{ config, pkgs, ... }: { imports = [ ./sif/hw.nix ./sif/boot.nix ./users.nix ./custom/zsh.nix ./custom/tinc/def.nix ./custom/tinc/yggdrasil.nix ./custom/uucp.nix ./custom/borgbackup.nix ./custom/uucp-mediaclient.nix ./custom/uucp-notifyclient.nix ./custom/notify-users.nix ./utils/nix/module.nix ]; networking = { hostName = "sif"; domain = "midgard.yggdrasil"; hosts = { "127.0.0.1" = [ "sif.midgard.yggdrasil" "sif" ]; "::1" = [ "sif.midgard.yggdrasil" "sif" ]; }; firewall = { enable = true; allowedTCPPorts = [ 22 # ssh ]; }; networkmanager = { enable = true; dhcp = "internal"; }; dhcpcd.enable = false; }; powerManagement.enable = true; i18n = { consoleFont = "lat9w-16"; consoleKeyMap = "dvp"; defaultLocale = "en_US.UTF-8"; }; boot.kernelPackages = pkgs.linuxPackages_latest; time.timeZone = "Europe/Berlin"; environment.systemPackages = with pkgs; [ git rebuild-system ]; nixpkgs.config.packageOverrides = pkgs: rec { libfprint = pkgs.stdenv.mkDerivation rec { name = "libfprint-${version}"; version = "vfs0090-f8323a0"; src = pkgs.fetchFromGitHub { owner = "3v1n0"; repo = "libfprint"; rev = "f8323a0d3e0616f2822547902306992efd3572e7"; sha256 = "0y0lkwgw1lx4frm1kxz0hj11x93dby7vxkjly0ck7w7z96nn8bnm"; }; buildInputs = with pkgs; [ libusb pixman glib nss nspr gdk_pixbuf openssl ]; nativeBuildInputs = with pkgs; [ pkgconfig libtool automake autoconf ]; preConfigure = '' NOCONFIGURE=true ./autogen.sh ''; configureFlags = [ "--with-udev-rules-dir=$(out)/lib/udev/rules.d" ]; }; fprintd = pkgs.stdenv.lib.overrideDerivation pkgs.fprintd (oldAttrs: { configureFlags = oldAttrs.configureFlags or [] ++ ["--sysconfdir=/etc" "--localstatedir=/var"]; installFlags = oldAttrs.installFlags or [] ++ ["sysconfdir=\${out}/etc" "localstatedir=\${TMPDIR}"]; }); }; nixpkgs.config.allowUnfree = true; services = { fprintd.enable = true; vnstat.enable = true; logind.extraConfig = '' HandleLidSwitch=hybrid-sleep LidSwitchIgnoreInhibited=no ''; openssh = { enable = true; }; atd = { enable = true; allowEveryone = true; }; xserver = { enable = true; layout = "us"; xkbVariant = "dvp"; xkbOptions = "compose:caps"; displayManager.lightdm = { enable = true; }; desktopManager = { default = "none"; xterm.enable = false; }; windowManager = { default = "xmonad"; xmonad = { enable = true; extraPackages = haskellPackages: (with haskellPackages; [ xmonad-contrib hostname libnotify aeson temporary parsec network] ); }; }; wacom.enable = true; multitouch.enable = true; libinput.enable = true; dpi = 282; }; yggdrasilTinc = { enable = true; connect = true; name = "sif"; interfaceConfig = { macAddress = "5c:93:21:c3:61:39"; }; }; uucp = { enable = true; nodeName = "hel"; remoteNodes = { "odin" = { publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcDj49TqmflGTmtGBqDawxmCBWW1txj61CZ7KT0hTHK uucp@odin"]; hostnames = ["odin.asgard.yggdrasil"]; }; "ymir" = { publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFH1QWdgoC03nzW5GBuCl2pqASHeIXIYtE9IInHdaKcO uucp@ymir"]; hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"]; }; }; defaultCommands = lib.mkForce []; media-client = { remoteNodes = [ "odin" ]; notify.users = [ "gkleen" ]; }; notify-client = { remoteNodes = { odin = {}; }; }; }; notify-users = [ "gkleen" ]; postfix = { enable = true; enableSmtp = true; enableSubmission = false; setSendmail = true; networksStyle = "host"; hostname = "hel.midgard.yggdrasil"; destination = []; relayHost = "uucp:ymir"; recipientDelimiter = "+"; masterConfig = { uucp = { type = "unix"; private = true; privileged = true; chroot = false; command = "pipe"; args = [ "flags=Fqhu" "user=uucp" ''argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)'' ]; }; sshsendmail = { type = "unix"; private = true; privileged = true; chroot = false; command = "pipe"; args = [ "flags=Fq" "user=postfix_ssh" ''argv=${pkgs.openssh}/bin/ssh -F /var/db/postfix_ssh/ssh.config $nexthop sendmail -f $sender -G $recipient'' ]; }; }; transport = '' odin.asgard.yggdrasil uucp:odin ''; config = { always_bcc = "gkleen+sent@odin.asgard.yggdrasil"; default_transport = "uucp:ymir"; inet_interfaces = "loopback-only"; authorized_submit_users = ["!uucp" "static:anyone"]; message_size_limit = "0"; sender_dependent_default_transport_maps = ''regexp:${pkgs.writeText "sender_relay" '' /@math(ematik)?\.(lmu|uni-muenchen)\.de$/ sshsendmail:math60.mathinst.loc /@(cip|stud)\.ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtp.ifi.lmu.de /@ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtpin1.ifi.lmu.de:587 /@(campus\.)?lmu\.de$/ smtp:postout.lrz.de ''}''; smtp_sasl_auth_enable = true; smtp_sender_dependent_authentication = true; smtp_sasl_tls_security_options = "noanonymous"; smtp_sasl_mechanism_filter = ["plain"]; smtp_tls_security_level = "dane"; smtp_sasl_password_maps = "texthash:/var/db/postfix/sasl_passwd"; smtp_cname_overrides_servername = false; smtp_always_send_ehlo = true; smtp_tls_loglevel = "1"; smtp_dns_support_level = "dnssec"; }; }; upower = { enable = true; }; locate = { enable = true; interval = "hourly"; locate = pkgs.mlocate; localuser = null; prunePaths = ["/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool"]; }; }; users = { mutableUsers = false; extraUsers.root = { inherit (import ./users/gkleen.nix) shell hashedPassword; }; extraUsers.gkleen.extraGroups = [ "media" "networkmanager" ]; extraUsers.gkleen.packages = with pkgs; [ steam ]; extraUsers.postfix_ssh = { isSystemUser = true; home = "/var/db/postfix_ssh"; }; extraGroups = { network = {}; }; }; security = { sudo.extraConfig = '' Cmnd_Alias SYSCTRL = /run/current-system/sw/sbin/shutdown, /run/current-system/sw/sbin/reboot, /run/current-system/sw/sbin/halt, /run/current-system/sw/bin/systemctl %wheel ALL=(ALL) NOPASSWD: SYSCTRL ''; wrappers = { "mount".source = "${pkgs.utillinux.bin}/bin/mount"; "umount".source = "${pkgs.utillinux.bin}/bin/umount"; "newgrp".source = "${pkgs.shadow}/bin/newgrp"; "sg".source = "${pkgs.shadow}/bin/sg"; }; polkit = { enable = true; extraConfig = '' polkit.addRule(function(action, subject) { if ( action.id == "org.freedesktop.systemd1.manage-units" && subject.isInGroup("wheel") ) { return polkit.Result.YES; } }); polkit.addRule(function(action, subject) { if ((action.id == "org.blueman.rfkill.setstate" || action.id == "org.blueman.network.setup" || action.id == "org.freedesktop.NetworkManager.settings.modify.system" ) && subject.local && subject.active && subject.isInGroup("network") ) { return polkit.Result.YES; } }); ''; }; }; hardware = { pulseaudio = { enable = true; package = with pkgs; pulseaudioFull; }; bluetooth = { enable = true; extraConfig = '' [General] Enable=Source,Sink,Media,Socket ''; }; trackpoint = { enable = true; emulateWheel = true; sensitivity = 255; speed = 255; }; brightnessctl.enable = true; }; sound.enable = true; nix = { useSandbox = true; autoOptimiseStore = true; daemonNiceLevel = 10; daemonIONiceLevel = 3; }; environment.etc."fprintd.conf".source = "${pkgs.fprintd}/etc/fprintd.conf"; environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./sif/wacom.conf; systemd.services."kill-user@" = { serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.systemd}/bin/loginctl kill-user %I"; }; }; systemd.targets."sleep" = { after = [ "kill-user@uucp.service" ]; wants = [ "kill-user@uucp.service" ]; }; systemd.user.services."pulseaudio".enable = lib.mkForce false; systemd.user.services."ssh-agent".enable = lib.mkForce false; systemd.user.sockets."pulseaudio".enable = lib.mkForce false; systemd.services."ac-plugged" = { description = "Inhibit handling of lid-switch and sleep"; path = with pkgs; [ systemd coreutils ]; script = '' exec systemd-inhibit --what=handle-lid-switch:sleep --why="AC is connected" --mode=block sleep infinity ''; serviceConfig = { Type = "simple"; }; }; services.udev.extraRules = with pkgs; '' SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service" SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service" ''; services.borgbackup = { snapshots = "btrfs"; prefix = "yggdrasil.midgard.sif."; targets = { "munin" = { repo = "borg.munin:borg"; paths = [ "/home/gkleen" ]; prune = { "home-gkleen" = [ "--keep-within" "24H" "--keep-daily" "31" "--keep-monthly" "12" "--keep-yearly" "-1" ]; }; }; }; }; services.btrfs.autoScrub = { enable = true; fileSystems = [ "/" "/home" ]; interval = "weekly"; }; systemd.services."nix-daemon".serviceConfig = { MemoryAccounting = true; MemoryHigh = "50%"; MemoryMax = "75%"; }; systemd.services."nixos-upgrade" = { path = with pkgs; [ git ]; preStart = '' git -C /etc/nixos fetch --recurse-submodules git -C /etc/nixos reset --hard origin/master ''; }; services.compton = { enable = true; backend = "glx"; vSync = true; settings = { glx-swap-method = 3; xrender-sync = true; xrender-sync-fence = true; }; }; services.journald.extraConfig = '' SystemMaxUse=100M ''; system.stateVersion = "20.03"; # Did you read the comment? }