moudlar

system-modules/hardware-configuration.nix

@@ -0,0 +1,41 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, user, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/9770465e-6b0e-40ec-944a-953fe71cf47a";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/0A97-7A2D";
+      fsType = "vfat";
+    };
+  fileSystems."/home/${user}/shared" =
+    { device = "/dev/disk/by-uuid/C494BB0B94BAFF4C";
+      fsType = "ntfs";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

system-modules/hsmw.nix

@@ -0,0 +1,28 @@
+{ config, pkgs, lib, system, user, allowed, secrets, ... }: 
+
+{
+  environment.systemPackages = [
+    pkgs.strongswan
+  ];
+  
+  environment.etc = {
+
+    # easyroam HSMW
+    "ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem;
+    "ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem;
+    "ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem;
+    
+
+    # VPN
+    "NetworkManager/system-connections/eduroam.nmconnection" = {
+      text = secrets.easyroamHSMW.nmconfig; 
+      mode = "0600";
+    };
+
+
+  };
+
+
+}
+
+

system-modules/ollama.nix

@@ -0,0 +1,39 @@
+{ config, pkgs, lib, system, user, allowed, secrets, ... }: 
+
+{
+  environment.systemPackages = with pkgs; [
+    ollama
+  ];
+  
+
+  systemd.services.ollama = {
+    description = "Ollama Service";
+    after = [ "network-online.target" "ollama-doesnt-respect-xdg-data-home.service" ];
+    serviceConfig = {
+      Type = "simple";
+      # Environment = "\"XDG_DATA_HOME=/run/current-system/sw/share\"";
+      ExecStart = "${pkgs.ollama}/bin/ollama serve";
+      User = "ollama";
+      Group = "ollama";
+      Restart = "always";
+      RestartSec = "3";
+    };
+    wantedBy = [ "default.target" ];
+  };
+
+  users.users.ollama = {
+    isSystemUser = true;
+    home = "/usr/share/ollama";
+    shell = "/bin/false";
+    group = "ollama";
+  };
+  users.groups.ollama = {};
+
+  systemd.services.ollama-doesnt-respect-xdg-data-home = {
+    wantedBy = ["multi-user.target"];
+    script = ''
+      mkdir -p /usr/share/ollama/.ollama
+      chown ollama:ollama -R /usr/share/ollama
+    '';
+  };
+}

system-modules/sound.nix

@@ -0,0 +1,12 @@
+{ config, pkgs, lib, system, user, allowed, secrets, ... }: 
+
+{
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    jack.enable = true;
+  };
+}

system-modules/users.nix

@@ -0,0 +1,24 @@
+{ config, pkgs, lib, system, user, allowed, secrets, ... }: 
+
+{
+  users.defaultUserShell = pkgs.bash; # if interactive, itll switch to fish
+
+  users.users.nx2 = {
+    isNormalUser = true;
+    extraGroups = [ "networkmanager" "wheel" "audio" "video" "docker" "libvirtd" "uinput" ];
+    useDefaultShell = true;
+    packages = with pkgs; []; # all in home.nix
+  };
+
+  programs = {
+    bash = {
+      interactiveShellInit = ''
+        if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
+        then
+          shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
+          exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
+        fi
+      '';
+    };
+  };
+}