgs.emacs}/bin/emacs
|
|
|
|
|
|
Type=Application
|
|
|
|
|
|
'';
|
|
|
|
|
|
emacs-caged = emacs-caged-desktop.overrideAttrs
|
|
|
|
|
|
(oldattrs: { passthru.providedSessions = [ "emacs-caged" ]; });
|
|
|
|
|
|
in [ emacs-caged ];
|
2020-10-29 18:53:36 +00:00
|
|
|
|
};
|
|
|
|
|
|
programs.sway = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
wrapperFeatures.gtk = true;
|
|
|
|
|
|
};
|
|
|
|
|
|
services.dbus.packages = [ pkgs.gnome3.dconf ];
|
|
|
|
|
|
|
2021-02-08 17:04:36 +00:00
|
|
|
|
xdg.portal = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
extraPortals = [ pkgs.xdg-desktop-portal-wlr ];
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2020-10-29 18:53:36 +00:00
|
|
|
|
services.printing.enable = true;
|
|
|
|
|
|
|
2021-03-04 11:46:56 +00:00
|
|
|
|
services.flatpak.enable = true;
|
|
|
|
|
|
|
2021-02-08 17:04:15 +00:00
|
|
|
|
# Sound ####################################################################
|
2020-10-29 18:53:36 +00:00
|
|
|
|
sound.enable = true;
|
2021-02-08 17:04:15 +00:00
|
|
|
|
hardware.pulseaudio.enable = false;
|
|
|
|
|
|
services.pipewire = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
alsa.enable = true;
|
|
|
|
|
|
pulse.enable = true;
|
|
|
|
|
|
};
|
2021-03-10 17:27:28 +00:00
|
|
|
|
security.rtkit.enable = true;
|
2020-10-29 18:53:36 +00:00
|
|
|
|
|
2020-11-13 17:17:00 +00:00
|
|
|
|
# Fonts ####################################################################
|
|
|
|
|
|
fonts.fonts = with pkgs; [
|
2020-11-21 15:40:27 +00:00
|
|
|
|
iosevka
|
|
|
|
|
|
fira
|
|
|
|
|
|
fira-code
|
|
|
|
|
|
merriweather
|
|
|
|
|
|
gentium
|
|
|
|
|
|
gentium-book-basic
|
|
|
|
|
|
open-sans
|
|
|
|
|
|
joypixels
|
|
|
|
|
|
noto-fonts-emoji
|
|
|
|
|
|
font-awesome
|
2020-11-13 17:17:00 +00:00
|
|
|
|
];
|
|
|
|
|
|
|
2020-11-06 09:41:04 +00:00
|
|
|
|
# Location #################################################################
|
2021-05-07 19:44:03 +00:00
|
|
|
|
location = {
|
|
|
|
|
|
provider = "manual";
|
|
|
|
|
|
# Somewhere roughly in the North of England
|
|
|
|
|
|
latitude = 54.0;
|
|
|
|
|
|
longitude = 1.0;
|
|
|
|
|
|
};
|
2020-11-06 09:41:04 +00:00
|
|
|
|
|
2020-10-29 18:53:36 +00:00
|
|
|
|
# Services #################################################################
|
2020-11-03 21:40:56 +00:00
|
|
|
|
services.accounts-daemon.enable = true;
|
|
|
|
|
|
|
2020-10-29 18:53:36 +00:00
|
|
|
|
services.pcscd = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
plugins = [ pkgs.ccid ]; # Needed for GPG + Yubikey
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
virtualisation.docker.enable = true;
|
|
|
|
|
|
virtualisation.libvirtd.enable = true;
|
2021-02-24 20:42:34 +00:00
|
|
|
|
virtualisation.spiceUSBRedirection.enable = true;
|
2020-10-29 18:53:36 +00:00
|
|
|
|
users.groups.libvirtd.members = [ "jez" ];
|
2020-10-30 13:54:15 +00:00
|
|
|
|
# see https://github.com/xeji/nixpkgs/blob/1894a2ace97cc61cf833f712581d31cf2c650c35/pkgs/development/libraries/spice-gtk/default.nix#L39
|
|
|
|
|
|
security.wrappers.spice-client-glib-usb-acl-helper.source =
|
|
|
|
|
|
"${pkgs.spice_gtk}/bin/spice-client-glib-usb-acl-helper";
|
2020-10-29 18:53:36 +00:00
|
|
|
|
|
|
|
|
|
|
services.netdata.enable = true;
|
2020-10-28 11:44:08 +00:00
|
|
|
|
|
2021-02-24 20:43:01 +00:00
|
|
|
|
# Hardware #################################################################
|
|
|
|
|
|
services.udev.extraRules = ''
|
|
|
|
|
|
# Atmel DFU
|
|
|
|
|
|
### ATmega16U2
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2fef", TAG+="uaccess"
|
|
|
|
|
|
### ATmega32U2
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff0", TAG+="uaccess"
|
|
|
|
|
|
### ATmega16U4
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff3", TAG+="uaccess"
|
|
|
|
|
|
### ATmega32U4
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff4", TAG+="uaccess"
|
|
|
|
|
|
### AT90USB64
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff9", TAG+="uaccess"
|
|
|
|
|
|
### AT90USB128
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ffb", TAG+="uaccess"
|
|
|
|
|
|
|
|
|
|
|
|
# Input Club
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1c11", ATTRS{idProduct}=="b007", TAG+="uaccess"
|
|
|
|
|
|
|
|
|
|
|
|
# STM32duino
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1eaf", ATTRS{idProduct}=="0003", TAG+="uaccess"
|
|
|
|
|
|
# STM32 DFU
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", TAG+="uaccess"
|
|
|
|
|
|
|
|
|
|
|
|
# BootloadHID
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="05df", TAG+="uaccess"
|
|
|
|
|
|
|
|
|
|
|
|
# USBAspLoader
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="05dc", TAG+="uaccess"
|
|
|
|
|
|
|
|
|
|
|
|
# ModemManager should ignore the following devices
|
|
|
|
|
|
# Atmel SAM-BA (Massdrop)
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="6124", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
|
|
|
|
|
|
|
|
|
|
|
|
# Caterina (Pro Micro)
|
|
|
|
|
|
## Spark Fun Electronics
|
|
|
|
|
|
### Pro Micro 3V3/8MHz
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9203", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
|
|
|
|
|
|
### Pro Micro 5V/16MHz
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9205", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
|
|
|
|
|
|
### LilyPad 3V3/8MHz (and some Pro Micro clones)
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9207", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
|
|
|
|
|
|
## Pololu Electronics
|
|
|
|
|
|
### A-Star 32U4
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1ffb", ATTRS{idProduct}=="0101", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
|
|
|
|
|
|
## Arduino SA
|
|
|
|
|
|
### Leonardo
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="0036", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
|
|
|
|
|
|
### Micro
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="0037", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
|
|
|
|
|
|
## Adafruit Industries LLC
|
|
|
|
|
|
### Feather 32U4
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="239a", ATTRS{idProduct}=="000c", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
|
|
|
|
|
|
### ItsyBitsy 32U4 3V3/8MHz
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="239a", ATTRS{idProduct}=="000d", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
|
|
|
|
|
|
### ItsyBitsy 32U4 5V/16MHz
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="239a", ATTRS{idProduct}=="000e", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
|
|
|
|
|
|
## dog hunter AG
|
|
|
|
|
|
### Leonardo
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2a03", ATTRS{idProduct}=="0036", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
|
|
|
|
|
|
### Micro
|
|
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2a03", ATTRS{idProduct}=="0037", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
|
|
|
|
|
|
'';
|
|
|
|
|
|
|
2020-10-28 11:44:08 +00:00
|
|
|
|
}
|
