{ config, pkgs, lib, ... }: # rollback to a previously working channel version, useful # when "doas nixos-rebuild switch --upgrade" breaks: # # $ doas nix-channel --rollback { imports = [ /etc/nixos/hardware-configuration.nix ]; # Use the systemd-boot EFI boot loader. boot = { loader = { efi.canTouchEfiVariables = true; grub = { enable = true; version = 2; efiSupport = true; device = "nodev"; }; }; initrd.luks.devices = { crypted = { device = "/dev/nvme0n1p2"; preLVM = true; }; }; }; hardware = { bluetooth.enable = true; pulseaudio = { enable = true; extraConfig = '' load-module module-echo-cancel ''; }; }; networking = { hostName = "usurpador"; networkmanager.enable = true; }; console.keyMap = "br-abnt2"; time.timeZone = "America/Sao_Paulo"; i18n = { defaultLocale = "fr_FR.UTF-8"; supportedLocales = [ "C.UTF-8/UTF-8" "en_AU.UTF-8/UTF-8" "fr_FR.UTF-8/UTF-8" "pt_BR.UTF-8/UTF-8" ]; }; programs.less.enable = lib.mkForce false; environment = { systemPackages = with pkgs; [ xmobar i3lock slack zoom-us kubernetes tektoncd-cli aws-iam-authenticator flutter hover dart org-euandre.td ]; }; nixpkgs = { config = { android_sdk.accept_license = true; allowUnfree = true; }; overlays = [ (import (fetchTarball { url = "https://euandre.org/git/package-repository/snapshot/package-repository-main.tar.xz"; }) { inherit pkgs; }) ]; }; services = { upower.enable = true; fprintd.enable = true; blueman.enable = true; pcscd.enable = true; postfix = { enable = true; extraConfig = '' mynetworks = 127.0.0.0/8 header_checks = regexp:{ { /^Received:.*/ IGNORE }, { /^X-Originating-IP:.*/ IGNORE } } sender_dependent_relayhost_maps = hash:/var/lib/private/postfix/relayhosts-maps smtp_sasl_password_maps = hash:/var/lib/private/postfix/sasl-password smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_tls_security_level = encrypt smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtp_sender_dependent_authentication = yes smtp_sasl_mechanism_filter = login, plain ''; config = { smtp_tls_security_level = "encrypt"; }; extraAliases = '' root: andreh andreh: eu@euandre.org ''; }; openssh = { enable = true; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; }; }; # required by vagrant+libvirt nfs.server.enable = true; # Required for local network printer avahi = { enable = true; nssmdns = true; extraServiceFiles = { ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; }; hostName = "usurpadinho"; publish = { enable = true; addresses = true; domain = true; userServices = true; workstation = true; hinfo = true; }; reflector = true; }; printing = { enable = true; drivers = let epson-201401w = with pkgs; stdenv.mkDerivation rec { v = "201401w"; pname = "epson-${v}"; version = "1.0.0"; src = fetchurl { urls = [ "https://download.ebz.epson.net/dsc/op/stable/SRPMS/epson-inkjet-printer-${v}-${version}-1lsb3.2.src.rpm" "https://download3.ebz.epson.net/dsc/f/03/00/03/45/41/92e9c9254f0ee4230a069545ba27ec2858a2c457/epson-inkjet-printer-201401w-1.0.0-1lsb3.2.src.rpm" ]; sha256 = "0c60m1sd59s4sda38dc5nniwa7dh1b0kv1maajr0x9d38gqlyk3x"; }; nativeBuildInputs = [ rpmextract autoreconfHook file ]; buildInputs = [ libjpeg cups ]; unpackPhase = '' rpmextract $src tar -zxf epson-inkjet-printer-${v}-${version}.tar.gz tar -zxf epson-inkjet-printer-filter-${version}.tar.gz for ppd in epson-inkjet-printer-${v}-${version}/ppds/*; do substituteInPlace $ppd --replace "/opt/epson-inkjet-printer-${v}" "$out" substituteInPlace $ppd --replace "/cups/lib" "/lib/cups" done cd epson-inkjet-printer-filter-${version} ''; postInstall = '' cd ../epson-inkjet-printer-${v}-${version} cp -a lib64 resource watermark $out mkdir -p $out/share/cups/model/epson-inkjet-printer-${v} cp -a ppds $out/share/cups/model/epson-inkjet-printer-${v}/ cp -a Manual.txt $out/doc/ cp -a README $out/doc/README.driver ''; }; in [ epson-201401w ]; }; xserver = { enable = true; layout = "br"; xkbOptions = "caps:swapescape"; # Touchpad support libinput.enable = true; windowManager.xmonad = { enable = true; enableContribAndExtras = true; }; }; }; users = { extraUsers = let andrehUser = { andreh = { isNormalUser = true; uid = 1000; description = "EuAndreh"; extraGroups = [ "wheel" "networkmanager" "docker" ]; }; }; # From the Guix manual: # https://www.gnu.org/software/guix/manual/en/html_node/Build-Environment-Setup.html#Build-Environment-Setup buildUser = (i: { "guixbuilder${i}" = { # guixbuilder$i group = "guixbuild"; # -g guixbuild extraGroups = [ "guixbuild" ]; # -G guixbuild home = "/var/empty"; # -d /var/empty shell = pkgs.shadow; # -s `which nologin` description = "Guix build user ${i}"; # -c "Guix buid user $i" isSystemUser = true; # --system }; }); # merge all users in pkgs.lib.fold (str: acc: acc // buildUser str) andrehUser # for i in `seq -w 1 10` (map (pkgs.lib.fixedWidthNumber 2) (builtins.genList (n: n + 1) 10)); extraGroups.guixbuild = { name = "guixbuild"; }; }; systemd = { services = { # Derived from Guix guix-daemon.service.in # https://git.savannah.gnu.org/cgit/guix.git/tree/etc/guix-daemon.service.in?id=00c86a888488b16ce30634d3a3a9d871ed6734a2 guix-daemon = { enable = true; description = "Build daemon for GNU Guix"; serviceConfig = { ExecStart = "/var/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=guixbuild --substitute-urls='https://substitutes.nonguix.org https://ci.guix.gnu.org https://bordeaux.guix.gnu.org'"; }; wantedBy = [ "multi-user.target" ]; }; }; }; system = { stateVersion = "20.03"; autoUpgrade = { enable = true; dates = "0:10"; }; }; virtualisation.docker.enable = true; virtualisation.libvirtd.enable = true; }