phfroidmont/nixos-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-configs/hosts/ingenico-laptop/configuration.nix

243 lines
6.2 KiB
Nix
Raw Normal View History

Improve Ubuntu config
2020-10-11 20:33:37 +02:00
{ config, lib, pkgs, ... }:
Update ingenico-laptop
2021-04-13 11:16:38 +02:00
let
nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
export __GLX_VENDOR_LIBRARY_NAME=nvidia
export __VK_LAYER_NV_optimus=NVIDIA_only
exec -a "$0" "$@"
'';
in
Improve Ubuntu config
2020-10-11 20:33:37 +02:00
{
imports = [
Use NixOs on Ingenico laptop
2020-11-30 11:55:57 +01:00
<home-manager/nixos>
./hardware-configuration.nix
../../configs/system.nix
../../configs/network.nix
../../configs/virtualisation.nix
Improve Ubuntu config
2020-10-11 20:33:37 +02:00
];
Update ingenico-laptop
2021-04-13 11:16:38 +02:00
hardware.nvidia.prime = {
offload.enable = true;
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA
intelBusId = "PCI:0:2:0";
# Bus ID of the NVIDIA GPU. You can find it using lspci, either under 3D or VGA
nvidiaBusId = "PCI:1:0:0";
};
services.xserver.videoDrivers = [ "nvidia" ];
Use NixOs on Ingenico laptop
2020-11-30 11:55:57 +01:00
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.luks.devices = {
crypted = {
device = "/dev/disk/by-uuid/50f8d5be-eabc-4b80-a36f-b8e5646c4fc1";
preLVM = true;
Improve Ubuntu config
2020-10-11 20:33:37 +02:00
};
};
Use NixOs on Ingenico laptop
2020-11-30 11:55:57 +01:00
Configure DNS and Docker on Ingenico laptop
2020-11-30 16:32:08 +01:00
boot.kernel.sysctl = {
# Turn on execshield
"kernel.exec-shield" = 1;
"kkernel.randomize_va_space" = 1;
# Enable IP spoofing protection
"net.ipv4.conf.all.rp_filter" = 1;
# Disable IP source routing
"knet.ipv4.conf.all.accept_source_route" = 0;
# Ignoring broadcasts request
"net.ipv4.icmp_echo_ignore_broadcasts" = 1;
"fnet.ipv4.icmp_ignore_bogus_error_messages" = 1;
# Make sure spoofed packets get logged
"net.ipv4.conf.all.log_martians" = 1;
# SYN flood protection
"net.ipv4.tcp_syncookies" = 1;
# Control IP packet forwarding
"net.ipv4.ip_forward" = 1;
};
Use NixOs on Ingenico laptop
2020-11-30 11:55:57 +01:00
networking = {
hostName = "enix016";
Configure DNS and Docker on Ingenico laptop
2020-11-30 16:32:08 +01:00
networkmanager = {
enable = true;
dns = "dnsmasq";
Update ingenico-laptop
2021-04-13 11:16:38 +02:00
# extraConfig = ''
# rc-manager=unmanaged
# '';
Configure DNS and Docker on Ingenico laptop
2020-11-30 16:32:08 +01:00
};
Improve Ubuntu config
2020-10-11 20:33:37 +02:00
};
Use NixOs on Ingenico laptop
2020-11-30 11:55:57 +01:00
Update ingenico-laptop
2021-04-13 11:16:38 +02:00
#services.dnsmasq = {
# enable = true;
# servers = [
# "1.1.1.1"
# "1.0.0.1"
# "/.its/172.21.1.131"
# "/.its/172.21.1.146"
# "/.lab.ingenico.com/172.24.15.1"
# "/.lab.ingenico.com/172.24.15.2"
# "/.sandbox.global.ingenico.com/10.138.24.53"
# "/sb.eu.ginfra.net/10.138.24.53"
# ];
# extraConfig = ''
# addn-hosts=/etc/hosts
# interface=lo
# interface=docker0
# bind-dynamic
# listen-address=172.17.0.1
# '';
#};
# networking.interfaces.wlp59s0.useDHCP = true;
Use NixOs on Ingenico laptop
2020-11-30 11:55:57 +01:00
console = {
font = "Lat2-Terminus16";
keyMap = "fr";
};
i18n = {
defaultLocale = "en_US.UTF-8";
};
time.timeZone = "Europe/Amsterdam";
Configure DNS and Docker on Ingenico laptop
2020-11-30 16:32:08 +01:00
environment.etc = {
"openfortivpn/config".text = ''
host = devsslvpn.global.ingenico.com
port = 443
trusted-cert = e09de6da3902e58b9061f28e13d33088d929f3451367d21f1721a0ed6361a883
trusted-cert = 33069b6d904330b3fde5c002ca4964b7f413003665e78963d73098fe5f6f7c05
trusted-cert = 599dba9bee8a920836b68ca5603a11ceee5ec0450201c7a7651f5575d6bbcd3a
set-dns = 0
set-routes = 1
insecure-ssl = 0
cipher-list = HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
'';
Update ingenico-laptop
2021-04-13 11:16:38 +02:00
"NetworkManager/dnsmasq.d/hosts.conf".text = ''
Configure DNS and Docker on Ingenico laptop
2020-11-30 16:32:08 +01:00
addn-hosts=/etc/hosts
'';
Update ingenico-laptop
2021-04-13 11:16:38 +02:00
"NetworkManager/dnsmasq.d/ingenico.conf".text = ''
Configure DNS and Docker on Ingenico laptop
2020-11-30 16:32:08 +01:00
server=/.its/172.21.1.131
server=/.its/172.21.1.146
server=/.lab.ingenico.com/172.24.15.1
server=/.lab.ingenico.com/172.24.15.2
server=/.sandbox.global.ingenico.com/10.138.24.53
server=/sb.eu.ginfra.net/10.138.24.53
'';
Update ingenico-laptop
2021-04-13 11:16:38 +02:00
"NetworkManager/dnsmasq.d/default.conf".text = ''
Configure DNS and Docker on Ingenico laptop
2020-11-30 16:32:08 +01:00
server=/~./1.1.1.1
server=1.1.1.1
server=/~./1.0.0.1
server=1.0.0.1
'';
Update ingenico-laptop
2021-04-13 11:16:38 +02:00
"docker/daemon.json".text = ''
Configure DNS and Docker on Ingenico laptop
2020-11-30 16:32:08 +01:00
{
"dns": [
Update ingenico-laptop
2021-04-13 11:16:38 +02:00
"10.138.24.53",
Configure DNS and Docker on Ingenico laptop
2020-11-30 16:32:08 +01:00
"172.17.0.1"
],
"insecure-registries": [
"docker-registry.services.lab.ingenico.com"
]
}
'';
Update ingenico-laptop
2021-04-13 11:16:38 +02:00
"NetworkManager/dnsmasq.d/docker-bridge.conf".text = ''
interface=lo
interface=docker0
Configure DNS and Docker on Ingenico laptop
2020-11-30 16:32:08 +01:00
listen-address=172.17.0.1
'';
Use NixOs on Ingenico laptop
2020-11-30 11:55:57 +01:00
};
hardware.bluetooth = {
enable = true;
# Enable A2DP Sink
Update ingenico-laptop
2021-04-13 11:16:38 +02:00
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
Use NixOs on Ingenico laptop
2020-11-30 11:55:57 +01:00
};
hardware.pulseaudio = {
enable = true;
# Use full build to have Bluetooth support
package = pkgs.pulseaudioFull;
};
home-manager.users.froidmpa = {pkgs, config, ...}: {
imports = [
../../configs/home/full.nix
];
services = {
network-manager-applet.enable = true;
blueman-applet.enable = true;
grobi = {
enable = true;
executeAfter = ["${pkgs.systemd}/bin/systemctl --user restart stalonetray" "${pkgs.feh}/bin/feh --bg-fill ~/.wallpaper.png"];
rules = [
{
name = "Work HDMI";
outputs_connected = [ "HDMI-1" ];
configure_single = "HDMI-1";
primary = true;
atomic = true;
}
Update ingenico-laptop
2021-04-13 11:16:38 +02:00
{
name = "Work dock";
outputs_connected = [ "DP-1-2" ];
configure_single = "DP-1-2";
primary = true;
atomic = true;
}
Use NixOs on Ingenico laptop
2020-11-30 11:55:57 +01:00
{
name = "Work USBC";
outputs_connected = [ "DP-1" ];
configure_single = "DP-1";
primary = true;
atomic = true;
}
{
name = "Fallback";
configure_single = "eDP-1";
}
];
};
gpg-agent = {
enable = true;
Fix DNS + use ssh-agent on ingenico-laptop
2020-12-14 19:10:31 +01:00
enableSshSupport = false;
pinentryFlavor = "gtk2";
Use NixOs on Ingenico laptop
2020-11-30 11:55:57 +01:00
};
Improve Ubuntu config
2020-10-11 20:33:37 +02:00
};
Use NixOs on Ingenico laptop
2020-11-30 11:55:57 +01:00
programs = {
git = {
enable = true;
userName = "Paul-Henri Froidmont";
userEmail = "paul-henri.froidmont@ingenico.com";
signing = {
key = "589ECB6FAA8FF1F40E579C9E1479473F99393013";
signByDefault = true;
};
Update ingenico-laptop
2021-04-13 11:16:38 +02:00
lfs.enable = true;
Improve Ubuntu config
2020-10-11 20:33:37 +02:00
};
Use NixOs on Ingenico laptop
2020-11-30 11:55:57 +01:00
gpg.enable = true;
Improve Ubuntu config
2020-10-11 20:33:37 +02:00
};
};
Use NixOs on Ingenico laptop
2020-11-30 11:55:57 +01:00
# Enable touchpad support.
services.xserver.libinput.enable = true;
Improve Ubuntu config
2020-10-11 20:33:37 +02:00
Update ingenico-laptop
2021-04-13 11:16:38 +02:00
services.printing.enable = true;
services.printing.drivers = [ pkgs.gutenprint ];
services.avahi.enable = true;
services.avahi.nssmdns = true;
# eid
services.pcscd.enable = true;
environment.systemPackages = with pkgs; [
eid-mw
nvidia-offload
];
Use NixOs on Ingenico laptop
2020-11-30 11:55:57 +01:00
system.stateVersion = "20.09";
Improve Ubuntu config
2020-10-11 20:33:37 +02:00
}
Reference in a new issue Copy permalink