{ nixos-hardware, nix-ld-rs, attic, ... }: { pkgs, config, ... }: { imports = [ nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd-pstate nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-pc-ssd # microvm.nixosModules.host # ./vm.nix ../../users/erwin ../../users/root ../../users/builder ]; eboskma = { users = { erwin = { enable = true; home = true; }; builder.enable = true; }; base = { plymouth.enable = true; work = false; udev-rules = { qmk = true; solo2 = true; picotool = true; blink1 = true; probe-rs = true; }; }; bluetooth.enable = true; desktop = { enable = true; wayland = true; }; element-web.enable = false; fonts.enable = true; gnome.enable = true; greetd = { enable = false; sway = true; river = true; wallpaper = ../../wallpapers/river-2560.png; }; guix.enable = true; networking = { enable = true; }; nix-common = { enable = true; cross-systems = [ "aarch64-linux" ]; gc-interval = "weekly"; }; podman.enable = true; regreet = { enable = true; wallpaper = ../../wallpapers/river-2560.png; wayvnc = true; }; tailscale.enable = true; sound = { enable = true; jack = true; }; systemd.enable = true; }; fileSystems = { "/" = { device = "/dev/disk/by-uuid/42065c7e-d0aa-4de8-a913-014cf59d48ac"; fsType = "ext4"; }; "/boot" = { device = "/dev/disk/by-uuid/4064-A1BE"; fsType = "vfat"; }; "/home" = { device = "/dev/disk/by-uuid/082ec5d2-238e-4713-9c37-31b1cb0fb8c3"; fsType = "ext4"; }; }; swapDevices = [ { device = "/dev/disk/by-uuid/d93788f7-1b94-4687-8313-055d17f42b7e"; } ]; # high-resolution display # hardware.video.hidpi.enable = lib.mkDefault true; # Enable firmware hardware.enableAllFirmware = true; # i2c support hardware.i2c.enable = true; boot = { initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; initrd.kernelModules = [ ]; kernelPackages = pkgs.linuxPackages_latest; kernelModules = [ "kvm-amd" "apple-mfi-fastcharge" "zenpower" "nf_nat_ftp" ]; kernelParams = [ "amd_pstate.shared_mem=1" ]; extraModulePackages = with config.boot.kernelPackages; [ cpupower # rtl88x2bu zenpower ]; loader = { systemd-boot = { enable = true; configurationLimit = 10; }; efi.canTouchEfiVariables = true; }; }; time.timeZone = "Europe/Amsterdam"; networking = { hostName = "loki"; useDHCP = false; networkmanager.enable = false; useNetworkd = true; firewall = { trustedInterfaces = [ "lo" "tailscale0" ]; allowedTCPPorts = [ # NFS 111 2049 4100 4101 4102 20048 # Horus System V2 12345 5555 5556 # Elixir/Phoenix dev environment 4000 # SteamLink 27036 27037 ]; allowedUDPPorts = [ # NFS 111 2049 4100 4101 4102 20048 # SteamLink 27031 27036 # WireGuard 51820 ]; allowedTCPPortRanges = [ # Sonos / noson { from = 1400; to = 1410; } ]; allowedUDPPortRanges = [ # Sunshine { from = 47998; to = 48000; } # Sonos / noson / pulseaudio { from = 1400; to = 1410; } ]; }; wireless.iwd = { enable = true; settings = { General = { EnableNetworkConfiguration = true; }; }; }; }; security = { sudo-rs = { enable = true; }; sudo.enable = false; pam.services.swaylock = { unixAuth = true; setLoginUid = true; enableGnomeKeyring = true; allowNullPassword = true; updateWtmp = true; startSession = true; }; }; systemd = { network = { enable = true; wait-online = { anyInterface = true; }; netdevs = { "10-horus0" = { netdevConfig = { Kind = "wireguard"; MTUBytes = "1420"; Name = "horus0"; }; wireguardConfig = { PrivateKeyFile = config.sops.secrets.wireguard-horus-privkey.path; ListenPort = 51820; }; wireguardPeers = [ { PublicKey = "6faxlUG8+F7uVrKk/OJqqy5k2+OzrhXc/cV6Zsfbl0c="; AllowedIPs = [ "192.168.4.0/23" "192.168.6.0/24" "192.168.7.0/24" "192.168.8.0/24" ]; Endpoint = "212.45.34.195:51820"; PersistentKeepalive = 25; } ]; }; }; networks = { "40-enp4s0" = { matchConfig = { Name = "enp4s0"; }; networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; }; }; "40-horus0" = { matchConfig = { Name = "horus0"; }; linkConfig = { ActivationPolicy = "manual"; }; networkConfig = { DHCP = "no"; DNS = "192.168.4.1"; Domains = [ "bedum.horus.nu" "internal.horus.nu" ]; }; address = [ "10.10.4.2/24" ]; routes = [ { Destination = "192.168.4.0/23"; Scope = "link"; } { Destination = "192.168.6.0/24"; Scope = "link"; } { Destination = "192.168.7.0/24"; Scope = "link"; } { Destination = "192.168.8.0/24"; Scope = "link"; } ]; }; }; links = { "40-enp4s0" = { matchConfig = { OriginalName = "enp4s0"; }; linkConfig = { WakeOnLan = "magic"; }; }; }; }; }; services = { udev = { extraHwdb = '' evdev:name:ELECOM TrackBall Mouse HUGE TrackBall:* ID_INPUT_KEY=1 KEYBOARD_KEY_90008=red KEYBOARD_KEY_90007=copy KEYBOARD_KEY_90006=paste ''; extraRules = '' ACTION=="add", ATTRS{idVendor}=="0951", ATTRS{idProduct}=="1666", NAME=keys ACTION=="add", ATTRS{idVendor}=="0781", ATTRS{idProduct}=="55b1", NAME=vault ''; }; openssh.enable = true; colord.enable = true; udisks2 = { enable = true; }; envfs.enable = true; cpupower-gui.enable = true; teamviewer.enable = true; sunshine = { enable = true; capSysAdmin = true; # user = "erwin"; openFirewall = true; }; nfs.server = { enable = true; exports = '' /home/erwin/proxmox-backup 10.0.0.0/24(rw,sync,no_subtree_check,anonuid=1000,anongid=100,all_squash) ''; lockdPort = 4101; mountdPort = 4102; statdPort = 4100; }; }; programs = { sway = { enable = true; package = pkgs.swayfx; wrapperFeatures = { gtk = true; base = true; }; extraPackages = with pkgs; [ swaylock swayidle ]; }; river.enable = true; gnome-disks.enable = true; # ssh.startAgent = true; gamemode = { enable = true; settings = { general = { renice = 5; }; custom = { start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'"; end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'"; }; }; }; appimage = { enable = true; binfmt = true; }; ryzen-monitor-ng.enable = true; nix-ld = { enable = true; package = nix-ld-rs.packages.${pkgs.hostPlatform.system}.nix-ld-rs; libraries = with pkgs; [ alsa-lib at-spi2-atk at-spi2-core atk cairo cups curl dbus expat fontconfig freetype fuse3 gdk-pixbuf glib gtk3 icu libGL libappindicator-gtk3 libdrm libglvnd libnotify libpulseaudio libunwind libusb1 libuuid libxkbcommon mesa nspr nss openssl pango pipewire sqlite stdenv.cc.cc systemd vulkan-loader xorg.libX11 xorg.libXScrnSaver xorg.libXcomposite xorg.libXcursor xorg.libXdamage xorg.libXext xorg.libXfixes xorg.libXi xorg.libXrandr xorg.libXrender xorg.libXtst xorg.libxcb xorg.libxkbfile xorg.libxshmfence zlib ]; }; }; powerManagement = { cpuFreqGovernor = "ondemand"; }; environment = { sessionVariables = { AMD_VULKAN_ICD = "RADV"; # WLR_RENDERER = "vulkan"; }; systemPackages = with pkgs; [ incus iwgtk tailscale ]; }; nix.settings.post-build-hook = let inherit (attic.packages.${pkgs.system}) attic-client; cachedPackagePatterns = builtins.concatStringsSep "|" [ "mongodb" ]; in pkgs.writeScript "upload-to-cache" '' set -eu set -f export IFS=' ' OUT_PATHS=$(echo -n ''${OUT_PATHS} | ${pkgs.gawk}/bin/awk 'BEGIN { RS = " "; ORS = " "; } $0 ~ /(${cachedPackagePatterns})/ { print $0 }') if [[ -z "''${OUT_PATHS}" ]]; then echo "No matching packages to upload" exit 0 fi echo "Uploading paths to cache " ''${OUT_PATHS} exec ${attic-client}/bin/attic push main ''${OUT_PATHS} ''; sops.defaultSopsFile = ./secrets.yaml; sops.secrets = { ha_now_playing_token = { owner = "erwin"; }; gh_token = { owner = "erwin"; }; renovate_env = { owner = "erwin"; }; livebook-env = { owner = "erwin"; }; livebook-password = { owner = "erwin"; }; wireguard-horus-privkey = { owner = "systemd-network"; }; k3s-token = { }; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? }