modified: configuration.nix

2026-01-30 12:22:53 +03:00 · 2026-01-30 12:22:53 +03:00 · 69364bc04b
commit 69364bc04b
parent 03abb32d4f
1 changed files with 89 additions and 57 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -1,32 +1,48 @@
 {
+  lib,
  config,
  pkgs,
-  simintech,
+  #simintech,
  stm32cubemx,
+  packettracer7,
  inputs,
  ...
 }:
 let
  serverIP = "10.0.174.12";
+  buildNodeYggIP = "200:ccc6:1361:5c84:aba0:1244:35f5:c903";
  hasBootPartition = config.fileSystems ? "/boot";
-  isNvidia = (builtins.readFile (pkgs.runCommandLocal "isNvidia" {} ''
-	${pkgs.pciutils}/bin/lspci | ${pkgs.busybox}/bin/grep NVIDIA | ${pkgs.busybox}/bin/grep VGA > $out
-  '')) != "";
+  isNvidia =
+    (builtins.readFile (
+      pkgs.runCommandLocal "isNvidia" { } ''
+        ${pkgs.pciutils}/bin/lspci | ${pkgs.busybox}/bin/grep NVIDIA | ${pkgs.busybox}/bin/grep VGA > $out || true
+      ''
+    )) != "";
 in
 {
  users.users.student = {
    isNormalUser = true;
    initialPassword = "student"; # вход беспарольный, но пароль student
-    extraGroups = [ "video" "sound" "input" "storage" ];
-    packages = [];
+    extraGroups = [
+      "video"
+      "sound"
+      "input"
+      "storage"
+      "dialout"
+    ];
  };

  imports = [ ./hardware-configuration.nix ];
+  programs.tmux = {
+    enable = true;
+    withUtempter = true;
+    historyLimit = 5000;
+    clock24 = true;
+  };

-  # если машина установлена на диск с Windows,
-  # то она позволяет "увидеть" и выбрать Windows в течение 30 с
-  # иначе - 5 c таймаута (для виртуалок)
-  boot.loader = if hasBootPartition then {
+  boot.loader =
+    if hasBootPartition then
+      {
        efi.canTouchEfiVariables = true;
        timeout = 30;
        grub = {
@ -34,66 +50,82 @@ in
          efiSupport = true;
          device = "nodev";
          useOSProber = true;
-      theme = "${pkgs.sleek-grub-theme.override{ withStyle = "orange"; withBanner = "Выберите ОС"; }}";
+          theme = "${pkgs.sleek-grub-theme.override {
+            withStyle = "orange";
+            withBanner = "Выберите ОС";
+          }}";
        };
-  } else {
+      }
+    else
+      {
        timeout = 5;
        grub = {
          enable = true;
          device = "/dev/sda";
-      theme = "${pkgs.sleek-grub-theme.override{ withStyle = "orange"; withBanner = "Загрузчик Linux"; }}";
+          theme = "${pkgs.sleek-grub-theme.override {
+            withStyle = "orange";
+            withBanner = "Загрузчик Linux";
+          }}";
        };
      };
  time.hardwareClockInLocalTime = hasBootPartition;

  # настройки Nix
-  nixpkgs.config.allowUnfree = true;
-  nix.settings.auto-optimise-store = true;
+  nixpkgs.config = {
+    allowUnfree = true;
+    nvidia.acceptLicense = true;
+  };
+  nix.settings = {
+    extra-substituters = [ "http://nixos.builds.node" ];
+    trusted-public-keys = [ "nixos.builds.node:E/XNkcdzB0EyTyEJuOTXJH8qynxgCfQ87JHkbD88uF8=" ];
+    auto-optimise-store = true;
+  };
  nix.extraOptions = ''
    experimental-features = nix-command flakes
  '';

+  hardware.enableAllFirmware = true;
+  hardware.nvidia = {
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+    modesetting.enable = true;
+    powerManagement.enable = true;
+    open = false;
+    nvidiaSettings = false;
+  };
+  boot.kernelParams = if isNvidia then [ "nvidia-drm.modeset=1" ] else [ ];
+  boot.blacklistedKernelModules = if isNvidia then [ "nouveau" ] else [ ];
+  boot.extraModprobeConfig =
+    if isNvidia then
+      "options nvidia "
+      + lib.concatStringsSep " " [
+        "NVreg_UsePageAttributeTable=1"
+        "NVreg_EnablePCIeGen3=1"
+        "NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100"
+      ]
+    else
+      "";
+
  ##### СЕТЕВЫЕ НАСТРОЙКИ #######
-  # каждый компьютер виден под уникальным именем через Avahi
-  services.avahi = {
-    hostName = "nixos" 
-      + builtins.readFile ((pkgs.runCommandLocal "uuid" {} ''
-	      mkdir $out
-	      cat /proc/sys/kernel/random/uuid > $out/uuid
-        '')+"/uuid");
+  services.yggdrasil = {
    enable = true;
-    nssmdns4 = true;
-    openFirewall = true;
-    publish = {
-      enable = true;
-      hinfo = true;
-      workstation = true;
-      domain = true;
-      addresses = true;
+    persistentKeys = true;
+    settings = {
+      Peers = [ "tcp://${serverIP}:12345" ];
    };
  };

  # каждый компьютер имеет выход в интернет
  networking.networkmanager.enable = true;
-
  networking.hostName = "nixos";
-  
-  # каждый компьютер ресолвит DNS-запросы СТРОГО через наш сервер
-  networking.nameservers = [ serverIP ];
+  networking.firewall.allowedTCPPorts = [ 22 ] ++ lib.optionals config.services.harmonia.enable [ 80 ];

  # каждый компьютер знает, что kafpi.local - это адрес нашего сервера
  networking.hosts."${serverIP}" = [ "kafpi.local" ];
-  
-  #### ЛОКАЛИЗАЦИЯ #####
+  networking.hosts."${buildNodeYggIP}" = [ "nixos.builds.node" ];

  time.timeZone = "Europe/Moscow";
  i18n.defaultLocale = "ru_RU.UTF-8";
-  console = {
-    font = "cyr-sun16";
-    useXkbConfig = true;
-  };

-  ####### ПРОЧИЕ НАСТРОЙКИ #######
  environment.systemPackages = with pkgs; [
    vim
    tree
@ -101,11 +133,11 @@ in
    git
  ];

-  # удаленный доступ в пределах нашей сети
  services.openssh = {
    enable = true;
    settings.PermitRootLogin = "yes";
  };
+  users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyBYo/E/FkFZVABzMixLS2TWaipfN5T24y8f+E6Px1t+IG8PLnQ38dLJiCR8k971DOycLuJUfKWsC06BK3XLWTO0+PmpfGKNT4NI6dwP2REl/umaignP/QQSs2w9Ff49WqPjIYTSmATTsCNZSVB0VtM0eJ+Y9Ff4CXb1frtt4GYztk6XB3jc3TxV72qzB0g6DqrHkf6pT5YAq2UeuFGZYSZCqBvVXCGcvKHkO1KBubuo95itVA5XbzK3INQTZpQowbtK4ULhUYlaGBcX5tYq1bdiTCDlTcLt6MfxYfFHSFiHbJOzdGPd+mXM7urOQhq49uQOf07dHt9qAzQHajItQb+X3FOgyFt4n6Y9Q37gn/6KC3PH1zClldq9DtgttuG/Xk15q+uvCldji9YIgb80aRHBIp6DY8PlYodmGGesBLiBMGQ7hgKupfkqszjfMkxnMYIkZodUCQVgaqsxsEQ7lD84JJMgBY8HkNLxKhy+6dP6kTc4vTtrpjezq/Ph95PFE= bednov@kafpi-108-1-mainserver2" ];

  # НЕ МЕНЯТЬ, иначе придётся все компы переустанавливать, а не обновлять
  system.stateVersion = "24.05";