{ config, pkgs, lib, ... }: { imports = [ ./nixpkgs.nix ./sif/hw.nix ./sif/boot.nix ./users.nix ./custom/zsh.nix ./custom/tinc/def.nix ./custom/tinc/yggdrasil.nix ./custom/uucp.nix ./custom/borgbackup.nix ./custom/uucp-mediaclient.nix ./custom/uucp-notifyclient.nix ./custom/notify-users.nix ./utils/nix/module.nix ]; networking = { hostName = "sif"; domain = "midgard.yggdrasil"; hosts = { "127.0.0.1" = [ "sif.midgard.yggdrasil" "sif" ]; "::1" = [ "sif.midgard.yggdrasil" "sif" ]; }; firewall = { enable = true; allowedTCPPorts = [ 22 # ssh 8000 # quickserve ]; }; networkmanager = { enable = true; dhcp = "internal"; dns = "dnsmasq"; }; dhcpcd.enable = false; }; environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = { text = '' server=/sif.libvirt/192.168.122.1 ''; }; powerManagement.enable = true; i18n.defaultLocale = "en_US.UTF-8"; console.keyMap = "dvp"; time.timeZone = "Europe/Berlin"; environment.systemPackages = with pkgs; [ git rebuild-system nvtop brightnessctl pcsctools quickserve ]; nixpkgs.config = { allowUnfree = true; packageOverrides = pkgs: rec { libfprint = pkgs.stdenv.mkDerivation rec { pname = "libfprint"; version = "1.90.1"; src = pkgs.fetchurl { url = "https://gitlab.freedesktop.org/libfprint/libfprint/uploads/662cd834e76c02c4d74ad01c50412759/libfprint-1.90.1.tar.xz"; sha256 = "1pv6sd852i5i0sn1ki109jhk9indl21cb4aw7v6xhcnvjmgds0xx"; }; buildInputs = with pkgs; [ libusb pixman glib nss nspr gdk_pixbuf openssl gusb gobject-introspection gtk-doc cairo ]; nativeBuildInputs = with pkgs; [ pkgconfig meson ninja ]; mesonFlags = [ "-Dudev_rules_dir=$(out)/lib/udev/rules.d" "-Ddoc=false" ]; }; fprintd = pkgs.stdenv.mkDerivation rec { pname = "fprintd"; version = "1.90.1"; src = pkgs.fetchurl { url = "https://gitlab.freedesktop.org/libfprint/fprintd/uploads/a47c31c844e23e070665a8a85dae0144/fprintd-1.90.1.tar.xz"; sha256 = "03d3r0hz9m3i71wxs5h048kam6k4bdlcg6xvy50kcah5zcfhp55l"; }; buildInputs = (with pkgs; [ glib polkit dbus dbus-glib systemd pam perl libxslt libxml2 python3]) ++ (with pkgs.python3Packages; [pycairo dbus-python python-dbusmock pygobject3 ]) ++ [ libfprint pam_wrapper ]; nativeBuildInputs = with pkgs; [ pkgconfig meson ninja ]; installPhase = '' install -vm 0755 -d $out/etc/dbus-1/interfaces $out/libexec $out/share/polkit-1/actions $out/share/man/man1 $out/share/man/man8 $out/bin $out/lib/security $out/etc/dbus-1/system.d $out/share/dbus-1/system-services $out/lib/systemd/system $out/etc $out/share/locale install -vt $out/etc/dbus-1/interfaces src/net.reactivated.Fprint.{Manager,Device}.xml install -vt $out/libexec src/fprintd install -vt $out/share/polkit-1/actions data/net.reactivated.fprint.device.policy install -vt $out/share/man/man1 data/fprintd.1 install -vt $out/share/man/man8 data/pam_fprintd.8 install -vt $out/bin utils/fprintd-{delete,enroll,list,verify} install -vt $out/lib/security pam/pam_fprintd.so install -vt $out/etc/dbus-1/system.d /build/fprintd-${version}/data/net.reactivated.Fprint.conf install -vt $out/share/dbus-1/system-services /build/fprintd-${version}/build/data/net.reactivated.Fprint.service install -vt $out/lib/systemd/system /build/fprintd-${version}/build/data/fprintd.service install -vt $out/etc /build/fprintd-${version}/data/fprintd.conf for lang in /build/fprintd-${version}/build/po/*.gmo; do install -vD $lang $out/share/locale/$(basename $lang .gmo)/LC_MESSAGES/fprintd.mo done ''; }; pam_wrapper = pkgs.stdenv.mkDerivation rec { pname = "pam_wrapper"; version = "1.0.7"; src = pkgs.fetchurl { url = "mirror://samba/cwrap/${pname}-${version}.tar.gz"; sha256 = "06djr20kk5sqgydkmfwllbm5ndv4jaqmkj1kab7ppc6fnqp30dq5"; }; nativeBuildInputs = with pkgs; [ pkgconfig ]; buildInputs = with pkgs; [ cmake pam python3 ]; }; }; }; nixpkgs.overlays = [ (self: super: { linuxPackages_latest = super.linuxPackages_latest.extend (self: super: { nvidiaPackages = super.nvidiaPackages // { stable = super.nvidiaPackages.stable.overrideAttrs (attrs: { patches = [ (pkgs.fetchpatch { name = "nvidia-kernel-5.7.patch"; url = "https://gitlab.com/snippets/1965550/raw"; sha256 = "03iwxhkajk65phc0h5j7v4gr4fjj6mhxdn04pa57am5qax8i2g9w"; }) ]; passthru = { inherit (super.nvidiaPackages.stable) settings persistenced persistencedVersion settingsVersion; }; }); }; }); }) ]; services = { pcscd.enable = true; avahi.enable = true; fwupd.enable = true; fprintd.enable = true; blueman.enable = true; colord.enable = true; vnstat.enable = true; printing = { enable = true; drivers = with pkgs; [ samsung-unified-linux-driver hplip ]; }; logind = { lidSwitch = "suspend"; lidSwitchDocked = "lock"; lidSwitchExternalPower = "lock"; }; openssh = { enable = true; knownHosts = import ./knownHosts.nix; }; atd = { enable = true; allowEveryone = true; }; xserver = { enable = true; layout = "us"; xkbVariant = "dvp"; xkbOptions = "compose:caps"; displayManager.lightdm = { enable = true; greeters.gtk = { clock-format = "%H:%M %a %b %_d"; indicators = ["~host" "~spacer" "~clock" "~session" "~power"]; theme = { package = pkgs.equilux-theme; name = "Equilux-compact"; }; iconTheme = { package = pkgs.paper-icon-theme; name = "Paper"; }; extraConfig = '' background = #000000 user-background = false active-monitor = #cursor hide-user-image = true [monitor: DP-2] laptop = true ''; }; }; displayManager.setupCommands = '' ${pkgs.xorg.xinput}/bin/xinput disable 'SynPS/2 Synaptics TouchPad' ''; desktopManager.xterm.enable = true; windowManager.twm.enable = true; displayManager.defaultSession = "xterm+twm"; wacom.enable = true; libinput.enable = true; dpi = 282; videoDrivers = [ "nvidia" ]; screenSection = '' Option "metamodes" "nvidia-auto-select +0+0 { ForceCompositionPipeline = On }" ''; deviceSection = '' Option "AccelMethod" "SNA" Option "TearFree" "True" ''; exportConfiguration = true; }; yggdrasilTinc = { enable = true; connect = true; name = "sif"; interfaceConfig = { macAddress = "5c:93:21:c3:61:39"; }; }; uucp = { enable = true; nodeName = "sif"; remoteNodes = { "odin" = { publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN87boeNNs2PhAcVXaO+nGFUo5MCpl0TFqwCNmxnHYSe root@odin"]; hostnames = ["odin.asgard.yggdrasil"]; }; "ymir" = { publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"]; hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"]; }; }; defaultCommands = lib.mkForce []; media-client = { remoteNodes = [ "odin" ]; notify.users = [ "gkleen" ]; }; notify-client = { remoteNodes = { odin = {}; }; }; }; notify-users = [ "gkleen" ]; postfix = { enable = true; enableSmtp = true; enableSubmission = false; setSendmail = true; networksStyle = "host"; hostname = "sif.midgard.yggdrasil"; destination = []; relayHost = "uucp:ymir"; recipientDelimiter = "+"; masterConfig = { uucp = { type = "unix"; private = true; privileged = true; chroot = false; command = "pipe"; args = [ "flags=Fqhu" "user=uucp" ''argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)'' ]; }; sshsendmail = { type = "unix"; private = true; privileged = true; chroot = false; command = "pipe"; args = [ "flags=Fq" "user=postfix_ssh" ''argv=${pkgs.openssh}/bin/ssh -F /var/db/postfix_ssh/ssh.config $nexthop sendmail -f $sender -G $recipient'' ]; }; }; transport = '' odin.asgard.yggdrasil uucp:odin ''; config = { always_bcc = "gkleen+sent@odin.asgard.yggdrasil"; default_transport = "uucp:ymir"; inet_interfaces = "loopback-only"; authorized_submit_users = ["!uucp" "static:anyone"]; message_size_limit = "0"; sender_dependent_default_transport_maps = ''regexp:${pkgs.writeText "sender_relay" '' /@math(ematik)?\.(lmu|uni-muenchen)\.de$/ sshsendmail:math60.mathinst.loc /@(cip|stud)\.ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtp.ifi.lmu.de /@ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtpin1.ifi.lmu.de:587 /@(campus\.)?lmu\.de$/ smtp:postout.lrz.de ''}''; sender_bcc_maps = ''texthash:${pkgs.writeText "sender_bcc" '' uni2work@ifi.lmu.de uni2work@ifi.lmu.de @ifi.lmu.de gregor.kleen@ifi.lmu.de ''}''; smtp_sasl_auth_enable = true; smtp_sender_dependent_authentication = true; smtp_sasl_tls_security_options = "noanonymous"; smtp_sasl_mechanism_filter = ["plain"]; smtp_sasl_password_maps = "texthash:/var/db/postfix/sasl_passwd"; smtp_cname_overrides_servername = false; smtp_always_send_ehlo = true; smtp_tls_loglevel = "1"; smtp_dns_support_level = "dnssec"; }; useDane = true; }; upower = { enable = true; }; locate = { enable = true; interval = "hourly"; locate = pkgs.mlocate; localuser = null; prunePaths = ["/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool"]; }; }; users = { mutableUsers = false; extraUsers.root = { inherit (import ./users/gkleen.nix) shell hashedPassword; }; extraUsers.gkleen.extraGroups = [ "media" "networkmanager" ]; extraUsers.postfix_ssh = { isSystemUser = true; home = "/var/db/postfix_ssh"; }; extraGroups = { network = {}; }; }; security = { sudo.extraConfig = '' Cmnd_Alias SYSCTRL = /run/current-system/sw/sbin/shutdown, /run/current-system/sw/sbin/reboot, /run/current-system/sw/sbin/halt, /run/current-system/sw/bin/systemctl %wheel ALL=(ALL) NOPASSWD: SYSCTRL ''; wrappers = { "mount".source = "${pkgs.utillinux.bin}/bin/mount"; "umount".source = "${pkgs.utillinux.bin}/bin/umount"; "newgrp".source = "${pkgs.shadow}/bin/newgrp"; "sg".source = "${pkgs.shadow}/bin/sg"; }; polkit = { enable = true; extraConfig = '' polkit.addRule(function(action, subject) { if ( action.id == "org.freedesktop.systemd1.manage-units" && subject.isInGroup("wheel") ) { return polkit.Result.YES; } }); polkit.addRule(function(action, subject) { if ((action.id == "org.blueman.rfkill.setstate" || action.id == "org.blueman.network.setup" || action.id == "org.freedesktop.NetworkManager.settings.modify.system" ) && subject.local && subject.active && subject.isInGroup("network") ) { return polkit.Result.YES; } }); ''; }; }; hardware = { pulseaudio = { enable = true; package = with pkgs; pulseaudioFull; support32Bit = true; }; bluetooth = { enable = true; config = { General = { Enable = "Source,Sink,Media,Socket"; }; }; }; trackpoint = { enable = true; emulateWheel = true; sensitivity = 255; speed = 255; }; nvidia = { modesetting.enable = true; prime = { nvidiaBusId = "PCI:1:0:0"; intelBusId = "PCI:0:2:0"; sync.enable = true; }; }; opengl = { enable = true; driSupport32Bit = true; setLdLibraryPath = true; }; firmware = [ pkgs.firmwareLinuxNonfree ]; }; sound.enable = true; nix = { useSandbox = true; autoOptimiseStore = true; daemonNiceLevel = 10; daemonIONiceLevel = 3; }; environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./sif/wacom.conf; systemd.services."kill-user@" = { serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.systemd}/bin/loginctl kill-user %I"; }; }; systemd.targets."sleep" = { after = [ "kill-user@uucp.service" ]; wants = [ "kill-user@uucp.service" ]; }; systemd.user.services."ssh-agent".enable = lib.mkForce false; systemd.services."ac-plugged" = { description = "Inhibit handling of lid-switch and sleep"; path = with pkgs; [ systemd coreutils ]; script = '' exec systemd-inhibit --what=handle-lid-switch --why="AC is connected" --mode=block sleep infinity ''; serviceConfig = { Type = "simple"; }; }; services.udev.extraRules = with pkgs; '' SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service" SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service" ''; services.borgbackup = { snapshots = "btrfs"; prefix = "yggdrasil.midgard.sif."; targets = { "munin" = { repo = "borg.munin:borg"; paths = [ "/home/gkleen" ]; prune = { "home" = [ "--keep-within" "24H" "--keep-daily" "31" "--keep-monthly" "12" "--keep-yearly" "-1" ]; }; }; }; }; services.btrfs.autoScrub = { enable = true; fileSystems = [ "/" "/home" ]; interval = "weekly"; }; systemd.services."nix-daemon".serviceConfig = { MemoryAccounting = true; MemoryHigh = "50%"; MemoryMax = "75%"; }; systemd.services."nixos-upgrade" = { path = with pkgs; [ git ]; preStart = '' git -C /etc/nixos fetch --recurse-submodules git -C /etc/nixos reset --hard origin/master ''; }; services.compton = { enable = true; backend = "glx"; vSync = true; settings = { glx-swap-method = 3; xrender-sync = true; xrender-sync-fence = true; }; }; services.journald.extraConfig = '' SystemMaxUse=100M ''; services.dbus.packages = with pkgs; [ dbus gnome3.dconf ]; programs = { light.enable = true; wireshark.enable = true; }; virtualisation.libvirtd = { enable = true; }; zramSwap.enable = true; nix = { package = with pkgs; nixFlakes; extraOptions = '' experimental-features = flakes ''; }; system.stateVersion = "20.03"; # Did you read the comment? }