gregorbednov/empty.nix
gregorbednov/empty.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

modified: configuration.nix

Browse source
This commit is contained in:
Gregory Bednov 2026-01-30 12:22:53 +03:00
commit 69364bc04b
1 changed files with 89 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

144
configuration.nix
View file

@ -1,99 +1,131 @@
{ {
lib,
config, config,
pkgs, pkgs,
simintech, #simintech,
stm32cubemx, stm32cubemx,
packettracer7,
inputs, inputs,
... ...
}: }:
let let
serverIP = "10.0.174.12"; serverIP = "10.0.174.12";
buildNodeYggIP = "200:ccc6:1361:5c84:aba0:1244:35f5:c903";
hasBootPartition = config.fileSystems ? "/boot"; hasBootPartition = config.fileSystems ? "/boot";
isNvidia = (builtins.readFile (pkgs.runCommandLocal "isNvidia" {} '' isNvidia =
${pkgs.pciutils}/bin/lspci | ${pkgs.busybox}/bin/grep NVIDIA | ${pkgs.busybox}/bin/grep VGA > $out (builtins.readFile (
'')) != ""; pkgs.runCommandLocal "isNvidia" { } ''
${pkgs.pciutils}/bin/lspci | ${pkgs.busybox}/bin/grep NVIDIA | ${pkgs.busybox}/bin/grep VGA > $out || true
''
)) != "";
in in
{ {
users.users.student = { users.users.student = {
isNormalUser = true; isNormalUser = true;
initialPassword = "student"; # вход беспарольный, но пароль student initialPassword = "student"; # вход беспарольный, но пароль student
extraGroups = [ "video" "sound" "input" "storage" ]; extraGroups = [
packages = []; "video"
"sound"
"input"
"storage"
"dialout"
];
}; };
imports = [ ./hardware-configuration.nix ]; imports = [ ./hardware-configuration.nix ];
programs.tmux = {
# если машина установлена на диск с Windows, enable = true;
# то она позволяет "увидеть" и выбрать Windows в течение 30 с withUtempter = true;
# иначе - 5 c таймаута (для виртуалок) historyLimit = 5000;
boot.loader = if hasBootPartition then { clock24 = true;
efi.canTouchEfiVariables = true;
timeout = 30;
grub = {
enable = true;
efiSupport = true;
device = "nodev";
useOSProber = true;
theme = "${pkgs.sleek-grub-theme.override{ withStyle = "orange"; withBanner = "Выберите ОС"; }}";
};
} else {
timeout = 5;
grub = {
enable = true;
device = "/dev/sda";
theme = "${pkgs.sleek-grub-theme.override{ withStyle = "orange"; withBanner = "Загрузчик Linux"; }}";
};
}; };
boot.loader =
if hasBootPartition then
{
efi.canTouchEfiVariables = true;
timeout = 30;
grub = {
enable = true;
efiSupport = true;
device = "nodev";
useOSProber = true;
theme = "${pkgs.sleek-grub-theme.override {
withStyle = "orange";
withBanner = "Выберите ОС";
}}";
};
}
else
{
timeout = 5;
grub = {
enable = true;
device = "/dev/sda";
theme = "${pkgs.sleek-grub-theme.override {
withStyle = "orange";
withBanner = "Загрузчик Linux";
}}";
};
};
time.hardwareClockInLocalTime = hasBootPartition; time.hardwareClockInLocalTime = hasBootPartition;
# настройки Nix # настройки Nix
nixpkgs.config.allowUnfree = true; nixpkgs.config = {
nix.settings.auto-optimise-store = true; allowUnfree = true;
nvidia.acceptLicense = true;
};
nix.settings = {
extra-substituters = [ "http://nixos.builds.node" ];
trusted-public-keys = [ "nixos.builds.node:E/XNkcdzB0EyTyEJuOTXJH8qynxgCfQ87JHkbD88uF8=" ];
auto-optimise-store = true;
};
nix.extraOptions = '' nix.extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
''; '';
hardware.enableAllFirmware = true;
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true;
powerManagement.enable = true;
open = false;
nvidiaSettings = false;
};
boot.kernelParams = if isNvidia then [ "nvidia-drm.modeset=1" ] else [ ];
boot.blacklistedKernelModules = if isNvidia then [ "nouveau" ] else [ ];
boot.extraModprobeConfig =
if isNvidia then
"options nvidia "
+ lib.concatStringsSep " " [
"NVreg_UsePageAttributeTable=1"
"NVreg_EnablePCIeGen3=1"
"NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100"
]
else
"";
##### СЕТЕВЫЕ НАСТРОЙКИ ####### ##### СЕТЕВЫЕ НАСТРОЙКИ #######
# каждый компьютер виден под уникальным именем через Avahi services.yggdrasil = {
services.avahi = {
hostName = "nixos"
+ builtins.readFile ((pkgs.runCommandLocal "uuid" {} ''
mkdir $out
cat /proc/sys/kernel/random/uuid > $out/uuid
'')+"/uuid");
enable = true; enable = true;
nssmdns4 = true; persistentKeys = true;
openFirewall = true; settings = {
publish = { Peers = [ "tcp://${serverIP}:12345" ];
enable = true;
hinfo = true;
workstation = true;
domain = true;
addresses = true;
}; };
}; };
# каждый компьютер имеет выход в интернет # каждый компьютер имеет выход в интернет
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.hostName = "nixos"; networking.hostName = "nixos";
networking.firewall.allowedTCPPorts = [ 22 ] ++ lib.optionals config.services.harmonia.enable [ 80 ];
# каждый компьютер ресолвит DNS-запросы СТРОГО через наш сервер
networking.nameservers = [ serverIP ];
# каждый компьютер знает, что kafpi.local - это адрес нашего сервера # каждый компьютер знает, что kafpi.local - это адрес нашего сервера
networking.hosts."${serverIP}" = [ "kafpi.local" ]; networking.hosts."${serverIP}" = [ "kafpi.local" ];
networking.hosts."${buildNodeYggIP}" = [ "nixos.builds.node" ];
#### ЛОКАЛИЗАЦИЯ #####
time.timeZone = "Europe/Moscow"; time.timeZone = "Europe/Moscow";
i18n.defaultLocale = "ru_RU.UTF-8"; i18n.defaultLocale = "ru_RU.UTF-8";
console = {
font = "cyr-sun16";
useXkbConfig = true;
};
####### ПРОЧИЕ НАСТРОЙКИ #######
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim vim
tree tree
@ -101,11 +133,11 @@ in
git git
]; ];
# удаленный доступ в пределах нашей сети
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
}; };
users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyBYo/E/FkFZVABzMixLS2TWaipfN5T24y8f+E6Px1t+IG8PLnQ38dLJiCR8k971DOycLuJUfKWsC06BK3XLWTO0+PmpfGKNT4NI6dwP2REl/umaignP/QQSs2w9Ff49WqPjIYTSmATTsCNZSVB0VtM0eJ+Y9Ff4CXb1frtt4GYztk6XB3jc3TxV72qzB0g6DqrHkf6pT5YAq2UeuFGZYSZCqBvVXCGcvKHkO1KBubuo95itVA5XbzK3INQTZpQowbtK4ULhUYlaGBcX5tYq1bdiTCDlTcLt6MfxYfFHSFiHbJOzdGPd+mXM7urOQhq49uQOf07dHt9qAzQHajItQb+X3FOgyFt4n6Y9Q37gn/6KC3PH1zClldq9DtgttuG/Xk15q+uvCldji9YIgb80aRHBIp6DY8PlYodmGGesBLiBMGQ7hgKupfkqszjfMkxnMYIkZodUCQVgaqsxsEQ7lD84JJMgBY8HkNLxKhy+6dP6kTc4vTtrpjezq/Ph95PFE= bednov@kafpi-108-1-mainserver2" ];
# НЕ МЕНЯТЬ, иначе придётся все компы переустанавливать, а не обновлять # НЕ МЕНЯТЬ, иначе придётся все компы переустанавливать, а не обновлять
system.stateVersion = "24.05"; system.stateVersion = "24.05";