empty.nix/configuration.nix

{
  lib,
  config,
  pkgs,
  #simintech,
  stm32cubemx,
  packettracer7,
  inputs,
  ...
}:
let
  serverIP = "10.0.174.12";
  buildNodeYggIP = "200:ccc6:1361:5c84:aba0:1244:35f5:c903";
  hasBootPartition = config.fileSystems ? "/boot";
  isNvidia =
    (builtins.readFile (
      pkgs.runCommandLocal "isNvidia" { } ''
        ${pkgs.pciutils}/bin/lspci | ${pkgs.busybox}/bin/grep NVIDIA | ${pkgs.busybox}/bin/grep VGA > $out || true
      ''
    )) != "";
   isAdata = # ADATA is a famous cheap troubleful NVMe controllers
    (builtins.readFile (
      pkgs.runCommandLocal "isAdata" { } ''
        ${pkgs.pciutils}/bin/lspci | ${pkgs.busybox}/bin/grep ADATA | ${pkgs.busybox}/bin/grep -i NVMe > $out || true
      ''
    )) != "";
in
{
  users.users.student = {
    isNormalUser = true;
    initialPassword = "student"; # вход беспарольный, но пароль student
    extraGroups = [
      "video"
      "sound"
      "input"
      "storage"
      "dialout"
    ];
  };

  imports = [ ./hardware-configuration.nix ];
  programs.tmux = {
    enable = true;
    withUtempter = true;
    historyLimit = 5000;
    clock24 = true;
  };

  boot.loader =
    if hasBootPartition then
      {
        efi.canTouchEfiVariables = true;
        timeout = 30;
        grub = {
          enable = true;
          efiSupport = true;
          device = "nodev";
          useOSProber = true;
          theme = "${pkgs.sleek-grub-theme.override {
            withStyle = "orange";
            withBanner = "Выберите ОС";
          }}";
        };
      }
    else
      {
        timeout = 5;
        grub = {
          enable = true;
          device = "/dev/sda";
          theme = "${pkgs.sleek-grub-theme.override {
            withStyle = "orange";
            withBanner = "Загрузчик Linux";
          }}";
        };
      };
  time.hardwareClockInLocalTime = hasBootPartition;

  # настройки Nix
  nixpkgs.config = {
    allowUnfree = true;
    nvidia.acceptLicense = true;
  };
  nix.settings = {
    extra-substituters = [ "http://nixos.builds.node" ];
    trusted-public-keys = [ "nixos.builds.node:E/XNkcdzB0EyTyEJuOTXJH8qynxgCfQ87JHkbD88uF8=" ];
    auto-optimise-store = true;
  };
  nix.extraOptions = ''
    experimental-features = nix-command flakes
  '';

  services.udev.extraRules = if isAdata then ''
    ACTION=="add|change",KERNEL=="nvme[0-9]", ATTR{queue/scheduler}="none"
  '' else "";
  boot.kernelParams = lib.optionals isNvidia [ "nvidia-drm.modeset=1" ]
                   ++ lib.optionals  isAdata [ "nvme_core.default_ps_max_latency_us=0" "nvme_core.io_timeout=4294967295" ];
  boot.extraModprobeConfig =
    if isNvidia then
      "options nvidia "
      + lib.concatStringsSep " " [
        "NVreg_UsePageAttributeTable=1"
        "NVreg_EnablePCIeGen3=1"
        "NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100"
      ]
    else
      "";

  ##### СЕТЕВЫЕ НАСТРОЙКИ #######
  services.yggdrasil = {
    enable = true;
    persistentKeys = true;
    settings = {
      Peers = [ "tcp://${serverIP}:12345" ];
    };
  };

  # каждый компьютер имеет выход в интернет
  networking.networkmanager.enable = true;
  networking.hostName = "nixos";
  networking.firewall.allowedTCPPorts = [ 22 ] ++ lib.optionals config.services.harmonia.enable [ 80 ];

  # каждый компьютер знает, что kafpi.local - это адрес нашего сервера
  networking.hosts."${serverIP}" = [ "kafpi.local" ];
  networking.hosts."${buildNodeYggIP}" = [ "nixos.builds.node" ];

  time.timeZone = "Europe/Moscow";
  i18n.defaultLocale = "ru_RU.UTF-8";

  environment.systemPackages = with pkgs; [
    vim
    tree
    wget
    git
  ];

  services.openssh = {
    enable = true;
    settings.PermitRootLogin = "yes";
  };
  users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyBYo/E/FkFZVABzMixLS2TWaipfN5T24y8f+E6Px1t+IG8PLnQ38dLJiCR8k971DOycLuJUfKWsC06BK3XLWTO0+PmpfGKNT4NI6dwP2REl/umaignP/QQSs2w9Ff49WqPjIYTSmATTsCNZSVB0VtM0eJ+Y9Ff4CXb1frtt4GYztk6XB3jc3TxV72qzB0g6DqrHkf6pT5YAq2UeuFGZYSZCqBvVXCGcvKHkO1KBubuo95itVA5XbzK3INQTZpQowbtK4ULhUYlaGBcX5tYq1bdiTCDlTcLt6MfxYfFHSFiHbJOzdGPd+mXM7urOQhq49uQOf07dHt9qAzQHajItQb+X3FOgyFt4n6Y9Q37gn/6KC3PH1zClldq9DtgttuG/Xk15q+uvCldji9YIgb80aRHBIp6DY8PlYodmGGesBLiBMGQ7hgKupfkqszjfMkxnMYIkZodUCQVgaqsxsEQ7lD84JJMgBY8HkNLxKhy+6dP6kTc4vTtrpjezq/Ph95PFE= bednov@kafpi-108-1-mainserver2" ];

  # НЕ МЕНЯТЬ, иначе придётся все компы переустанавливать, а не обновлять
  system.stateVersion = "24.05";
}
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
+								{
-													modified:   configuration.nix

											
										
										
											2026-01-30 12:22:53 +03:00
+								  lib,
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
+								  config,
 								  pkgs,
-													modified:   configuration.nix

											
										
										
											2026-01-30 12:22:53 +03:00
+								  #simintech,
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
+								  stm32cubemx,
-													modified:   configuration.nix

											
										
										
											2026-01-30 12:22:53 +03:00
+								  packettracer7,
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
+								  inputs,
 								  ...
 								}:
 								let
 								  serverIP = "10.0.174.12";
-													modified:   configuration.nix

											
										
										
											2026-01-30 12:22:53 +03:00
+								  buildNodeYggIP = "200:ccc6:1361:5c84:aba0:1244:35f5:c903";
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
+								  hasBootPartition = config.fileSystems ? "/boot";
-													modified:   configuration.nix

											
										
										
											2026-01-30 12:22:53 +03:00
+								  isNvidia =
 								    (builtins.readFile (
 								      pkgs.runCommandLocal "isNvidia" { } ''
 								        ${pkgs.pciutils}/bin/lspci | ${pkgs.busybox}/bin/grep NVIDIA | ${pkgs.busybox}/bin/grep VGA > $out || true
 								      ''
 								    )) != "";
-													modified:   configuration.nix

											
										
										
											2026-01-30 17:05:01 +03:00
+								   isAdata = # ADATA is a famous cheap troubleful NVMe controllers
 								    (builtins.readFile (
 								      pkgs.runCommandLocal "isAdata" { } ''
 								        ${pkgs.pciutils}/bin/lspci | ${pkgs.busybox}/bin/grep ADATA | ${pkgs.busybox}/bin/grep -i NVMe > $out || true
 								      ''
 								    )) != "";
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
+								in
 								{
 								  users.users.student = {
 								    isNormalUser = true;
 								    initialPassword = "student"; # вход беспарольный, но пароль student
-													modified:   configuration.nix

											
										
										
											2026-01-30 12:22:53 +03:00
+								    extraGroups = [
 								      "video"
 								      "sound"
 								      "input"
 								      "storage"
 								      "dialout"
 								    ];
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
+								  };
 								  imports = [ ./hardware-configuration.nix ];
-													modified:   configuration.nix

											
										
										
											2026-01-30 12:22:53 +03:00
+								  programs.tmux = {
 								    enable = true;
 								    withUtempter = true;
 								    historyLimit = 5000;
 								    clock24 = true;
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
+								  };
-													modified:   configuration.nix

											
										
										
											2026-01-30 12:22:53 +03:00
 								  boot.loader =
 								    if hasBootPartition then
 								      {
 								        efi.canTouchEfiVariables = true;
 								        timeout = 30;
 								        grub = {
 								          enable = true;
 								          efiSupport = true;
 								          device = "nodev";
 								          useOSProber = true;
 								          theme = "${pkgs.sleek-grub-theme.override {
 								            withStyle = "orange";
 								            withBanner = "Выберите ОС";
 								          }}";
 								        };
 								      }
 								    else
 								      {
 								        timeout = 5;
 								        grub = {
 								          enable = true;
 								          device = "/dev/sda";
 								          theme = "${pkgs.sleek-grub-theme.override {
 								            withStyle = "orange";
 								            withBanner = "Загрузчик Linux";
 								          }}";
 								        };
 								      };
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
+								  time.hardwareClockInLocalTime = hasBootPartition;
 								  # настройки Nix
-													modified:   configuration.nix

											
										
										
											2026-01-30 12:22:53 +03:00
+								  nixpkgs.config = {
 								    allowUnfree = true;
 								    nvidia.acceptLicense = true;
 								  };
 								  nix.settings = {
 								    extra-substituters = [ "http://nixos.builds.node" ];
 								    trusted-public-keys = [ "nixos.builds.node:E/XNkcdzB0EyTyEJuOTXJH8qynxgCfQ87JHkbD88uF8=" ];
 								    auto-optimise-store = true;
 								  };
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
+								  nix.extraOptions = ''
 								    experimental-features = nix-command flakes
 								  '';
-													modified:   configuration.nix

											
										
										
											2026-01-30 17:05:01 +03:00
+								  services.udev.extraRules = if isAdata then ''
 								    ACTION=="add|change",KERNEL=="nvme[0-9]", ATTR{queue/scheduler}="none"
 								  '' else "";
 								  boot.kernelParams = lib.optionals isNvidia [ "nvidia-drm.modeset=1" ]
 								                   ++ lib.optionals  isAdata [ "nvme_core.default_ps_max_latency_us=0" "nvme_core.io_timeout=4294967295" ];
-													modified:   configuration.nix

											
										
										
											2026-01-30 12:22:53 +03:00
+								  boot.extraModprobeConfig =
 								    if isNvidia then
 								      "options nvidia "
 								      + lib.concatStringsSep " " [
 								        "NVreg_UsePageAttributeTable=1"
 								        "NVreg_EnablePCIeGen3=1"
 								        "NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100"
 								      ]
 								    else
 								      "";
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
+								  ##### СЕТЕВЫЕ НАСТРОЙКИ #######
-													modified:   configuration.nix

											
										
										
											2026-01-30 12:22:53 +03:00
+								  services.yggdrasil = {
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
+								    enable = true;
-													modified:   configuration.nix

											
										
										
											2026-01-30 12:22:53 +03:00
+								    persistentKeys = true;
 								    settings = {
 								      Peers = [ "tcp://${serverIP}:12345" ];
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
+								    };
 								  };
 								  # каждый компьютер имеет выход в интернет
 								  networking.networkmanager.enable = true;
 								  networking.hostName = "nixos";
-													modified:   configuration.nix

											
										
										
											2026-01-30 12:22:53 +03:00
+								  networking.firewall.allowedTCPPorts = [ 22 ] ++ lib.optionals config.services.harmonia.enable [ 80 ];
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
+								  # каждый компьютер знает, что kafpi.local - это адрес нашего сервера
 								  networking.hosts."${serverIP}" = [ "kafpi.local" ];
-													modified:   configuration.nix

											
										
										
											2026-01-30 12:22:53 +03:00
+								  networking.hosts."${buildNodeYggIP}" = [ "nixos.builds.node" ];
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
 								  time.timeZone = "Europe/Moscow";
 								  i18n.defaultLocale = "ru_RU.UTF-8";
 								  environment.systemPackages = with pkgs; [
 								    vim
 								    tree
 								    wget
 								    git
 								  ];
 								  services.openssh = {
 								    enable = true;
 								    settings.PermitRootLogin = "yes";
 								  };
-													modified:   configuration.nix

											
										
										
											2026-01-30 12:22:53 +03:00
+								  users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyBYo/E/FkFZVABzMixLS2TWaipfN5T24y8f+E6Px1t+IG8PLnQ38dLJiCR8k971DOycLuJUfKWsC06BK3XLWTO0+PmpfGKNT4NI6dwP2REl/umaignP/QQSs2w9Ff49WqPjIYTSmATTsCNZSVB0VtM0eJ+Y9Ff4CXb1frtt4GYztk6XB3jc3TxV72qzB0g6DqrHkf6pT5YAq2UeuFGZYSZCqBvVXCGcvKHkO1KBubuo95itVA5XbzK3INQTZpQowbtK4ULhUYlaGBcX5tYq1bdiTCDlTcLt6MfxYfFHSFiHbJOzdGPd+mXM7urOQhq49uQOf07dHt9qAzQHajItQb+X3FOgyFt4n6Y9Q37gn/6KC3PH1zClldq9DtgttuG/Xk15q+uvCldji9YIgb80aRHBIp6DY8PlYodmGGesBLiBMGQ7hgKupfkqszjfMkxnMYIkZodUCQVgaqsxsEQ7lD84JJMgBY8HkNLxKhy+6dP6kTc4vTtrpjezq/Ph95PFE= bednov@kafpi-108-1-mainserver2" ];
-												Add files via upload
											
										
										
											2025-01-25 16:01:31 +03:00
 								  # НЕ МЕНЯТЬ, иначе придётся все компы переустанавливать, а не обновлять
 								  system.stateVersion = "24.05";
 								}