# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { nixos-hardware, microvm, ... }: { pkgs, config, ... }: { imports = [ # Include the results of the hardware scan. nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd-pstate nixos-hardware.nixosModules.common-pc-ssd # "${nomachine}/nixos/modules/services/admin/nomachine.nix" microvm.nixosModules.host ../../users/erwin ../../users/root ]; # nixpkgs.config.allowUnfree = true; eboskma = { var.workSystem = true; users = { erwin = { enable = true; work = true; terminal = "Alacritty"; }; }; base = { plymouth.enable = true; work = true; }; desktop = { enable = true; wayland = true; }; docker = { enable = true; enableNvidia = true; # enableTcpSocket = true; }; fonts.enable = true; gnome.enable = true; greetd = { enable = true; sway = true; wayvnc = true; wallpaper = ../../wallpapers/river-3840.png; }; kanata = { enable = true; devices = [ "/dev/input/by-id/usb-04d9_USB-HID_Keyboard-event-kbd" ]; }; lightdm.enable = false; networking.enable = true; nix-common = { enable = true; cross-systems = [ "aarch64-linux" ]; }; sound.enable = true; systemd.enable = true; }; fileSystems = { "/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; "/boot" = { device = "/dev/disk/by-label/boot"; fsType = "vfat"; }; "/home" = { device = "/dev/disk/by-label/home"; fsType = "ext4"; }; "/yocto" = { device = "/dev/disk/by-label/yocto"; fsType = "ext4"; }; }; swapDevices = [{ device = "/dev/disk/by-label/swap"; }]; hardware = { enableAllFirmware = true; nvidia = { modesetting.enable = true; powerManagement.enable = true; # forceFullCompositionPipeline = true; }; opengl = { driSupport32Bit = true; extraPackages = with pkgs; [ vaapiVdpau ]; }; }; # Use the systemd-boot EFI boot loader. boot = { kernelPackages = pkgs.linuxPackages_latest; initrd = { availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; kernelModules = [ "dm-snapshot" ]; }; kernelModules = [ "kvm-amd" "apple-mfi-fastcharge" "zenpower" ]; # boot.kernelParams = [ "amd_pstate.shared_mem=1" ]; extraModulePackages = with config.boot.kernelPackages; [ rtl88x2bu zenpower cpupower ]; loader = { systemd-boot = { enable = true; configurationLimit = 15; }; efi.canTouchEfiVariables = true; }; # This triggers a warning on stateVersions < 23.11 if set to true swraid.enable = false; }; time.timeZone = "Europe/Amsterdam"; console = { font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz"; useXkbConfig = true; }; networking = { hostName = "mimir"; useDHCP = false; networkmanager.enable = false; useNetworkd = true; firewall = { trustedInterfaces = [ "lo" "tailscale0" ]; allowedTCPPorts = [ # Horus System V2 12345 5555 5556 # sccache server 10501 # Celantur 7000 ]; }; nat = { enable = true; internalInterfaces = [ "microvm" ]; externalInterface = "enp4s0"; }; }; microvm.autostart = [ "miniflux" ]; powerManagement = { cpuFreqGovernor = "ondemand"; }; systemd.network = { enable = true; # wait-online.extraArgs = [ "--interface=enp4s0" ]; wait-online.anyInterface = true; links = { "40-enp4s0" = { matchConfig = { Name = "enp4s0"; }; linkConfig = { WakeOnLan = "magic"; }; }; }; netdevs = { "10-microvm" = { netdevConfig = { Kind = "bridge"; Name = "microvm"; }; }; }; networks = { "40-enp4s0" = { enable = true; DHCP = "yes"; domains = [ "internal.horus.nu" "bedum.horus.nu" ]; matchConfig = { Name = "enp4s0"; }; }; "40-enp5s0f1" = { enable = true; linkConfig = { RequiredForOnline = "no"; }; matchConfig = { Name = "enp5s0f1"; }; }; "10-microvm" = { matchConfig = { Name = "microvm"; }; addresses = [ { addressConfig.Address = "172.16.0.1/24"; } ]; }; "11-microvm" = { matchConfig = { Name = "vm-*"; }; networkConfig = { Bridge = "microvm"; }; }; }; }; # programs.ssh.startAgent = true; programs = { gnome-disks.enable = true; }; services = { openssh.enable = true; envfs.enable = true; cpupower-gui.enable = true; flatpak.enable = true; tailscale.enable = true; teamviewer.enable = true; udisks2 = { enable = true; }; udev = { extraRules = '' ACTION=="add", ATTRS{idVendor}=="0781", ATTRS{idProduct}=="55b1", ATTRS{serial}=="A20033BEAC21B773", NAME="vault" ''; }; guacamole-server = { enable = true; userMappingXml = pkgs.writeText "user-mapping.xml" '' vnc localhost 5900 rdp localhost 3389 rdp lenovo-dev 3389 horus horus ''; }; guacamole-client = { enable = true; enableWebserver = true; }; gnome.gnome-remote-desktop.enable = true; xserver = { videoDrivers = [ "nvidia" ]; # screenSection = '' # Option "metamodes" "DP-0: nvidia-auto-select +0+0 {ForceFullCompositionPipeline=On, AllowGSYNCCompatible=On}, DP-4: nvidia-auto-select +3840+0 {ForceFullCompositionPipeline=On, AllowGSYNCCompatible=On}" # Option "TripleBuffer" "On" # ''; # libinput = { # enable = true; # mouse = { # naturalScrolling = true; # accelSpeed = "1.0"; # }; # touchpad = { # naturalScrolling = true; # }; # }; }; icecream.daemon = { enable = true; schedulerHost = "icecream.internal.horus.nu"; noRemote = true; openFirewall = false; openBroadcast = true; }; }; environment = { systemPackages = with pkgs; [ appimage-run ]; sessionVariables = { WLR_NO_HARDWARE_CURSORS = "1"; }; }; # sops = { # defaultSopsFile = ./secrets.yaml; # secrets = {}; # }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? }