petrichor
/
boxen
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
boxen/configuration.nix

143 lines
3.8 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
let
local = import ./local.nix { inherit config pkgs lib; };
hostName = local.networking.hostName;
host-config = ./machines + "/${hostName}.nix";
optionalPath = path: lib.lists.optional (builtins.pathExists path) path;
in
{
imports =
[
<home-manager/nixos>
./hardware-configuration.nix
./local.nix
]
++ optionalPath host-config;
system.stateVersion = "20.03"; # Leave this alone (see configuration.nix(5))
nixpkgs.config.allowUnfree = true;
# Users ####################################################################
users.users.jez = {
isNormalUser = true;
group = "jez";
extraGroups = [ "wheel" "video" ];
shell = pkgs.zsh;
openssh.authorizedKeys.keyFiles = [ ./data/yubikey_ssh.pub ];
};
users.groups.jez = { };
users.users.elly.isNormalUser = true;
home-manager.users.jez = import ./home/jez/home.nix;
environment.shells = with pkgs; [ bashInteractive bash fish zsh ];
# Networking ###############################################################
networking = {
useDHCP = false;
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [
22000 # SyncThing
];
allowedUDPPorts = [
21027 # SyncThing
];
};
};
services.avahi = {
enable = true;
nssmdns = true;
publish = { enable = true; addresses = true; };
};
services.openssh.enable = true;
# Security #################################################################
security.wrappers = {
ping = {
source = "${pkgs.iputils.out}/bin/ping";
owner = "nobody";
group = "nogroup";
capabilities = "cap_net_raw+ep";
};
};
# Localisation #############################################################
time.timeZone = "Europe/London";
i18n.defaultLocale = "en_GB.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
# General ##################################################################
environment.systemPackages = with pkgs; [
wget vim git tree iputils
refind
];
documentation = {
man.generateCaches = true;
dev.enable = true;
};
# Desktop environment ####################################################
hardware.opengl.driSupport32Bit = true;
services.xserver = {
enable = true;
layout = "us";
libinput.enable = true;
displayManager.lightdm = {
enable = true;
greeters.enso.enable = true;
extraSeatDefaults = ''
greeter-hide-users = false
'';
};
desktopManager.gnome3.enable = true;
};
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
services.dbus.packages = [ pkgs.gnome3.dconf ];
services.printing.enable = true;
sound.enable = true;
hardware.pulseaudio.enable = true;
# Location #################################################################
location.provider = "geoclue2";
services.geoclue2.enable = true;
# Services #################################################################
services.accounts-daemon.enable = true;
services.pcscd = {
enable = true;
plugins = [ pkgs.ccid ]; # Needed for GPG + Yubikey
};
virtualisation.docker.enable = true;
virtualisation.libvirtd.enable = true;
users.groups.libvirtd.members = [ "jez" ];
# see https://github.com/xeji/nixpkgs/blob/1894a2ace97cc61cf833f712581d31cf2c650c35/pkgs/development/libraries/spice-gtk/default.nix#L39
security.wrappers.spice-client-glib-usb-acl-helper.source =
"${pkgs.spice_gtk}/bin/spice-client-glib-usb-acl-helper";
services.netdata.enable = true;
}
Reference in New Issue View Git Blame Copy Permalink