Changed: Podman

2025-03-26 15:17:45 +01:00
parent 065f4ed0be
commit a9312ed768
2 changed files with 174 additions and 166 deletions
--- a/modules/system.nix
+++ b/modules/system.nix
@@ -4,22 +4,22 @@
  username,
  ...
 }: {
-  # ============================= User related =============================
+# ============================= User related =============================

-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.${username} = {
-    isNormalUser = true;
-    description = username;
-    extraGroups = ["networkmanager" "wheel"];
-  };
-  # given the users in this list the right to specify additional substituters via:
-  #    1. `nixConfig.substituers` in `flake.nix`
-  #    2. command line args `--options substituers http://xxx`
-  nix.settings.trusted-users = [username];
+# Define a user account. Don't forget to set a password with ‘passwd’.
+    users.users.${username} = {
+        isNormalUser = true;
+        description = username;
+        extraGroups = ["networkmanager" "wheel"];
+    };
+# given the users in this list the right to specify additional substituters via:
+#    1. `nixConfig.substituers` in `flake.nix`
+#    2. command line args `--options substituers http://xxx`
+    nix.settings.trusted-users = [username];

-  # customise /etc/nix/nix.conf declaratively via `nix.settings`
-  nix.settings = {
-    # enable flakes globally
+# customise /etc/nix/nix.conf declaratively via `nix.settings`
+    nix.settings = {
+# enable flakes globally
    experimental-features = ["nix-command" "flakes"];

    substituters = [
@@ -32,171 +32,180 @@
      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
    ];
    builders-use-substitutes = true;
-  };
+    };

-  # do garbage collection weekly to keep disk usage low
-  nix.gc = {
-    automatic = lib.mkDefault true;
-    dates = lib.mkDefault "weekly";
-    options = lib.mkDefault "--delete-older-than 7d";
-  };
+# do garbage collection weekly to keep disk usage low
+    nix.gc = {
+        automatic = lib.mkDefault true;
+        dates = lib.mkDefault "weekly";
+        options = lib.mkDefault "--delete-older-than 7d";
+    };

-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
+# Allow unfree packages
+    nixpkgs.config.allowUnfree = true;

-  # Set your time zone.
-  time.timeZone = "Europe/Berlin";
+# Set your time zone.
+    time.timeZone = "Europe/Berlin";

-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
+# Select internationalisation properties.
+    i18n.defaultLocale = "en_US.UTF-8";

-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "de_DE.UTF-8";
-    LC_IDENTIFICATION = "de_DE.UTF-8";
-    LC_MEASUREMENT = "de_DE.UTF-8";
-    LC_MONETARY = "de_DE.UTF-8";
-    LC_NAME = "de_DE.UTF-8";
-    LC_NUMERIC = "de_DE.UTF-8";
-    LC_PAPER = "de_DE.UTF-8";
-    LC_TELEPHONE = "de_DE.UTF-8";
-    LC_TIME = "de_DE.UTF-8";
-  };
+    i18n.extraLocaleSettings = {
+        LC_ADDRESS = "de_DE.UTF-8";
+        LC_IDENTIFICATION = "de_DE.UTF-8";
+        LC_MEASUREMENT = "de_DE.UTF-8";
+        LC_MONETARY = "de_DE.UTF-8";
+        LC_NAME = "de_DE.UTF-8";
+        LC_NUMERIC = "de_DE.UTF-8";
+        LC_PAPER = "de_DE.UTF-8";
+        LC_TELEPHONE = "de_DE.UTF-8";
+        LC_TIME = "de_DE.UTF-8";
+    };

-  # Enable CUPS to print documents.
-  services.printing.enable = true;
+# Enable CUPS to print documents.
+    services.printing.enable = true;

-  fonts = {
-    packages = with pkgs; [
-      # icon fonts
-      material-design-icons
+    fonts = {
+        packages = with pkgs; [
+          # icon fonts
+          material-design-icons

-      # normal fonts
-      noto-fonts
-      noto-fonts-cjk
-      noto-fonts-emoji
+          # normal fonts
+          noto-fonts
+          noto-fonts-cjk
+          noto-fonts-emoji

-      # nerdfonts
-      (nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];})
+          # nerdfonts
+          (nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];})
+        ];
+
+# use fonts specified by user rather than default ones
+        enableDefaultPackages = false;
+
+# user defined fonts
+# the reason there's Noto Color Emoji everywhere is to override DejaVu's
+# B&W emojis that would sometimes show instead of some Color emojis
+        fontconfig.defaultFonts = {
+          serif = ["Noto Serif" "Noto Color Emoji"];
+          sansSerif = ["Noto Sans" "Noto Color Emoji"];
+          monospace = ["JetBrainsMono Nerd Font" "Noto Color Emoji"];
+          emoji = ["Noto Color Emoji"];
+        };
+    };
+
+    programs.dconf.enable = true;
+    programs.thunar = {
+        enable = true;
+        plugins = with pkgs.xfce; [
+            thunar-archive-plugin
+            thunar-volman
+        ];
+    };
+
+    programs.xfconf.enable = true;
+    services.gvfs.enable = true;
+    services.tumbler.enable = true;
+
+    virtualisation = {
+        containers.enable = true;
+
+        podman = {
+            enable = true;
+            dockerCompat = true;
+            defaultNetwork.settings.dns_enabled = true;
+        };
+    }; 
+# networking.firewall.allowedTCPPorts = [ ... ];
+# networking.firewall.allowedUDPPorts = [ ... ];
+# Or disable the firewall altogether.
+    networking.firewall.enable = false;
+
+# Enable the OpenSSH daemon.
+    services.openssh = {
+        enable = true;
+        settings = {
+          X11Forwarding = true;
+          PermitRootLogin = "no"; # disable root login
+          PasswordAuthentication = false; # disable password login
+        };
+        openFirewall = true;
+    };
+
+# List packages installed in system profile. To search, run:
+# $ nix search wget
+    environment.systemPackages = with pkgs; [
+# Bare minimum
+        neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+        wget
+        git
+
+# System tools
+        sysstat
+        lm_sensors # for `sensors` command
+        ethtool
+        pciutils # lspci
+        usbutils # lsusb
+
+# Rizz
+        fastfetch
+#microfetch
+
+# Terminal
+        yazi # file manager
+        jq # JSON Parser
+        yq-go # YAML Parser
+        glow # Markdown Reader
+        btop # system monitor
+        iotop # iomonitor
+        iftop # network monitor
+        iperf3 # network tester
+        nmap # network discovery
+        eza # ls replacement
+        curl
+        dnsutils
+        ldns
+        file
+        which
+        tree
+        gnused
+        gnutar
+        gawk
+        zstd
+        gnupg
+
+# Archives
+        zip
+        unzip
+        p7zip
+        xz
    ];

-    # use fonts specified by user rather than default ones
-    enableDefaultPackages = false;
-
-    # user defined fonts
-    # the reason there's Noto Color Emoji everywhere is to override DejaVu's
-    # B&W emojis that would sometimes show instead of some Color emojis
-    fontconfig.defaultFonts = {
-      serif = ["Noto Serif" "Noto Color Emoji"];
-      sansSerif = ["Noto Sans" "Noto Color Emoji"];
-      monospace = ["JetBrainsMono Nerd Font" "Noto Color Emoji"];
-      emoji = ["Noto Color Emoji"];
+# Enable sound with pipewire.
+    sound.enable = true;
+        hardware.pulseaudio.enable = false;
+        services.power-profiles-daemon = {
+        enable = true;
    };
-  };
+    security.polkit.enable = true;

-  programs.dconf.enable = true;
-  programs.thunar = {
-    enable = true;
-    plugins = with pkgs.xfce; [
-        thunar-archive-plugin
-        thunar-volman
-    ];
-  };
+    services = {
+        dbus.packages = [pkgs.gcr];

-  programs.xfconf.enable = true;
-  services.gvfs.enable = true;
-  services.tumbler.enable = true;
-  
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  networking.firewall.enable = false;
+        geoclue2.enable = true;

-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    settings = {
-      X11Forwarding = true;
-      PermitRootLogin = "no"; # disable root login
-      PasswordAuthentication = false; # disable password login
+        pipewire = {
+          enable = true;
+          alsa.enable = true;
+          alsa.support32Bit = true;
+          pulse.enable = true;
+          # If you want to use JACK applications, uncomment this
+          jack.enable = true;
+
+          # use the example session manager (no others are packaged yet so this is enabled by default,
+          # no need to redefine it in your config for now)
+          #media-session.enable = true;
+        };
+
+        udev.packages = with pkgs; [gnome.gnome-settings-daemon];
    };
-    openFirewall = true;
-  };
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    # Bare minimum
-    neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-    wget
-    git
-
-    # System tools
-    sysstat
-    lm_sensors # for `sensors` command
-    ethtool
-    pciutils # lspci
-    usbutils # lsusb
-    
-    # Rizz
-    fastfetch
-    #microfetch
-    
-    # Terminal
-    yazi # file manager
-    jq # JSON Parser
-    yq-go # YAML Parser
-    glow # Markdown Reader
-    btop # system monitor
-    iotop # iomonitor
-    iftop # network monitor
-    iperf3 # network tester
-    nmap # network discovery
-    eza # ls replacement
-    curl
-    dnsutils
-    ldns
-    file
-    which
-    tree
-    gnused
-    gnutar
-    gawk
-    zstd
-    gnupg
-
-    # Archives
-    zip
-    unzip
-    p7zip
-    xz
-  ];
-
-  # Enable sound with pipewire.
-  sound.enable = true;
-  hardware.pulseaudio.enable = false;
-  services.power-profiles-daemon = {
-    enable = true;
-  };
-  security.polkit.enable = true;
-
-  services = {
-    dbus.packages = [pkgs.gcr];
-
-    geoclue2.enable = true;
-
-    pipewire = {
-      enable = true;
-      alsa.enable = true;
-      alsa.support32Bit = true;
-      pulse.enable = true;
-      # If you want to use JACK applications, uncomment this
-      jack.enable = true;
-
-      # use the example session manager (no others are packaged yet so this is enabled by default,
-      # no need to redefine it in your config for now)
-      #media-session.enable = true;
-    };
-
-    udev.packages = with pkgs; [gnome.gnome-settings-daemon];
-  };
 }