mirror of
https://github.com/Jokiller230/puzzlevision.git
synced 2025-05-15 16:09:47 +02:00
96 lines
2.3 KiB
Nix
96 lines
2.3 KiB
Nix
{
|
|
lib,
|
|
pkgs,
|
|
inputs,
|
|
config,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
inputs.hardware.nixosModules.common-pc-laptop
|
|
inputs.hardware.nixosModules.common-cpu-intel
|
|
inputs.hardware.nixosModules.common-pc-laptop-ssd
|
|
];
|
|
|
|
# Configure Sops
|
|
sops.defaultSopsFile = lib.snowfall.fs.get-file "secrets/default.yaml";
|
|
sops.age.keyFile = "/var/lib/sops-nix/key.txt"; # The main AGE key is expected in this location, it is only needed for this system.
|
|
|
|
# Sops keys
|
|
sops.secrets."user/jo/password_hash".neededForUsers = true;
|
|
|
|
# Set hostname
|
|
# Todo: move to common/networking module
|
|
networking.hostName = "puzzlevision";
|
|
|
|
boot = {
|
|
# Configure additional kernel modules.
|
|
extraModulePackages = [
|
|
pkgs.linuxKernel.packages.linux_6_12.rtl8821ce # Use custom network-card driver.
|
|
];
|
|
|
|
blacklistedKernelModules = [
|
|
"rtw88_8821ce" # Block the default network-card driver.
|
|
];
|
|
};
|
|
|
|
# Set timezone.
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
# Enable the power-profiles-daemon service for improved battery management.
|
|
services.power-profiles-daemon.enable = true;
|
|
|
|
# Enable printing.
|
|
services.printing.enable = true;
|
|
|
|
# Enable docker
|
|
virtualisation.docker.enable = true;
|
|
|
|
# Set system configuration
|
|
puzzlevision = {
|
|
archetypes.workstation.enable = true;
|
|
common.kernel.version = "linuxPackages_6_12";
|
|
|
|
security.yubikey = {
|
|
enable = true;
|
|
enable-agent = true;
|
|
};
|
|
};
|
|
|
|
# Enable flatpak support.
|
|
services.flatpak.enable = true;
|
|
|
|
# Set trusted users (Primarily used for cachix)
|
|
nix.settings.trusted-users = [ "root" "jo" ];
|
|
|
|
# Configure additional groups
|
|
users.groups.www-data = {
|
|
gid = 33;
|
|
};
|
|
|
|
# Configure users.
|
|
snowfallorg.users.jo.admin = true;
|
|
users.users.jo.isNormalUser = true;
|
|
users.users.jo.extraGroups = [ "dialout" "docker" "www-data" ];
|
|
users.users.jo.hashedPasswordFile = config.sops.secrets."user/jo/password_hash".path;
|
|
|
|
# Configure home-manager
|
|
home-manager = {
|
|
backupFileExtension = "homeManagerBackup";
|
|
};
|
|
|
|
# Provide users with some sane default packages.
|
|
environment.systemPackages = with pkgs; [
|
|
### General
|
|
nano
|
|
inputs.ghostty.packages.x86_64-linux.default
|
|
vlc
|
|
|
|
## Security
|
|
pinentry-tty
|
|
gnupg
|
|
];
|
|
|
|
system.stateVersion = "23.05";
|
|
}
|