{ nixos-hardware, disko, nix-ld-rs, ... }: { pkgs, config, ... }: { imports = [ nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-pc-ssd disko.nixosModules.disko ./storage.nix ./network.nix ./virtualisation.nix ./promtail ../../users/erwin ../../users/root ]; eboskma = { users.erwin = { enable = true; server = true; }; base = { plymouth.enable = true; }; nix-common = { enable = true; remote-builders = true; }; # libvirtd.enable = true; systemd.enable = true; tailscale.enable = true; }; security = { sudo-rs = { enable = true; }; sudo.enable = false; }; boot = { loader = { systemd-boot = { enable = true; configurationLimit = 10; }; efi.canTouchEfiVariables = true; }; initrd = { availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "ahci" "usb_storage" "usbhid" "sd_mod" "virtio_blk" "virtio_pci" ]; kernelModules = [ "kvm-intel" ]; }; kernelPackages = pkgs.linuxPackages_latest; kernelModules = [ "kvm-intel" "dm-thin-pool" "dm-snapshot" ]; # From PVE: ro quiet intel_iommu=on i915.enable_gvt=1 cpufreq.default_governor=ondemand # kernelParams = [ "intel_iommu=on" "i915.enable_gvt=1" "cpufreq.default_governor=ondemand" ]; extraModulePackages = with config.boot.kernelPackages; [ (gasket.overrideAttrs (prevAttrs: { patches = (prevAttrs.patches or [ ]) ++ [ ./0001-fix-gasket.patch ]; })) ]; kernel.sysctl = { "net.core.rmem_max" = 2500000; "net.core.wmem_max" = 2500000; }; }; hardware.enableAllFirmware = true; programs = { nix-ld = { enable = true; package = nix-ld-rs.packages.${pkgs.hostPlatform.system}.nix-ld-rs; }; }; services = { openssh.enable = true; lvm = { enable = true; }; prometheus.exporters = { node = { enable = true; enabledCollectors = [ "systemd" ]; }; }; iperf3 = { enable = true; openFirewall = true; }; }; system.stateVersion = "24.05"; }