[TASK] Improve config

2026-02-07 11:56:38 +01:00 · 2026-02-07 11:56:38 +01:00 · 476c4f0997
commit 476c4f0997
parent 515ca078da
7 changed files with 273 additions and 82 deletions
--- a/config/common.nix
+++ b/config/common.nix
@ -1,42 +1,23 @@
 { pkgs, ... }:

 {
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    vim
-    git
-    wget
-    curl
-    htop
-  ];
-
  # Bootloader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.systemd-boot.configurationLimit = 5;
  boot.loader.efi.canTouchEfiVariables = true;

+  # System-Tuning für JetBrains Tools
+  boot.kernel.sysctl = {
+    "fs.inotify.max_user_watches" = 1048576;
+  };
+
+  # Network
  networking.hostName = "cesium"; # Define your hostname.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  networking.firewall.allowedTCPPorts = [ 22 ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # Enable networking
  networking.networkmanager.enable = true;

  # Set your time zone.
  time.timeZone = "Europe/Berlin";
-
-  # Select internationalisation properties.
  i18n.defaultLocale = "de_DE.UTF-8";
-
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "de_DE.UTF-8";
    LC_IDENTIFICATION = "de_DE.UTF-8";
@ -49,26 +30,8 @@
    LC_TIME = "de_DE.UTF-8";
  };

-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  system.autoUpgrade = {
-    enable = true;
-    allowReboot = true;
-    channel = "https://channels.nixos.org/nixos-25.11";
-  };
-
-  # Enable the X11 windowing system.
-  services.xserver.enable = true;
-  #services.xserver.videoDrivers = [ "nvidia" ];
-
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
+  # Configure console keymap
+  console.keyMap = "de";

  # Configure keymap in X11
  services.xserver.xkb = {
@ -76,48 +39,66 @@
    variant = "";
  };

-  # Enable the GNOME Desktop Environment.
-  services.displayManager.gdm.enable = true;
-  services.desktopManager.gnome.enable = true;

-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    vim
+    git
+    wget
+    curl
+    htop
+    stow

-  # Configure console keymap
-  console.keyMap = "de";
+    cifs-utils
+  ];

-  # Enable CUPS to print documents.
-  services.printing.enable = true;
+  # Shell-Programme
+  programs.zsh.enable = true;
+  programs.git.enable = true;

-  # Enable sound with pipewire.
-  services.pulseaudio.enable = false;
+  # Flatpak Support
+  services.flatpak.enable = true;
+
+  # Sound
+  sound.enable = true;
+  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
-    # If you want to use JACK applications, uncomment this
-    #jack.enable = true;
-
-    # use the example session manager (no others are packaged yet so this is enabled by default,
-    # no need to redefine it in your config for now)
-    #media-session.enable = true;
  };

-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.sebastian = {
-    isNormalUser = true;
-    description = "Sebastian Fischer";
-    extraGroups = [ "networkmanager" "wheel" ];
+  # Sound
+  sound.enable = true;
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
  };

-  # Install firefox.
-  programs.firefox.enable = true;
+  # 32-bit Support für Steam
+  hardware.graphics.enable32Bit = true;
+  hardware.pulseaudio.support32Bit = true;

-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
+  # Desktop Environment / Window Manager
+  services.xserver.enable = true;
+  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  system.autoUpgrade = {
+    enable = true;
+    allowReboot = true;
+    channel = "https://channels.nixos.org/nixos-25.11";
+  };

  nix.gc = {
    automatic = true;
--- a/config/configuration.nix
+++ b/config/configuration.nix
@ -4,18 +4,19 @@
  imports = [ # Include the results of the hardware scan.
    ./hardware-configuration.nix
    ./common.nix
-    # ./vm.nix
+    ./services.nix
+    ./users.nix
+    # ./vm-guest.nix
    <home-manager/nixos>
  ];

-  nixpkgs.config.allowUnfree = true;
-
  # Home Manager Konfiguration
  home-manager.useGlobalPkgs = true;
  home-manager.useUserPackages = true;
-
-  # Dein(e) Benutzer mit Home Manager
  home-manager.users.sebastian = import ./home.nix;

+  # NixOS Version (nicht ändern nach Erstinstallation)
  system.stateVersion = "25.11";
+
+  nixpkgs.config.allowUnfree = true;
 }
--- a/config/home.nix
+++ b/config/home.nix
@ -1,6 +1,52 @@
 # In deiner home.nix
 { config, pkgs, ... }:

+let
+  # Jameica/Hibiscus Custom Package
+  jameica = pkgs.stdenv.mkDerivation rec {
+    pname = "jameica";
+    version = "2.12.0";
+
+    src = pkgs.fetchurl {
+      url = "https://www.willuhn.de/products/jameica/releases/current/jameica/jameica-linux64-${version}.zip";
+      # Hash ermitteln mit: nix-prefetch-url <URL>
+      sha256 = "d5abbd1f8ce4c799e50669e6f4cb7deebf7af3343891e24ff36377ac4ea4192a";
+    };
+
+    nativeBuildInputs = [ pkgs.unzip pkgs.makeWrapper ];
+    buildInputs = [ pkgs.jre ];
+
+    unpackPhase = ''
+      unzip $src
+    '';
+
+    installPhase = ''
+      mkdir -p $out/opt/jameica
+      cp -r jameica/* $out/opt/jameica/ || true
+
+      mkdir -p $out/bin
+      makeWrapper $out/opt/jameica/jameica.sh $out/bin/jameica \
+        --prefix PATH : ${pkgs.jre}/bin
+
+      mkdir -p $out/share/applications
+      cat > $out/share/applications/jameica.desktop <<EOF
+      [Desktop Entry]
+      Name=Jameica
+      Exec=$out/bin/jameica
+      Terminal=false
+      Type=Application
+      Icon=$out/opt/jameica/jameica-icon.png
+      Categories=Office;Finance;
+      EOF
+    '';
+
+    meta = with pkgs.lib; {
+      description = "Jameica Homebanking";
+      homepage = "https://www.willuhn.de/products/jameica/";
+      platforms = platforms.linux;
+    };
+  };
+in
 {
  home.stateVersion = "25.11";

@ -11,9 +57,11 @@
    gimp
    filezilla
    solaar
+
    libreoffice-fresh
    hunspell
    hunspellDicts.de_DE
+
    darktable

    # Browser
@ -31,11 +79,66 @@

    # Entwicklung
    jetbrains-toolbox
-    jetbrains.phpstorm
    mkcert
    gitflow
-
-    # Tools
-    stow
  ];
+
+
+
+  # Powerlevel10k Theme installieren
+  home.activation.installPowerlevel10k = config.lib.dag.entryAfter ["writeBoundary"] ''
+    P10K_DIR="$HOME/.oh-my-zsh/custom/themes/powerlevel10k"
+    if [ ! -d "$P10K_DIR" ]; then
+      $DRY_RUN_CMD mkdir -p "$HOME/.oh-my-zsh/custom/themes"
+      $DRY_RUN_CMD ${pkgs.git}/bin/git clone --depth=1 \
+        https://github.com/romkatv/powerlevel10k.git "$P10K_DIR" || true
+    fi
+  '';
+
+  # Flatpak Apps installieren
+  # HINWEIS: Diese werden beim ersten home-manager switch installiert
+  # Dandanch werden sie von Flatpak selbst verwaltet
+  home.activation.installFlatpakApps = config.lib.dag.entryAfter ["writeBoundary"] ''
+    # Flathub Remote hinzufügen (falls noch nicht vorhanden)
+    $DRY_RUN_CMD ${pkgs.flatpak}/bin/flatpak remote-add --if-not-exists --user \
+      flathub https://dl.flathub.org/repo/flathub.flatpakrepo || true
+
+    # Extension Manager
+    if ! ${pkgs.flatpak}/bin/flatpak list --user | grep -q "com.mattjakeman.ExtensionManager"; then
+      $DRY_RUN_CMD ${pkgs.flatpak}/bin/flatpak install --user -y flathub \
+        com.mattjakeman.ExtensionManager || true
+    fi
+
+    # Kdenlive (Video-Bearbeitung)
+    if ! ${pkgs.flatpak}/bin/flatpak list --user | grep -q "org.kde.kdenlive"; then
+      $DRY_RUN_CMD ${pkgs.flatpak}/bin/flatpak install --user -y flathub \
+        org.kde.kdenlive || true
+    fi
+
+    # PrismLauncher (Minecraft)
+    if ! ${pkgs.flatpak}/bin/flatpak list --user | grep -q "org.prismlauncher.PrismLauncher"; then
+      $DRY_RUN_CMD ${pkgs.flatpak}/bin/flatpak install --user -y flathub \
+        org.prismlauncher.PrismLauncher || true
+
+      # Minecraft-Verzeichnis Zugriff gewähren
+      $DRY_RUN_CMD ${pkgs.flatpak}/bin/flatpak override --user \
+        org.prismlauncher.PrismLauncher --filesystem=/home/Programme/Minecraft/ || true
+    fi
+  '';
+
+  # mkcert installieren (für lokale SSL-Zertifikate)
+  home.activation.setupMkcert = config.lib.dag.entryAfter ["writeBoundary"] ''
+    if [ ! -f "$HOME/.local/share/mkcert/rootCA.pem" ]; then
+      $DRY_RUN_CMD ${pkgs.mkcert}/bin/mkcert -install || true
+    fi
+  '';
+
+  # GTK Theme (optional, für besseres Aussehen)
+  gtk = {
+    enable = true;
+    theme = {
+      name = "Adwaita-dark";
+      package = pkgs.gnome-themes-extra;
+    };
+  };
 }
--- a/config/services.nix
+++ b/config/services.nix
@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{
+  # Docker
+  virtualisation.docker = {
+    enable = true;
+    enableOnBoot = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    ddev
+  ];
+}
--- a/config/users.nix
+++ b/config/users.nix
@ -0,0 +1,24 @@
+# /etc/nixos/users.nix
+# Benutzer-Konfiguration
+
+{ config, pkgs, ... }:
+
+{
+  # Benutzer sebastian
+  users.users.sebastian = {
+    isNormalUser = true;
+    description = "Sebastian Fischer";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+      "docker"
+      "libvirtd"
+    ];
+    shell = pkgs.zsh;
+
+    hashedPassword = "$6$CAuppl9g4RL/0BpQ$njjjKs2MFlHRCxlBk.34f2z.wJ3nEOI4xOdOBEds59Adcr3ngJ1lVFpOS0v0pg4/k5pTg0Lgj.88w/RgR2/MS.";
+  };
+
+  # SSH für ssh-askpass (verwendet von Git, etc.)
+  programs.ssh.askPassword = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
+}
--- a/config/vm-guest.nix
+++ b/config/vm-guest.nix
@ -14,7 +14,9 @@
  services.qemuGuest.enable = true;

  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 9843 ];
+  networking.firewall.allowedTCPPorts = [ 9843 22 ];
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;

  environment.etc."xdg/autostart/spice-vdagent-custom.desktop".text = ''
    [Desktop Entry]
--- a/config/vm-host.nix
+++ b/config/vm-host.nix
@ -0,0 +1,67 @@
+# /etc/nixos/vm-guest.nix
+# Erweiterte Virtualisierungs-Konfiguration
+# Diese Datei ist optional und kann in configuration.nix importiert werden
+
+{ config, pkgs, ... }:
+
+{
+  # QEMU/KVM mit erweiterten Optionen
+  virtualisation.libvirtd = {
+    enable = true;
+
+    qemu = {
+      package = pkgs.qemu_kvm;
+      runAsRoot = true;
+
+      # TPM Emulation für Windows 11 VMs
+      swtpm.enable = true;
+
+      # UEFI Support
+      ovmf = {
+        enable = true;
+        packages = [ pkgs.OVMFFull.fd ];
+      };
+    };
+  };
+
+  # Virt-Manager und virtuelle Netzwerke
+  programs.virt-manager.enable = true;
+
+  # Networking für VMs
+  networking.firewall = {
+    # Erlaube Bridged Networking
+    checkReversePath = false;
+  };
+
+  # libvirt Netzwerk-Bridge
+  # Erstellt ein "default" NAT-Netzwerk für VMs
+  systemd.services.libvirtd-config = {
+    description = "Setup libvirt default network";
+    after = [ "libvirtd.service" ];
+    requires = [ "libvirtd.service" ];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+
+    script = ''
+      ${pkgs.libvirt}/bin/virsh net-autostart default || true
+      ${pkgs.libvirt}/bin/virsh net-start default || true
+    '';
+  };
+
+  # Zusätzliche VM-Tools
+  environment.systemPackages = with pkgs; [
+    virt-viewer    # VNC/SPICE Viewer
+    spice-gtk      # SPICE Client
+    win-virtio     # Windows VirtIO Treiber
+  ];
+
+  # Performance-Tuning für VMs
+  boot.kernelModules = [ "kvm-amd" ];  # Für AMD CPUs (für Intel: "kvm-intel")
+
+  # Hugepages für bessere VM Performance (optional)
+  # boot.kernelParams = [ "hugepagesz=2M" "hugepages=2048" ];
+}