{ nixos-hardware, ... }: { pkgs, config, ... }: { imports = [ nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd-pstate nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-pc-ssd # ./vm.nix ./barman.nix ../../users/erwin ../../users/root ../../users/builder ]; nixpkgs.config = { rocmSupport = true; }; eboskma = { users = { erwin = { enable = true; home = true; }; builder.enable = true; }; base = { plymouth.enable = true; work = false; udev-rules = { qmk = true; solo2 = false; picotool = true; blink1 = false; probe-rs = true; }; }; bluetooth.enable = true; desktop = { enable = true; wayland = true; }; fonts.enable = true; gnome.enable = true; greetd = { enable = false; sway = true; river = true; wallpaper = ../../wallpapers/river-2560.png; }; guix.enable = false; networking = { enable = true; }; nix-common = { enable = true; cross-systems = [ "aarch64-linux" ]; gc-interval = "weekly"; }; podman.enable = true; regreet = { enable = true; wallpaper = ../../wallpapers/river-2560.png; wayvnc = true; }; tailscale = { enable = true; nftables = true; }; sound = { enable = true; jack = true; }; systemd.enable = true; }; fileSystems = { "/" = { device = "/dev/disk/by-uuid/42065c7e-d0aa-4de8-a913-014cf59d48ac"; fsType = "ext4"; }; "/boot" = { device = "/dev/disk/by-uuid/4064-A1BE"; fsType = "vfat"; }; "/home" = { device = "/dev/disk/by-uuid/082ec5d2-238e-4713-9c37-31b1cb0fb8c3"; fsType = "ext4"; }; }; # Enable new implementation of switch-to-configuration built in Rust system = { switch = { enable = false; enableNg = true; }; }; swapDevices = [ { device = "/dev/disk/by-uuid/d93788f7-1b94-4687-8313-055d17f42b7e"; } ]; hardware = { # Enable firmware enableAllFirmware = true; graphics = { enable32Bit = true; }; # i2c support i2c.enable = true; amdgpu = { opencl.enable = true; }; }; boot = { initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; initrd.kernelModules = [ ]; kernelPackages = pkgs.linuxPackages_latest; kernelModules = [ "kvm-amd" "apple-mfi-fastcharge" "zenpower" "nf_nat_ftp" ]; blacklistedKernelModules = [ "k10temp" ]; kernelParams = [ "amd_pstate.shared_mem=1" ]; extraModulePackages = with config.boot.kernelPackages; [ cpupower # rtl88x2bu zenpower ]; loader = { systemd-boot = { enable = true; configurationLimit = 10; }; efi.canTouchEfiVariables = true; }; }; time.timeZone = "Europe/Amsterdam"; networking = { hostName = "loki"; useDHCP = false; networkmanager.enable = false; useNetworkd = true; nftables.enable = true; firewall = { trustedInterfaces = [ "lo" "tailscale0" ]; allowedTCPPorts = [ # NFS 111 2049 4100 4101 4102 20048 # Horus System V2 12345 5555 5556 # Elixir/Phoenix dev environment 4000 # SteamLink 27036 27037 ]; allowedUDPPorts = [ # NFS 111 2049 4100 4101 4102 20048 # SteamLink 27031 27036 # WireGuard 51820 ]; allowedTCPPortRanges = [ # Sonos / noson { from = 1400; to = 1410; } ]; allowedUDPPortRanges = [ # Sunshine { from = 47998; to = 48000; } # Sonos / noson / pulseaudio { from = 1400; to = 1410; } ]; }; wireless.iwd = { enable = true; settings = { General = { EnableNetworkConfiguration = true; }; }; }; }; security = { sudo-rs = { enable = true; }; sudo.enable = false; apparmor = { enable = true; }; pam.services.swaylock = { unixAuth = true; setLoginUid = true; enableGnomeKeyring = true; allowNullPassword = true; updateWtmp = true; startSession = true; }; }; systemd = { network = { enable = true; config = { networkConfig = { IPv6PrivacyExtensions = true; }; }; wait-online = { anyInterface = true; }; netdevs = { "10-horus0" = { netdevConfig = { Kind = "wireguard"; MTUBytes = "1420"; Name = "horus0"; }; wireguardConfig = { PrivateKeyFile = config.sops.secrets.wireguard-horus-privkey.path; ListenPort = 51820; }; wireguardPeers = [ { PublicKey = "6faxlUG8+F7uVrKk/OJqqy5k2+OzrhXc/cV6Zsfbl0c="; AllowedIPs = [ "192.168.4.0/23" "192.168.6.0/24" "192.168.7.0/24" "192.168.8.0/24" ]; Endpoint = "212.45.34.195:51820"; PersistentKeepalive = 25; } ]; }; }; networks = { "40-enp4s0" = { matchConfig = { Name = "enp4s0"; }; networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; }; dhcpV4Config = { RouteMetric = 64; }; }; "40-horus0" = { matchConfig = { Name = "horus0"; }; linkConfig = { ActivationPolicy = "manual"; }; networkConfig = { DHCP = "no"; DNS = "192.168.4.1"; Domains = [ "bedum.horus.nu" "internal.horus.nu" ]; }; address = [ "10.10.4.2/24" ]; routes = [ { Destination = "192.168.4.0/23"; Scope = "link"; } { Destination = "192.168.6.0/24"; Scope = "link"; } { Destination = "192.168.7.0/24"; Scope = "link"; } { Destination = "192.168.8.0/24"; Scope = "link"; } ]; }; }; links = { "40-enp4s0" = { matchConfig = { OriginalName = "enp4s0"; }; linkConfig = { WakeOnLan = "magic"; }; }; }; }; }; services = { udev = { extraRules = '' ACTION=="add", ATTRS{idVendor}=="0951", ATTRS{idProduct}=="1666", NAME=keys ACTION=="add", ATTRS{idVendor}=="0781", ATTRS{idProduct}=="55b1", NAME=vault ''; }; logind = { hibernateKey = "ignore"; powerKey = "ignore"; rebootKey = "ignore"; suspendKey = "hibernate"; hibernateKeyLongPress = "ignore"; powerKeyLongPress = "ignore"; rebootKeyLongPress = "ignore"; suspendKeyLongPress = "ignore"; }; openssh.enable = true; colord.enable = true; udisks2 = { enable = true; }; envfs.enable = true; teamviewer.enable = true; sunshine = { enable = true; capSysAdmin = true; # user = "erwin"; openFirewall = true; }; }; programs = { sway = { enable = true; package = pkgs.swayfx; wrapperFeatures = { gtk = true; base = true; }; extraPackages = with pkgs; [ swaylock swayidle ]; }; river.enable = true; gnome-disks.enable = true; gamemode = { enable = true; settings = { general = { renice = 5; }; custom = { start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'"; end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'"; }; }; }; appimage = { enable = true; binfmt = true; }; ryzen-monitor-ng.enable = true; nix-ld = { enable = true; libraries = with pkgs; [ alsa-lib at-spi2-atk at-spi2-core atk cairo cups curl dbus expat fontconfig freetype fuse3 gdk-pixbuf glib gtk3 icu libGL libappindicator-gtk3 libdrm libglvnd libnotify libpulseaudio libunwind libusb1 libuuid libxkbcommon mesa nspr nss openssl pango pipewire sqlite stdenv.cc.cc systemd vulkan-loader xorg.libX11 xorg.libXScrnSaver xorg.libXcomposite xorg.libXcursor xorg.libXdamage xorg.libXext xorg.libXfixes xorg.libXi xorg.libXrandr xorg.libXrender xorg.libXtst xorg.libxcb xorg.libxkbfile xorg.libxshmfence zlib ]; }; }; powerManagement = { cpuFreqGovernor = "ondemand"; }; environment = { sessionVariables = { AMD_VULKAN_ICD = "RADV"; }; systemPackages = with pkgs; [ incus iwgtk tailscale ]; }; # Workaround for packages that has HIP paths hardcoded systemd.tmpfiles.rules = let rocmEnv = pkgs.symlinkJoin { name = "rocm-combined"; paths = with pkgs.rocmPackages; [ rocblas hipblas clr ]; }; in [ "L+ /opt/rocm - - - - ${rocmEnv}" ]; sops.defaultSopsFile = ./secrets.yaml; sops.secrets = { ha_now_playing_token = { owner = "erwin"; }; gh_token = { owner = "erwin"; }; renovate_env = { owner = "erwin"; }; livebook-env = { owner = "erwin"; }; livebook-password = { owner = "erwin"; }; wireguard-horus-privkey = { owner = "systemd-network"; }; k3s-token = { }; barman-passwords = { owner = "barman"; }; factorio-token = { owner = "erwin"; }; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? }