{ config, pkgs, lib, ... }: { imports = [ ./sif/hw.nix ./sif/boot.nix ./users.nix ./custom/zsh.nix ./custom/tinc/def.nix ./custom/tinc/yggdrasil.nix ./custom/uucp.nix ./custom/borgbackup.nix ./custom/uucp-mediaclient.nix ./custom/uucp-notifyclient.nix ./custom/notify-users.nix ./utils/nix/module.nix ]; networking = { hostName = "sif"; domain = "midgard.yggdrasil"; hosts = { "127.0.0.1" = [ "sif.midgard.yggdrasil" "sif" ]; "::1" = [ "sif.midgard.yggdrasil" "sif" ]; }; firewall = { enable = true; allowedTCPPorts = [ 22 # ssh ]; }; networkmanager = { enable = true; dhcp = "internal"; }; dhcpcd.enable = false; }; powerManagement.enable = true; i18n.defaultLocale = "en_US.UTF-8"; console.keyMap = "dvp"; time.timeZone = "Europe/Berlin"; environment.systemPackages = with pkgs; [ git rebuild-system nvtop ]; nixpkgs.config.allowUnfree = true; services = { blueman.enable = true; colord.enable = true; vnstat.enable = true; printing = { enable = true; drivers = with pkgs; [ samsung-unified-linux-driver hplip ]; }; logind.extraConfig = '' HandleLidSwitch=hibernate LidSwitchIgnoreInhibited=no ''; openssh = { enable = true; knownHosts = import ./knownHosts.nix; }; atd = { enable = true; allowEveryone = true; }; xserver = { enable = true; layout = "us"; xkbVariant = "dvp"; xkbOptions = "compose:caps"; displayManager.lightdm = { enable = true; greeters.gtk = { clock-format = "%H:%M %a %b %_d"; indicators = ["~host" "~spacer" "~clock" "~session" "~power"]; theme = { package = pkgs.equilux-theme; name = "Equilux-compact"; }; iconTheme = { package = pkgs.paper-icon-theme; name = "Paper"; }; extraConfig = '' background = #000000 user-background = false active-monitor = #cursor hide-user-image = true [monitor: DP-2] laptop = true ''; }; }; displayManager.setupCommands = '' ${pkgs.xorg.xinput}/bin/xinput disable 'SynPS/2 Synaptics TouchPad' ''; desktopManager.xterm.enable = true; windowManager.twm.enable = true; displayManager.defaultSession = "xterm+twm"; wacom.enable = true; libinput.enable = true; dpi = 282; videoDrivers = [ "nvidia" ]; screenSection = '' Option "metamodes" "nvidia-auto-select +0+0 { ForceCompositionPipeline = On }" ''; }; yggdrasilTinc = { enable = true; connect = true; name = "sif"; interfaceConfig = { macAddress = "5c:93:21:c3:61:39"; }; }; uucp = { enable = true; nodeName = "sif"; remoteNodes = { "odin" = { publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN87boeNNs2PhAcVXaO+nGFUo5MCpl0TFqwCNmxnHYSe root@odin"]; hostnames = ["odin.asgard.yggdrasil"]; }; "ymir" = { publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"]; hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"]; }; }; defaultCommands = lib.mkForce []; media-client = { remoteNodes = [ "odin" ]; notify.users = [ "gkleen" ]; }; notify-client = { remoteNodes = { odin = {}; }; }; }; notify-users = [ "gkleen" ]; postfix = { enable = true; enableSmtp = true; enableSubmission = false; setSendmail = true; networksStyle = "host"; hostname = "sif.midgard.yggdrasil"; destination = []; relayHost = "uucp:ymir"; recipientDelimiter = "+"; masterConfig = { uucp = { type = "unix"; private = true; privileged = true; chroot = false; command = "pipe"; args = [ "flags=Fqhu" "user=uucp" ''argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)'' ]; }; sshsendmail = { type = "unix"; private = true; privileged = true; chroot = false; command = "pipe"; args = [ "flags=Fq" "user=postfix_ssh" ''argv=${pkgs.openssh}/bin/ssh -F /var/db/postfix_ssh/ssh.config $nexthop sendmail -f $sender -G $recipient'' ]; }; }; transport = '' odin.asgard.yggdrasil uucp:odin ''; config = { always_bcc = "gkleen+sent@odin.asgard.yggdrasil"; default_transport = "uucp:ymir"; inet_interfaces = "loopback-only"; authorized_submit_users = ["!uucp" "static:anyone"]; message_size_limit = "0"; sender_dependent_default_transport_maps = ''regexp:${pkgs.writeText "sender_relay" '' /@math(ematik)?\.(lmu|uni-muenchen)\.de$/ sshsendmail:math60.mathinst.loc /@(cip|stud)\.ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtp.ifi.lmu.de /@ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtpin1.ifi.lmu.de:587 /@(campus\.)?lmu\.de$/ smtp:postout.lrz.de ''}''; smtp_sasl_auth_enable = true; smtp_sender_dependent_authentication = true; smtp_sasl_tls_security_options = "noanonymous"; smtp_sasl_mechanism_filter = ["plain"]; smtp_tls_security_level = "dane"; smtp_sasl_password_maps = "texthash:/var/db/postfix/sasl_passwd"; smtp_cname_overrides_servername = false; smtp_always_send_ehlo = true; smtp_tls_loglevel = "1"; smtp_dns_support_level = "dnssec"; }; }; upower = { enable = true; }; locate = { enable = true; interval = "hourly"; locate = pkgs.mlocate; localuser = null; prunePaths = ["/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool"]; }; }; users = { mutableUsers = false; extraUsers.root = { inherit (import ./users/gkleen.nix) shell hashedPassword; }; extraUsers.gkleen.extraGroups = [ "media" "networkmanager" ]; extraUsers.gkleen.packages = with pkgs; [ steam ]; extraUsers.postfix_ssh = { isSystemUser = true; home = "/var/db/postfix_ssh"; }; extraGroups = { network = {}; }; }; security = { sudo.extraConfig = '' Cmnd_Alias SYSCTRL = /run/current-system/sw/sbin/shutdown, /run/current-system/sw/sbin/reboot, /run/current-system/sw/sbin/halt, /run/current-system/sw/bin/systemctl %wheel ALL=(ALL) NOPASSWD: SYSCTRL ''; wrappers = { "mount".source = "${pkgs.utillinux.bin}/bin/mount"; "umount".source = "${pkgs.utillinux.bin}/bin/umount"; "newgrp".source = "${pkgs.shadow}/bin/newgrp"; "sg".source = "${pkgs.shadow}/bin/sg"; }; polkit = { enable = true; extraConfig = '' polkit.addRule(function(action, subject) { if ( action.id == "org.freedesktop.systemd1.manage-units" && subject.isInGroup("wheel") ) { return polkit.Result.YES; } }); polkit.addRule(function(action, subject) { if ((action.id == "org.blueman.rfkill.setstate" || action.id == "org.blueman.network.setup" || action.id == "org.freedesktop.NetworkManager.settings.modify.system" ) && subject.local && subject.active && subject.isInGroup("network") ) { return polkit.Result.YES; } }); ''; }; }; hardware = { pulseaudio = { enable = true; package = with pkgs; pulseaudioFull; support32Bit = true; }; bluetooth = { enable = true; config = { General = { Enable = "Source,Sink,Media,Socket"; }; }; }; trackpoint = { enable = true; emulateWheel = true; sensitivity = 255; speed = 255; }; brightnessctl.enable = true; nvidia = { modesetting.enable = true; }; opengl.driSupport32Bit = true; }; sound.enable = true; nix = { useSandbox = true; autoOptimiseStore = true; daemonNiceLevel = 10; daemonIONiceLevel = 3; }; environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./sif/wacom.conf; systemd.services."kill-user@" = { serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.systemd}/bin/loginctl kill-user %I"; }; }; systemd.targets."sleep" = { after = [ "kill-user@uucp.service" ]; wants = [ "kill-user@uucp.service" ]; }; systemd.user.services."ssh-agent".enable = lib.mkForce false; systemd.services."ac-plugged" = { description = "Inhibit handling of lid-switch and sleep"; path = with pkgs; [ systemd coreutils ]; script = '' exec systemd-inhibit --what=handle-lid-switch --why="AC is connected" --mode=block sleep infinity ''; serviceConfig = { Type = "simple"; }; }; services.udev.extraRules = with pkgs; '' SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service" SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service" ''; services.borgbackup = { snapshots = "btrfs"; prefix = "yggdrasil.midgard.sif."; targets = { "munin" = { repo = "borg.munin:borg"; paths = [ "/home/gkleen" ]; prune = { "home" = [ "--keep-within" "24H" "--keep-daily" "31" "--keep-monthly" "12" "--keep-yearly" "-1" ]; }; }; }; }; services.btrfs.autoScrub = { enable = true; fileSystems = [ "/" "/home" ]; interval = "weekly"; }; systemd.services."nix-daemon".serviceConfig = { MemoryAccounting = true; MemoryHigh = "50%"; MemoryMax = "75%"; }; systemd.services."nixos-upgrade" = { path = with pkgs; [ git ]; preStart = '' git -C /etc/nixos fetch --recurse-submodules git -C /etc/nixos reset --hard origin/master ''; }; services.compton = { enable = true; backend = "glx"; vSync = true; settings = { glx-swap-method = 3; xrender-sync = true; xrender-sync-fence = true; }; }; services.journald.extraConfig = '' SystemMaxUse=100M ''; services.dbus.packages = with pkgs; [ dbus gnome3.dconf ]; system.stateVersion = "20.03"; # Did you read the comment? }