{ config, pkgs, lib, ... }: # rollback to a previously working channel version, useful # when "doas nixos-rebuild switch --upgrade" breaks: # # $ doas nix-channel --rollback { imports = [ /etc/nixos/hardware-configuration.nix ]; # Use the systemd-boot EFI boot loader. boot = { loader = { efi.canTouchEfiVariables = true; grub = { enable = true; version = 2; efiSupport = true; device = "nodev"; }; }; initrd.luks.devices = { crypted = { device = "/dev/nvme0n1p2"; preLVM = true; }; }; }; hardware = { bluetooth.enable = true; pulseaudio = { enable = true; extraConfig = '' load-module module-echo-cancel ''; }; }; networking = { hostName = "usurpador"; networkmanager.enable = true; }; console.keyMap = "br-abnt2"; i18n.defaultLocale = "fr_FR.UTF-8"; time.timeZone = "America/Sao_Paulo"; programs.less.enable = lib.mkForce false; environment = { systemPackages = with pkgs; [ xmobar i3lock slack zoom-us kubernetes tektoncd-cli aws-iam-authenticator flutter hover dart ]; }; nixpkgs = { config = { android_sdk.accept_license = true; allowUnfree = true; }; }; services = { upower.enable = true; fprintd.enable = true; blueman.enable = true; pcscd.enable = true; postfix = { enable = true; extraConfig = '' mynetworks = 127.0.0.0/8 header_checks = regexp:{ { /^Received:.*/ IGNORE }, { /^X-Originating-IP:.*/ IGNORE } } sender_dependent_relayhost_maps = hash:/var/lib/private/postfix/relayhosts-maps smtp_sasl_password_maps = hash:/var/lib/private/postfix/sasl-password smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_tls_security_level = encrypt smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtp_sender_dependent_authentication = yes smtp_sasl_mechanism_filter = login, plain ''; config = { smtp_tls_security_level = "encrypt"; }; extraAliases = '' root: andreh andreh: eu@euandre.org ''; }; openssh = { enable = true; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; }; }; xserver = { enable = true; layout = "br"; xkbOptions = "caps:swapescape"; # Touchpad support libinput.enable = true; windowManager.xmonad = { enable = true; enableContribAndExtras = true; }; }; }; users = { extraUsers = let andrehUser = { andreh = { isNormalUser = true; uid = 1000; description = "EuAndreh"; extraGroups = [ "wheel" "networkmanager" "docker" ]; }; }; # From the Guix manual: # https://www.gnu.org/software/guix/manual/en/html_node/Build-Environment-Setup.html#Build-Environment-Setup buildUser = (i: { "guixbuilder${i}" = { # guixbuilder$i group = "guixbuild"; # -g guixbuild extraGroups = [ "guixbuild" ]; # -G guixbuild home = "/var/empty"; # -d /var/empty shell = pkgs.shadow; # -s `which nologin` description = "Guix build user ${i}"; # -c "Guix buid user $i" isSystemUser = true; # --system }; }); # merge all users in pkgs.lib.fold (str: acc: acc // buildUser str) andrehUser # for i in `seq -w 1 10` (map (pkgs.lib.fixedWidthNumber 2) (builtins.genList (n: n + 1) 10)); extraGroups.guixbuild = { name = "guixbuild"; }; }; systemd = { services = { # Derived from Guix guix-daemon.service.in # https://git.savannah.gnu.org/cgit/guix.git/tree/etc/guix-daemon.service.in?id=00c86a888488b16ce30634d3a3a9d871ed6734a2 guix-daemon = { enable = true; description = "Build daemon for GNU Guix"; serviceConfig = { ExecStart = "/var/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=guixbuild --substitute-urls='https://substitutes.nonguix.org https://ci.guix.gnu.org https://bordeaux.guix.gnu.org'"; }; wantedBy = [ "multi-user.target" ]; }; }; }; system = { stateVersion = "20.03"; autoUpgrade = { enable = true; dates = "0:10"; }; }; virtualisation.docker.enable = true; }