{ config, pkgs, lib, ... }: let myusers = import ../users.nix { inherit pkgs; }; mypkgs = import ../packages.nix { inherit pkgs; }; i3 = import ../modules/software-config/i3.nix { inherit pkgs; }; vimInit = import ../modules/software-config/neovim.nix { inherit pkgs; }; sources = import ../nix/sources.nix { }; keys = import ../keys.nix { inherit lib; }; nixos-hardware = sources.nixos-hardware; temp-probe = pkgs.callPackage ../custom-pkgs/temp-probe.nix { }; desktop-status-bar = pkgs.callPackage ../custom-pkgs/desktop-status-bar.nix { temp-probe = temp-probe; }; pomodoro = pkgs.writers.writeBashBin "pomodoro" '' sleep 1500 ${pkgs.alsa-utils}/bin/aplay ~/Musique/bell.wav & ${pkgs.libnotify}/bin/notify-send "Pomodoro: " "TIME'S UP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"''; in { imports = [ ../modules/core.nix ../modules/core-graphical-computers.nix ../modules/dev-services.nix ../modules/gitea-runner.nix # ../modules/sockburp.nix "${nixos-hardware}/common/pc/ssd/default.nix" "${nixos-hardware}/common/cpu/amd/default.nix" "${nixos-hardware}/common/gpu/amd/default.nix" "${sources.sops-nix}/modules/sops" ./trantor-hardware.nix ]; sops = { defaultSopsFile = ../secrets/trantor.yaml; gnupg.sshKeyPaths = [ ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; secrets = { gitea-token = { mode = "0400"; }; }; }; programs.firefox = { nativeMessagingHosts.ff2mpv = true; }; hardware.nvidia.nvidiaSettings = false; services.xserver = { enable = true; videoDrivers = [ "amdgpu" ]; displayManager = { sddm.enable = true; defaultSession = "plasmawayland"; }; desktopManager = { xterm.enable = false; plasma5.enable = true; }; windowManager.i3 = { enable = true; configFile = builtins.toPath (pkgs.writeText "desktop-i3-config" (i3.desktop-config desktop-status-bar)); }; }; services.usbmuxd.enable = true; services.nscd.enableNsncd = true; hardware.opengl = { enable = true; driSupport = true; }; hardware.rtl-sdr.enable = true; fonts.packages = with pkgs; [ noto-fonts noto-fonts-cjk noto-fonts-emoji liberation_ttf fira-code fira-code-symbols dina-font proggyfonts ]; boot = { initrd.kernelModules = [ "amdgpu" ]; loader.systemd-boot = { enable = true; memtest86.enable = true; }; loader.systemd-boot.configurationLimit = 10; initrd.systemd.enable = true; }; programs.bcc.enable = true; programs.kdeconnect.enable = true; services.printing = { enable = true; drivers = [ pkgs.cups-brother-hll2350dw ]; }; services.openssh= { enable = true; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; PermitRootLogin = "no"; }; }; boot.initrd.systemd.network.wait-online.enable = false; home-manager.users.ninjatrappeur = { home.stateVersion = "18.09"; home.file = { ".config/msmtp/config".source = ../raw-conf-files/email/msmtp; ".notmuch-config".source = ../raw-conf-files/email/notmuch-config; ".config/waybar".source = ../raw-conf-files/waybar-trantor; }; systemd.user = { services = { sync-mail = { Unit = { Description = "Synchronize notmuch mailboxes"; }; Service = { Type = "oneshot"; ExecStart = "${pkgs.ninjatrappeur-pkgs.sync-mail}/bin/sync-mail"; }; }; # multimedia-sshfs-fuse-mount = { # Unit = { # Description = "Home multimedia network share"; # After = [ "network.target" "nss-lookup.target" "graphical-session.target" ]; # }; # Install = { # WantedBy = [ "default.target" ]; # }; # Service = { # Type = "simple"; # ExecStart = ''${pkgs.sshfs}/bin/sshfs -f -oIdentityFile=/home/ninjatrappeur/.ssh/id_ed25519 "sftpUser@home.alternativebit.fr:/" /home/ninjatrappeur/multimedia-sshfs''; # ExecStop = ''${pkgs.fuse}/bin/fusermount -u /home/ninjatrappeur/multimedia-sshfs''; # # Race condition: The service will fail to resolve the DNS name at login. # # We restart it on failure as a workaround. # Restart="on-failure"; # RestartSec="10s"; # }; # }; }; timers = { sync-mail = { Unit = { Description = "Syncs the mailboxes"; }; Timer = { OnBootSec = "3m"; OnUnitActiveSec = "30m"; Unit = "sync-mail.service"; }; Install = { WantedBy = [ "timers.target" ]; }; }; }; }; }; networking = { extraHosts = '' #127.0.0.1 youtube.com youtu.be www.youtube.com 10.25.3.41 gitlab.clearpath.ai gitlab.clearpathrobotics.com 10.25.3.105 hydra.clearpath.ai 10.25.11.150 prod-vm-hydra-02.clearpath.ai #10.25.11.168 prod-vm-hydra-worker-01.clearpath.ai 10.25.3.105 prod-vm-hydra-main-01.clearpath.ai 10.25.3.241 prod-vm-hydra-worker-01.clearpath.ai #10.25.11.167 prod-vm-hydra-worker-02.clearpath.ai 10.25.3.242 prod-vm-hydra-worker-02.clearpath.ai 10.26.3.91 prod-vm-devops-monitoring-01.clearpath.ai devops.clearpath.ai 10.25.0.169 jira.clearpathrobotics.com wiki.clearpathrobotics.com 10.25.3.101 jfrog.clearpathrobotics.com 10.25.0.224 reset.clearpath.ai 10.25.3.191 prod-vm-docker-registry-01.clearpathrobotics.com 10.25.3.191 harbor.clearpathrobotics.com 10.25.3.60 bundles.clearpath.ai 10.25.20.15 vsphere.clearpath.ai # Framework via local VPN 192.168.166.3 framework ''; hosts = { #"127.0.0.1" = [ "www.youtube.com" "youtube.com" "youtu.be" "twitter.com" ]; }; hostName = "trantor"; domain = "alternativebit.fr"; firewall = { enable = false; allowedTCPPorts = [ # Random HTTP stuff 8000 # Patchwork 8008 8989 # Syncthing 22000 # VNC 5900 ]; allowedUDPPorts = [ # Patchwork local discovery 8008 # Syncthing 21027 # Avahi 5353 ]; }; }; services.avahi.enable = true; services.resolved = { enable = false; }; services.emacs = { enable = true; defaultEditor = true; package = pkgs.ninjatrappeur-pkgs.configured-emacs; }; security.pam.loginLimits = [ { domain = "*"; type = "-"; item = "nofile"; value = "9192"; } ]; # services.gnome = { # core-utilities.enable = true; # core-shell.enable = true; # gnome-keyring.enable = true; # }; services.udev.packages = [ pkgs.yubikey-personalization ]; services.pcscd.enable = true; services.syncthing = { user = "ninjatrappeur"; dataDir = "/home/ninjatrappeur/.config/syncthing"; }; users = { groups.nfs.gid = 8; extraUsers.ninjatrappeur = { isNormalUser = true; home = myusers.ninjatrappeur.home; extraGroups = myusers.ninjatrappeur.extraGroups ++ [ "nfs" "libvirtd" "plugdev" ]; shell = myusers.ninjatrappeur.shell; openssh.authorizedKeys.keys = pkgs.lib.attrsets.attrValues keys.ninjatrappeur; }; extraGroups.vboxusers.members = [ "ninjatrappeur" ]; extraUsers.nfs = { isSystemUser = true; uid = 7; group = "nfs"; }; }; services.dbus.packages = [ pkgs.gcr ]; programs.wireshark.enable = true; programs.gnupg.agent = { enable = true; pinentryFlavor = "qt"; }; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; environment.etc."sway/config".source = builtins.toPath (pkgs.writeText "desktop-sway-config" (i3.desktop-config desktop-status-bar)); systemd.network = { enable = true; networks = { "98-nope" = { matchConfig = { Name = "enp*"; }; linkConfig.Unmanaged = true; }; "80-lan" = { matchConfig = { Name = "enp8s0"; }; DHCP = "yes"; networkConfig = { IPv6AcceptRA = true; IPv6PrivacyExtensions = "yes"; }; }; }; }; services.gvfs.enable = true; environment.systemPackages = mypkgs.common ++ mypkgs.dev ++ mypkgs.media ++ mypkgs.graphic-apps ++ [ pomodoro temp-probe (pkgs.wrapOBS { plugins = [ pkgs.obs-studio-plugins.wlrobs ];}) pkgs.virt-manager pkgs.gnome.nautilus pkgs.gnome.eog pkgs.gnome.gvfs pkgs.cambalache pkgs.jmtpfs pkgs.element-desktop pkgs.gpsbabel pkgs.josm pkgs.gnome.polari pkgs.libimobiledevice pkgs.ifuse pkgs.gh pkgs.strawberry pkgs.ninjatrappeur-pkgs.picobak pkgs.ninjatrappeur-pkgs.backup-iphone pkgs.file # KDE pkgs.korganizer pkgs.kalendar pkgs.akonadi pkgs.plasma5Packages.kdepim-runtime pkgs.plasma5Packages.kdepim-addons pkgs.plasma5Packages.akonadi-calendar pkgs.plasma5Packages.akonadi-calendar-tools pkgs.plasma5Packages.akonadi-contacts pkgs.plasma5Packages.akonadi-import-wizard pkgs.plasma5Packages.akonadi-mime pkgs.plasma5Packages.akonadi-notes pkgs.plasma5Packages.akonadi-search pkgs.plasma5Packages.akonadiconsole pkgs.plasma5Packages.akonadiconsole # Rust pkgs.cargo pkgs.rustc pkgs.rust-analyzer pkgs.gcc pkgs.valgrind pkgs.gdb ]; system = { stateVersion = "19.09"; }; nix = { settings = { trusted-users = [ "root" "${myusers.ninjatrappeur.name}" ]; sandbox = "relaxed"; substituters = [ # "http://hydra.clearpath.ai" "https://cache.nixos.org" ]; trusted-public-keys = [ # "hydra.clearpath.ai:VkmY4UV6HIDct2ZwjlvJniEQNZ1C7ZLglQweQpt6vE4=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; experimental-features = [ "flakes" "nix-command" "repl-flake" ]; # substituters = [ # "http://seldon.alternativebit.fr:5555?priority=30" # ]; # Seldon pubkey # trusted-public-keys = [ "binarycache.example.com:GjvB/hNEEYW+Gzlz1zJHxQQpk+EYUUu0WNYxbxhbmzs=" ]; }; nixPath = [ "nixpkgs=${sources.nixpkgs}" "nixos-config=/etc/nixos/configuration.nix" ]; }; virtualisation = { libvirtd = { enable = true; }; podman = { enable = true; extraPackages = [ pkgs.zfs ]; }; }; }