# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ nixos-hardware, microvm, ... }:
{ pkgs, config, ... }:
imports =
# Include the results of the hardware scan.
# "${nomachine}/nixos/modules/services/admin/nomachine.nix"
# nixpkgs.config.allowUnfree = true;
eboskma = {
var.workSystem = true;
users = {
erwin = {
enable = true;
work = true;
terminal = "Alacritty";
base = {
plymouth.enable = true;
work = true;
desktop = {
enable = true;
wayland = true;
docker = {
enable = true;
enableNvidia = true;
# enableTcpSocket = true;
fonts.enable = true;
gnome.enable = true;
greetd = {
enable = true;
sway = true;
wayvnc = true;
wallpaper = ../../wallpapers/river-3840.png;
kanata = {
enable = true;
devices = [
lightdm.enable = false;
networking.enable = true;
nix-common = {
enable = true;
cross-systems = [ "aarch64-linux" ];
sound.enable = true;
systemd.enable = true;
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
"/home" = {
device = "/dev/disk/by-label/home";
fsType = "ext4";
"/yocto" = {
device = "/dev/disk/by-label/yocto";
fsType = "ext4";
swapDevices =
[{ device = "/dev/disk/by-label/swap"; }];
hardware = {
enableAllFirmware = true;
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
# forceFullCompositionPipeline = true;
opengl = {
driSupport32Bit = true;
extraPackages = with pkgs; [
# Use the systemd-boot EFI boot loader.
boot = {
kernelPackages = pkgs.linuxPackages_latest;
initrd = {
availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
kernelModules = [ "dm-snapshot" ];
kernelModules = [ "kvm-amd" "apple-mfi-fastcharge" "zenpower" ];
# boot.kernelParams = [ "amd_pstate.shared_mem=1" ];
extraModulePackages = with config.boot.kernelPackages; [ rtl88x2bu zenpower cpupower ];
loader = {
systemd-boot = {
enable = true;
configurationLimit = 15;
efi.canTouchEfiVariables = true;
# This triggers a warning on stateVersions < 23.11 if set to true
swraid.enable = false;
time.timeZone = "Europe/Amsterdam";
console = {
font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
useXkbConfig = true;
networking = {
hostName = "mimir";
useDHCP = false;
networkmanager.enable = false;
useNetworkd = true;
firewall = {
trustedInterfaces = [ "lo" "tailscale0" ];
allowedTCPPorts = [
# Horus System V2
# sccache server
# Celantur
nat = {
enable = true;
internalInterfaces = [ "microvm" ];
externalInterface = "enp4s0";
microvm.autostart = [
powerManagement = {
cpuFreqGovernor = "ondemand";
systemd.network = {
enable = true;
# wait-online.extraArgs = [ "--interface=enp4s0" ];
wait-online.anyInterface = true;
links = {
"40-enp4s0" = {
matchConfig = {
Name = "enp4s0";
linkConfig = {
WakeOnLan = "magic";
netdevs = {
"10-microvm" = {
netdevConfig = {
Kind = "bridge";
Name = "microvm";
networks = {
"40-enp4s0" = {
enable = true;
DHCP = "yes";
domains = [
matchConfig = {
Name = "enp4s0";
"40-enp5s0f1" = {
enable = true;
linkConfig = {
RequiredForOnline = "no";
matchConfig = {
Name = "enp5s0f1";
"10-microvm" = {
matchConfig = {
Name = "microvm";
addresses = [
{ addressConfig.Address = ""; }
"11-microvm" = {
matchConfig = {
Name = "vm-*";
networkConfig = {
Bridge = "microvm";
# programs.ssh.startAgent = true;
programs = {
gnome-disks.enable = true;
services = {
openssh.enable = true;
envfs.enable = true;
cpupower-gui.enable = true;
flatpak.enable = true;
tailscale.enable = true;
teamviewer.enable = true;
udisks2 = {
enable = true;
udev = {
extraRules = ''
ACTION=="add", ATTRS{idVendor}=="0781", ATTRS{idProduct}=="55b1", ATTRS{serial}=="A20033BEAC21B773", NAME="vault"
guacamole-server = {
enable = true;
userMappingXml = pkgs.writeText "user-mapping.xml" ''<?xml version="1.0" encoding="utf-8"?>
<authorize username="erwin" password="05b1b2006b6b346668090fb952173325" encoding="md5">
<connection name="localhost-vnc">
<param name="hostname">localhost</param>
<param name="port">5900</param>
<connection name="localhost-rdp">
<param name="hostname">localhost</param>
<param name="port">3389</param>
<connection name="lenovo-dev">
<param name="hostname">lenovo-dev</param>
<param name="port">3389</param>
<param name="username">horus</param>
<param name="password">horus</param>
guacamole-client = {
enable = true;
enableWebserver = true;
gnome.gnome-remote-desktop.enable = true;
xserver = {
videoDrivers = [ "nvidia" ];
# screenSection = ''
# Option "metamodes" "DP-0: nvidia-auto-select +0+0 {ForceFullCompositionPipeline=On, AllowGSYNCCompatible=On}, DP-4: nvidia-auto-select +3840+0 {ForceFullCompositionPipeline=On, AllowGSYNCCompatible=On}"
# Option "TripleBuffer" "On"
# '';
# libinput = {
# enable = true;
# mouse = {
# naturalScrolling = true;
# accelSpeed = "1.0";
# };
# touchpad = {
# naturalScrolling = true;
# };
# };
icecream.daemon = {
enable = true;
schedulerHost = "icecream.internal.horus.nu";
noRemote = true;
openFirewall = false;
openBroadcast = true;
environment = {
systemPackages = with pkgs; [
sessionVariables = {
# sops = {
# defaultSopsFile = ./secrets.yaml;
# secrets = {};
# };
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?