move monolith

hosts/monolith/configuration.nix

@@ -0,0 +1,209 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+{
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];
+
+  # Secret management
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  sops.secrets.wg-priv = {
+    sopsFile = ../../secrets/monolith/wg.yaml;
+    key = "privateKey";
+  };
+  sops.secrets.spotifyShortcutsClientId = {
+    sopsFile = ../../secrets/spotify-shortcuts.yaml;
+    key = "clientId";
+  };
+  sops.secrets.spotifyShortcutsClientSecret = {
+    sopsFile = ../../secrets/spotify-shortcuts.yaml;
+    key = "clientSecret";
+  };
+
+  # Users
+  users.users.jonas = {
+    isNormalUser = true;
+    description = "Jonas";
+    hashedPassword = ""; # passwordless login (sudo is now unusable without specifying NOPASSWD)
+    extraGroups = ["networkmanager" "wheel" "docker" "dialout"];
+  };
+  security.sudo.wheelNeedsPassword = false;
+  users.groups.data = {
+    gid = 1001;
+    members = ["jonas"];
+  };
+  users.defaultUserShell = pkgs.zsh;
+  programs.zsh.enable = true;
+
+  # fonts
+  fonts.packages = with pkgs; [
+    fira
+    fira-code-symbols
+    nerd-fonts.fira-code
+  ];
+
+  # hive modules
+  hive.kwallet.forUsers = ["jonas"];
+  hive.virt-manager.forUsers = ["jonas"];
+  hive.sound.noisetorch = true;
+  hive.wg.client.privateKeyFile = config.sops.secrets.wg-priv.path;
+  hive.wg.client.peer = "monolith";
+  hive.programs.games.dayz = true;
+  hive.programs.games.lutris = true;
+  hive.programs.games.steam = true;
+  hive.programs.games.wine = true;
+  hive.programs.creative = {
+    image-management = true;
+    image-editing = true;
+    image-raw-processing = true;
+    video-editing-light = true;
+    video-editing-heavy = true;
+  };
+  hive.programs.spotify-shortcuts = {
+    enable = true;
+    clientIdSopsKey = config.sops.secrets.spotifyShortcutsClientId.name;
+    clientSecretSopsKey = config.sops.secrets.spotifyShortcutsClientSecret.name;
+  };
+
+  # system packages
+  environment.systemPackages = with pkgs; [
+    age
+    alejandra
+    arduino
+    borgbackup
+    borgmatic
+    chromium
+    discord
+    docker
+    docker-compose
+    feh
+    firefox
+    git
+    gramps
+    insomnia
+    libreoffice
+    mosquitto
+    mpv
+    mupdf
+    nextcloud-client
+    nh
+    nix-index
+    nix-output-monitor
+    obsidian
+    qalculate-qt
+    qdirstat
+    qtpass
+    ranger
+    sops
+    spotify
+    vim
+    vlc
+    vscode
+    wget
+    zoom
+    zotero
+  ];
+  nixpkgs.config.permittedInsecurePackages = [
+    "electron-25.9.0" # required by obsidian
+  ];
+  virtualisation.docker.enable = true;
+
+  # dpi correction
+  services.xserver.dpi = 91;
+  environment.variables = {
+    ## Used by GTK 3
+    # `GDK_SCALE` is limited to integer values
+    GDK_SCALE = "1";
+    # Inverse of GDK_SCALE
+    GDK_DPI_SCALE = "1";
+
+    # Used by Qt 5
+    QT_AUTO_SCREEN_SCALE_FACTOR = "1";
+
+    _JAVA_OPTIONS = "-Dsun.java2d.uiScale=1";
+  };
+  # Expose variables to graphical systemd user services
+  services.xserver.displayManager.importedVariables = [
+    "GDK_SCALE"
+    "GDK_DPI_SCALE"
+    "QT_AUTO_SCREEN_SCALE_FACTOR"
+  ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.11"; # Did you read the comment?
+
+  # gc settings and binary caches
+  nix = {
+    settings = {
+      substituters = [
+        "https://aseipp-nix-cache.freetls.fastly.net"
+        "https://nix-community.cachix.org"
+        "https://cache.nixos.org/"
+      ];
+      experimental-features = ["nix-command" "flakes"];
+      auto-optimise-store = true;
+    };
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+  };
+
+  # boot
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.plymouth.enable = true;
+  boot.initrd.systemd.enable = true;
+  boot.supportedFilesystems = ["ntfs"];
+
+  # Configure console keymap
+  console.keyMap = "de";
+
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_DE.UTF-8";
+    LC_IDENTIFICATION = "de_DE.UTF-8";
+    LC_MEASUREMENT = "de_DE.UTF-8";
+    LC_MONETARY = "de_DE.UTF-8";
+    LC_NAME = "de_DE.UTF-8";
+    LC_NUMERIC = "de_DE.UTF-8";
+    LC_PAPER = "de_DE.UTF-8";
+    LC_TELEPHONE = "de_DE.UTF-8";
+    LC_TIME = "de_DE.UTF-8";
+  };
+
+  networking.firewall.enable = true;
+  networking.hostName = "monolith"; # Define your hostname.
+  networking.extraHosts = ''
+    127.0.0.1 monolith
+  '';
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # printing
+  services.printing.enable = true;
+
+  # ld-fix
+  programs.nix-ld.enable = true;
+  programs.nix-ld.libraries = [
+    # Add any missing dynamic libraries for unpackaged programs
+    # here, NOT in environment.systemPackages
+  ];
+}