xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nixos-config/machines/calcite/configuration.nix
xinyangli e5ddc316b6
calcite: add spot
2025-03-26 11:22:36 +08:00

466 lines
10 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
config,
pkgs,
lib,
...
}:
let
inherit (lib) mkForce getExe;
inherit (config.my-lib.settings) idpUrl;
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./network.nix
../sops.nix
];
commonSettings = {
# auth.enable = true;
nix = {
signing.enable = true;
};
comin.enable = true;
network.localdns.enable = true;
};
nix.settings.substituters = [
"https://nix-community.cachix.org"
];
nix.settings.trusted-public-keys = [
# Compare to the key published at https://nix-community.org/cache
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
# boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelModules = [
"nvidia"
"nvidia_modeset"
"nvidia_uvm"
];
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest;
boot.supportedFilesystems = [ "ntfs" ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
documentation = {
nixos.enable = false;
man.enable = false;
};
security.tpm2 = {
enable = true;
# expose /run/current-system/sw/lib/libtpm2_pkcs11.so
pkcs11.enable = true;
# TODO: Need this until fapi-config is fixed in NixOS
pkcs11.package = pkgs.tpm2-pkcs11.override { fapiSupport = false; };
# TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
tctiEnvironment.enable = true;
};
# services.gnome.gnome-keyring.enable = lib.mkForce false;
security.pam.services.login.enableGnomeKeyring = lib.mkForce false;
programs.ssh.agentPKCS11Whitelist = "${config.security.tpm2.pkcs11.package}/lib/libtpm_pkcs11.so";
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gtk2;
networking.hostName = "calcite";
services.blueman.enable = true;
programs.steam = {
enable = true;
gamescopeSession = {
enable = true;
};
};
programs.vim.enable = true;
programs.vim.defaultEditor = true;
# Keep this even if enabled in home manager
programs.fish.enable = true;
environment.shells = [ pkgs.fish ];
users.defaultUserShell = pkgs.fish;
# Setup wireguard
# Set your time zone.
time.timeZone = "Asia/Shanghai";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.utf8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "zh_CN.utf8";
LC_IDENTIFICATION = "zh_CN.utf8";
LC_MEASUREMENT = "zh_CN.utf8";
LC_MONETARY = "zh_CN.utf8";
LC_NAME = "zh_CN.utf8";
LC_NUMERIC = "zh_CN.utf8";
LC_PAPER = "zh_CN.utf8";
LC_TELEPHONE = "zh_CN.utf8";
LC_TIME = "en_US.utf8";
};
i18n.inputMethod = {
enable = true;
type = "fcitx5";
fcitx5 = {
addons = [ pkgs.fcitx5-rime ];
waylandFrontend = true;
};
};
# ====== GUI ======
programs.niri.enable = true;
environment.sessionVariables.NIXOS_OZONE_WL = "1";
security.pam.services.gtklock = { }; # Required by gtklock
catppuccin = {
enable = true;
accent = "peach";
flavor = "mocha";
};
xdg.portal = {
enable = true;
extraPortals = [
pkgs.xdg-desktop-portal-gnome
pkgs.xdg-desktop-portal-gtk
];
configPackages = [ pkgs.niri ];
};
systemd.user.services.xdg-desktop-portal-gtk.after = [ "graphical-session.target" ];
systemd.user.services.xdg-desktop-portal-gnome.after = [ "graphical-session.target" ];
systemd.user.services.xdg-desktop-portal-gnome.wantedBy = [ "graphical-session.target" ];
services.greetd =
let
niri-login-config = pkgs.writeText "niri-login-config.kdl" ''
animations {
off
}
hotkey-overlay {
skip-at-startup
}
'';
in
{
enable = true;
vt = 1;
settings = {
default_session = {
command = "${pkgs.dbus}/bin/dbus-run-session -- ${getExe pkgs.niri} -c ${niri-login-config} -- ${getExe pkgs.greetd.gtkgreet} -l -c niri-session -s ${pkgs.magnetic-catppuccin-gtk}/share/themes/Catppuccin-GTK-Dark/gtk-3.0/gtk.css";
};
};
};
# Keyboard mapping on internal keyboard
services.keyd = {
enable = true;
keyboards = {
default = {
ids = [ "*" ];
settings = {
main = {
capslock = "overload(control, esc)";
control = "overload(control, esc)";
};
};
};
"internal" = {
ids = [ "0b05:1866" ];
settings = {
main = {
capslock = "overload(control, esc)";
leftcontrol = "capslock";
};
};
};
"logiM720" = {
ids = [ "046d:b015" ];
settings = {
main = {
mouse2 = "leftmeta";
# leftalt = "mouse1";
};
};
};
};
};
# Enable CUPS to print documents.
services.printing.enable = true;
services.printing.drivers = [
pkgs.hplip
pkgs.gutenprint
pkgs.gutenprintBin
];
hardware.sane = {
enable = true;
extraBackends = [ pkgs.hplipWithPlugin ];
};
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.avahi.enable = true;
services.pipewire = {
enable = true;
wireplumber.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
# Airplay client
raopOpenFirewall = true;
extraConfig.pipewire = {
"10-airplay" = {
"context.modules" = [
{
name = "libpipewire-module-raop-discover";
# increase the buffer size if you get dropouts/glitches
# args = {
# "raop.latency.ms" = 500;
# };
}
];
};
};
};
# Define a user account. Don't forget to set a password with passwd.
users.users.xin = {
isNormalUser = true;
description = "xin";
extraGroups = [
"networkmanager"
"wheel"
"wireshark"
"tss"
"scanner"
];
};
services.kanidm = {
enableClient = true;
clientSettings = {
uri = "https://${idpUrl}";
};
};
# Smart services
services.smartd.enable = true;
# Allow unfree packages
nixpkgs.system = "x86_64-linux";
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1w"
# FIXME: Waiting for https://github.com/NixOS/nixpkgs/pull/335753
"jitsi-meet-1.0.8043"
];
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
imhex
oidc-agent
# Filesystem
(owncloud-client.overrideAttrs (
finalAttrs: previousAttrs: {
src = pkgs.fetchFromGitHub {
owner = "xinyangli";
repo = "client";
rev = "780d1c4c8bf02be42e118c792ff833ab10c2fdcc";
hash = "sha256-pEwcGJI9sN9nooW/RQHmi52Du6yzofgZeB8PcjwPtZ8=";
};
}
))
nfs-utils
# tesseract5 # ocr
ocrmypdf # pdfocr
gtkwave
bubblewrap
# ==== Development ==== #
# Python
# reference: https://nixos.wiki/wiki/Python
(
let
my-python-packages =
python-packages: with python-packages; [
pandas
requests
numpy
pyyaml
setuptools
];
python-with-my-packages = python3.withPackages my-python-packages;
in
python-with-my-packages
)
# ==== GUI Softwares ==== #
eudic
bibata-cursors
gthumb
oculante
# Multimedia
vlc
obs-studio
spotify
spot
# IM
element-desktop
tdesktop
# Password manager
bitwarden
# Browser
chromium
# Writting
zotero
# onlyoffice-bin
# wemeet
wemeet
virt-manager
wineWowPackages.waylandFull
winetricks
];
services.esphome.enable = true;
users.groups.dialout.members = [ "xin" ];
system.stateVersion = "22.05";
system.switch.enable = false;
system.switch.enableNg = true;
sops.secrets = {
"restic/repo_url" = {
owner = "xin";
sopsFile = ./secrets.yaml;
};
"restic/repo_password" = {
owner = "xin";
sopsFile = ./secrets.yaml;
};
"gitea/envfile" = {
owner = "root";
sopsFile = ./secrets.yaml;
};
};
custom.restic = {
enable = true;
paths = [
"/backup/rootfs/var/lib"
"/backup/home"
];
};
# custom.forgejo-actions-runner = {
# enable = false;
# tokenFile = config.sops.secrets."gitea/envfile".path;
# settings = {
# runner.capacity = 2;
# runner.fetch_timeout = "120s";
# runner.fetch_interval = "30s";
# };
# };
#
custom.prometheus = {
exporters.node.enable = true;
};
services.ollama = {
enable = true;
acceleration = "cuda";
};
# MTP support
services.gvfs.enable = true;
services.flatpak.enable = true;
# Fonts
fonts = {
packages = with pkgs; [
nerd-fonts.ubuntu-sans
nerd-fonts.ubuntu
nerd-fonts.fira-code
nerd-fonts.fira-mono
nerd-fonts.jetbrains-mono
nerd-fonts.roboto-mono
noto-fonts
noto-fonts-emoji
liberation_ttf
mplus-outline-fonts.githubRelease
dina-font
proggyfonts
ubuntu_font_family
# Chinese
wqy_microhei
wqy_zenhei
noto-fonts-cjk-sans
noto-fonts-cjk-serif
source-han-sans
source-han-serif
];
fontconfig = {
defaultFonts = {
serif = [
"Source Han Serif SC"
"Ubuntu"
];
sansSerif = [
"Source Han Sans SC"
"Ubuntu"
];
monospace = [
"JetbrainsMono Nerd Font"
"Noto Sans Mono CJK SC"
"Ubuntu"
];
};
};
enableDefaultPackages = true;
};
# Virtualization
virtualisation = {
libvirtd.enable = true;
podman = {
enable = true;
};
docker = {
enable = true;
autoPrune.enable = true;
};
};
services.nixseparatedebuginfod.enable = true;
services.bloop = {
install = true;
extraOptions = [
"-J-Xmx2G"
"-J-XX:MaxInlineLevel=20"
"-J-XX:+UseParallelGC"
];
};
}
Reference in a new issue View git blame Copy permalink