Stefan Junker
b215e8280d
Also add udev rule to allow users device access. This is required for users accessing the Yubikey directly which is the case when using gpg without pcscd
79 lines
1.5 KiB
Nix
79 lines
1.5 KiB
Nix
{ pkgs
|
|
, lib
|
|
, config
|
|
, ... }:
|
|
|
|
let
|
|
keys = import ../../../variables/keys.nix;
|
|
in {
|
|
|
|
# TASK: new device
|
|
networking.hostName = "steveej-t14"; # Define your hostname.
|
|
|
|
networking.bridges."virbr1".interfaces = [];
|
|
networking.interfaces."virbr1".ipv4.addresses = [
|
|
{ address = "10.254.254.254"; prefixLength = 24; }
|
|
];
|
|
|
|
networking.firewall.enable = true;
|
|
networking.firewall.allowedTCPPorts = [
|
|
# syncthing
|
|
22000
|
|
|
|
# iperf3
|
|
5201
|
|
];
|
|
|
|
networking.firewall.logRefusedConnections = false;
|
|
networking.usePredictableInterfaceNames = false;
|
|
|
|
services.printing = {
|
|
enable = true;
|
|
drivers = with pkgs; [
|
|
hplip
|
|
mfcl3770cdw.driver
|
|
mfcl3770cdw.cupswrapper
|
|
];
|
|
};
|
|
|
|
services.fprintd.enable = true;
|
|
security.pam.services = {
|
|
login.fprintAuth = true;
|
|
sudo.fprintAuth = true;
|
|
};
|
|
|
|
# virtualization
|
|
virtualisation = {
|
|
libvirtd = {
|
|
enable = true;
|
|
};
|
|
|
|
virtualbox.host = {
|
|
enable = false ;
|
|
addNetworkInterface = false;
|
|
};
|
|
|
|
docker = {
|
|
enable = true;
|
|
extraOptions = "--experimental";
|
|
};
|
|
};
|
|
|
|
|
|
security.pki.certificateFiles = [
|
|
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
|
|
];
|
|
|
|
services.xserver.videoDrivers = [ "modesetting" ];
|
|
services.xserver.serverFlagsSection = ''
|
|
Option "BlankTime" "0"
|
|
Option "StandbyTime" "0"
|
|
Option "SuspendTime" "0"
|
|
Option "OffTime" "0"
|
|
'';
|
|
|
|
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
|
|
|
|
|
hardware.ledger.enable = true;
|
|
}
|