{ nixos-hardware, microvm, nix-ld-rs, attic, ... }: { pkgs, config, ... }: { imports = [ # Include the results of the hardware scan. nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd-pstate nixos-hardware.nixosModules.common-pc-ssd microvm.nixosModules.host attic.nixosModules.atticd ../../users/erwin ../../users/root ]; # nixpkgs.config.allowUnfree = true; nixpkgs.config = { cudaSupport = true; }; eboskma = { var.workSystem = true; users = { erwin = { enable = true; work = true; terminal = "Alacritty"; }; }; base = { plymouth.enable = true; work = true; }; desktop = { enable = true; wayland = true; }; podman = { enable = true; enableNvidia = true; # enableTcpSocket = true; }; fonts.enable = true; gnome.enable = true; greetd = { enable = true; sway = true; wayvnc = true; wallpaper = ../../wallpapers/river-3840.png; output = { "DP-1" = { bg = "${../../wallpapers/river-3840.png} fill"; mode = "3840x2160@60Hz"; position = "0 0"; }; "DP-3" = { bg = "${../../wallpapers/river-3840.png} fill"; mode = "3840x2160@60Hz"; position = "3840 0"; }; }; input = { "1241:662:USB-HID_Keyboard" = { xkb_layout = "us,us"; xkb_variant = "colemak,"; xkb_options = "lv3:ralt_switch,eurosign:5,caps:backspace,ctrl:nocaps,grp:sclk_toggle,grp_led:scroll"; xkb_numlock = "enabled"; }; "1133:49257:Logitech_USB_Laser_Mouse" = { natural_scroll = "enabled"; pointer_accel = "1"; }; }; }; kanata = { enable = true; devices = [ "/dev/input/by-id/usb-04d9_USB-HID_Keyboard-event-kbd" ]; }; lightdm.enable = false; networking.enable = true; nix-common = { enable = true; cross-systems = [ "aarch64-linux" ]; gc-interval = "weekly"; }; regreet = { enable = false; wallpaper = ../../wallpapers/river-3840.png; wayvnc = true; }; sound.enable = true; systemd.enable = true; tailscale.enable = true; }; fileSystems = { "/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; "/boot" = { device = "/dev/disk/by-label/boot"; fsType = "vfat"; }; "/home" = { device = "/dev/disk/by-label/home"; fsType = "ext4"; }; "/yocto" = { device = "/dev/disk/by-label/yocto"; fsType = "ext4"; }; }; swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; hardware = { enableAllFirmware = true; nvidia = { open = false; modesetting.enable = true; powerManagement.enable = true; # Needed to make hibernate work properly forceFullCompositionPipeline = true; }; graphics = { enable32Bit = true; extraPackages = with pkgs; [ vaapiVdpau vulkan-validation-layers ]; }; }; # Use the systemd-boot EFI boot loader. boot = { initrd = { availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; kernelModules = [ "dm-snapshot" ]; }; # NVIDIA driver is broken with Linux 6.11 kernelPackages = pkgs.linuxPackages_6_10; kernelModules = [ "kvm-amd" "apple-mfi-fastcharge" "zenpower" ]; blacklistedKernelModules = [ "k10temp" ]; extraModulePackages = with config.boot.kernelPackages; [ cpupower zenpower ]; loader = { systemd-boot = { enable = true; configurationLimit = 15; }; efi.canTouchEfiVariables = true; }; # This triggers a warning on stateVersions < 23.11 if set to true swraid.enable = false; }; time.timeZone = "Europe/Amsterdam"; console = { font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz"; useXkbConfig = true; }; # Enable new implementation of switch-to-configuration built in Rust system = { switch = { enable = false; enableNg = true; }; }; networking = { hostName = "mimir"; useDHCP = false; networkmanager.enable = false; useNetworkd = true; nftables.enable = true; firewall = { trustedInterfaces = [ "lo" "tailscale0" ]; allowedTCPPorts = [ # Horus System V2 12345 5555 5556 # sccache server 10501 # Celantur 7000 ]; }; nat = { enable = true; internalInterfaces = [ "microvm" ]; externalInterface = "enp4s0"; }; wireless.iwd = { enable = true; settings = { General = { EnableNetworkConfiguration = true; }; }; }; }; microvm.autostart = [ "miniflux" ]; powerManagement = { cpuFreqGovernor = "ondemand"; }; security = { sudo.enable = false; sudo-rs.enable = true; apparmor = { enable = true; }; pam.services.swaylock = { unixAuth = true; setLoginUid = true; enableGnomeKeyring = true; allowNullPassword = true; updateWtmp = true; startSession = true; }; }; systemd = { network = { enable = true; # wait-online.extraArgs = [ "--interface=enp4s0" ]; wait-online.anyInterface = true; links = { "40-enp4s0" = { matchConfig = { Name = "enp4s0"; }; linkConfig = { WakeOnLan = "magic"; }; }; }; netdevs = { "10-microvm" = { netdevConfig = { Kind = "bridge"; Name = "microvm"; }; }; }; networks = { "40-enp4s0" = { enable = true; DHCP = "yes"; domains = [ "internal.horus.nu" "bedum.horus.nu" ]; dhcpV4Config = { RouteMetric = 64; }; matchConfig = { Name = "enp4s0"; }; }; "40-enp5s0f1" = { enable = true; linkConfig = { RequiredForOnline = "no"; }; matchConfig = { Name = "enp5s0f1"; }; }; "10-microvm" = { matchConfig = { Name = "microvm"; }; addresses = [ { Address = "172.16.0.1/24"; } ]; }; "11-microvm" = { matchConfig = { Name = "vm-*"; }; networkConfig = { Bridge = "microvm"; }; }; }; }; services = { ollama = { after = [ "tailscaled.service" ]; preStart = "${pkgs.coreutils}/bin/sleep 10"; # Tailscale reports ready before getting an IP address }; }; }; # programs.ssh.startAgent = true; programs = { sway = { enable = true; wrapperFeatures = { gtk = true; base = true; }; extraPackages = with pkgs; [ swaylock swayidle ]; extraOptions = [ "--unsupported-gpu" ]; }; gnome-disks.enable = true; nix-ld = { enable = true; package = nix-ld-rs.packages.${pkgs.hostPlatform.system}.nix-ld-rs; libraries = with pkgs; [ alsa-lib at-spi2-atk at-spi2-core atk cairo cups curl dbus expat fontconfig freetype fuse3 gdk-pixbuf glib gtk3 icu libGL libappindicator-gtk3 libdrm libglvnd libnotify libpulseaudio libunwind libusb1 libuuid libxkbcommon mesa nspr nss openssl pango pipewire stdenv.cc.cc systemd vulkan-loader xorg.libX11 xorg.libXScrnSaver xorg.libXcomposite xorg.libXcursor xorg.libXdamage xorg.libXext xorg.libXfixes xorg.libXi xorg.libXrandr xorg.libXrender xorg.libXtst xorg.libxcb xorg.libxkbfile xorg.libxshmfence zlib ]; }; }; services = { openssh.enable = true; envfs.enable = true; cpupower-gui.enable = true; flatpak.enable = true; teamviewer.enable = true; ddccontrol.enable = true; udisks2 = { enable = true; }; udev = { extraRules = '' ACTION=="add", ATTRS{idVendor}=="0781", ATTRS{idProduct}=="55b1", ATTRS{serial}=="A20033BEAC21B773", NAME="vault" ''; }; xserver = { videoDrivers = [ "nvidia" ]; # screenSection = '' # Option "metamodes" "DP-0: nvidia-auto-select +0+0 {ForceFullCompositionPipeline=On, AllowGSYNCCompatible=On}, DP-4: nvidia-auto-select +3840+0 {ForceFullCompositionPipeline=On, AllowGSYNCCompatible=On}" # Option "TripleBuffer" "On" # ''; # libinput = { # enable = true; # mouse = { # naturalScrolling = true; # accelSpeed = "1.0"; # }; # touchpad = { # naturalScrolling = true; # }; # }; }; icecream.daemon = { enable = true; schedulerHost = "icecream.internal.horus.nu"; noRemote = true; openFirewall = false; openBroadcast = true; }; ollama = { enable = true; acceleration = "cuda"; host = "100.119.162.110"; loadModels = [ "mistral" ]; }; }; environment = { systemPackages = with pkgs; [ appimage-run iwgtk peakperf ]; sessionVariables = { WLR_NO_HARDWARE_CURSORS = "1"; GBM_BACKEND = "nvidia-drm"; __GLX_VENDOR_LIBRARY_NAME = "nvidia"; }; }; sops = { defaultSopsFile = ./secrets.yaml; secrets = { # outline-keycloak-secret = { # owner = "outline"; # }; }; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? }