{ config, pkgs, lib, ... }: { #nixpkgs.overlays = overlays; nixpkgs.config.allowUnfreePredicate = (pkg: true); nixpkgs.config.allowUnfree = true; system.autoUpgrade.enable = true; # daily nixos-rebuild switch, no reboot by default # TODO: can i make this non-string? nix.extraOptions = '' experimental-features = nix-command flakes ''; # TODO: move to pbsds home programs.ssh.extraConfig = '' Host *.ntnu.no *.pvv.org User pederbs ''; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise nix.settings.auto-optimise-store = true; #nix.optimize.automatic = true; # periodic optimization nix.gc.automatic = true; nix.gc.dates = "weekly"; nix.gc.options = "--delete-older-than 30d"; imports = [ ./hardware-configuration.nix # results of hardware scan ./cachix.nix ./profiles/web ./profiles/web/index ./profiles/web/cinny ./profiles/web/element ./profiles/web/flexget ./profiles/web/gitea ./profiles/web/hydra ./profiles/web/invidious ./profiles/web/jellyfin ./profiles/web/libreddit ./profiles/web/mattermost ./profiles/web/navidrome ./profiles/web/netdata ./profiles/web/nitter ./profiles/web/ntopng ./profiles/web/owncast ./profiles/web/paperless ./profiles/web/polaris ./profiles/web/resilio ./profiles/web/roundcube ./profiles/web/thelounge ./profiles/web/vaultwarden ./profiles/web/webdav-zotero #./profiles/web/convos #./profiles/web/cryptpad #./profiles/web/galene #./profiles/web/graphana #./profiles/web/hedgedoc #./profiles/web/home-assistant #./profiles/web/jitsi-meet #./profiles/web/kukkee #./profiles/web/matrix-synapse #./profiles/web/shlink #./profiles/web/sourcegraph ./profiles/web/pdoc ./profiles/web/linktree-pbsds ./profiles/web/refleksjon-no ./profiles/web/roroslyd-no ./profiles/web/trivial-gradios ./profiles/web/censordodge ./profiles/web/openspeedtest ./profiles/code-remote ./profiles/remote-builders # ./profiles/nfs/reidun.nix # NFS mounts ./profiles/autossh-reverse-tunnels #./profiles/xrdp ./users #./users/pbsds # todo: <- make this possible # How to override package used by module # https://github.com/NixOS/nixpkgs/issues/55366 # TODO: move to where relevant ]; disabledModules = [ "services/misc/jellyfin.nix" "services/web-apps/invidious.nix" ]; services.jellyfin.package = pkgs.unstable.jellyfin; services.invidious.package = pkgs.unstable.invidious; # TODO: remove? Move to where relevant nixpkgs.overlays = [ (import ./overlays) ]; # Allow unstable packages. nixpkgs.config.packageOverrides = pkgs: { unstable = import { config = config.nixpkgs.config; }; # TODO: nur }; # enable opengl (headless) hardware.opengl.enable = true; #hardware.opengl.extraPackages = [ pkgs.mesa.drivers ]; hardware.opengl.extraPackages = with pkgs; [ mesa.drivers vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]; # run/build weird binaries boot.binfmt.emulatedSystems = [ "wasm32-wasi" "wasm64-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" #"x86_64-darwin" #"aarch64-darwin" ]; services.thermald.enable = true; # Bootloader boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; boot.loader.grub.useOSProber = true; # Virtualization #services.docker.enable = true; virtualisation = { podman.enable = true; # TODO: are these default since 22.11? podman.dockerCompat = true; # alias docker to podman oci-containers.backend = "podman"; }; # Networking networking = { # Enable networking networkmanager.enable = true; #wireless.enable = true; # Enables wireless support via wpa_supplicant. #iwd.enable = true hostName = "noximilien"; # Define your hostname. domain = "pbsds.net"; interfaces.eno1.ipv4.addresses = [ { address = "192.168.1.9"; prefixLength = 24; } ]; nameservers = [ "192.168.1.254" "8.8.8.8" ]; defaultGateway = { address = "192.168.1.254"; interface = "eno1"; }; #useDHCP = true; }; # firewall services.fail2ban.enable = true; networking.firewall.enable = true; # default #networking.firewall.allowedTCPPorts = [ ... ]; #networking.firewall.allowedUDPPorts = [ ... ]; # Time zone and internationalisation properties. time.timeZone = "Europe/Oslo"; i18n.defaultLocale = "en_US.utf8"; i18n.extraLocaleSettings = { LC_ADDRESS = "nb_NO.utf8"; LC_IDENTIFICATION = "nb_NO.utf8"; LC_MEASUREMENT = "nb_NO.utf8"; LC_MONETARY = "nb_NO.utf8"; LC_NAME = "nb_NO.utf8"; LC_NUMERIC = "nb_NO.utf8"; LC_PAPER = "nb_NO.utf8"; LC_TELEPHONE = "nb_NO.utf8"; LC_TIME = "nb_NO.utf8"; }; services.xserver.layout = "no"; services.xserver.xkbVariant = ""; console.keyMap = "no"; # Installed system packages # $ nix search FOOBAR # TODO: prune this, make home-manager deal with the majority environment.systemPackages = with pkgs; [ lsof lshw htop file tmux #parallel # already provided by moreutils pwgen git nmap rsync bind.dnsutils graphviz dialog cowsay gnused gnumake coreutils-full moreutils binutils diffutils findutils usbutils bash-completion curl wget strace killall zip unrar unzip atool p7zip bzip2 gzip atool micro aspell aspellDicts.en aspellDicts.nb vimv dos2unix #rmate # TODO: add to nixpkgs pandoc cargo cargo-edit sqlite #sshuttle visidata weston cage vimix-gtk-themes flat-remix-icon-theme xclip feh sshfs glances zenith fzf tealdeer #tldr entr axel aria bat xe # xargs alternative sd # sed alternative fd # find alternative silver-searcher # `ag` ripgrep jq yq htmlq sysz du-dust # du alternative ncdu # Disk usage analyzer with an ncurses interface gh hub cachix nix-output-monitor nix-prefetch nix-top #nix-index nix-tree nixfmt alejandra ]; # TODO: make this root only? programs.bash.shellInit = '' if command -v fzf-share >/dev/null; then source "$(fzf-share)/key-bindings.bash" source "$(fzf-share)/completion.bash" fi ''; # TODO: make this root only? programs.bash.shellAliases."ed" = "micro"; # TODO: ${EDITOR:-micro} environment.variables."EDITOR" = "micro"; # TODO: remove? Move? programs.dconf.enable = true; # System fonts # Nice to have when X-forwading on headless machines fonts.fonts = with pkgs; [ noto-fonts # includes Cousine noto-fonts-cjk noto-fonts-emoji noto-fonts-extra dejavu_fonts ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. #programs.mtr.enable = true; #programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; #}; # OpenSSH services.openssh.enable = true; services.openssh.forwardX11 = true; # auto domain update systemd.services.domeneshop-updater = { description = "domene.shop domain updater"; #after = [ "something?.service" ]; #wants = [ "something?.service" ]; serviceConfig = let prog = pkgs.writeShellApplication { name = "domeneshop-dyndns-updater.sh"; runtimeInputs = with pkgs; [ curl yq ]; text = '' test -s /var/lib/secrets/domeneshop.toml || { >&2 echo "ERROR: /var/lib/secrets/domeneshop.toml not found!" exit 1 } DOMENESHOP_TOKEN="$(tomlq .secrets.DOMENESHOP_TOKEN /var/lib/secrets/domeneshop.toml --raw-output)" DOMENESHOP_SECRET="$(tomlq .secrets.DOMENESHOP_SECRET /var/lib/secrets/domeneshop.toml --raw-output)" curl https://"$DOMENESHOP_TOKEN":"$DOMENESHOP_SECRET"@api.domeneshop.no/v0/dyndns/update?hostname=olavtr.pbsds.net ''; }; in { User = "domeneshop"; Group = "domeneshop"; DynamicUser = true; ExecStart = "${prog}/bin/domeneshop-dyndns-updater.sh"; PrivateTmp = true; }; }; systemd.timers.domeneshop-updater = let interval = "5h"; in { description = "Update domene.shop every ${interval}"; wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = "5m"; OnUnitInactiveSec = interval; Unit = "domeneshop-updater.service"; }; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? #system.stateVersion = "22.05"; # Did you read the comment? }