{ nixos-hardware, ... }: { pkgs, config, ... }: { imports = [ nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd-pstate nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-pc-ssd ./hardware-configuration.nix ../../users/erwin ../../users/root ../../users/builder ]; eboskma = { users = { erwin = { enable = true; home = true; }; builder.enable = true; }; # backscrub.enable = true; base = { plymouth.enable = true; work = false; kernel = pkgs.linuxKernel.packages.linux_6_0; udev-rules = { qmk = true; solo2 = true; picotool = true; blink1 = true; probe-rs = true; }; }; bluetooth.enable = true; desktop = { enable = true; wayland = true; home-manager = true; }; docker.enable = true; element-web.enable = false; fonts.enable = true; gnome.enable = true; greetd = { enable = true; sway = true; hyprland = true; }; # home-manager = { # inherit (users) users; # enable = true; # }; libvirtd.enable = true; livebook = { enable = true; dataDir = "/home/erwin/workspace/livebook"; userMapping = "1000:100"; }; networking = { enable = true; }; nix-common = { enable = true; cross-systems = [ "aarch64-linux" ]; }; tablet.enable = false; sound.enable = true; systemd.enable = true; }; boot.loader = { systemd-boot = { enable = true; configurationLimit = 10; }; efi.canTouchEfiVariables = true; }; time.timeZone = "Europe/Amsterdam"; networking = { hostName = "loki"; useDHCP = false; networkmanager.enable = true; useNetworkd = true; hosts = { "10.0.0.252" = [ "pve.datarift.nl" ]; }; firewall = { trustedInterfaces = [ "lo" ]; # interfaces."enp4s0" = { allowedTCPPorts = [ # NFS 111 2049 4100 4101 4102 20048 # Horus System V2 12345 5555 5556 # Elixir/Phoenix dev environment 4000 # Sunshine 48010 ]; allowedUDPPorts = [ # NFS 111 2049 4100 4101 4102 20048 # WireGuard 51820 ]; allowedTCPPortRanges = [ # Sunshine { from = 47984; to = 47990; } ]; allowedUDPPortRanges = [ # Sunshine { from = 47998; to = 48000; } ]; # }; }; wg-quick.interfaces = { wghorus = { address = [ "10.10.4.2/24" ]; autostart = false; dns = [ "192.168.4.1" ]; listenPort = 51820; privateKeyFile = config.sops.secrets.wireguard-horus-privkey.path; postUp = '' ${pkgs.systemd}/bin/resolvectl domain wghorus bedum.horus.nu internal.horus.nu ''; postDown = '' ${pkgs.systemd}/bin/resolvectl domain wghorus "" ''; peers = [ { publicKey = "6faxlUG8+F7uVrKk/OJqqy5k2+OzrhXc/cV6Zsfbl0c="; allowedIPs = [ "192.168.4.0/23" "192.168.6.0/24" "192.168.7.0/24" "192.168.8.0/24" ]; endpoint = "212.45.34.195:51820"; persistentKeepalive = 25; } ]; }; }; # wireguard.interfaces = { # wghorus = { # ips = [ "10.10.4.2/24" ]; # listenPort = 51820; # privateKeyFile = config.sops.secrets.wireguard-horus-privkey.path; # postSetup = '' # ${pkgs.systemd}/bin/resolvectl dns wghorus 192.168.4.1 # ${pkgs.systemd}/bin/resolvectl domain wghorus bedum.horus.nu internal.horus.nu # ''; # postShutdown = '' # ${pkgs.systemd}/bin/resolvectl dns wghorus "" # ${pkgs.systemd}/bin/resolvectl domain wghorus "" # ''; # peers = [ # { # publicKey = "6faxlUG8+F7uVrKk/OJqqy5k2+OzrhXc/cV6Zsfbl0c="; # allowedIPs = [ "192.168.4.0/23" "192.168.6.0/24" "192.168.7.0/24" "192.168.8.0/24" ]; # endpoint = "212.45.34.195:51820"; # persistentKeepalive = 25; # } # ]; # }; # }; }; systemd.network = { enable = true; networks = { "40-enp4s0" = { DHCP = "yes"; }; }; links = { "40-enp4s0" = { matchConfig = { Name = "enp4s0"; }; linkConfig = { WakeOnLan = "magic"; }; }; }; }; # nix = { # package = pkgs.nixUnstable; # extraOptions = '' # experimental-features = nix-command flakes # ''; # }; services.openssh.enable = true; programs.ssh.startAgent = true; services.envfs.enable = true; services.sunshine = { enable = true; user = "erwin"; openFirewall = true; }; powerManagement.powerUpCommands = '' ${pkgs.powertop}/bin/powertop --auto-tune ${pkgs.coreutils}/bin/echo 'on' > /sys/bus/usb/devices/5-4.2/power/control # Logitech G502 HERO SE ${pkgs.coreutils}/bin/echo 'on' > /sys/bus/usb/devices/5-4.1/power/control # splitkb Kyria rev1 ''; services.nfs.server = { enable = true; exports = '' /home/erwin/proxmox-backup 10.0.0.0/24(rw,sync,no_subtree_check,anonuid=1000,anongid=100,all_squash) ''; lockdPort = 4101; mountdPort = 4102; statdPort = 4100; }; sops.defaultSopsFile = ./secrets.yaml; sops.secrets = { ha_now_playing_token = { owner = "erwin"; }; gh_token = { owner = "erwin"; }; renovate_env = { owner = "erwin"; }; livebook_cookie = { owner = "erwin"; }; livebook-password = { owner = "erwin"; }; wireguard-horus-privkey = { }; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? }