CrazyChaoz/NixOS-Configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
NixOS-Configuration/lnf/configuration.nix

170 lines
4 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
];
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda";
boot.loader.grub.useOSProber = true;
services.xserver.videoDrivers = [ "modesetting" ];
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
# Required for modern Intel GPUs (Xe iGPU and ARC)
intel-media-driver # VA-API (iHD) userspace
vpl-gpu-rt # oneVPL (QSV) runtime
# Optional (compute / tooling):
intel-compute-runtime # OpenCL (NEO) + Level Zero for Arc/Xe
# NOTE: 'intel-ocl' also exists as a legacy package; not recommended for Arc/Xe.
# libvdpau-va-gl # Only if you must run VDPAU-only apps
];
};
hardware.enableRedistributableFirmware = true;
boot.kernelParams = [ "i915.enable_guc=3" ];
environment.sessionVariables = {
LIBVA_DRIVER_NAME = "iHD";
QT_QPA_PLATFORM = "wayland";
WLR_NO_HARDWARE_CURSORS = "1";
};
networking.hostName = "nixos-lnf";
networking.wireless.enable = true;
networking.networkmanager.enable = true;
networking.firewall.enable = false;
time.timeZone = "Europe/Vienna";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_AT.UTF-8";
LC_IDENTIFICATION = "de_AT.UTF-8";
LC_MEASUREMENT = "de_AT.UTF-8";
LC_MONETARY = "de_AT.UTF-8";
LC_NAME = "de_AT.UTF-8";
LC_NUMERIC = "de_AT.UTF-8";
LC_PAPER = "de_AT.UTF-8";
LC_TELEPHONE = "de_AT.UTF-8";
LC_TIME = "de_AT.UTF-8";
};
services.xserver.xkb = {
layout = "de";
variant = "";
};
console.keyMap = "de";
users.users.user = {
isNormalUser = true;
description = "user";
extraGroups = [
"networkmanager"
"wheel"
"video"
];
packages = with pkgs; [ ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGHadFhDCUU/ta3p1FQgpm7NExHkyHNrJbNJP6np5w9 kempinger@ins.jku.at"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMTpZThOE2EeDZ1rS7ynLS3mGtoSIQ9WazZDBUdP9THi tth@tth-worker"
];
};
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGHadFhDCUU/ta3p1FQgpm7NExHkyHNrJbNJP6np5w9 kempinger@ins.jku.at"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMTpZThOE2EeDZ1rS7ynLS3mGtoSIQ9WazZDBUdP9THi tth@tth-worker"
];
};
security.sudo.extraRules = [
{
users = [ "user" ];
commands = [
{
command = "/run/current-system/sw/bin/systemctl restart cage-tty1.service";
options = [ "NOPASSWD" ];
}
];
}
];
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
git
nil
nixd
wlr-randr
kmsxx
libinput
vlc
ffmpeg
python3
jq
bash
(pkgs.writeScriptBin "kiosk-run" ''
#!/usr/bin/env bash
set -euo pipefail
if [[ $# -lt 1 ]]; then
echo "Usage: kiosk-run <command...>" >&2
exit 1
fi
echo "Setting command: $*"
echo "$*" > /etc/cage/current-cmd
echo "Restarting cage..."
sudo systemctl kill cage-tty1.service
sudo systemctl start cage-tty1.service
echo "Done."
'')
];
programs.firefox.enable = true;
# writable by the kiosk user at runtime
environment.etc."cage/current-cmd" = {
mode = "0777";
text = "ls -al";
};
systemd.services.cage-tty1 = {
serviceConfig = {
Restart = "always";
RestartSec = "1s";
TimeoutStopSec = "1";
TimeoutAbortSec = "5";
KillSignal = "SIGKILL";
};
};
services.cage = {
enable = true;
user = "user";
program = "/etc/cage/current-cmd";
};
services.getty.loginProgram = "${pkgs.coreutils}/bin/true";
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "prohibit-password";
};
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
system.stateVersion = "25.11";
}
Reference in a new issue View git blame Copy permalink