{ config, pkgs, lib, ... }: { imports = [ ./sif/hw.nix ./sif/boot.nix ./users.nix ./custom/zsh.nix ./custom/tinc/def.nix ./custom/tinc/yggdrasil.nix ./custom/uucp.nix ./custom/borgbackup.nix ./custom/uucp-mediaclient.nix ./custom/uucp-notifyclient.nix ./custom/notify-users.nix ./utils/nix/module.nix ]; networking = { hostName = "sif"; domain = "midgard.yggdrasil"; hosts = { "127.0.0.1" = [ "sif.midgard.yggdrasil" "sif" ]; "::1" = [ "sif.midgard.yggdrasil" "sif" ]; }; firewall = { enable = true; allowedTCPPorts = [ 22 # ssh ]; }; networkmanager = { enable = true; dhcp = "internal"; }; dhcpcd.enable = false; }; powerManagement.enable = true; i18n = { consoleFont = "lat9w-16"; consoleKeyMap = "dvp"; defaultLocale = "en_US.UTF-8"; }; boot.kernelPackages = pkgs.linuxPackages_latest; time.timeZone = "Europe/Berlin"; environment.systemPackages = with pkgs; [ git rebuild-system ]; nixpkgs.config.allowUnfree = true; services = { fprintd.enable = true; vnstat.enable = true; logind.extraConfig = '' HandleLidSwitch=hybrid-sleep LidSwitchIgnoreInhibited=no ''; openssh = { enable = true; }; atd = { enable = true; allowEveryone = true; }; xserver = { enable = true; layout = "us"; xkbVariant = "dvp"; xkbOptions = "compose:caps"; displayManager.lightdm = { enable = true; }; windowManager = { default = "xmonad"; xmonad.enable = true; }; wacom.enable = true; multitouch.enable = true; libinput.enable = true; dpi = 282; }; yggdrasilTinc = { enable = true; connect = true; name = "sif"; interfaceConfig = { macAddress = "5c:93:21:c3:61:39"; }; }; uucp = { enable = true; nodeName = "sif"; remoteNodes = { "odin" = { publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN87boeNNs2PhAcVXaO+nGFUo5MCpl0TFqwCNmxnHYSe root@odin"]; hostnames = ["odin.asgard.yggdrasil"]; }; "ymir" = { publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"]; hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"]; }; }; defaultCommands = lib.mkForce []; media-client = { remoteNodes = [ "odin" ]; notify.users = [ "gkleen" ]; }; notify-client = { remoteNodes = { odin = {}; }; }; }; notify-users = [ "gkleen" ]; postfix = { enable = true; enableSmtp = true; enableSubmission = false; setSendmail = true; networksStyle = "host"; hostname = "sif.midgard.yggdrasil"; destination = []; relayHost = "uucp:ymir"; recipientDelimiter = "+"; masterConfig = { uucp = { type = "unix"; private = true; privileged = true; chroot = false; command = "pipe"; args = [ "flags=Fqhu" "user=uucp" ''argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)'' ]; }; sshsendmail = { type = "unix"; private = true; privileged = true; chroot = false; command = "pipe"; args = [ "flags=Fq" "user=postfix_ssh" ''argv=${pkgs.openssh}/bin/ssh -F /var/db/postfix_ssh/ssh.config $nexthop sendmail -f $sender -G $recipient'' ]; }; }; transport = '' odin.asgard.yggdrasil uucp:odin ''; config = { always_bcc = "gkleen+sent@odin.asgard.yggdrasil"; default_transport = "uucp:ymir"; inet_interfaces = "loopback-only"; authorized_submit_users = ["!uucp" "static:anyone"]; message_size_limit = "0"; sender_dependent_default_transport_maps = ''regexp:${pkgs.writeText "sender_relay" '' /@math(ematik)?\.(lmu|uni-muenchen)\.de$/ sshsendmail:math60.mathinst.loc /@(cip|stud)\.ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtp.ifi.lmu.de /@ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtpin1.ifi.lmu.de:587 /@(campus\.)?lmu\.de$/ smtp:postout.lrz.de ''}''; smtp_sasl_auth_enable = true; smtp_sender_dependent_authentication = true; smtp_sasl_tls_security_options = "noanonymous"; smtp_sasl_mechanism_filter = ["plain"]; smtp_tls_security_level = "dane"; smtp_sasl_password_maps = "texthash:/var/db/postfix/sasl_passwd"; smtp_cname_overrides_servername = false; smtp_always_send_ehlo = true; smtp_tls_loglevel = "1"; smtp_dns_support_level = "dnssec"; }; }; upower = { enable = true; }; locate = { enable = true; interval = "hourly"; locate = pkgs.mlocate; localuser = null; prunePaths = ["/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool"]; }; }; users = { mutableUsers = false; extraUsers.root = { inherit (import ./users/gkleen.nix) shell hashedPassword; }; extraUsers.gkleen.extraGroups = [ "media" "networkmanager" ]; extraUsers.gkleen.packages = with pkgs; [ steam ]; extraUsers.postfix_ssh = { isSystemUser = true; home = "/var/db/postfix_ssh"; }; extraGroups = { network = {}; }; }; security = { sudo.extraConfig = '' Cmnd_Alias SYSCTRL = /run/current-system/sw/sbin/shutdown, /run/current-system/sw/sbin/reboot, /run/current-system/sw/sbin/halt, /run/current-system/sw/bin/systemctl %wheel ALL=(ALL) NOPASSWD: SYSCTRL ''; wrappers = { "mount".source = "${pkgs.utillinux.bin}/bin/mount"; "umount".source = "${pkgs.utillinux.bin}/bin/umount"; "newgrp".source = "${pkgs.shadow}/bin/newgrp"; "sg".source = "${pkgs.shadow}/bin/sg"; }; polkit = { enable = true; extraConfig = '' polkit.addRule(function(action, subject) { if ( action.id == "org.freedesktop.systemd1.manage-units" && subject.isInGroup("wheel") ) { return polkit.Result.YES; } }); polkit.addRule(function(action, subject) { if ((action.id == "org.blueman.rfkill.setstate" || action.id == "org.blueman.network.setup" || action.id == "org.freedesktop.NetworkManager.settings.modify.system" ) && subject.local && subject.active && subject.isInGroup("network") ) { return polkit.Result.YES; } }); ''; }; }; hardware = { pulseaudio = { enable = true; package = with pkgs; pulseaudioFull; }; bluetooth = { enable = true; extraConfig = '' [General] Enable=Source,Sink,Media,Socket ''; }; trackpoint = { enable = true; emulateWheel = true; sensitivity = 255; speed = 255; }; brightnessctl.enable = true; bumblebee = { enable = true; group = "video"; connectDisplay = true; }; }; sound.enable = true; nix = { useSandbox = true; autoOptimiseStore = true; daemonNiceLevel = 10; daemonIONiceLevel = 3; }; environment.etc."fprintd.conf".source = "${pkgs.fprintd}/etc/fprintd.conf"; environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./sif/wacom.conf; systemd.services."kill-user@" = { serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.systemd}/bin/loginctl kill-user %I"; }; }; systemd.targets."sleep" = { after = [ "kill-user@uucp.service" ]; wants = [ "kill-user@uucp.service" ]; }; systemd.user.services."pulseaudio".enable = lib.mkForce false; systemd.user.services."ssh-agent".enable = lib.mkForce false; systemd.user.sockets."pulseaudio".enable = lib.mkForce false; systemd.services."ac-plugged" = { description = "Inhibit handling of lid-switch and sleep"; path = with pkgs; [ systemd coreutils ]; script = '' exec systemd-inhibit --what=handle-lid-switch:sleep --why="AC is connected" --mode=block sleep infinity ''; serviceConfig = { Type = "simple"; }; }; services.udev.extraRules = with pkgs; '' SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service" SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service" ''; services.borgbackup = { snapshots = "btrfs"; prefix = "yggdrasil.midgard.sif."; targets = { "munin" = { repo = "borg.munin:borg"; paths = [ "/home/gkleen" ]; prune = { "home" = [ "--keep-within" "24H" "--keep-daily" "31" "--keep-monthly" "12" "--keep-yearly" "-1" ]; }; }; }; }; services.btrfs.autoScrub = { enable = true; fileSystems = [ "/" "/home" ]; interval = "weekly"; }; systemd.services."nix-daemon".serviceConfig = { MemoryAccounting = true; MemoryHigh = "50%"; MemoryMax = "75%"; }; systemd.services."nixos-upgrade" = { path = with pkgs; [ git ]; preStart = '' git -C /etc/nixos fetch --recurse-submodules git -C /etc/nixos reset --hard origin/master ''; }; services.compton = { enable = true; backend = "glx"; vSync = true; settings = { glx-swap-method = 3; xrender-sync = true; xrender-sync-fence = true; }; }; services.journald.extraConfig = '' SystemMaxUse=100M ''; system.stateVersion = "20.03"; # Did you read the comment? }