2023-07-25 20:13:34 +01:00
|
|
|
|
{ config, pkgs, ... }:
|
2023-09-13 23:01:10 +01:00
|
|
|
|
let
|
|
|
|
|
|
|
|
|
|
syncthingLatest =
|
|
|
|
|
let
|
|
|
|
|
version = "1.24.0";
|
|
|
|
|
src = pkgs.fetchFromGitHub {
|
|
|
|
|
owner = "syncthing";
|
|
|
|
|
repo = "syncthing";
|
|
|
|
|
rev = "v1.24.0";
|
|
|
|
|
hash = "sha256-5vr9qWMHBYpu8wHpV1JZcX1kEPi+mYeZ7ZQBqXASp9I=";
|
|
|
|
|
};
|
|
|
|
|
in
|
|
|
|
|
(pkgs.syncthing.override rec {
|
|
|
|
|
buildGoModule = args: pkgs.buildGoModule.override {} (args // {
|
|
|
|
|
inherit src version;
|
|
|
|
|
vendorHash = "sha256-BZwZ6npmWFU0lvynjRZOBOhtxqic0djoSUdCOLbUwjE=";
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
in
|
2023-07-25 20:13:34 +01:00
|
|
|
|
{
|
|
|
|
|
imports =
|
|
|
|
|
[
|
|
|
|
|
./hardware-configuration.nix
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# Bootloader
|
|
|
|
|
boot = {
|
|
|
|
|
loader = {
|
|
|
|
|
grub = {
|
|
|
|
|
enable = true;
|
|
|
|
|
device = "nodev";
|
|
|
|
|
useOSProber = true;
|
|
|
|
|
efiSupport = true;
|
|
|
|
|
enableCryptodisk = true;
|
|
|
|
|
};
|
|
|
|
|
efi = {
|
|
|
|
|
canTouchEfiVariables = true;
|
|
|
|
|
efiSysMountPoint = "/boot/efi";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
binfmt.emulatedSystems = [ "aarch64-linux" ];
|
2023-09-05 21:37:06 +01:00
|
|
|
|
extraModulePackages = [
|
2023-07-25 20:13:34 +01:00
|
|
|
|
config.boot.kernelPackages.v4l2loopback
|
|
|
|
|
];
|
|
|
|
|
kernelPackages = pkgs.linuxPackages_zen;
|
|
|
|
|
kernelModules = [ "coretemp" "kvm-amd" "v4l2loopback" ];
|
|
|
|
|
|
|
|
|
|
initrd.secrets = {
|
|
|
|
|
"/crypto_keyfile.bin" = null;
|
|
|
|
|
};
|
|
|
|
|
initrd.luks.devices."luks-63100442-37df-4579-a787-cb2f2c67b3d1" = {
|
|
|
|
|
device = "/dev/disk/by-uuid/63100442-37df-4579-a787-cb2f2c67b3d1";
|
|
|
|
|
keyFile = "/crypto_keyfile.bin";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
hardware.cpu.amd.updateMicrocode = true;
|
|
|
|
|
|
|
|
|
|
nix = {
|
|
|
|
|
settings = {
|
|
|
|
|
experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
|
auto-optimise-store = true;
|
|
|
|
|
};
|
|
|
|
|
gc = {
|
|
|
|
|
automatic = true;
|
|
|
|
|
dates = "weekly";
|
|
|
|
|
options = "--delete-older-than 15d";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
2023-08-10 08:51:19 +01:00
|
|
|
|
systemd.services.NetworkManager-wait-online.enable = false;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
networking = {
|
|
|
|
|
hostName = "LONDON";
|
|
|
|
|
networkmanager.enable = true;
|
|
|
|
|
firewall = {
|
2023-08-06 00:04:21 +01:00
|
|
|
|
enable = true;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
|
|
|
|
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
2023-09-10 12:04:55 +01:00
|
|
|
|
allowedTCPPorts = [ 7000 7100 22000 ];
|
|
|
|
|
allowedUDPPorts = [ 6000 6001 7011 41641 3478 22000 21027 ];
|
2023-07-25 20:13:34 +01:00
|
|
|
|
trustedInterfaces = [ "tailscale0" ];
|
|
|
|
|
checkReversePath = "loose";
|
|
|
|
|
};
|
|
|
|
|
nftables.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
time.timeZone = "Europe/London";
|
|
|
|
|
i18n.defaultLocale = "en_GB.utf8";
|
|
|
|
|
|
|
|
|
|
services = {
|
2023-09-13 23:01:10 +01:00
|
|
|
|
syncthing = {
|
|
|
|
|
enable = true;
|
|
|
|
|
overrideDevices = false;
|
|
|
|
|
overrideFolders = false;
|
|
|
|
|
user = "gsimmer";
|
|
|
|
|
dataDir = "/home/gsimmer";
|
|
|
|
|
guiAddress = "100.95.77.62:8384";
|
|
|
|
|
package = syncthingLatest;
|
|
|
|
|
};
|
|
|
|
|
usbmuxd.enable = true;
|
2023-09-05 21:37:06 +01:00
|
|
|
|
prometheus.exporters.node = {
|
|
|
|
|
enable = true;
|
|
|
|
|
listenAddress = "100.95.77.62";
|
|
|
|
|
enabledCollectors = [
|
|
|
|
|
"systemd" "processes"
|
|
|
|
|
];
|
|
|
|
|
};
|
2023-08-10 08:51:19 +01:00
|
|
|
|
dbus.enable = true;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
yubikey-agent.enable = true;
|
2023-08-10 08:51:19 +01:00
|
|
|
|
udev.packages = with pkgs; [ libu2f-host yubikey-personalization ];
|
|
|
|
|
tailscale.enable = true;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
pcscd.enable = true;
|
|
|
|
|
mullvad-vpn.enable = true;
|
|
|
|
|
xserver = {
|
|
|
|
|
layout = "us";
|
|
|
|
|
xkbVariant = "";
|
|
|
|
|
videoDrivers = [ "nvidia" ];
|
|
|
|
|
enable = true;
|
|
|
|
|
displayManager = {
|
|
|
|
|
gdm.wayland = true;
|
|
|
|
|
sddm.enable = true;
|
|
|
|
|
};
|
|
|
|
|
desktopManager.plasma5.enable = true;
|
|
|
|
|
};
|
|
|
|
|
pipewire = {
|
|
|
|
|
enable = true;
|
|
|
|
|
alsa.enable = true;
|
|
|
|
|
alsa.support32Bit = true;
|
|
|
|
|
pulse.enable = true;
|
|
|
|
|
jack.enable = true;
|
|
|
|
|
};
|
|
|
|
|
printing = {
|
|
|
|
|
enable = true;
|
|
|
|
|
drivers = [ pkgs.gutenprint pkgs.gutenprintBin ];
|
|
|
|
|
};
|
|
|
|
|
avahi = {
|
|
|
|
|
nssmdns = true;
|
|
|
|
|
enable = true;
|
|
|
|
|
publish = {
|
|
|
|
|
enable = true;
|
|
|
|
|
userServices = true;
|
|
|
|
|
domain = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
hardware = {
|
2023-08-10 08:51:19 +01:00
|
|
|
|
opengl = {
|
|
|
|
|
enable = true;
|
|
|
|
|
driSupport = true;
|
|
|
|
|
driSupport32Bit = true;
|
|
|
|
|
};
|
|
|
|
|
nvidia = {
|
|
|
|
|
modesetting.enable = true;
|
|
|
|
|
nvidiaSettings = true;
|
|
|
|
|
};
|
2023-07-25 20:13:34 +01:00
|
|
|
|
sane.enable = true;
|
|
|
|
|
sane.extraBackends = [ pkgs.epkowa ];
|
|
|
|
|
pulseaudio.enable = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
xdg = {
|
|
|
|
|
portal = {
|
|
|
|
|
enable = true;
|
|
|
|
|
extraPortals = with pkgs; [
|
|
|
|
|
xdg-desktop-portal-wlr
|
|
|
|
|
xdg-desktop-portal-gtk
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
programs = {
|
2023-09-05 21:37:06 +01:00
|
|
|
|
gamemode.enable = true;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
zsh.enable = true;
|
|
|
|
|
fish.enable = true;
|
|
|
|
|
nix-ld.enable = true;
|
|
|
|
|
dconf.enable = true;
|
|
|
|
|
steam = {
|
|
|
|
|
enable = true;
|
|
|
|
|
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
|
|
|
|
dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
|
|
|
|
|
};
|
|
|
|
|
gnupg.agent = {
|
2023-09-05 21:37:06 +01:00
|
|
|
|
enable = true;
|
|
|
|
|
pinentryFlavor = "gnome3";
|
|
|
|
|
enableSSHSupport = false;
|
|
|
|
|
};
|
2023-07-25 20:13:34 +01:00
|
|
|
|
};
|
|
|
|
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
|
|
|
|
users.users.gsimmer = {
|
2023-09-05 21:37:06 +01:00
|
|
|
|
shell = pkgs.nushell;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
isNormalUser = true;
|
|
|
|
|
description = "Gabriel Simmer";
|
2023-09-05 21:37:06 +01:00
|
|
|
|
extraGroups = [ "networkmanager" "wheel" "libvirtd" "qemu-libvirtd" "docker" ];
|
2023-07-25 20:13:34 +01:00
|
|
|
|
packages = with pkgs; [
|
|
|
|
|
firefox-wayland
|
|
|
|
|
vim
|
|
|
|
|
lm_sensors
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
virtualisation = {
|
|
|
|
|
docker = {
|
|
|
|
|
enable = true;
|
|
|
|
|
rootless = {
|
|
|
|
|
enable = true;
|
|
|
|
|
setSocketVariable = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
libvirtd.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
2023-08-10 08:51:19 +01:00
|
|
|
|
fonts.packages = with pkgs; [
|
2023-07-25 20:13:34 +01:00
|
|
|
|
ibm-plex
|
|
|
|
|
jetbrains-mono
|
|
|
|
|
emojione
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
environment = {
|
|
|
|
|
shells = with pkgs; [ zsh fish ];
|
|
|
|
|
systemPackages = with pkgs; [
|
|
|
|
|
os-prober
|
|
|
|
|
tailscale
|
|
|
|
|
cifs-utils
|
|
|
|
|
pinentry-curses
|
|
|
|
|
noisetorch
|
|
|
|
|
nix-output-monitor
|
2023-09-05 21:37:06 +01:00
|
|
|
|
pinentry-gnome
|
2023-08-10 08:51:19 +01:00
|
|
|
|
xdg-utils
|
|
|
|
|
dracula-theme
|
|
|
|
|
yubikey-touch-detector
|
2023-09-05 21:37:06 +01:00
|
|
|
|
docker-compose
|
2023-09-07 19:11:04 +01:00
|
|
|
|
home-manager
|
2023-07-25 20:13:34 +01:00
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
2023-07-25 20:18:21 +01:00
|
|
|
|
security = {
|
|
|
|
|
polkit.enable = true;
|
|
|
|
|
rtkit.enable = true;
|
|
|
|
|
};
|
2023-07-25 20:13:34 +01:00
|
|
|
|
system.stateVersion = "23.05"; # Did you read the comment?
|
|
|
|
|
|
|
|
|
|
}
|