2024-08-02 14:09:42 +02:00
|
|
|
{
|
|
|
|
|
lib,
|
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
modulesPath,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
|
|
|
|
|
{
|
2024-10-19 11:06:43 +02:00
|
|
|
imports = [
|
|
|
|
|
(modulesPath + "/installer/scan/not-detected.nix")
|
|
|
|
|
./woodpecker.nix
|
|
|
|
|
];
|
2024-08-02 14:09:42 +02:00
|
|
|
|
|
|
|
|
boot = {
|
2024-09-03 10:39:59 +02:00
|
|
|
extraModulePackages = with config.boot.kernelPackages; [
|
|
|
|
|
nct6687d
|
|
|
|
|
v4l2loopback
|
|
|
|
|
];
|
2024-08-02 14:09:42 +02:00
|
|
|
initrd.availableKernelModules = [
|
|
|
|
|
"xhci_pci"
|
|
|
|
|
"ahci"
|
|
|
|
|
"nct6687"
|
|
|
|
|
"nvme"
|
|
|
|
|
"firewire_ohci"
|
|
|
|
|
"usbhid"
|
|
|
|
|
"usb_storage"
|
|
|
|
|
"sd_mod"
|
|
|
|
|
];
|
|
|
|
|
initrd.kernelModules = [ "nct6687" ];
|
|
|
|
|
kernelModules = [
|
|
|
|
|
"nct6687"
|
|
|
|
|
"kvm-intel"
|
|
|
|
|
];
|
|
|
|
|
extraModprobeConfig = ''
|
|
|
|
|
options nct6687 force=1
|
2024-09-03 10:39:59 +02:00
|
|
|
options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
|
2024-08-02 14:09:42 +02:00
|
|
|
'';
|
|
|
|
|
kernelParams = [ "mitigations=off" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileSystems."/" = {
|
|
|
|
|
device = "/dev/disk/by-uuid/b9514f88-1c83-4596-999f-7e3640db6a86";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [
|
|
|
|
|
"subvol=@"
|
|
|
|
|
"noatime"
|
|
|
|
|
"nodiratime"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileSystems."/home" = {
|
|
|
|
|
device = "/dev/disk/by-uuid/b9514f88-1c83-4596-999f-7e3640db6a86";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [
|
|
|
|
|
"subvol=@home"
|
|
|
|
|
"noatime"
|
|
|
|
|
"nodiratime"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileSystems."/boot" = {
|
|
|
|
|
device = "/dev/disk/by-uuid/2670-0FCA";
|
|
|
|
|
fsType = "vfat";
|
|
|
|
|
options = [
|
|
|
|
|
"fmask=0022"
|
|
|
|
|
"dmask=0022"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
|
|
|
hardware.graphics = {
|
|
|
|
|
enable = true;
|
|
|
|
|
extraPackages = with pkgs; [
|
|
|
|
|
vpl-gpu-rt
|
|
|
|
|
intel-media-driver
|
|
|
|
|
vaapiVdpau
|
|
|
|
|
libvdpau-va-gl
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
2024-08-14 21:14:06 +02:00
|
|
|
hardware.enableAllFirmware = true;
|
|
|
|
|
|
2024-08-02 14:09:42 +02:00
|
|
|
swapDevices = [ ];
|
|
|
|
|
|
|
|
|
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
|
hostName = "nemo"; # Define your hostname.
|
2024-12-10 15:30:04 +01:00
|
|
|
domain = "aarn.patagia.net";
|
2024-08-02 14:09:42 +02:00
|
|
|
nameservers = [
|
|
|
|
|
"10.1.100.11"
|
|
|
|
|
"10.1.100.12"
|
|
|
|
|
"10.1.100.13"
|
|
|
|
|
];
|
2024-08-15 22:36:19 +02:00
|
|
|
firewall.enable = false;
|
2024-09-30 09:29:52 +02:00
|
|
|
|
2024-08-02 14:09:42 +02:00
|
|
|
networkmanager.enable = false;
|
|
|
|
|
useDHCP = false;
|
2024-08-19 09:37:43 +02:00
|
|
|
|
2024-08-02 14:09:42 +02:00
|
|
|
wireless.iwd = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings = {
|
|
|
|
|
DriverQuirks.PowerSaveDisable = "*";
|
|
|
|
|
Network = {
|
|
|
|
|
EnableIPv6 = false;
|
|
|
|
|
NameResolvingService = "systemd";
|
|
|
|
|
};
|
|
|
|
|
Settings = {
|
|
|
|
|
AutoConnect = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-08-15 22:36:19 +02:00
|
|
|
services.nscd.enableNsncd = false;
|
2024-08-02 14:09:42 +02:00
|
|
|
|
|
|
|
|
systemd.network.enable = true;
|
|
|
|
|
systemd.network.networks."10-wifi" = {
|
2024-08-14 21:14:06 +02:00
|
|
|
matchConfig.Name = "wlan1";
|
2024-08-14 11:48:40 +02:00
|
|
|
address = [ "10.1.100.20/22" ];
|
2024-08-02 14:09:42 +02:00
|
|
|
gateway = [ "10.1.100.1" ];
|
|
|
|
|
linkConfig.RequiredForOnline = "routable";
|
|
|
|
|
};
|
|
|
|
|
|
2024-08-15 22:36:19 +02:00
|
|
|
# FIXME: pam_rssh is broken from rust 1.80 upgrade
|
2025-01-05 23:44:22 +01:00
|
|
|
security = {
|
|
|
|
|
pam.services.doas =
|
|
|
|
|
{ config, ... }:
|
|
|
|
|
{
|
|
|
|
|
rules.auth.rssh = {
|
|
|
|
|
order = config.rules.auth.ssh_agent_auth.order - 1;
|
|
|
|
|
control = "sufficient";
|
|
|
|
|
modulePath = "${pkgs.pam_rssh}/lib/libpam_rssh.so";
|
|
|
|
|
settings.authorized_keys_command = pkgs.writeShellScript "get-authorized-keys" ''
|
|
|
|
|
cat "/etc/ssh/authorized_keys.d/$1"
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-08-02 14:09:42 +02:00
|
|
|
|
|
|
|
|
services.resolved = {
|
|
|
|
|
enable = true;
|
2024-08-15 22:36:19 +02:00
|
|
|
domains = [
|
2024-12-10 15:30:04 +01:00
|
|
|
"patagia.net"
|
|
|
|
|
"aarn.patagia.net"
|
2024-08-15 22:36:19 +02:00
|
|
|
];
|
|
|
|
|
llmnr = "false";
|
2024-08-02 14:09:42 +02:00
|
|
|
fallbackDns = [ "9.9.9.9" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings = {
|
|
|
|
|
PasswordAuthentication = false;
|
|
|
|
|
PermitRootLogin = "no";
|
|
|
|
|
StreamLocalBindUnlink = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-09-02 14:43:17 +02:00
|
|
|
patagia = {
|
2024-08-02 14:09:42 +02:00
|
|
|
desktop.enable = true;
|
|
|
|
|
plymouth.enable = true;
|
|
|
|
|
podman.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
ffado
|
2024-09-02 14:43:17 +02:00
|
|
|
libcamera
|
2024-08-02 14:09:42 +02:00
|
|
|
lm_sensors
|
2025-01-05 23:44:22 +01:00
|
|
|
pam_rssh
|
2024-08-02 14:09:42 +02:00
|
|
|
openconnect
|
2025-01-15 14:54:28 +01:00
|
|
|
tpm2-tools
|
2024-09-03 10:39:59 +02:00
|
|
|
v4l-utils
|
2024-08-02 14:09:42 +02:00
|
|
|
];
|
|
|
|
|
|
2025-01-08 18:58:16 +01:00
|
|
|
environment.variables = {
|
|
|
|
|
OTEL_EXPORTER_OTLP_ENDPOINT = "https://otel.aarn.patagia.net";
|
|
|
|
|
};
|
|
|
|
|
|
2025-01-15 14:54:28 +01:00
|
|
|
security.tpm2 = {
|
|
|
|
|
enable = true;
|
|
|
|
|
pkcs11.enable = true;
|
|
|
|
|
tctiEnvironment.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
2024-08-02 14:09:42 +02:00
|
|
|
users.users.dln = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
description = "Daniel Lundin";
|
2025-01-15 14:54:28 +01:00
|
|
|
extraGroups = [
|
|
|
|
|
"tss"
|
|
|
|
|
"wheel"
|
|
|
|
|
];
|
2024-08-02 14:09:42 +02:00
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIHMAEZx02kbHrEygyPQYStiXlrIe6EIqBCv7anIkL0pAAAABHNzaDo= dln@dinky"
|
|
|
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJNOBFoU7Cdsgi4KpYRcv7EhR/8kD4DYjEZnwk6urRx7AAAABHNzaDo= dln@nemo"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
users.users.lsjostro = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
description = "Lars Sjöström";
|
2025-01-15 14:54:28 +01:00
|
|
|
extraGroups = [
|
|
|
|
|
"tss"
|
|
|
|
|
"wheel"
|
|
|
|
|
];
|
2024-08-02 14:09:42 +02:00
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBJ10mLOpInoqDaySyrxbzvcOrJfLw48Y6eWHa9501lw+hEEBXya3ib7nlvpCqEQJ8aPU5fVRqpkOW5zSimCiRbwAAAAEc3NoOg=="
|
|
|
|
|
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBLpoKvsZDIQQLfgzJhe1jAQubBNxjydkj8UfdUPaSXqgfB02OypMOC1m5ZuJYcQIxox0I+4Z8xstFhYP6s8zKZwAAAAEc3NoOg=="
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
2024-08-09 19:17:04 +02:00
|
|
|
users.users.nixremote = {
|
|
|
|
|
name = "nixremote";
|
|
|
|
|
isSystemUser = true;
|
|
|
|
|
shell = pkgs.bashInteractive;
|
|
|
|
|
group = "nixremote";
|
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJjhHem/l3p/79Rqo3Wtk9ksxmt7Q/pkRdnXiNzP4Cf"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
users.groups.nixremote = { };
|
|
|
|
|
|
2025-01-05 23:44:22 +01:00
|
|
|
nix.sshServe.enable = true;
|
|
|
|
|
nix.sshServe.keys = [
|
|
|
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIHMAEZx02kbHrEygyPQYStiXlrIe6EIqBCv7anIkL0pAAAABHNzaDo= dln@dinky"
|
|
|
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJNOBFoU7Cdsgi4KpYRcv7EhR/8kD4DYjEZnwk6urRx7AAAABHNzaDo= dln@nemo"
|
|
|
|
|
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBJ10mLOpInoqDaySyrxbzvcOrJfLw48Y6eWHa9501lw+hEEBXya3ib7nlvpCqEQJ8aPU5fVRqpkOW5zSimCiRbwAAAAEc3NoOg=="
|
|
|
|
|
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBLpoKvsZDIQQLfgzJhe1jAQubBNxjydkj8UfdUPaSXqgfB02OypMOC1m5ZuJYcQIxox0I+4Z8xstFhYP6s8zKZwAAAAEc3NoOg=="
|
|
|
|
|
];
|
|
|
|
|
|
2024-08-09 19:17:04 +02:00
|
|
|
nix.settings.trusted-users = [
|
|
|
|
|
"dln"
|
|
|
|
|
"lsjostro"
|
|
|
|
|
"nixremote"
|
|
|
|
|
];
|
|
|
|
|
|
2024-12-11 20:15:15 +01:00
|
|
|
system.stateVersion = "24.11"; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
2024-08-02 14:09:42 +02:00
|
|
|
}
|
