# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { nixos-hardware, nomachine, microvm, ... }: { pkgs, ... }: { imports = [ # Include the results of the hardware scan. nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd-pstate nixos-hardware.nixosModules.common-pc-ssd "${nomachine}/nixos/modules/services/admin/nomachine.nix" microvm.nixosModules.host ./hardware-configuration.nix ../../users/erwin ../../users/root ]; # nixpkgs.config.allowUnfree = true; eboskma = { var.workSystem = true; users = { erwin = { enable = true; work = true; terminal = "Alacritty"; }; }; base = { plymouth.enable = true; work = true; }; desktop = { enable = true; }; docker = { enable = true; enableNvidia = true; # enableTcpSocket = true; }; fonts.enable = true; gnome.enable = true; kanata = { enable = true; devices = [ "/dev/input/by-id/usb-04d9_USB-HID_Keyboard-event-kbd" ]; }; lightdm.enable = true; networking.enable = true; nix-common = { enable = true; cross-systems = [ "aarch64-linux" ]; }; sound.enable = true; systemd.enable = true; }; # Use the systemd-boot EFI boot loader. boot = { kernelPackages = pkgs.linuxPackages_6_3; loader = { systemd-boot = { enable = true; configurationLimit = 15; }; efi.canTouchEfiVariables = true; }; }; time.timeZone = "Europe/Amsterdam"; console.useXkbConfig = true; networking = { hostName = "mimir"; useDHCP = false; networkmanager.enable = false; useNetworkd = true; firewall = { trustedInterfaces = [ "lo" ]; allowedTCPPorts = [ # Horus System V2 12345 5555 5556 # sccache server 10501 # Celantur 7000 ]; }; nat = { enable = true; internalInterfaces = [ "microvm" ]; externalInterface = "enp4s0"; }; }; microvm.autostart = [ "miniflux" ]; powerManagement = { cpuFreqGovernor = "ondemand"; }; systemd.network = { enable = true; # wait-online.extraArgs = [ "--interface=enp4s0" ]; wait-online.anyInterface = true; links = { "40-enp4s0" = { matchConfig = { Name = "enp4s0"; }; linkConfig = { WakeOnLan = "magic"; }; }; }; netdevs = { "10-microvm" = { netdevConfig = { Kind = "bridge"; Name = "microvm"; }; }; }; networks = { "40-enp4s0" = { enable = true; DHCP = "yes"; domains = [ "internal.horus.nu" "bedum.horus.nu" ]; matchConfig = { Name = "enp4s0"; }; }; "40-enp5s0f1" = { enable = true; linkConfig = { RequiredForOnline = "no"; }; matchConfig = { Name = "enp5s0f1"; }; }; "10-microvm" = { matchConfig = { Name = "microvm"; }; addresses = [ { addressConfig.Address = "172.16.0.1/24"; } ]; }; "11-microvm" = { matchConfig = { Name = "vm-*"; }; networkConfig = { Bridge = "microvm"; }; }; }; }; services.openssh.enable = true; # programs.ssh.startAgent = true; services.envfs.enable = true; services.cpupower-gui.enable = true; services.flatpak.enable = true; services.tailscale.enable = true; services.xserver.libinput = { enable = true; mouse = { accelSpeed = "1.0"; naturalScrolling = true; }; }; services.nxserver = { enable = true; openFirewall = true; }; services.icecream.daemon = { enable = true; schedulerHost = "icecream.internal.horus.nu"; noRemote = true; openFirewall = false; openBroadcast = true; }; environment.systemPackages = with pkgs; [ appimage-run ]; # sops = { # defaultSopsFile = ./secrets.yaml; # secrets = {}; # }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? }