395 lines
10 KiB
Nix
395 lines
10 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
let
|
|
myusers = import ../users.nix { inherit pkgs; };
|
|
mypkgs = import ../packages.nix { inherit pkgs; };
|
|
i3 = import ../modules/software-config/i3.nix { inherit pkgs; };
|
|
vimInit = import ../modules/software-config/neovim.nix { inherit pkgs; };
|
|
sources = import ../nix/sources.nix { };
|
|
keys = import ../keys.nix { inherit lib; };
|
|
|
|
nixos-hardware = sources.nixos-hardware;
|
|
temp-probe = pkgs.callPackage ../custom-pkgs/temp-probe.nix { };
|
|
desktop-status-bar = pkgs.callPackage ../custom-pkgs/desktop-status-bar.nix {
|
|
temp-probe = temp-probe;
|
|
};
|
|
pomodoro = pkgs.writers.writeBashBin "pomodoro" ''
|
|
sleep 1500
|
|
${pkgs.alsa-utils}/bin/aplay ~/Musique/bell.wav &
|
|
${pkgs.libnotify}/bin/notify-send "Pomodoro: " "TIME'S UP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"'';
|
|
|
|
in {
|
|
imports = [
|
|
../modules/core.nix
|
|
../modules/core-graphical-computers.nix
|
|
../modules/dev-services.nix
|
|
../modules/gitea-runner.nix
|
|
# ../modules/sockburp.nix
|
|
"${nixos-hardware}/common/pc/ssd/default.nix"
|
|
"${nixos-hardware}/common/cpu/amd/default.nix"
|
|
"${nixos-hardware}/common/gpu/amd/default.nix"
|
|
"${sources.sops-nix}/modules/sops"
|
|
./trantor-hardware.nix
|
|
];
|
|
|
|
sops = {
|
|
defaultSopsFile = ../secrets/trantor.yaml;
|
|
gnupg.sshKeyPaths = [ ];
|
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
secrets = {
|
|
gitea-token = {
|
|
mode = "0400";
|
|
};
|
|
};
|
|
};
|
|
|
|
programs.firefox = {
|
|
nativeMessagingHosts.ff2mpv = true;
|
|
};
|
|
|
|
hardware.nvidia.nvidiaSettings = false;
|
|
services.xserver = {
|
|
enable = true;
|
|
videoDrivers = [ "amdgpu" ];
|
|
displayManager = {
|
|
sddm.enable = true;
|
|
defaultSession = "plasmawayland";
|
|
};
|
|
desktopManager = {
|
|
xterm.enable = false;
|
|
plasma5.enable = true;
|
|
};
|
|
windowManager.i3 = {
|
|
enable = true;
|
|
configFile = builtins.toPath (pkgs.writeText "desktop-i3-config" (i3.desktop-config desktop-status-bar));
|
|
};
|
|
};
|
|
|
|
services.usbmuxd.enable = true;
|
|
services.nscd.enableNsncd = true;
|
|
|
|
hardware.opengl = {
|
|
enable = true;
|
|
driSupport = true;
|
|
};
|
|
|
|
hardware.rtl-sdr.enable = true;
|
|
|
|
fonts.packages = with pkgs; [
|
|
|
|
noto-fonts
|
|
noto-fonts-cjk
|
|
noto-fonts-emoji
|
|
liberation_ttf
|
|
fira-code
|
|
fira-code-symbols
|
|
dina-font
|
|
proggyfonts
|
|
];
|
|
|
|
boot = {
|
|
initrd.kernelModules = [ "amdgpu" ];
|
|
loader.systemd-boot = {
|
|
enable = true;
|
|
memtest86.enable = true;
|
|
};
|
|
loader.systemd-boot.configurationLimit = 10;
|
|
initrd.systemd.enable = true;
|
|
};
|
|
|
|
programs.bcc.enable = true;
|
|
programs.kdeconnect.enable = true;
|
|
|
|
services.printing = {
|
|
enable = true;
|
|
drivers = [ pkgs.cups-brother-hll2350dw ];
|
|
};
|
|
|
|
services.openssh= {
|
|
enable = true;
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
PermitRootLogin = "no";
|
|
};
|
|
};
|
|
|
|
boot.initrd.systemd.network.wait-online.enable = false;
|
|
home-manager.users.ninjatrappeur = {
|
|
home.stateVersion = "18.09";
|
|
|
|
home.file = {
|
|
".config/msmtp/config".source = ../raw-conf-files/email/msmtp;
|
|
".notmuch-config".source = ../raw-conf-files/email/notmuch-config;
|
|
".config/waybar".source = ../raw-conf-files/waybar-trantor;
|
|
};
|
|
systemd.user = {
|
|
services = {
|
|
sync-mail = {
|
|
Unit = { Description = "Synchronize notmuch mailboxes"; };
|
|
Service = {
|
|
Type = "oneshot";
|
|
ExecStart = "${pkgs.ninjatrappeur-pkgs.sync-mail}/bin/sync-mail";
|
|
};
|
|
};
|
|
# multimedia-sshfs-fuse-mount = {
|
|
# Unit = {
|
|
# Description = "Home multimedia network share";
|
|
# After = [ "network.target" "nss-lookup.target" "graphical-session.target" ];
|
|
# };
|
|
# Install = {
|
|
# WantedBy = [ "default.target" ];
|
|
# };
|
|
# Service = {
|
|
# Type = "simple";
|
|
# ExecStart = ''${pkgs.sshfs}/bin/sshfs -f -oIdentityFile=/home/ninjatrappeur/.ssh/id_ed25519 "sftpUser@home.alternativebit.fr:/" /home/ninjatrappeur/multimedia-sshfs'';
|
|
# ExecStop = ''${pkgs.fuse}/bin/fusermount -u /home/ninjatrappeur/multimedia-sshfs'';
|
|
# # Race condition: The service will fail to resolve the DNS name at login.
|
|
# # We restart it on failure as a workaround.
|
|
# Restart="on-failure";
|
|
# RestartSec="10s";
|
|
# };
|
|
# };
|
|
};
|
|
timers = {
|
|
sync-mail = {
|
|
Unit = { Description = "Syncs the mailboxes"; };
|
|
Timer = {
|
|
OnBootSec = "3m";
|
|
OnUnitActiveSec = "30m";
|
|
Unit = "sync-mail.service";
|
|
};
|
|
Install = { WantedBy = [ "timers.target" ]; };
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
extraHosts = ''
|
|
#127.0.0.1 youtube.com youtu.be www.youtube.com
|
|
10.25.3.41 gitlab.clearpath.ai gitlab.clearpathrobotics.com
|
|
10.25.3.105 hydra.clearpath.ai
|
|
10.25.11.150 prod-vm-hydra-02.clearpath.ai
|
|
#10.25.11.168 prod-vm-hydra-worker-01.clearpath.ai
|
|
10.25.3.105 prod-vm-hydra-main-01.clearpath.ai
|
|
10.25.3.241 prod-vm-hydra-worker-01.clearpath.ai
|
|
#10.25.11.167 prod-vm-hydra-worker-02.clearpath.ai
|
|
10.25.3.242 prod-vm-hydra-worker-02.clearpath.ai
|
|
10.26.3.91 prod-vm-devops-monitoring-01.clearpath.ai devops.clearpath.ai
|
|
10.25.0.169 jira.clearpathrobotics.com wiki.clearpathrobotics.com
|
|
10.25.3.101 jfrog.clearpathrobotics.com
|
|
10.25.0.224 reset.clearpath.ai
|
|
10.25.3.191 prod-vm-docker-registry-01.clearpathrobotics.com
|
|
10.25.3.191 harbor.clearpathrobotics.com
|
|
10.25.3.60 bundles.clearpath.ai
|
|
10.25.20.15 vsphere.clearpath.ai
|
|
|
|
# Framework via local VPN
|
|
192.168.166.3 framework
|
|
|
|
'';
|
|
hosts = {
|
|
#"127.0.0.1" = [ "www.youtube.com" "youtube.com" "youtu.be" "twitter.com" ];
|
|
};
|
|
hostName = "trantor";
|
|
domain = "alternativebit.fr";
|
|
|
|
firewall = {
|
|
enable = false;
|
|
allowedTCPPorts = [
|
|
# Random HTTP stuff
|
|
8000
|
|
# Patchwork
|
|
8008
|
|
8989
|
|
# Syncthing
|
|
22000
|
|
# VNC
|
|
5900
|
|
];
|
|
allowedUDPPorts = [
|
|
# Patchwork local discovery
|
|
8008
|
|
# Syncthing
|
|
21027
|
|
# Avahi
|
|
5353
|
|
];
|
|
};
|
|
};
|
|
|
|
services.avahi.enable = true;
|
|
|
|
services.resolved = { enable = false; };
|
|
|
|
services.emacs = {
|
|
enable = true;
|
|
defaultEditor = true;
|
|
package = pkgs.ninjatrappeur-pkgs.configured-emacs;
|
|
};
|
|
|
|
security.pam.loginLimits = [
|
|
{
|
|
domain = "*";
|
|
type = "-";
|
|
item = "nofile";
|
|
value = "9192";
|
|
}
|
|
];
|
|
# services.gnome = {
|
|
# core-utilities.enable = true;
|
|
# core-shell.enable = true;
|
|
# gnome-keyring.enable = true;
|
|
# };
|
|
|
|
services.udev.packages = [ pkgs.yubikey-personalization ];
|
|
services.pcscd.enable = true;
|
|
services.syncthing = {
|
|
user = "ninjatrappeur";
|
|
dataDir = "/home/ninjatrappeur/.config/syncthing";
|
|
};
|
|
|
|
users = {
|
|
groups.nfs.gid = 8;
|
|
extraUsers.ninjatrappeur = {
|
|
isNormalUser = true;
|
|
home = myusers.ninjatrappeur.home;
|
|
extraGroups = myusers.ninjatrappeur.extraGroups ++ [ "nfs" "libvirtd" "plugdev" ];
|
|
shell = myusers.ninjatrappeur.shell;
|
|
openssh.authorizedKeys.keys = pkgs.lib.attrsets.attrValues keys.ninjatrappeur;
|
|
};
|
|
extraGroups.vboxusers.members = [ "ninjatrappeur" ];
|
|
extraUsers.nfs = {
|
|
isSystemUser = true;
|
|
uid = 7;
|
|
group = "nfs";
|
|
};
|
|
};
|
|
|
|
services.dbus.packages = [ pkgs.gcr ];
|
|
programs.wireshark.enable = true;
|
|
programs.gnupg.agent = {
|
|
enable = true;
|
|
pinentryFlavor = "qt";
|
|
};
|
|
|
|
services.pipewire = {
|
|
enable = true;
|
|
alsa.enable = true;
|
|
alsa.support32Bit = true;
|
|
pulse.enable = true;
|
|
};
|
|
|
|
environment.etc."sway/config".source = builtins.toPath
|
|
(pkgs.writeText "desktop-sway-config"
|
|
(i3.desktop-config desktop-status-bar));
|
|
|
|
systemd.network = {
|
|
enable = true;
|
|
networks = {
|
|
"98-nope" = {
|
|
matchConfig = { Name = "enp*"; };
|
|
linkConfig.Unmanaged = true;
|
|
};
|
|
"80-lan" = {
|
|
matchConfig = { Name = "enp8s0"; };
|
|
DHCP = "yes";
|
|
networkConfig = {
|
|
IPv6AcceptRA = true;
|
|
IPv6PrivacyExtensions = "yes";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
services.gvfs.enable = true;
|
|
|
|
environment.systemPackages = mypkgs.common ++ mypkgs.dev ++ mypkgs.media
|
|
++ mypkgs.graphic-apps ++ [
|
|
pomodoro
|
|
temp-probe
|
|
(pkgs.wrapOBS { plugins = [ pkgs.obs-studio-plugins.wlrobs ];})
|
|
pkgs.virt-manager
|
|
pkgs.gnome.nautilus
|
|
pkgs.gnome.eog
|
|
pkgs.gnome.gvfs
|
|
pkgs.cambalache
|
|
pkgs.jmtpfs
|
|
pkgs.element-desktop
|
|
pkgs.gpsbabel
|
|
pkgs.josm
|
|
pkgs.gnome.polari
|
|
pkgs.libimobiledevice
|
|
pkgs.ifuse
|
|
pkgs.gh
|
|
pkgs.strawberry
|
|
pkgs.ninjatrappeur-pkgs.picobak
|
|
pkgs.ninjatrappeur-pkgs.backup-iphone
|
|
pkgs.file
|
|
|
|
# KDE
|
|
pkgs.korganizer
|
|
pkgs.kalendar
|
|
pkgs.akonadi
|
|
pkgs.plasma5Packages.kdepim-runtime
|
|
pkgs.plasma5Packages.kdepim-addons
|
|
pkgs.plasma5Packages.akonadi-calendar
|
|
pkgs.plasma5Packages.akonadi-calendar-tools
|
|
pkgs.plasma5Packages.akonadi-contacts
|
|
pkgs.plasma5Packages.akonadi-import-wizard
|
|
pkgs.plasma5Packages.akonadi-mime
|
|
pkgs.plasma5Packages.akonadi-notes
|
|
pkgs.plasma5Packages.akonadi-search
|
|
pkgs.plasma5Packages.akonadiconsole
|
|
pkgs.plasma5Packages.akonadiconsole
|
|
|
|
# Rust
|
|
pkgs.cargo
|
|
pkgs.rustc
|
|
pkgs.rust-analyzer
|
|
pkgs.gcc
|
|
pkgs.valgrind
|
|
pkgs.gdb
|
|
];
|
|
|
|
|
|
system = { stateVersion = "19.09"; };
|
|
|
|
nix = {
|
|
settings = {
|
|
trusted-users = [ "root" "${myusers.ninjatrappeur.name}" ];
|
|
sandbox = "relaxed";
|
|
substituters = [
|
|
# "http://hydra.clearpath.ai"
|
|
"https://cache.nixos.org"
|
|
];
|
|
trusted-public-keys = [
|
|
# "hydra.clearpath.ai:VkmY4UV6HIDct2ZwjlvJniEQNZ1C7ZLglQweQpt6vE4="
|
|
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
|
];
|
|
experimental-features = [
|
|
"flakes"
|
|
"nix-command"
|
|
"repl-flake"
|
|
];
|
|
# substituters = [
|
|
# "http://seldon.alternativebit.fr:5555?priority=30"
|
|
# ];
|
|
# Seldon pubkey
|
|
# trusted-public-keys = [ "binarycache.example.com:GjvB/hNEEYW+Gzlz1zJHxQQpk+EYUUu0WNYxbxhbmzs=" ];
|
|
};
|
|
nixPath = [
|
|
"nixpkgs=${sources.nixpkgs}"
|
|
"nixos-config=/etc/nixos/configuration.nix"
|
|
];
|
|
};
|
|
|
|
virtualisation = {
|
|
libvirtd = { enable = true; };
|
|
podman = {
|
|
enable = true;
|
|
extraPackages = [ pkgs.zfs ];
|
|
};
|
|
};
|
|
}
|