{ nixos-hardware, ... }: { pkgs, config, ... }: { imports = [ nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd-pstate nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-pc-ssd ./hardware-configuration.nix ../../users/erwin ../../users/root ../../users/builder ]; eboskma = { users = { erwin = { enable = true; home = true; }; builder.enable = true; }; # backscrub.enable = true; base = { plymouth.enable = true; work = false; kernel = pkgs.linuxKernel.packages.linux_6_2; udev-rules = { qmk = true; solo2 = true; picotool = true; blink1 = true; probe-rs = true; }; }; bluetooth.enable = true; desktop = { enable = true; wayland = true; home-manager = true; }; docker.enable = true; element-web.enable = false; fonts.enable = true; gnome.enable = true; greetd = { enable = true; sway = true; hyprland = true; }; libvirtd.enable = true; livebook = { enable = false; dataDir = "/home/erwin/workspace/livebook"; userMapping = "1000:100"; }; lxd.enable = true; networking = { enable = true; }; nix-common = { enable = true; cross-systems = [ "aarch64-linux" ]; }; tablet.enable = false; sound.enable = true; systemd.enable = true; }; boot.loader = { systemd-boot = { enable = true; configurationLimit = 10; }; efi.canTouchEfiVariables = true; }; time.timeZone = "Europe/Amsterdam"; networking = { hostName = "loki"; useDHCP = false; networkmanager.enable = true; useNetworkd = true; hosts = { "10.0.0.252" = [ "pve.datarift.nl" ]; }; firewall = { trustedInterfaces = [ "lo" ]; allowedTCPPorts = [ # NFS 111 2049 4100 4101 4102 20048 # Horus System V2 12345 5555 5556 # Elixir/Phoenix dev environment 4000 # Sunshine 48010 ]; allowedUDPPorts = [ # NFS 111 2049 4100 4101 4102 20048 # WireGuard 51820 ]; allowedTCPPortRanges = [ # Sunshine { from = 47984; to = 47990; } ]; allowedUDPPortRanges = [ # Sunshine { from = 47998; to = 48000; } ]; }; }; systemd.network = { enable = true; netdevs = { "10-wghorus" = { netdevConfig = { Kind = "wireguard"; MTUBytes = "1420"; Name = "wghorus"; }; wireguardConfig = { PrivateKeyFile = config.sops.secrets.wireguard-horus-privkey.path; ListenPort = 51820; }; wireguardPeers = [ { wireguardPeerConfig = { PublicKey = "6faxlUG8+F7uVrKk/OJqqy5k2+OzrhXc/cV6Zsfbl0c="; AllowedIPs = [ "192.168.4.0/23" "192.168.6.0/24" "192.168.7.0/24" "192.168.8.0/24" ]; Endpoint = "212.45.34.195:51820"; PersistentKeepalive = 25; }; } ]; }; }; networks = { "40-enp4s0" = { DHCP = "yes"; }; "40-wghorus" = { matchConfig = { Name = "wghorus"; }; linkConfig = { ActivationPolicy = "manual"; }; networkConfig = { DHCP = "no"; DNS = "192.168.4.1"; Domains = [ "bedum.horus.nu" "internal.horus.nu" ]; }; address = [ "10.10.4.2/24" ]; routes = [ { routeConfig = { Destination = "192.168.4.0/23"; Scope = "link"; }; } { routeConfig = { Destination = "192.168.6.0/24"; Scope = "link"; }; } { routeConfig = { Destination = "192.168.7.0/24"; Scope = "link"; }; } { routeConfig = { Destination = "192.168.8.0/24"; Scope = "link"; }; } ]; }; }; links = { "40-enp4s0" = { matchConfig = { Name = "enp4s0"; }; linkConfig = { WakeOnLan = "magic"; }; }; }; }; services.openssh.enable = true; programs.ssh.startAgent = true; services.envfs.enable = true; services.cpupower-gui.enable = true; services.sunshine = { enable = true; user = "erwin"; openFirewall = true; }; powerManagement = { powerUpCommands = '' ${pkgs.powertop}/bin/powertop --auto-tune ${pkgs.coreutils}/bin/echo 'on' > /sys/bus/usb/devices/5-3.2/power/control # Logitech G502 HERO SE ${pkgs.coreutils}/bin/echo 'on' > /sys/bus/usb/devices/5-3.1/power/control # splitkb Kyria rev1 ''; cpuFreqGovernor = "ondemand"; }; services.nfs.server = { enable = true; exports = '' /home/erwin/proxmox-backup 10.0.0.0/24(rw,sync,no_subtree_check,anonuid=1000,anongid=100,all_squash) ''; lockdPort = 4101; mountdPort = 4102; statdPort = 4100; }; sops.defaultSopsFile = ./secrets.yaml; sops.secrets = { ha_now_playing_token = { owner = "erwin"; }; gh_token = { owner = "erwin"; }; renovate_env = { owner = "erwin"; }; livebook_cookie = { owner = "erwin"; }; livebook-password = { owner = "erwin"; }; wireguard-horus-privkey = { owner = "systemd-network"; }; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? }