dotfiles/nixos/roles/workstation.nix

{ config, lib, pkgs, ... }:
{
  services.fwupd.enable = true;
  programs.fish.enable = true;
  users.users.yorick = {
    extraGroups = [ "input" "wireshark" "dialout" "video" "libvirtd" ];
    shell = pkgs.fish;
  };
  services.printing = {
    enable = true;
    drivers = with pkgs; [ gutenprint cups-dymo ];
  };
  environment.systemPackages = with pkgs; [
    ghostscript yubikey-manager glib
  ];
  environment.sessionVariables.XDG_DATA_DIRS = with pkgs; [
    "${gnome-themes-extra}/share"
    "${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}"
    # emacs?
  ];
  nix.gc.automatic = lib.mkOverride 30 false;
  virtualisation.libvirtd.enable = true;
  # fix glasgow, fomu, backlight
  services.udev.extraRules = ''
    SUBSYSTEM=="usb", ATTRS{idVendor}=="20b7", ATTRS{idProduct}=="9db1", TAG+="uaccess"
    SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5bf0", TAG+="uaccess"
    ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
    ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
  '';

  # picoscope
  services.udev.packages = [
    (pkgs.writeTextDir "lib/udev/rules.d/95-pico.rules" ''
      SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ce9", TAG+="uaccess"
    '')
  ];

  # development
  services.postgresql = {
    enable = false;
    enableTCPIP = true;
    package = pkgs.postgresql_11;
  };

  # git
  boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;

  yorick.lumi-vpn.enable = false;
  yorick.lumi-cache.enable = true;

  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true; # todo: support32bit?
    pulse.enable = true;
  };
  # bluetooth battery indicator
  hardware.bluetooth = {
    package = pkgs.bluez5-experimental;
    settings.General.Experimental = true;
  };
  xdg.portal = {
    enable = true;
    wlr.enable = true;
    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
  };
  hardware.opengl = {
    enable = true;
    driSupport32Bit = true;
  };

  fonts = {
    fontDir.enable = true;
    enableGhostscriptFonts = true;
    packages = with pkgs; [
      corefonts # Micrsoft free fonts
      inconsolata # monospaced
      source-code-pro
      ubuntu_font_family # Ubuntu fonts
      source-han-sans
      (nerdfonts.override {
        fonts = [
          "DejaVuSansMono"
          "Noto"
          "NerdFontsSymbolsOnly"
        ];
      })
      iosevka
      emojione
      font-awesome
    ];
  };
  # spotify, castnow
  networking.firewall = {
    allowedTCPPorts = [ 55025 57621 5353 ];
    allowedTCPPortRanges = [ { from = 4100; to = 4105; } ];
    allowedUDPPorts = [ 55025 57621 ];
  };

  programs = {
    dconf.enable = true;
    noisetorch.enable = true;
    wireshark.enable = true;
    kdeconnect.enable = true;
    sway = {
      enable = true;
      extraSessionCommands = ''
        export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${
          lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])
        }
      '';
    };
  };
  services.pcscd.enable = true;
  services.xserver.gdk-pixbuf.modulePackages = [ pkgs.webp-pixbuf-loader ];
  hardware.ledger.enable = true;

  networking.wireguard.interfaces.wg-dk = {
    privateKeyFile =
      "/home/yorick/datakami/infra/keys/wg.yorick.key";
    ips = [ "10.100.0.4/32" ];
    peers = [{
      publicKey = "teCEYc4KWT6rGchNOp6sIFO0jmkhwTjv6reOzGscAm8=";
      endpoint = "dk-1.datakami.nl:51820";
      allowedIPs = [ "10.100.0.0/24" ];
      persistentKeepalive = 25;
    }];
  };
}
better hardware/logical separation 2017-02-02 16:31:19 +01:00			`{ config, lib, pkgs, ... }:`
refactoring 2022-04-11 13:26:26 +02:00			`{`
frumar: add samba 2022-07-06 09:25:49 +02:00			`services.fwupd.enable = true;`
update nixpkgs 2023-04-23 09:42:35 +02:00			`programs.fish.enable = true;`
refactoring 2022-04-11 13:26:26 +02:00			`users.users.yorick = {`
			`extraGroups = [ "input" "wireshark" "dialout" "video" "libvirtd" ];`
			`shell = pkgs.fish;`
			`};`
better hardware/logical separation 2017-02-02 16:31:19 +01:00			`services.printing = {`
			`enable = true;`
refactoring 2022-04-11 13:26:26 +02:00			`drivers = with pkgs; [ gutenprint cups-dymo ];`
better hardware/logical separation 2017-02-02 16:31:19 +01:00			`};`
initial commit 2020-05-21 17:39:38 +02:00			`environment.systemPackages = with pkgs; [`
refactoring 2022-04-11 13:26:26 +02:00			`ghostscript yubikey-manager glib`
initial commit 2020-05-21 17:39:38 +02:00			`];`
workstation: fix themes, add dymo cups driver 2021-01-02 20:49:28 +01:00			`environment.sessionVariables.XDG_DATA_DIRS = with pkgs; [`
			`"${gnome-themes-extra}/share"`
			`"${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}"`
refactoring 2022-04-11 13:26:26 +02:00			`# emacs?`
workstation: fix themes, add dymo cups driver 2021-01-02 20:49:28 +01:00			`];`
Add attic server 2024-02-17 15:14:16 +01:00			`nix.gc.automatic = lib.mkOverride 30 false;`
initial commit 2020-05-21 17:39:38 +02:00			`virtualisation.libvirtd.enable = true;`
refactoring 2022-04-11 13:26:26 +02:00			`# fix glasgow, fomu, backlight`
initial commit 2020-05-21 17:39:38 +02:00			`services.udev.extraRules = ''`
refactoring 2022-04-11 13:26:26 +02:00			`SUBSYSTEM=="usb", ATTRS{idVendor}=="20b7", ATTRS{idProduct}=="9db1", TAG+="uaccess"`
			`SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5bf0", TAG+="uaccess"`
			`ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"`
			`ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"`
initial commit 2020-05-21 17:39:38 +02:00			`'';`
move picoscope+ldac+postgres stuff to workstation 2021-01-02 21:06:31 +01:00
			`# picoscope`
			`services.udev.packages = [`
			`(pkgs.writeTextDir "lib/udev/rules.d/95-pico.rules" ''`
refactoring 2022-04-11 13:26:26 +02:00			`SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ce9", TAG+="uaccess"`
move picoscope+ldac+postgres stuff to workstation 2021-01-02 21:06:31 +01:00			`'')`
			`];`

			`# development`
			`services.postgresql = {`
flake update 2022-11-19 17:55:30 +01:00			`enable = false;`
move picoscope+ldac+postgres stuff to workstation 2021-01-02 21:06:31 +01:00			`enableTCPIP = true;`
flake update 2022-11-19 17:55:30 +01:00			`package = pkgs.postgresql_11;`
move picoscope+ldac+postgres stuff to workstation 2021-01-02 21:06:31 +01:00			`};`

			`# git`
			`boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;`
add lumi-vpn module 2021-01-03 17:38:59 +01:00
Make datakami vpn 2024-04-24 16:57:50 +02:00			`yorick.lumi-vpn.enable = false;`
refactoring 2022-04-11 13:26:26 +02:00			`yorick.lumi-cache.enable = true;`
update 2021-05-23 17:19:28 +02:00
pipewire 2021-08-14 12:18:09 +02:00			`security.rtkit.enable = true;`
			`services.pipewire = {`
			`enable = true;`
			`alsa.enable = true;`
			`alsa.support32Bit = true; # todo: support32bit?`
			`pulse.enable = true;`
			`};`
nix flake update 2023-07-20 15:29:02 +02:00			`# bluetooth battery indicator`
			`hardware.bluetooth = {`
			`package = pkgs.bluez5-experimental;`
			`settings.General.Experimental = true;`
			`};`
update 2021-05-23 17:19:28 +02:00			`xdg.portal = {`
			`enable = true;`
bump nixpkgs 2022-09-15 10:14:50 +02:00			`wlr.enable = true;`
			`extraPortals = [ pkgs.xdg-desktop-portal-gtk ];`
update 2021-05-23 17:19:28 +02:00			`};`
refactoring 2022-04-11 13:26:26 +02:00			`hardware.opengl = {`
			`enable = true;`
			`driSupport32Bit = true;`
			`};`

			`fonts = {`
			`fontDir.enable = true;`
			`enableGhostscriptFonts = true;`
Fix evaluation warnings 2024-03-23 10:01:27 +01:00			`packages = with pkgs; [`
refactoring 2022-04-11 13:26:26 +02:00			`corefonts # Micrsoft free fonts`
			`inconsolata # monospaced`
			`source-code-pro`
			`ubuntu_font_family # Ubuntu fonts`
treewide nixpkgs update 2022-10-04 10:15:29 +02:00			`source-han-sans`
Add attic server 2024-02-17 15:14:16 +01:00			`(nerdfonts.override {`
			`fonts = [`
			`"DejaVuSansMono"`
			`"Noto"`
Fix emacs fonts 2024-03-23 10:07:45 +01:00			`"NerdFontsSymbolsOnly"`
Add attic server 2024-02-17 15:14:16 +01:00			`];`
			`})`
refactoring 2022-04-11 13:26:26 +02:00			`iosevka`
			`emojione`
			`font-awesome`
			`];`
			`};`
			`# spotify, castnow`
			`networking.firewall = {`
			`allowedTCPPorts = [ 55025 57621 5353 ];`
			`allowedTCPPortRanges = [ { from = 4100; to = 4105; } ];`
			`allowedUDPPorts = [ 55025 57621 ];`
			`};`

			`programs = {`
			`dconf.enable = true;`
			`noisetorch.enable = true;`
			`wireshark.enable = true;`
enable KDEconnect on workstations 2023-05-20 13:40:23 +02:00			`kdeconnect.enable = true;`
refactoring 2022-04-11 13:26:26 +02:00			`sway = {`
			`enable = true;`
			`extraSessionCommands = ''`
			`export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${`
			`lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])`
			`}`
			`'';`
			`};`
			`};`
			`services.pcscd.enable = true;`
Add gdk-pixbuf webp loader 2023-09-17 18:17:29 +02:00			`services.xserver.gdk-pixbuf.modulePackages = [ pkgs.webp-pixbuf-loader ];`
ledger udev rules 2024-04-20 09:29:22 +02:00			`hardware.ledger.enable = true;`
Make datakami vpn 2024-04-24 16:57:50 +02:00
			`networking.wireguard.interfaces.wg-dk = {`
			`privateKeyFile =`
			`"/home/yorick/datakami/infra/keys/wg.yorick.key";`
			`ips = [ "10.100.0.4/32" ];`
			`peers = [{`
			`publicKey = "teCEYc4KWT6rGchNOp6sIFO0jmkhwTjv6reOzGscAm8=";`
			`endpoint = "dk-1.datakami.nl:51820";`
			`allowedIPs = [ "10.100.0.0/24" ];`
			`persistentKeepalive = 25;`
			`}];`
			`};`
disbale redshifit, move nix gc 2018-05-12 18:15:42 +02:00			`}`