{ config, lib, pkgs, ... }: let definedInPersonalDotNix = lib.mkDefault (throw "Configuration option missing from personal.nix"); in { imports = [ ./nextcloud.nix ./dyndns.nix ./adguard.nix ./mpd.nix ./burp-server.nix ./hedgedoc.nix ./transcode.nix ./development.nix ./bspwm.nix # ./open-pgsql.nix ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.kernelParams = [ "acpi=force" "reboot=bios" ]; boot.initrd.kernelModules = [ "i915" ]; nixpkgs.config.packageOverrides = pkgs: { vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; }; hardware.opengl = { enable = true; extraPackages = with pkgs; [ (if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then vaapiIntel else intel-vaapi-driver) libvdpau-va-gl vaapiVdpau # intel-media-driver ]; }; environment.variables = { VDPAU_DRIVER = "va_gl"; }; hardware.cpu.intel.updateMicrocode = true; networking.hostName = "Rupert"; users.users = { waldi = { isNormalUser = true; extraGroups = [ "audio" ]; shell = pkgs.fish; openssh.authorizedKeys.keys = definedInPersonalDotNix; }; }; users.extraGroups = { pulse-access = { members = [ "waldi" "fruchti" ]; }; music = { members = [ "fruchti" ]; }; }; environment.systemPackages = with pkgs; [ ntfsprogs texlive.combined.scheme-full ncmpcpp ]; services.burp.client = { enable = true; passwordFile = "/secrets/burp_client_passwords/${config.networking.hostName}"; sslKeyPasswordFile = "/secrets/burp_client_ssl_key_password"; }; # Flatpak services.flatpak.enable = true; xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; xdg.portal.enable = true; xdg.portal.config.common.default = "*"; hardware.bluetooth = { enable = true; }; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # List services that you want to enable: # Enable the OpenSSH daemon. services.openssh = { enable = true; settings = { # ForwardX11 = true; PasswordAuthentication = false; }; }; services.avahi.enable = true; networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 22 1935 # RTMP 4971 # BURP ]; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; system.autoUpgrade = { enable = true; allowReboot = true; sendEmail = true; gitPull = true; gitDeploymentKeyFile = "/secrets/ssh_id_gitea_nixos_configuration"; gitUser = "fruchti"; }; # systemd.services.nixos-upgrade.onFailure = lib.mkIf config.system.autoUpgrade.enable [ "status-email@%n.service" ]; services.btrfsScrub = { enable = true; paths = { "/" = { onCalendar = "*-*-* 02:00:00"; }; "/data" = { onCalendar = "Thu *-*-* 02:00:00"; }; }; }; security.acme = { defaults = { email = config.email.adminEmail; }; acceptTerms = true; }; services.udev.extraRules = '' SUBSYSTEM=="video4linux", ATTRS{idProduct}=="0002", ATTRS{idVendor}=="1d6b", SYMLINK+="hdmi_capture" ''; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? }