{ config, pkgs, lib, options, ... }: { boot = { # Use the systemd-boot EFI boot loader. loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; }; networking = { hostName = "helix-texta"; networkmanager.enable = true; }; system.fsPackages = [pkgs.sshfs]; settings.minimalGnome.enable = true; settings.printing.enable = true; settings.batteryStuff.enable = true; # Pipewire for my wayland sound.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; config.pipewire-pulse."stream.properties" = { "channelmix.upmix" = true; "channelmix.lfe-cutoff" = 150; }; config.pipewire = {"default.clock.allowed-rates" = [48000 44100];}; media-session.config.media-session = lib.recursiveUpdate options.services.pipewire.media-session.config.media-session.default { "session.modules".default = options.services.pipewire.media-session.config.media-session.default."session.modules".default ++ ["default-profile"]; }; media-session.config.alsa-monitor = { rules = [ { matches = [ { "node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0"; } ]; actions = { update-props = { #"audio.rate" = 96000; "api.alsa.headroom" = 1024; }; }; } ]; }; }; xdg.portal = { enable = true; extraPortals = [pkgs.xdg-desktop-portal-wlr pkgs.xdg-desktop-portal-gtk]; }; services.udev.customRules = [ # Rename the Scarlett Solo using udev { name = "85-scarlett-solo"; rules = '' SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="8211", ENV{ID_VENDOR_ID}=="1235", TAG+="systemd", SYMLINK+="scarlett_solo" ''; } { name = "85-yubikey"; rules = '' SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", TAG+="systemd", SYMLINK+="yubikey" ''; } ]; security.pam = { yubico = { control = "sufficient"; mode = "challenge-response"; debug = false; }; # TODO: Update once my PR lands services.login.yubicoAuth = true; services.login.fprintAuth = true; services.swaylock.yubicoAuth = true; services.swaylock.fprintAuth = true; services.sshd.fprintAuth = false; }; # TODO: This is not good services.fprintd.enable = true; users.mutableUsers = false; users.custom.malte.enable = true; # Use some fonts fonts = { enableDefaultFonts = true; fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels]; fontconfig = { enable = true; defaultFonts.monospace = ["Hack NF FC Ligatured"]; }; }; # Configure GPG with SSH support and enable the yubikey programs.gnupg.agent = { enable = true; enableSSHSupport = true; pinentryFlavor = "qt"; }; # TODO: This defaults to true, why does it not work with virtualisation.containers.enable? boot.enableContainers = false; virtualisation = { podman = { enable = true; # Create a `docker` alias for podman, to use it as a drop-in replacement dockerCompat = true; dockerSocket.enable = true; defaultNetwork.dnsname.enable = true; }; }; programs.steam.enable = true; nixpkgs.config.packageOverrides = pkgs: { steam = pkgs.steam.override {extraPkgs = pkgs: [pkgs.openssl];}; }; programs.sway.enable = true; services.udev.packages = with pkgs; [yubikey-personalization chrysalis]; environment.systemPackages = with pkgs; [ thunderbolt qt5.qtwayland chrysalis ]; # TODO: Remove when firefox' RDD is fixed (allows libva) environment.variables."MOZ_DISABLE_RDD_SANDBOX" = "1"; services.fwupd.enable = true; services.devmon.enable = true; sops.defaultSopsFile = ../secrets/hosts/helix-texta/secrets.yaml; sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "20.09"; # Did you read the comment? }