{ self, nixpkgs, ... }: let pkgs = import nixpkgs { system = "x86_64-linux"; }; in { imports = [ ./hardware-configuration.nix ../../users/erwin ../../users/root ../../users/builder ]; eboskma = { users = { erwin = { enable = true; home-manager = true; }; builder.enable = true; }; # backscrub.enable = true; base = { plymouth.enable = true; work = false; kernel = pkgs.linuxKernel.packages.linux_5_19; }; bluetooth.enable = true; desktop = { enable = true; home-manager = true; }; docker.enable = true; element-web.enable = false; fonts.enable = true; gnome.enable = true; greetd.enable = true; # home-manager = { # inherit (users) users; # enable = true; # }; libvirtd.enable = true; livebook = { enable = true; dataDir = "/home/erwin/workspace/livebook"; userMapping = "1000:100"; }; networking = { enable = true; }; nix-common = { enable = true; }; tablet.enable = false; sound.enable = true; systemd.enable = true; }; boot.loader = { systemd-boot = { enable = true; configurationLimit = 25; }; efi.canTouchEfiVariables = true; }; time.timeZone = "Europe/Amsterdam"; networking = { hostName = "loki"; useDHCP = false; networkmanager.enable = true; useNetworkd = true; hosts = { "10.0.0.252" = [ "pve.datarift.nl" ]; }; firewall = { trustedInterfaces = [ "lo" ]; interfaces."enp4s0" = { allowedTCPPorts = [ # Horus System V2 12345 5555 5556 # Elixir/Phoenix dev environment 4000 ]; }; }; }; systemd.network = { enable = true; networks = { "40-enp4s0" = { DHCP = "yes"; }; }; }; # nix = { # package = pkgs.nixUnstable; # extraOptions = '' # experimental-features = nix-command flakes # ''; # }; services.openssh.enable = true; # TODO: Add to LXD module # virtualisation.lxd = { # enable = true; # recommendedSysctlSettings = true; # }; # virtualisation.lxc.lxcfs.enable = true; # networking.bridges = { # lxdbr0.interfaces = [ ]; # }; # networking.localCommands = '' # ip address add 10.2.0.1/24 dev lxdbr0 # ''; # networking.firewall.extraCommands = '' # iptables -A INPUT -i lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT # # Technically not necessary because FORWARD and OUTPUT by default have an ACCEPT policy, # # but just to be explicit I'll add them anyway # iptables -A FORWARD -o lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT # iptables -A FORWARD -i lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT # iptables -A OUTPUT -o lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT # iptables -t nat -A POSTROUTING -s 10.2.0.0/24 ! -d 10.2.0.0/24 -m comment --comment "LXD rules for lxdbr0" -j MASQUERADE # ''; # boot.kernel.sysctl = { # "net.ipv4.conf.all.forwarding" = true; # "net.ipv4.conf.default.forwarding" = true; # }; # users.users.erwin.extraGroups = [ "lxd" ]; # End TODO: Add to LXD module services.nfs.server = { enable = true; exports = '' /home/erwin/proxmox-backup 10.0.0.0/24(rw,sync,no_subtree_check,anonuid=1000,anongid=100,all_squash) ''; lockdPort = 4001; mountdPort = 4002; statdPort = 4000; }; networking.firewall = { allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ]; allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ]; }; sops.defaultSopsFile = ./secrets.yaml; sops.secrets = { ha_now_playing_token = { owner = "erwin"; }; gh_token = { owner = "erwin"; }; renovate_env = { owner = "erwin"; }; livebook_cookie = { owner = "erwin"; }; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "21.11"; # Did you read the comment? }