{ nixos-hardware, disko, nix-ld-rs, ... }: { pkgs, config, ... }: { imports = [ nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-pc-ssd disko.nixosModules.disko ./storage.nix ./network.nix ./virtualisation.nix ./promtail ../../users/erwin ../../users/root ]; eboskma = { users.erwin = { enable = true; server = true; }; base = { plymouth.enable = true; }; nix-common = { enable = true; remote-builders = true; }; # libvirtd.enable = true; systemd.enable = true; tailscale.enable = true; }; security = { sudo-rs = { enable = true; }; sudo.enable = false; apparmor = { enable = false; }; }; boot = { loader = { systemd-boot = { enable = true; configurationLimit = 10; }; efi.canTouchEfiVariables = true; }; initrd = { availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "ahci" "usb_storage" "usbhid" "sd_mod" "virtio_blk" "virtio_pci" ]; kernelModules = [ "kvm-intel" ]; }; kernelPackages = pkgs.linuxPackages_latest; kernelModules = [ "kvm-intel" "dm-thin-pool" "dm-snapshot" ]; # From PVE: ro quiet intel_iommu=on i915.enable_gvt=1 cpufreq.default_governor=ondemand # kernelParams = [ "intel_iommu=on" "i915.enable_gvt=1" "cpufreq.default_governor=ondemand" ]; extraModulePackages = with config.boot.kernelPackages; [ gasket ]; kernel.sysctl = { "net.core.rmem_max" = 2500000; "net.core.wmem_max" = 2500000; }; }; hardware.enableAllFirmware = true; users.users.consoledash = { isSystemUser = true; home = "/var/lib/consoledash"; group = "consoledash"; createHome = true; # Stole this from here: # https://github.com/mcdonc/.nixconfig/blob/66f427c029eb673c44bb7df919b78485ce3e8b01/videos/restricteduser/script.rst # shell = # let # rbash = pkgs.runCommandNoCC "rbash-${pkgs.bashInteractive.version}" { } '' # mkdir -p $out/bin # ln -s ${pkgs.bashInteractive}/bin/bash $out/bin/rbash # ''; # in # "${rbash}/bin/rbash"; shell = "${pkgs.glances}/bin/glances"; ignoreShellProgramCheck = true; hashedPassword = null; }; users.groups.consoledash = { }; programs = { bandwhich.enable = true; nix-ld = { enable = true; package = nix-ld-rs.packages.${pkgs.hostPlatform.system}.nix-ld-rs; }; }; services = { getty.autologinUser = "consoledash"; openssh.enable = true; lvm = { enable = true; }; prometheus.exporters = { node = { enable = true; enabledCollectors = [ "systemd" ]; }; }; iperf3 = { enable = true; openFirewall = true; }; sysstat = { enable = true; collect-frequency = "*:*:0"; }; }; environment.systemPackages = with pkgs; [ sysstat ]; system.stateVersion = "24.05"; }