From 69364bc04bd6b80328eb7717df0b0c549eb89d1b Mon Sep 17 00:00:00 2001 From: Gregory Bednov Date: Fri, 30 Jan 2026 12:22:53 +0300 Subject: [PATCH] modified: configuration.nix --- configuration.nix | 146 ++++++++++++++++++++++++++++------------------ 1 file changed, 89 insertions(+), 57 deletions(-) diff --git a/configuration.nix b/configuration.nix index 4e49558..fbd3034 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,99 +1,131 @@ { + lib, config, pkgs, - simintech, + #simintech, stm32cubemx, + packettracer7, inputs, ... }: let serverIP = "10.0.174.12"; + buildNodeYggIP = "200:ccc6:1361:5c84:aba0:1244:35f5:c903"; hasBootPartition = config.fileSystems ? "/boot"; - isNvidia = (builtins.readFile (pkgs.runCommandLocal "isNvidia" {} '' - ${pkgs.pciutils}/bin/lspci | ${pkgs.busybox}/bin/grep NVIDIA | ${pkgs.busybox}/bin/grep VGA > $out - '')) != ""; + isNvidia = + (builtins.readFile ( + pkgs.runCommandLocal "isNvidia" { } '' + ${pkgs.pciutils}/bin/lspci | ${pkgs.busybox}/bin/grep NVIDIA | ${pkgs.busybox}/bin/grep VGA > $out || true + '' + )) != ""; in { users.users.student = { isNormalUser = true; initialPassword = "student"; # вход беспарольный, но пароль student - extraGroups = [ "video" "sound" "input" "storage" ]; - packages = []; + extraGroups = [ + "video" + "sound" + "input" + "storage" + "dialout" + ]; }; imports = [ ./hardware-configuration.nix ]; - - # если машина установлена на диск с Windows, - # то она позволяет "увидеть" и выбрать Windows в течение 30 с - # иначе - 5 c таймаута (для виртуалок) - boot.loader = if hasBootPartition then { - efi.canTouchEfiVariables = true; - timeout = 30; - grub = { - enable = true; - efiSupport = true; - device = "nodev"; - useOSProber = true; - theme = "${pkgs.sleek-grub-theme.override{ withStyle = "orange"; withBanner = "Выберите ОС"; }}"; - }; - } else { - timeout = 5; - grub = { - enable = true; - device = "/dev/sda"; - theme = "${pkgs.sleek-grub-theme.override{ withStyle = "orange"; withBanner = "Загрузчик Linux"; }}"; - }; + programs.tmux = { + enable = true; + withUtempter = true; + historyLimit = 5000; + clock24 = true; }; + + boot.loader = + if hasBootPartition then + { + efi.canTouchEfiVariables = true; + timeout = 30; + grub = { + enable = true; + efiSupport = true; + device = "nodev"; + useOSProber = true; + theme = "${pkgs.sleek-grub-theme.override { + withStyle = "orange"; + withBanner = "Выберите ОС"; + }}"; + }; + } + else + { + timeout = 5; + grub = { + enable = true; + device = "/dev/sda"; + theme = "${pkgs.sleek-grub-theme.override { + withStyle = "orange"; + withBanner = "Загрузчик Linux"; + }}"; + }; + }; time.hardwareClockInLocalTime = hasBootPartition; # настройки Nix - nixpkgs.config.allowUnfree = true; - nix.settings.auto-optimise-store = true; + nixpkgs.config = { + allowUnfree = true; + nvidia.acceptLicense = true; + }; + nix.settings = { + extra-substituters = [ "http://nixos.builds.node" ]; + trusted-public-keys = [ "nixos.builds.node:E/XNkcdzB0EyTyEJuOTXJH8qynxgCfQ87JHkbD88uF8=" ]; + auto-optimise-store = true; + }; nix.extraOptions = '' experimental-features = nix-command flakes ''; + hardware.enableAllFirmware = true; + hardware.nvidia = { + package = config.boot.kernelPackages.nvidiaPackages.stable; + modesetting.enable = true; + powerManagement.enable = true; + open = false; + nvidiaSettings = false; + }; + boot.kernelParams = if isNvidia then [ "nvidia-drm.modeset=1" ] else [ ]; + boot.blacklistedKernelModules = if isNvidia then [ "nouveau" ] else [ ]; + boot.extraModprobeConfig = + if isNvidia then + "options nvidia " + + lib.concatStringsSep " " [ + "NVreg_UsePageAttributeTable=1" + "NVreg_EnablePCIeGen3=1" + "NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100" + ] + else + ""; + ##### СЕТЕВЫЕ НАСТРОЙКИ ####### - # каждый компьютер виден под уникальным именем через Avahi - services.avahi = { - hostName = "nixos" - + builtins.readFile ((pkgs.runCommandLocal "uuid" {} '' - mkdir $out - cat /proc/sys/kernel/random/uuid > $out/uuid - '')+"/uuid"); + services.yggdrasil = { enable = true; - nssmdns4 = true; - openFirewall = true; - publish = { - enable = true; - hinfo = true; - workstation = true; - domain = true; - addresses = true; + persistentKeys = true; + settings = { + Peers = [ "tcp://${serverIP}:12345" ]; }; }; # каждый компьютер имеет выход в интернет networking.networkmanager.enable = true; - networking.hostName = "nixos"; - - # каждый компьютер ресолвит DNS-запросы СТРОГО через наш сервер - networking.nameservers = [ serverIP ]; - + networking.firewall.allowedTCPPorts = [ 22 ] ++ lib.optionals config.services.harmonia.enable [ 80 ]; + # каждый компьютер знает, что kafpi.local - это адрес нашего сервера networking.hosts."${serverIP}" = [ "kafpi.local" ]; - - #### ЛОКАЛИЗАЦИЯ ##### + networking.hosts."${buildNodeYggIP}" = [ "nixos.builds.node" ]; time.timeZone = "Europe/Moscow"; i18n.defaultLocale = "ru_RU.UTF-8"; - console = { - font = "cyr-sun16"; - useXkbConfig = true; - }; - ####### ПРОЧИЕ НАСТРОЙКИ ####### environment.systemPackages = with pkgs; [ vim tree @@ -101,11 +133,11 @@ in git ]; - # удаленный доступ в пределах нашей сети services.openssh = { enable = true; settings.PermitRootLogin = "yes"; }; + users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyBYo/E/FkFZVABzMixLS2TWaipfN5T24y8f+E6Px1t+IG8PLnQ38dLJiCR8k971DOycLuJUfKWsC06BK3XLWTO0+PmpfGKNT4NI6dwP2REl/umaignP/QQSs2w9Ff49WqPjIYTSmATTsCNZSVB0VtM0eJ+Y9Ff4CXb1frtt4GYztk6XB3jc3TxV72qzB0g6DqrHkf6pT5YAq2UeuFGZYSZCqBvVXCGcvKHkO1KBubuo95itVA5XbzK3INQTZpQowbtK4ULhUYlaGBcX5tYq1bdiTCDlTcLt6MfxYfFHSFiHbJOzdGPd+mXM7urOQhq49uQOf07dHt9qAzQHajItQb+X3FOgyFt4n6Y9Q37gn/6KC3PH1zClldq9DtgttuG/Xk15q+uvCldji9YIgb80aRHBIp6DY8PlYodmGGesBLiBMGQ7hgKupfkqszjfMkxnMYIkZodUCQVgaqsxsEQ7lD84JJMgBY8HkNLxKhy+6dP6kTc4vTtrpjezq/Ph95PFE= bednov@kafpi-108-1-mainserver2" ]; # НЕ МЕНЯТЬ, иначе придётся все компы переустанавливать, а не обновлять system.stateVersion = "24.05";