Cradicle Explorer
my-little-flake
/ hosts / stellar / configuration.nix
configuration.nix
  1  # Edit this configuration file to define what should be installed on
  2  # your system.  Help is available in the configuration.nix(5) man page
  3  # and in the NixOS manual (accessible by running ‘nixos-help’).
  4  {
  5    config,
  6    pkgs,
  7    outputs,
  8    inputs,
  9    ...
 10  }:
 11  {
 12    imports = [
 13      ./hardware-configuration.nix
 14      ./services
 15      ./sops.nix
 16      ./disk-config.nix
 17      ./clevis.nix
 18  
 19      ./../common/users/egor.nix
 20      ./../common/users/root.nix
 21      #./../common/desktop/steam.nix
 22      ./../common/desktop/virtualbox.nix
 23      /*
 24        outputs.nixosModules.gnome
 25         #outputs.nixosModules.kde
 26         outputs.nixosModules.impermanence
 27         #outputs.nixosModules.mullvad
 28         outputs.nixosModules.sound
 29         outputs.nixosModules.steam
 30         outputs.nixosModules.tailscale
 31         outputs.nixosModules.system
 32         outputs.nixosModules.yubikey
 33         outputs.nixosModules.yggdrasil
 34         outputs.nixosModules.ollama
 35      */
 36  
 37      #./odoo-test.nix # add to specializations or flake/shell
 38    ]
 39    ++ (builtins.attrValues outputs.nixosModules);
 40  
 41    modules.gnome = {
 42      enable = true;
 43      autologin = false;
 44    };
 45    modules.ollama = {
 46      enable = true;
 47    };
 48    #modules.kde.enable = true;
 49  
 50    modules.yggdrasil = {
 51      enable = false;
 52      persist = true;
 53    };
 54  
 55    modules.impermanence = {
 56      enable = true;
 57      disk = "nvme";
 58    };
 59    /*
 60         modules.mullvad = {
 61        enable = true;
 62        impermanence = true;
 63      };
 64    */
 65    modules.sound.enable = true;
 66    #modules.steam.enable = true;
 67  
 68    modules.tailscale = {
 69      enable = true;
 70      exit = false;
 71      hostname = "stellar";
 72      impermanence = true;
 73    };
 74  
 75    modules.system = {
 76      hostname = "stellar";
 77      ssh = true;
 78      printing = true;
 79      autoupdate = true;
 80      cleanup = true;
 81      hardening = true;
 82      usbguard = {
 83        enable = false;
 84        sops = true;
 85      };
 86      tpm = true;
 87      btrfs = true; # !!! can be  actually done with config.filesystems... like if btrfs is true then this
 88    };
 89  
 90    modules.yubikey.enable = true;
 91  
 92    programs.direnv.enable = true;
 93  
 94    networking.firewall = {
 95      allowedTCPPorts = [
 96        #11434
 97        #1080
 98        33333
 99      ];
100      #allowedUDPPorts = [
101      #];
102    };
103  
104    # This value determines the NixOS release from which the default
105    # settings for stateful data, like file locations and database versions
106    # on your system were taken. It‘s perfectly fine and recommended to leave
107    # this value at the release version of the first install of this system.
108    # Before changing this value read the documentation for this option
109    # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
110    system.stateVersion = "24.11"; # Did you read the comment?
111  
112    # Bootloader.
113    boot.loader.systemd-boot.enable = true;
114    boot.loader.efi.canTouchEfiVariables = true;
115    services.logrotate.checkConfig = false; # TODO check logrotate
116  
117    home-manager.sharedModules = [
118      inputs.sops-nix.homeManagerModules.sops
119      inputs.plasma-manager.homeModules.plasma-manager
120    ];
121    environment.systemPackages = with pkgs; [
122      xf86_input_wacom
123      opentabletdriver
124      pinta
125  
126      #easyeffects
127      /*
128        fprintd-tod
129         fprintd
130         open-fprintd
131         libfprint-tod
132         libfprint
133         libfprint-2-tod1-goodix-550a
134         libfprint-2-tod1-goodix
135      */
136  
137    ];
138    /*
139      services.udev.packages = [
140        pkgs.android-udev-rules
141      ];
142    */
143    programs.adb.enable = true;
144    users.users.egor.extraGroups = [
145      "adbusers"
146      "podman"
147    ];
148  
149    #systemd.services.nix-daemon.serviceConfig.EnvironmentFile = "/etc/nixos/nix-daemon-environment";
150  
151    /*
152      # Start the driver at boot
153      systemd.services.fprintd = {
154        wantedBy = [ "multi-user.target" ];
155        serviceConfig.Type = "simple";
156      };
157    */
158  
159    /*
160      # Install the driver
161      services.fprintd.enable = true;
162      # If simply enabling fprintd is not enough, try enabling fprintd.tod...
163      services.fprintd.tod.enable = true;
164      # ...and use one of the next four drivers
165      services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix; # Goodix driver module
166      #services.fprintd.tod.driver = pkgs.libfprint-2-tod1-elan; # Elan(04f3:0c4b) driver
167      #services.fprintd.tod.driver = pkgs.libfprint-2-tod1-vfs0090; # driver for 2016 ThinkPads
168      #services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix-550a; # Goodix 550a driver (from Lenovo)
169      security.pam.services.login.fprintAuth = false;
170      security.pam.services.gdm-fingerprint = lib.mkIf (config.services.fprintd.enable) {
171        text = ''
172          auth       required                    pam_shells.so
173          auth       requisite                   pam_nologin.so
174          auth       requisite                   pam_faillock.so      preauth
175          auth       required                    ${pkgs.fprintd}/lib/security/pam_fprintd.so
176          auth       optional                    pam_permit.so
177          auth       required                    pam_env.so
178          auth       [success=ok default=1]      ${pkgs.gdm}/lib/security/pam_gdm.so
179          auth       optional                    ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so
180  
181          account    include                     login
182  
183          password   required                    pam_deny.so
184  
185          session    include                     login
186          session    optional                    ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
187        '';
188      };
189  
190      nixpkgs.config.allowUnfreePredicate =
191        pkg:
192        builtins.elem (lib.getName pkg) [
193          "libfprint-2-tod1-goodix"
194          "libfprint-2-tod1-elan"
195          "libfprint-2-tod1-vfs0090"
196          "libfprint-2-tod1-goodix-550a"
197        ];
198    */
199    boot.extraModulePackages = with config.boot.kernelPackages; [
200      rtl88xxau-aircrack
201    ];
202    # Enable common container config files in /etc/containers
203    virtualisation.containers.enable = true;
204    virtualisation = {
205      podman = {
206        enable = true;
207        # Create a `docker` alias for podman, to use it as a drop-in replacement
208        dockerCompat = true;
209        # Required for containers under podman-compose to be able to talk to each other.
210        defaultNetwork.settings.dns_enabled = true;
211      };
212    };
213    # LAPTOP STUFF - NEW
214    services.logind.settings.Login.HandleLidSwitch = "poweroff";
215    services.logind.settings.Login.HandleLidSwitchExternalPower = "lock";
216    #services.logind.lidSwitchDocked = "ignore";
217    # one of "ignore", "poweroff", "reboot", "halt", "kexec", "suspend", "hibernate", "hybrid-sleep", "suspend-then-hibernate", "lock"
218  
219    powerManagement.enable = true;
220    powerManagement.powertop.enable = true;
221  
222    services.thermald.enable = true;
223  
224    /*
225      system.userActivationScripts = {
226        removeConflictingFiles = {
227          text = ''
228            rm -f /home/egor/.config/mimeapps.list.backup
229          '';
230        };
231      };
232    */
233  
234    /*
235      programs.auto-cpufreq.enable = true;
236      # optionally, you can configure your auto-cpufreq settings, if you have any
237      programs.auto-cpufreq.settings = {
238        charger = {
239          governor = "performance";
240          turbo = "auto";
241        };
242        battery = {
243          governor = "powersave";
244          turbo = "auto";
245        };
246      };
247    */
248  }