wanderer/infra
1
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
development
infra/nix/hosts/caelum/configuration.nix
nixurtur e5b76c2d85
many stuffzz...
2026-01-05 23:09:19 +01:00

938 lines
25 KiB
Nix
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
config,
lib,
pkgs,
...
}:
let
hostName = "caelum";
tailnet = "tail530c7.ts.net";
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./disko-config.nix
# (let username = "${usr}"; in with username; ./disko-config.nix)
./modules/promtail/promtail.nix
./modules/caddy.nix
../../modules/base.nix
../../modules/dnscrypt.nix
# ../../modules/waydroid.nix
../../modules/sanoid.nix
../../modules/zram.nix
];
sops = {
defaultSopsFile = ./secrets.yaml;
gnupg.sshKeyPaths = [ ];
age = {
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
generateKey = false;
};
secrets = {
rootPassphrase = {
neededForUsers = true;
};
dnscrypt-proxy-forwardingRules = {
sopsFile = lib.mkForce ./secrets.yaml;
restartUnits = [ "dnscrypt-proxy2.service" ];
};
#dnscrypt-proxy-cloaked = {
# owner = "dnscrypt-proxy";
# group = "dnscrypt-proxy";
# restartUnits = ["dnscrypt-proxy2.service"];
#};
domainName = {
sopsFile = ../../secrets/net.yaml;
restartUnits = [ "promtail.service" ];
};
"attic/netrc" = { };
#z0Key.path = "/var/tmp/z0.key";
#z00p6CrdroidKey.path = "/var/tmp/z0-0p6-crdroid.key";
nixbldr-priv = {
path = "/root/.ssh/nixbldr-${hostName}";
mode = "0500";
};
# "wireless.env" = {};
};
templates = {
netrc = {
content = config.sops.placeholder."attic/netrc";
};
};
};
# nixpkgs.currentSystem = "x86_64-linux";
nix.settings = {
trusted-users = [
"@wheel"
"root"
];
extra-trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
extra-trusted-substituters = [
"https://nix-community.cachix.org"
];
netrc-file = config.sops.secrets."attic/netrc".path;
};
#boot.kernelPatches = [
# # Fix the /proc/net/tcp seek issue
# # Impacts tailscale: https://github.com/tailscale/tailscale/issues/16966
# {
# name = "proc: fix missing pde_set_flags() for net proc files";
# patch = pkgs.fetchurl {
# name = "fix-missing-pde_set_flags-for-net-proc-files.patch";
# url = "https://patchwork.kernel.org/project/linux-fsdevel/patch/20250821105806.1453833-1-wangzijie1@honor.com/raw/";
# hash = "sha256-DbQ8FiRj65B28zP0xxg6LvW5ocEH8AHOqaRbYZOTDXg=";
# };
# }
#];
boot = {
enableContainers = true;
consoleLogLevel = 3;
kernelParams = [
# "spl.spl_hostid=deadb33f"
"ip=dhcp" # FIXME: this is probably wrong...
# "i915.perf_stream_paranoid=0"
"i915.enable_guc=2" # for 9th GPU generation and upwards, likely skylake.
"consoleblank=600"
## forbid hibernation due to zfs-on-root --> no need to manually specify
## this as NixOS does adds by default when booting from zfs.
# "nohibernate" #
# "systemd.log_level=notice"
"rd.udev.log_level=4"
"udev.log_priority=4"
"boot.shell_on_fail"
# "elevator=none"
];
###kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_12.override {
### argsOverride = rec {
### version = "6.12.41";
### src = pkgs.fetchurl {
### url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz";
### sha256 = "axmjrplCPeJBaWTWclHXRZECd68li0xMY+iP2H2/Dic=";
### };
### modDirVersion = version;
### };
###});
# kernelPackages = pkgs.linuxPackages_6_12;
kernelPackages = pkgs.linuxPackages_6_17;
# kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
# kernelPackages = pkgs.linuxKernel.packages.linux_zen.zfs;
kernel.sysctl = {
"dev.i915.perf_stream_paranoid" = 0;
};
#swraid = {
# enable = false;
# mdadmConf = ''
# MAILADDR=nobody@nowhere
# '';
#};
loader = {
timeout = 7;
# Use the systemd-boot EFI boot loader.
systemd-boot = {
enable = true;
configurationLimit = 75;
netbootxyz.enable = true;
memtest86.enable = true;
};
efi.canTouchEfiVariables = true;
};
plymouth.enable = false;
tmp = {
useTmpfs = true;
cleanOnBoot = true;
};
supportedFilesystems = [
"zfs"
"ext4"
"btrfs"
];
zfs =
let
xtrPools = [
# "z0"
];
in
{
forceImportRoot = true;
extraPools = [
# "z0"
]; # // xtrPools;
requestEncryptionCredentials = [
"zr"
# "z0" # not recursively dammit
]; # // xtrPools;
};
kernelModules = [
"zfs"
"i915"
"r8169"
"kvm-amd"
"br_netfilter"
];
initrd = {
# systemd.enable = true;
kernelModules = [
"zfs"
"i915"
"r8169"
];
# initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" "thinkpad_acpi" ];
availableKernelModules = [
"nvme"
"ehci_pci"
"xhci_pci"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
"r8169"
"i915"
];
network = {
# This will use udhcp to get an ip address.
# Make sure you have added the kernel module for your network driver to `boot.initrd.availableKernelModules`,
# so your initrd can load it!
# Static ip addresses might be configured using the ip argument in kernel command line:
# https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt
enable = true;
ssh = {
enable = true;
# To prevent ssh clients from freaking out because a different host key is used,
# a different port for ssh is useful (assuming the same host has also a regular sshd running)
port = 2222;
# hostKeys paths must be unquoted strings, otherwise you'll run into issues with boot.initrd.secrets
# the keys are copied to initrd from the path specified; multiple keys can be set
# you can generate any number of host keys using
# `ssh-keygen -t ed25519 -N "" -f /path/to/ssh_host_ed25519_key`
# `ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key`
# hostKeys = [/root/.initrd-ssh_host_ed25519_key];
hostKeys = [ /etc/secrets/initrd/ssh_host_ed25519_key ];
ignoreEmptyHostKeys = true;
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODmLwtQj6ylgdTPo1/H5jW7jsLzwaCTGdIsTQAdc896"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPLzZkzWM+iiwRqbLX4+iyXSUqewojm74L7Zn2nSrAU"
];
};
};
};
# extraModprobeConfig = "options kvm_amd nested=1";
binfmt = {
emulatedSystems = [
"wasm32-wasi"
"aarch64-linux"
];
};
};
environment = {
# memoryAllocator.provider = "graphene-hardened"; # default is libc, alt scudo.
etc = {
"/nix/netrc".source = config.sops.templates.netrc.path;
};
# memoryAllocator.provider = "scudo"; # default is libc, alt scudo.
memoryAllocator.provider = "libc";
# noXlibs = true; # graphical stuff breaks...
variables = {
EDITOR = "vim";
VISUAL = "vim";
NIXPKGS_ALLOW_UNFREE = "0";
};
systemPackages = with pkgs; [
efibootmgr
hddtemp
### # home-manager
openssl
### # libinput
dmidecode
fwupd
### incron
bridge-utils
moreutils # moar better
wol
vim
# helix
ranger
### # zed-editor
git
### fio
viddy # watch reimplementation
intel-gpu-tools
# XXX: deprecated in 24.11
# onevpl-intel-gpu
vpl-gpu-rt
intel-compute-runtime
clinfo
### passage # pass w/ support for age encryption
### # passExtensions.pass-tomb
btrfs-progs
ntfs3g
cryptsetup
squashfsTools
sasquatch
libguestfs
### httm # zfs time machine-like tool
### htmlq # like jq, but for html
### httplz # a basic http server for hosting a folder
### htmldoc # convert html top postscript and pdf
### http-prompt # An interactive command-line HTTP client featuring autocomplete and syntax highlighting
wireguard-tools
wget
curl
inetutils # telnet
httpx
# traceroute
dublin-traceroute
mtr # a network diagnostic tool
starship
zellij
zoxide
### # ripgrep-all # provides rga with support for pdfs, zip files and such.
fzf
### fzy # a better fuzzy finder
### skim # a command-line fuzzy finder written in Rust
### ddh # a fast duplicate file finder
### docfd # a multiline fuzzy document finder
### zf # a fuzzy finder that prioritizes matches on filenames
### skim # a rust fuzzy finder
### nodePackages.json-diff
### pandoc
fastfetch
### freshfetch
### ghfetch
### w3m
### lynx
# XXX: deprecated in 2505
# go_1_22
# go_1_23
go_1_25
rustc
#cargo
### sccache
python3.pkgs.pip
### python3.pkgs.numpy
### python3.pkgs.pandas
### bitwarden-cli
### rbw
### pinentry-curses # a dep of rbw. can also use pinentry (gtk2?).
### poppler_utils
### zbar
### qrencode
bsd-finger
### # flatpak
### quickemu
### # virt-manager
### sshpass
### ssh-audit
### sshchecker
### ssh-key-confirmer
### ssh-mitm
### sshesame
### pssh
ssh-to-age
### # localsend
### lychee
### notcurses
### msgviewer # convert .msg to .eml
### libpst # read outlook profile files
### cmatrix
### # qbittorrent
### immich-go
### sdcv # console version of StarDict
### tmux
### tmate
### circumflex # hackernews in the terminal
### obfs4 # tor client-bridge transport mechanism
### sysstat
### ioztat # storage load analysis fro openzfs
cifs-utils
pciutils
sysfsutils
lshw
### libva-utils
### tshark termshark
### # junkie # Deep packet inspection swiss-army knife
hashcat
];
};
console.keyMap = "uk";
networking = {
# hostId = pkgs.lib.mkForce "00000000";
hostId = "ae4db33f";
inherit hostName;
# hostName = "caelum";
nftables.enable = true;
networkmanager = {
enable = true;
dns = "none";
};
dhcpcd.extraConfig = "nohook resolv.conf";
nameservers = [
"127.0.0.1"
"::1"
];
resolvconf.dnsSingleRequest = true;
resolvconf.extraOptions = [
"single-request-reopen"
"attempts:5"
"timeout:5"
# "rotate"
"ndots:1"
# Sets RES_NOCHECKNAME in _res.options, which disables the modern BIND
# checking of incoming hostnames and mail names for invalid characters such
# as underscore (_), non-ASCII, or control characters.
"no-check-names"
"trust-ad"
];
# interfaces.enp0s25.wakeOnLan.enable = true;
stevenblack.enable = true;
stevenblack.block = [
"fakenews"
"gambling"
];
firewall = {
allowPing = true;
checkReversePath = lib.mkForce false; # FIXME: fix the root issue instead.
logReversePathDrops = true;
logRefusedConnections = true;
trustedInterfaces = [
"virbr0"
# "bro"
"tailscale0"
];
allowedTCPPorts = [ 445 ];
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
#wireless.networks = {
# "@homewlan_ssid@" = {
# psk = "@homewlan_psk@";
# };
#};
};
users.users = {
root = {
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJaXmXbNegxiXLldy/sMYX8kCsghY1SGqn2FZ5Jk7QJw"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZbkw9vjCfbMPEH7ZAFq20XE9oIJ4w/HRIMu2ivNcej caelum's nixbldr key"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKzPC0ZK4zrOEBUdu1KNThEleVb1T5Pl3+n3KB3o0b8 surtur's nixbldr key"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5u4sBsu4ZpVRHJ9J2CfQ4JoojsdfsS0WzaFgiMCOe5 loki's nixbldr key"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPLzZkzWM+iiwRqbLX4+iyXSUqewojm74L7Zn2nSrAU"
];
# hashedPasswordFile = config.sops.secrets.rootPassphrase.path;
hashedPassword = "$y$j9T$yNhN6CYvKBWz/HnLv2gp//$0fFgtV4xzBijxWxUg1oTH74GoekdMK6UZUQWby5fZi4";
autoSubUidGidRange = true;
};
};
nix = {
registry = {
nixpkgs.to = {
type = "github";
owner = "nixos";
repo = "nixpkgs";
};
};
};
# nix.settings.netrc-file = config.sops.templates.netrc.path;
# # services.xserver.displayManager.defaultSession = "plasmawayland";
# services.xserver.displayManager.defaultSession = "sway";
# services.xserver.desktopManager = {
# xterm.enable = false;
# # xfce.enable = true;
# # gnome.enable = true;
# plasma5.enable = true;
# };
programs = {
# adb.enable = true;
# https://nixos.wiki/wiki/Appimage
# appimage.binfmt = true;
# responsiveness over 9000.
cfs-zen-tweaks.enable = true;
#gnupg.agent = {
# enable = true;
# # pinentryFlavor = "curses"; # or "gnome3"
# pinentryPackage = pkgs.pinentry-curses;
# enableSSHSupport = false;
#};
# ssh.startAgent = true;
ssh.extraConfig = ''
Host z
Hostname z.${tailnet}
User root
IdentityFile ${config.sops.secrets.nixbldr-priv.path}
Host loki
Hostname loki.${tailnet}
User root
IdentityFile ${config.sops.secrets.nixbldr-priv.path}
Host surtur
# Hostname surtur.${tailnet}
Hostname nixurtur.${tailnet}
User root
IdentityFile ${config.sops.secrets.nixbldr-priv.path}
Host t14
Hostname t14.${tailnet}
User root
IdentityFile ${config.sops.secrets.nixbldr-priv.path}
Host nixpi
Hostname nixpi.${tailnet}
User root
IdentityFile ${config.sops.secrets.nixbldr-priv.path}
Host pure-joy
Hostname pure-joy.${tailnet}
User root
IdentityFile ${config.sops.secrets.nixbldr-priv.path}
Host monoceros
Hostname pure-joy.${tailnet}
User root
IdentityFile ${config.sops.secrets.nixbldr-priv.path}
Host wyse
Hostname wyse.${tailnet}
User root
IdentityFile ${config.sops.secrets.nixbldr-priv.path}
Host umberto-nix
Hostname umberto-nix.${tailnet}
User root
IdentityFile ${config.sops.secrets.nixbldr-priv.path}
'';
# macOS compatibility;
# darling.enable = true;
direnv.enable = true;
nano.enable = false;
vim.defaultEditor = true;
# wireshark.enable = true;
};
security = {
sudo = {
enable = true;
# prevent's CVE-2021-3156-style exploits.
execWheelOnly = true;
# for wheel and root, kitty likes this.
keepTerminfo = true;
extraConfig = ''
Defaults lecture=always
Defaults lecture_file=${./misc/groot.txt}
'';
extraRules = [
{
commands = [
{
command = "${pkgs.systemd}/bin/systemctl suspend";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}
];
};
# polkit.enable = true;
# rtkit.enable = true;
};
fileSystems = {
# ext4 zvol, technically important but not enough to fall to emergency shell.
"/root/.local/share/atuin".options = [
"x-systemd.device-timeout=30s,x-systemd.mount-timeout=45s,nofail"
];
"/var/lib/docker".options = [ "x-systemd.mount-timeout=45s,nofail" ];
};
#systemd.mounts = [
# {
# "root-.local-share-atuin.mount" = {
# # options = "nofail";
# };
# }
#];
systemd.services = {
zfs-zed.serviceConfig = {
LogLevelMax = "notice";
# StandardOutput = lib.mkForce "/dev/null";
StandardOutput = lib.mkForce "null";
StandardError = lib.mkForce "null";
};
tailscaled.serviceConfig = {
LogLevelMax = "notice";
# StandardOutput = "null";
LogsDirectory = "tailscaled";
StandardOutput = "append:%L/stdout.log";
};
NetworkManager-wait-online.serviceConfig.ExecStart = "${pkgs.coreutils}/bin/true";
};
services = {
atd.enable = true;
fstrim.enable = true;
fwupd.enable = true;
logind = {
#lidSwitch = "ignore";
#lidSwitchDocked = "ignore";
#extraConfig = "HandlePowerKey=suspend";
settings.Login = {
# don’t shutdown when power button is short-pressed.
HandleLidSwitch = "ignore";
HandlePowerKey = "ignore";
};
};
# nixos-cli.enable = true;
udev.extraRules = ''
# wol
ACTION=="add", SUBSYSTEM=="net", NAME=="en*", RUN+="${pkgs.ethtool}/bin/ethtool -s $name wol g"
'';
# geoclue2.enable = true; # geolocation.
# dbus.enable = true;
# dnscrypt-proxy2.settings.cloaking_rules = config.sops.secrets.dnscrypt-proxy-cloaked.path;
# dnscrypt-proxy2.settings.forwarding_rules = config.sops.secrets.dnscrypt-proxy-forwardingRules.path;
# flatpak.enable = true;
ollama = {
enable = true;
};
# use docker and run on loki
open-webui = {
enable = false;
# environmentFile = config.sops.templates.openwebui.path;
environment = {
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
# WEBUI_AUTH = "False";
# ENABLE_OAUTH_SIGNUP = "True";
};
};
power-profiles-daemon.enable = true;
prometheus = {
enable = false;
exporters = {
node = {
enable = true;
enabledCollectors = [
"logind"
"systemd"
"sysctl"
"network_route"
"zfs"
];
disabledCollectors = [
"arp"
"tapestats"
];
listenAddress = "${hostName}.${tailnet}";
port = 9100;
};
smartctl = {
enable = true;
listenAddress = "${hostName}.${tailnet}";
devices = [
"/dev/disk/by-id/ata-WDC_WDS240G2G0A-00JH30_1939A1801207"
"/dev/disk/by-id/ata-WDC_WDS240G2G0A-00JH30_194033801274"
];
};
};
};
pulseaudio.enable = false;
samba-wsdd = {
# This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued
enable = false;
openFirewall = false;
};
# ref: https://gist.github.com/vy-let/a030c1079f09ecae4135aebf1e121ea6
samba = {
# package = pkgs.samba4Full;
enable = false;
openFirewall = true;
#settings = {
##global = {
## "workgroup" = "WORKGROUP";
## "guest account" = "nobody";
##};
#"media-ro" = {
# "path" = "/media";
# browsable = "yes";
# "read only" = "yes";
# "guest ok" = "yes";
# "force user" = "root";
# "create mask" = "0640";
# "directory mask" = "0750";
# # "force user" = "username";
# # "force group" = "groupname";
#};
#};
# XXX: deprecated in 24.11
# enableNmbd = true;
# securityType = "user";
nmbd.enable = false;
settings = {
global = {
"security type" = "user";
"server role" = "standalone server";
# server smb encrypt = required
# ^^ Note: Breaks `smbclient -L <ip/host> -U%` by default, might require the client to set `client min protocol`?
# server min protocol = SMB3_00
"guest account" = "nobody";
"map to guest" = "Bad User";
"socket options" = "TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192";
"server multi channel support" = "yes";
"aio read size" = 1;
"aio write size" = "1g";
};
#testshare = {
# path = "/DATA/test";
# writable = "true";
# comment = "Hello World!";
# "guest ok" = "yes";
#};
data-ro = {
path = "/DATA";
writable = "false";
browsable = "yes";
"read only" = "yes";
"guest ok" = "yes";
"guest only" = "yes";
# "force user" = "root";
# "create mask" = "0640";
# "directory mask" = "0750";
};
};
# XXX: deprecated in 24.11
### extraConfig = ''
### server role = standalone server
### # server smb encrypt = required
### # ^^ Note: Breaks `smbclient -L <ip/host> -U%` by default, might require the client to set `client min protocol`?
### # server min protocol = SMB3_00
### guest account = nobody
### map to guest = Bad User
### socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
### '';
### shares = {
### #testshare = {
### # path = "/DATA/test";
### # writable = "true";
### # comment = "Hello World!";
### # "guest ok" = "yes";
### #};
### media-ro = {
### path = "/media";
### writable = "false";
### browsable = "yes";
### "read only" = "yes";
### "guest ok" = "yes";
### # "guest only" = "yes";
### # "force user" = "root";
### "create mask" = "0640";
### "directory mask" = "0750";
### };
### };
};
sanoid = {
enable = true;
interval = "*:0/5";
datasets = {
"zr/userdata" = {
useTemplate = [ "frequent" ];
# recursive = "zfs";
recursive = true;
};
# "zr/system/nixos" = {
"zr/system" = {
useTemplate = [ "production" ];
# recursive = "zfs";
recursive = true;
};
"zr/local/nix" = {
useTemplate = [ "production" ];
};
};
};
SystemdJournal2Gelf = {
enable = false;
graylogServer = "loki.tail530c7.ts.net:12201";
};
# TS is enabled in the imported module, this is additional config.
tailscale = {
useRoutingFeatures = "both";
# accept-routes = true;
};
zfs = {
trim.enable = true;
autoScrub = {
enable = true;
interval = "monthly";
};
};
};
virtualisation = {
libvirtd = {
enable = false;
qemu.swtpm.enable = false; # XXX: fails to build rn.
};
podman = {
enable = true;
extraPackages = [ pkgs.gvisor ];
defaultNetwork.settings = {
dns_enabled = true;
};
# storageDriver = "zfs";
};
docker = {
enable = true;
storageDriver = "zfs";
};
};
# virtualisation.useSecureBoot = true;
# virtualisation.useBootLoader = true; # allows for testing of bootloader.
# virtualisation.podman.enable = true;
# virtualisation.podman.storageDriver = "zfs";
hardware = {
cpu.amd.updateMicrocode = true;
enableRedistributableFirmware = true;
mcelog.enable = true;
bluetooth.enable = false;
#fancontrol = {
# enable = true;
# config = ''
# '';
#};
intel-gpu-tools.enable = true;
graphics = {
# Mesa
enable = true;
# XXX: deprecated in 24.11
# driSupport = true;
# extraPackages = with pkgs; [
# vaapiVdpau
# libvdpau-va-gl
# ];
# extraPackages = [
# pkgs.amdvlk
# ];
extraPackages = with pkgs; [
vpl-gpu-rt # for newer GPUs on NixOS >24.05 or unstable
# onevpl-intel-gpu # for newer GPUs on NixOS <= 24.05
intel-media-driver
intel-compute-runtime
# intel-media-sdk # for older GPUs
];
};
};
#xdg = {
# portal = {
# enable = false;
# wlr.enable = false;
# extraPortals = with pkgs; [
# xdg-desktop-portal-wlr
# # xdg-desktop-portal-gtk
# # xdg-desktop-portal-gnome
# ];
# };
#};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# Does not work with flakes - yetâ„¢.
system.copySystemConfiguration = false;
# system.stateVersion = lib.mkForce "23.11";
}
Reference in New Issue View Git Blame Copy Permalink