{ config, lib, pkgs, ... }: { imports = [ ./development.nix ./xfce.nix ./x270.nix ./scanner.nix ./printer.nix # ./clamav.nix ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; console.keyMap = "de"; services.xserver.xkb.layout = "de-x270"; i18n.defaultLocale = "de_DE.UTF-8"; networking.hostName = "Disco"; networking.networkmanager.enable = true; services.avahi.enable = true; networking.firewall.allowedTCPPorts = [ 22 ]; programs.gnupg.agent = { enable = true; # enableSSHSupport = true; }; environment.systemPackages = with pkgs; [ ntfsprogs direnv nix-direnv tmux zellij helix picocom wget texlive.combined.scheme-full xsel rsync ranger nnn w3m hexyl git gnupg ripgrep fd ncdu rink htop ncmpcpp usbutils # lsusb etc. file exiftool binwalk shellcheck wine wineWowPackages.stable winePackages.fonts pavucontrol xsensors kitty kitty-themes firefox ungoogled-chromium thunderbird zathura inkscape vlc mpv a52dec gthumb gimp darktable tenacity openscad freecad solvespace dune3d vscodium marktext tor-browser-bundle-bin libreoffice-fresh tdesktop horizon-eda kicad-small cura pulseview nextcloud-client ]; programs.evolution = { enable = true; plugins = [ pkgs.evolution-ews ]; }; system.extraDependencies = with pkgs; [ # For various development environments gcc-arm-embedded gnumake ]; services.burp.client = { enable = true; server = "rupert"; includes = [ "/etc/nixos" "/home" ]; passwordFile = "/secrets/burp_client_password"; sslKeyPasswordFile = "/secrets/burp_ssl_key_password"; encryptionPasswordFile = "/secrets/burp_encryption_password"; extraConfig = '' working_dir_recovery_method = resume max_resume_attempts = 5 exclude_regex = /home/.*/\.cache exclude_regex = /home/.*/\.mozilla exclude_regex = /home/.*/\.local exclude_regex = /home/.*/\.cargo exclude_regex = /home/.*/\.texlive.* exclude_regex = /home/.*/\.vscode.* exclude_regex = sync_[0-9a-f]+\.db ''; }; programs.steam = { enable = true; remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; localNetworkGameTransfers.openFirewall = true; }; nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "steam" "steam-original" "steam-runtime" "steam-run" "steam-unwrapped" ]; fileSystems."/windows" = { device = "/dev/disk/by-uuid/C61C2B5E1C2B492F"; fsType = "ntfs"; options = [ "defaults" "gid=1010" "umask=002" ]; }; users.extraGroups = { windows = { gid = 1010; members = [ "fruchti" ]; }; }; system.autoUpgrade = { enable = true; allowReboot = false; sendEmail = true; gitPull = true; gitUser = "fruchti"; }; systemd.timers.nixos-upgrade = { timerConfig = { WakeSystem = true; }; }; systemd.services.nixos-upgrade = let updateScript = (pkgs.writeShellScriptBin "nixos-upgrade" '' set -e ${config.systemd.services.nixos-upgrade.script} ''); in { unitConfig = { ConditionACPower = true; Requires = [ "network-online.target" ]; }; serviceConfig = { # Workaround for https://github.com/systemd/systemd/issues/14045 ExecStartPre = "${pkgs.coreutils}/bin/sleep 10s"; ExecStart = lib.mkForce "systemd-inhibit --what=sleep:handle-lid-switch --why='NixOS upgrade' ${updateScript}/bin/nixos-upgrade"; }; }; services.logind.extraConfig = '' LidSwitchIgnoreInhibited = no ''; services.earlyoom = { enable = true; enableNotifications = true; }; swapDevices = [{ device = "/swapfile"; size = 16 * 1024; }]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? }