modules/common.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

{
  me,
  pkgs,
  auxiliaryPkgs,
  unstablePkgs,
  ...
}:

let
  inherit (builtins) filter elem;

  filterUnsupportedPackages =
    packages: filter (p: elem me.system (p.meta.platforms or [ me.system ])) packages;
in
{
  imports = [
    ./nix.nix
    ./user.nix
    ./locale.nix
    ./vim.nix
    ./tmux.nix
    ./gnome.nix
    ./fonts.nix
    ./flatpak.nix
    ./libreoffice.nix
    ./electronics.nix
    ./hardware-keys.nix
    ./nix-ld.nix
  ];

  services.envfs.enable = true;
  virtualisation.libvirtd.enable = true;

  # fish enables this by default,
  # it makes every nixos rebuild very slow.
  documentation.man.generateCaches = false;
  documentation = {
    info.enable = true;
    doc.enable = true;
    dev.enable = true;
    nixos = {
      enable = true;
      includeAllModules = true;
    };
  };

  networking.hostName = me.name;
  # use corsac dns server
  networking.nameservers =
    let
      corsacTailnet = "100.64.100.100";
    in
    [ corsacTailnet ];

  services.resolved.enable = true;

  services = {
    acpid.enable = true;
    sysprof.enable = true;
    tailscale = {
      enable = true;
      useRoutingFeatures = "both";
      extraUpFlags = [ "--ssh" ];
    };

    # sometimes needed for gnupg
    pcscd.enable = true;
  };

  programs = {
    # steam requires the i386 package set, which obviously does not work on ARM.
    # TODO: pull out gaming related configuration (like steam) into a seperate module.
    # steam = {
    #   enable = true;
    #   remotePlay.openFirewall = true;
    # };
    virt-manager.enable = true;
    fish.enable = true;
    git.enable = true;

    ghidra = {
      enable = true;
      package = auxiliaryPkgs.ghidra;
      gdb = true;
    };

    adb.enable = true;

    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      pinentryPackage = pkgs.pinentry-gnome3;
    };
  };

  # on desktop machines (a.k.a. minerals) we only use tailscale ssh
  # for access, so we don't generally have normal host keys, and
  # have to grab the ones tailscale uses.
  age.identityPaths = [ "/var/lib/tailscale/ssh/ssh_host_ed25519_key" ];

  # TODO: the filter already does some good work, but we need some way to
  # pick out x86-only packages, so it is not as opaque as it currently is.
  # (who knows if muse-sounds-manager is actually installed, for example?)
  environment.systemPackages = (with pkgs; filterUnsupportedPackages [
    file unzip jq dig htop wget screen
    gnupg pinentry-gnome3 age agenix minisign openssl cryptsetup pamtester
    bitwarden-desktop bitwarden-cli
    inetutils pciutils usbutils lshw lsof inxi iw pmutils acpi acpid
    minicom miniserve netcat-gnu socat tcpdump nmap iftop iperf mtr arp-scan ethtool
    sysprof wireshark seer mitmproxy hardinfo2 btrfs-assistant remmina
    vlc celluloid foliate calibre
    yt-dlp ffmpeg_7-full imagemagick handbrake mpv helvum
    gimp3 krita mypaint aseprite rnote fontforge-gtk
    blender inkscape obs-studio darktable davinci-resolve
    orca-slicer
    renderdoc
    audacity musescore muse-sounds-manager reaper
    # bitwigs bubblewrap configuration requires some non-ARM package sets.
    # bitwig-studio
    ungoogled-chromium librewolf lagrange
    senpai signal-desktop alpaca newsflash
    qemu_full virtiofsd

    openvpn openvpn3 update-resolv-conf
    transmission_4-gtk fragments

    xorg.xeyes wl-clipboard

    ripgrep hyperfine parallel just fzf bat delta eza fd tokei didyoumean
    universal-ctags compiledb graphviz
    python3 uv ruff
    nodejs_22 deno yarn
    rustc rustup cargo rustfmt
    go gopls delve go-task gotags golangci-lint
    meson cmake gnumake ninja gdb gcc clang clang-tools
    hare haredoc
    jdk maven gradle
    nil nixfmt-rfc-style
    nixpkgs-review nixpkgs-fmt nixpkgs-lint-community
    helix alacritty ghostty
    androidStudioPackages.dev

    winetricks bottles
    scrcpy apfs-fuse nfs-utils
    ubootTools dtc cloud-utils
    borgbackup pika-backup

    prismlauncher xonotic

    man-pages man-pages-posix
  ]) ++ (with unstablePkgs; [
    claude-code gemini-cli
  ]) ++ (with auxiliaryPkgs; [
    # TODO: need fixes for 25.05
    # retroarch wine

    # TODO: ngfx (obviously) does not work on ARM, put it somewhere else
    # ngfx
  ]);

  environment.etc.openvpn.source = "${pkgs.update-resolv-conf}/libexec/openvpn";
}