2023-07-25 20:13:34 +01:00
|
|
|
|
{
|
2024-02-05 13:13:44 +00:00
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
|
|
|
|
}: {
|
|
|
|
|
imports = [
|
|
|
|
|
./hardware-configuration.nix
|
|
|
|
|
];
|
2023-07-25 20:13:34 +01:00
|
|
|
|
|
|
|
|
|
# Bootloader
|
|
|
|
|
boot = {
|
|
|
|
|
loader = {
|
2023-12-08 23:43:18 +00:00
|
|
|
|
systemd-boot.enable = true;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
efi = {
|
|
|
|
|
canTouchEfiVariables = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-12-08 23:43:18 +00:00
|
|
|
|
tmp.cleanOnBoot = true;
|
2024-02-05 13:13:44 +00:00
|
|
|
|
binfmt.emulatedSystems = ["aarch64-linux"];
|
2023-09-05 21:37:06 +01:00
|
|
|
|
extraModulePackages = [
|
2023-07-25 20:13:34 +01:00
|
|
|
|
config.boot.kernelPackages.v4l2loopback
|
|
|
|
|
];
|
|
|
|
|
kernelPackages = pkgs.linuxPackages_zen;
|
2024-02-05 13:13:44 +00:00
|
|
|
|
kernelModules = ["amdgpu" "coretemp" "kvm-amd" "v4l2loopback"];
|
2023-07-25 20:13:34 +01:00
|
|
|
|
};
|
|
|
|
|
|
2023-10-27 14:53:59 +01:00
|
|
|
|
time.hardwareClockInLocalTime = true;
|
2024-02-05 13:11:32 +00:00
|
|
|
|
hardware = {
|
|
|
|
|
cpu.amd.updateMicrocode = true;
|
|
|
|
|
bluetooth.enable = true;
|
|
|
|
|
bluetooth.powerOnBoot = true;
|
|
|
|
|
};
|
2023-07-25 20:13:34 +01:00
|
|
|
|
nix = {
|
|
|
|
|
settings = {
|
2024-02-05 13:13:44 +00:00
|
|
|
|
experimental-features = ["nix-command" "flakes"];
|
2023-07-25 20:13:34 +01:00
|
|
|
|
auto-optimise-store = true;
|
|
|
|
|
};
|
|
|
|
|
gc = {
|
|
|
|
|
automatic = true;
|
|
|
|
|
dates = "weekly";
|
|
|
|
|
options = "--delete-older-than 15d";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
2023-08-10 08:51:19 +01:00
|
|
|
|
systemd.services.NetworkManager-wait-online.enable = false;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
networking = {
|
2023-12-08 23:43:18 +00:00
|
|
|
|
hostId = "3c26267f";
|
2023-07-25 20:13:34 +01:00
|
|
|
|
hostName = "LONDON";
|
|
|
|
|
networkmanager.enable = true;
|
|
|
|
|
firewall = {
|
2023-08-06 00:04:21 +01:00
|
|
|
|
enable = true;
|
2024-02-05 13:13:44 +00:00
|
|
|
|
allowedUDPPortRanges = [
|
|
|
|
|
{
|
|
|
|
|
from = 27031;
|
|
|
|
|
to = 27036;
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
allowedTCPPortRanges = [
|
|
|
|
|
{
|
|
|
|
|
from = 27036;
|
|
|
|
|
to = 27037;
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
allowedTCPPorts = [7000 7100 7001 22000 8000 3000 9943 9944];
|
|
|
|
|
allowedUDPPorts = [69 6000 6001 7011 41641 3478 22000 21027 9943 9944];
|
|
|
|
|
trustedInterfaces = ["enp4s0" "tailscale0" "docker0"];
|
2023-07-25 20:13:34 +01:00
|
|
|
|
checkReversePath = "loose";
|
|
|
|
|
};
|
|
|
|
|
nftables.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
time.timeZone = "Europe/London";
|
|
|
|
|
i18n.defaultLocale = "en_GB.utf8";
|
|
|
|
|
|
|
|
|
|
services = {
|
2023-10-08 22:55:20 +01:00
|
|
|
|
promtail = {
|
|
|
|
|
enable = true;
|
|
|
|
|
configuration = {
|
|
|
|
|
server = {
|
|
|
|
|
http_listen_port = 3031;
|
|
|
|
|
grpc_listen_port = 0;
|
|
|
|
|
};
|
|
|
|
|
positions = {
|
|
|
|
|
filename = "/tmp/positions.yaml";
|
|
|
|
|
};
|
2024-02-05 13:13:44 +00:00
|
|
|
|
clients = [
|
|
|
|
|
{
|
|
|
|
|
url = "http://monitoring:3030/loki/api/v1/push";
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
scrape_configs = [
|
|
|
|
|
{
|
|
|
|
|
job_name = "journal";
|
|
|
|
|
journal = {
|
|
|
|
|
max_age = "12h";
|
|
|
|
|
labels = {
|
|
|
|
|
job = "systemd-journal";
|
|
|
|
|
host = "london";
|
|
|
|
|
};
|
2023-10-08 22:55:20 +01:00
|
|
|
|
};
|
2024-02-05 13:13:44 +00:00
|
|
|
|
relabel_configs = [
|
|
|
|
|
{
|
|
|
|
|
source_labels = ["__journal__systemd_unit"];
|
|
|
|
|
target_label = "unit";
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
];
|
2023-10-08 22:55:20 +01:00
|
|
|
|
};
|
|
|
|
|
};
|
2023-09-25 10:49:37 +01:00
|
|
|
|
fwupd.enable = true;
|
2023-09-13 23:01:10 +01:00
|
|
|
|
syncthing = {
|
|
|
|
|
enable = true;
|
|
|
|
|
overrideDevices = false;
|
|
|
|
|
overrideFolders = false;
|
|
|
|
|
user = "gsimmer";
|
|
|
|
|
dataDir = "/home/gsimmer";
|
2023-12-24 01:07:20 +00:00
|
|
|
|
guiAddress = "100.110.180.123:8384";
|
2023-09-13 23:01:10 +01:00
|
|
|
|
};
|
|
|
|
|
usbmuxd.enable = true;
|
2023-09-05 21:37:06 +01:00
|
|
|
|
prometheus.exporters.node = {
|
|
|
|
|
enable = true;
|
2023-12-24 01:07:20 +00:00
|
|
|
|
listenAddress = "100.110.180.123";
|
2023-09-05 21:37:06 +01:00
|
|
|
|
enabledCollectors = [
|
2024-02-05 13:13:44 +00:00
|
|
|
|
"systemd"
|
|
|
|
|
"processes"
|
2023-09-05 21:37:06 +01:00
|
|
|
|
];
|
|
|
|
|
};
|
2023-08-10 08:51:19 +01:00
|
|
|
|
dbus.enable = true;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
yubikey-agent.enable = true;
|
2024-02-05 13:13:44 +00:00
|
|
|
|
udev.packages = with pkgs; [libu2f-host yubikey-personalization];
|
2023-08-10 08:51:19 +01:00
|
|
|
|
tailscale.enable = true;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
pcscd.enable = true;
|
|
|
|
|
mullvad-vpn.enable = true;
|
|
|
|
|
xserver = {
|
2024-02-05 13:09:02 +00:00
|
|
|
|
xkb.layout = "us";
|
|
|
|
|
xkb.variant = "";
|
2023-07-25 20:13:34 +01:00
|
|
|
|
enable = true;
|
2024-02-05 13:09:02 +00:00
|
|
|
|
desktopManager = {
|
|
|
|
|
# plasma5.enable = true;
|
|
|
|
|
plasma6.enable = true;
|
|
|
|
|
};
|
2023-11-07 12:32:55 +00:00
|
|
|
|
displayManager.sddm.enable = true;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
};
|
|
|
|
|
pipewire = {
|
|
|
|
|
enable = true;
|
|
|
|
|
alsa.enable = true;
|
|
|
|
|
alsa.support32Bit = true;
|
|
|
|
|
pulse.enable = true;
|
|
|
|
|
jack.enable = true;
|
|
|
|
|
};
|
|
|
|
|
printing = {
|
|
|
|
|
enable = true;
|
2024-02-05 13:13:44 +00:00
|
|
|
|
drivers = [pkgs.gutenprint pkgs.gutenprintBin];
|
2023-07-25 20:13:34 +01:00
|
|
|
|
};
|
|
|
|
|
avahi = {
|
2024-02-05 13:11:32 +00:00
|
|
|
|
nssmdns4 = true;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
enable = true;
|
|
|
|
|
publish = {
|
|
|
|
|
enable = true;
|
|
|
|
|
userServices = true;
|
|
|
|
|
domain = true;
|
2024-02-05 13:11:32 +00:00
|
|
|
|
workstation = true;
|
|
|
|
|
hinfo = true;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-11-30 10:47:55 +00:00
|
|
|
|
programs.corectrl.enable = true;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
hardware = {
|
2023-08-10 08:51:19 +01:00
|
|
|
|
opengl = {
|
|
|
|
|
enable = true;
|
|
|
|
|
driSupport = true;
|
|
|
|
|
driSupport32Bit = true;
|
2023-11-30 10:47:55 +00:00
|
|
|
|
extraPackages = with pkgs; [
|
|
|
|
|
rocm-opencl-icd
|
|
|
|
|
rocm-opencl-runtime
|
|
|
|
|
amdvlk
|
|
|
|
|
];
|
|
|
|
|
extraPackages32 = with pkgs; [
|
|
|
|
|
driversi686Linux.amdvlk
|
|
|
|
|
];
|
2023-08-10 08:51:19 +01:00
|
|
|
|
};
|
2023-11-30 10:47:55 +00:00
|
|
|
|
|
2023-07-25 20:13:34 +01:00
|
|
|
|
sane.enable = true;
|
2024-02-05 13:13:44 +00:00
|
|
|
|
sane.extraBackends = [pkgs.epkowa];
|
2023-07-25 20:13:34 +01:00
|
|
|
|
pulseaudio.enable = false;
|
|
|
|
|
};
|
2023-11-30 10:47:55 +00:00
|
|
|
|
environment.variables.AMD_VULKAN_ICD = "RADV";
|
2023-11-06 22:01:41 +00:00
|
|
|
|
xdg.portal.enable = true;
|
|
|
|
|
|
2023-07-25 20:13:34 +01:00
|
|
|
|
programs = {
|
2023-12-08 23:43:18 +00:00
|
|
|
|
sway.enable = true;
|
2023-09-05 21:37:06 +01:00
|
|
|
|
gamemode.enable = true;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
zsh.enable = true;
|
|
|
|
|
fish.enable = true;
|
|
|
|
|
nix-ld.enable = true;
|
|
|
|
|
dconf.enable = true;
|
2024-02-05 13:09:02 +00:00
|
|
|
|
kdeconnect.enable = true;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
steam = {
|
|
|
|
|
enable = true;
|
2023-11-07 12:32:55 +00:00
|
|
|
|
remotePlay.openFirewall = true;
|
|
|
|
|
dedicatedServer.openFirewall = false;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
};
|
|
|
|
|
gnupg.agent = {
|
2024-02-05 13:13:44 +00:00
|
|
|
|
enable = true;
|
|
|
|
|
pinentryFlavor = "qt";
|
|
|
|
|
enableSSHSupport = false;
|
|
|
|
|
};
|
2023-07-25 20:13:34 +01:00
|
|
|
|
};
|
|
|
|
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
|
|
|
|
users.users.gsimmer = {
|
2024-02-05 13:11:02 +00:00
|
|
|
|
shell = pkgs.fish;
|
2023-07-25 20:13:34 +01:00
|
|
|
|
isNormalUser = true;
|
|
|
|
|
description = "Gabriel Simmer";
|
2024-02-05 13:13:44 +00:00
|
|
|
|
extraGroups = ["networkmanager" "wheel" "libvirtd" "qemu-libvirtd" "docker"];
|
2023-07-25 20:13:34 +01:00
|
|
|
|
packages = with pkgs; [
|
|
|
|
|
firefox-wayland
|
|
|
|
|
vim
|
|
|
|
|
lm_sensors
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
virtualisation = {
|
|
|
|
|
docker = {
|
|
|
|
|
enable = true;
|
|
|
|
|
rootless = {
|
|
|
|
|
enable = true;
|
|
|
|
|
setSocketVariable = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
libvirtd.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
2023-10-08 22:56:15 +01:00
|
|
|
|
fonts = {
|
|
|
|
|
packages = with pkgs; [
|
2023-12-08 23:43:18 +00:00
|
|
|
|
ibm-plex
|
|
|
|
|
jetbrains-mono
|
|
|
|
|
emojione
|
|
|
|
|
font-awesome
|
2023-10-08 22:56:15 +01:00
|
|
|
|
];
|
|
|
|
|
enableDefaultPackages = true;
|
|
|
|
|
};
|
2023-07-25 20:13:34 +01:00
|
|
|
|
|
2024-02-05 13:13:44 +00:00
|
|
|
|
systemd.packages = with pkgs; [cloudflare-warp];
|
2023-07-25 20:13:34 +01:00
|
|
|
|
environment = {
|
2024-02-05 13:13:44 +00:00
|
|
|
|
shells = with pkgs; [zsh fish];
|
2023-07-25 20:13:34 +01:00
|
|
|
|
systemPackages = with pkgs; [
|
|
|
|
|
os-prober
|
|
|
|
|
tailscale
|
|
|
|
|
cifs-utils
|
|
|
|
|
pinentry-curses
|
|
|
|
|
noisetorch
|
|
|
|
|
nix-output-monitor
|
2023-09-05 21:37:06 +01:00
|
|
|
|
pinentry-gnome
|
2023-08-10 08:51:19 +01:00
|
|
|
|
xdg-utils
|
|
|
|
|
dracula-theme
|
|
|
|
|
yubikey-touch-detector
|
2023-09-05 21:37:06 +01:00
|
|
|
|
docker-compose
|
2023-09-07 19:11:04 +01:00
|
|
|
|
home-manager
|
2023-09-19 23:59:44 +01:00
|
|
|
|
libimobiledevice
|
|
|
|
|
ifuse
|
2023-10-08 22:56:15 +01:00
|
|
|
|
glxinfo
|
|
|
|
|
vulkan-tools
|
|
|
|
|
glmark2
|
|
|
|
|
libnotify
|
2023-11-07 12:32:55 +00:00
|
|
|
|
emojione
|
2023-12-08 23:43:18 +00:00
|
|
|
|
swtpm
|
2024-02-05 13:11:32 +00:00
|
|
|
|
cloudflare-warp
|
|
|
|
|
pcscliteWithPolkit.out
|
2023-07-25 20:13:34 +01:00
|
|
|
|
];
|
2023-11-07 12:32:55 +00:00
|
|
|
|
};
|
2024-02-05 13:13:44 +00:00
|
|
|
|
|
2023-11-07 12:32:55 +00:00
|
|
|
|
environment.plasma5.excludePackages = with pkgs.libsForQt5; [
|
|
|
|
|
elisa
|
|
|
|
|
okular
|
|
|
|
|
oxygen
|
|
|
|
|
khelpcenter
|
|
|
|
|
konsole
|
|
|
|
|
print-manager
|
|
|
|
|
];
|
2023-07-25 20:13:34 +01:00
|
|
|
|
|
2023-07-25 20:18:21 +01:00
|
|
|
|
security = {
|
2024-02-05 13:09:02 +00:00
|
|
|
|
polkit = {
|
|
|
|
|
enable = true;
|
|
|
|
|
extraConfig = ''
|
2024-02-05 13:13:44 +00:00
|
|
|
|
polkit.addRule(function(action, subject) {
|
|
|
|
|
if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
|
|
|
|
|
subject.isInGroup("wheel")) {
|
|
|
|
|
return polkit.Result.YES;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
'';
|
2024-02-05 13:09:02 +00:00
|
|
|
|
};
|
2023-07-25 20:18:21 +01:00
|
|
|
|
rtkit.enable = true;
|
|
|
|
|
};
|
2023-07-25 20:13:34 +01:00
|
|
|
|
system.stateVersion = "23.05"; # Did you read the comment?
|
|
|
|
|
}
|