{ config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; # Bootloader boot = { loader = { grub = { enable = true; device = "nodev"; useOSProber = true; efiSupport = true; enableCryptodisk = true; }; efi = { canTouchEfiVariables = true; efiSysMountPoint = "/boot/efi"; }; }; binfmt.emulatedSystems = [ "aarch64-linux" ]; extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; kernelPackages = pkgs.linuxPackages_zen; kernelModules = [ "coretemp" "kvm-amd" "v4l2loopback" ]; initrd.secrets = { "/crypto_keyfile.bin" = null; }; initrd.luks.devices."luks-63100442-37df-4579-a787-cb2f2c67b3d1" = { device = "/dev/disk/by-uuid/63100442-37df-4579-a787-cb2f2c67b3d1"; keyFile = "/crypto_keyfile.bin"; }; }; hardware.cpu.amd.updateMicrocode = true; nix = { settings = { experimental-features = [ "nix-command" "flakes" ]; auto-optimise-store = true; }; gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 15d"; }; }; nixpkgs.config.allowUnfree = true; systemd.services.NetworkManager-wait-online.enable = false; networking = { hostName = "LONDON"; networkmanager.enable = true; firewall = { enable = true; allowedUDPPortRanges = [ { from = 27031; to = 27036; } ]; allowedTCPPortRanges = [ { from = 27036; to = 27037; } ]; allowedTCPPorts = [ 7000 7100 ]; allowedUDPPorts = [ 6000 6001 7011 41641 3478 ]; trustedInterfaces = [ "tailscale0" ]; checkReversePath = "loose"; }; nftables.enable = true; }; time.timeZone = "Europe/London"; i18n.defaultLocale = "en_GB.utf8"; services = { prometheus.exporters.node = { enable = true; listenAddress = "100.95.77.62"; enabledCollectors = [ "systemd" "processes" ]; }; dbus.enable = true; yubikey-agent.enable = true; udev.packages = with pkgs; [ libu2f-host yubikey-personalization ]; tailscale.enable = true; pcscd.enable = true; mullvad-vpn.enable = true; xserver = { layout = "us"; xkbVariant = ""; videoDrivers = [ "nvidia" ]; enable = true; displayManager = { gdm.wayland = true; sddm.enable = true; }; desktopManager.plasma5.enable = true; }; pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; }; printing = { enable = true; drivers = [ pkgs.gutenprint pkgs.gutenprintBin ]; }; avahi = { nssmdns = true; enable = true; publish = { enable = true; userServices = true; domain = true; }; }; }; hardware = { opengl = { enable = true; driSupport = true; driSupport32Bit = true; }; nvidia = { modesetting.enable = true; nvidiaSettings = true; }; sane.enable = true; sane.extraBackends = [ pkgs.epkowa ]; pulseaudio.enable = false; }; xdg = { portal = { enable = true; extraPortals = with pkgs; [ xdg-desktop-portal-wlr xdg-desktop-portal-gtk ]; }; }; programs = { gamemode.enable = true; zsh.enable = true; fish.enable = true; nix-ld.enable = true; dconf.enable = true; steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server }; gnupg.agent = { enable = true; pinentryFlavor = "gnome3"; enableSSHSupport = false; }; }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.gsimmer = { shell = pkgs.nushell; isNormalUser = true; description = "Gabriel Simmer"; extraGroups = [ "networkmanager" "wheel" "libvirtd" "qemu-libvirtd" "docker" ]; packages = with pkgs; [ firefox-wayland vim lm_sensors ]; }; virtualisation = { docker = { enable = true; rootless = { enable = true; setSocketVariable = true; }; }; libvirtd.enable = true; }; fonts.packages = with pkgs; [ ibm-plex jetbrains-mono emojione ]; environment = { shells = with pkgs; [ zsh fish ]; systemPackages = with pkgs; [ os-prober tailscale cifs-utils pinentry-curses noisetorch nix-output-monitor pinentry-gnome xdg-utils dracula-theme yubikey-touch-detector docker-compose ]; }; security = { polkit.enable = true; rtkit.enable = true; }; system.stateVersion = "23.05"; # Did you read the comment? }