empty.nix/configuration.nix

{
  lib,
  config,
  pkgs,
  #simintech,
  stm32cubemx,
  packettracer7,
  inputs,
  ...
}:
let
  serverIP = "10.0.174.12";
  buildNodeYggIP = "200:ccc6:1361:5c84:aba0:1244:35f5:c903";
  hasBootPartition = config.fileSystems ? "/boot";
  isNvidia =
    (builtins.readFile (
      pkgs.runCommandLocal "isNvidia" { } ''
        ${pkgs.pciutils}/bin/lspci | ${pkgs.busybox}/bin/grep NVIDIA | ${pkgs.busybox}/bin/grep VGA > $out || true
      ''
    )) != "";
in
{
  users.users.student = {
    isNormalUser = true;
    initialPassword = "student"; # вход беспарольный, но пароль student
    extraGroups = [
      "video"
      "sound"
      "input"
      "storage"
      "dialout"
    ];
  };

  imports = [ ./hardware-configuration.nix ];
  programs.tmux = {
    enable = true;
    withUtempter = true;
    historyLimit = 5000;
    clock24 = true;
  };

  boot.loader =
    if hasBootPartition then
      {
        efi.canTouchEfiVariables = true;
        timeout = 30;
        grub = {
          enable = true;
          efiSupport = true;
          device = "nodev";
          useOSProber = true;
          theme = "${pkgs.sleek-grub-theme.override {
            withStyle = "orange";
            withBanner = "Выберите ОС";
          }}";
        };
      }
    else
      {
        timeout = 5;
        grub = {
          enable = true;
          device = "/dev/sda";
          theme = "${pkgs.sleek-grub-theme.override {
            withStyle = "orange";
            withBanner = "Загрузчик Linux";
          }}";
        };
      };
  time.hardwareClockInLocalTime = hasBootPartition;

  # настройки Nix
  nixpkgs.config = {
    allowUnfree = true;
    nvidia.acceptLicense = true;
  };
  nix.settings = {
    extra-substituters = [ "http://nixos.builds.node" ];
    trusted-public-keys = [ "nixos.builds.node:E/XNkcdzB0EyTyEJuOTXJH8qynxgCfQ87JHkbD88uF8=" ];
    auto-optimise-store = true;
  };
  nix.extraOptions = ''
    experimental-features = nix-command flakes
  '';

  hardware.enableAllFirmware = true;
  hardware.nvidia = {
    package = config.boot.kernelPackages.nvidiaPackages.stable;
    modesetting.enable = true;
    powerManagement.enable = true;
    open = false;
    nvidiaSettings = false;
  };
  boot.kernelParams = if isNvidia then [ "nvidia-drm.modeset=1" ] else [ ];
  boot.blacklistedKernelModules = if isNvidia then [ "nouveau" ] else [ ];
  boot.extraModprobeConfig =
    if isNvidia then
      "options nvidia "
      + lib.concatStringsSep " " [
        "NVreg_UsePageAttributeTable=1"
        "NVreg_EnablePCIeGen3=1"
        "NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100"
      ]
    else
      "";

  ##### СЕТЕВЫЕ НАСТРОЙКИ #######
  services.yggdrasil = {
    enable = true;
    persistentKeys = true;
    settings = {
      Peers = [ "tcp://${serverIP}:12345" ];
    };
  };

  # каждый компьютер имеет выход в интернет
  networking.networkmanager.enable = true;
  networking.hostName = "nixos";
  networking.firewall.allowedTCPPorts = [ 22 ] ++ lib.optionals config.services.harmonia.enable [ 80 ];

  # каждый компьютер знает, что kafpi.local - это адрес нашего сервера
  networking.hosts."${serverIP}" = [ "kafpi.local" ];
  networking.hosts."${buildNodeYggIP}" = [ "nixos.builds.node" ];

  time.timeZone = "Europe/Moscow";
  i18n.defaultLocale = "ru_RU.UTF-8";

  environment.systemPackages = with pkgs; [
    vim
    tree
    wget
    git
  ];

  services.openssh = {
    enable = true;
    settings.PermitRootLogin = "yes";
  };
  users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyBYo/E/FkFZVABzMixLS2TWaipfN5T24y8f+E6Px1t+IG8PLnQ38dLJiCR8k971DOycLuJUfKWsC06BK3XLWTO0+PmpfGKNT4NI6dwP2REl/umaignP/QQSs2w9Ff49WqPjIYTSmATTsCNZSVB0VtM0eJ+Y9Ff4CXb1frtt4GYztk6XB3jc3TxV72qzB0g6DqrHkf6pT5YAq2UeuFGZYSZCqBvVXCGcvKHkO1KBubuo95itVA5XbzK3INQTZpQowbtK4ULhUYlaGBcX5tYq1bdiTCDlTcLt6MfxYfFHSFiHbJOzdGPd+mXM7urOQhq49uQOf07dHt9qAzQHajItQb+X3FOgyFt4n6Y9Q37gn/6KC3PH1zClldq9DtgttuG/Xk15q+uvCldji9YIgb80aRHBIp6DY8PlYodmGGesBLiBMGQ7hgKupfkqszjfMkxnMYIkZodUCQVgaqsxsEQ7lD84JJMgBY8HkNLxKhy+6dP6kTc4vTtrpjezq/Ph95PFE= bednov@kafpi-108-1-mainserver2" ];

  # НЕ МЕНЯТЬ, иначе придётся все компы переустанавливать, а не обновлять
  system.stateVersion = "24.05";
}