{ config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; # Bootloader boot = { # supportedFilesystems = [ "bcachefs" ]; loader = { grub = { enable = true; device = "nodev"; useOSProber = true; efiSupport = true; enableCryptodisk = true; }; efi = { canTouchEfiVariables = true; efiSysMountPoint = "/boot/efi"; }; }; binfmt.emulatedSystems = [ "aarch64-linux" ]; extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; kernelPackages = pkgs.linuxPackages_zen; kernelModules = [ "coretemp" "kvm-amd" "v4l2loopback" ]; initrd.secrets = { "/crypto_keyfile.bin" = null; }; initrd.luks.devices."luks-63100442-37df-4579-a787-cb2f2c67b3d1" = { device = "/dev/disk/by-uuid/63100442-37df-4579-a787-cb2f2c67b3d1"; keyFile = "/crypto_keyfile.bin"; }; }; hardware.cpu.amd.updateMicrocode = true; nix = { settings = { experimental-features = [ "nix-command" "flakes" ]; auto-optimise-store = true; }; gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 15d"; }; }; nixpkgs.config.allowUnfree = true; systemd.services.NetworkManager-wait-online.enable = false; networking = { hostName = "LONDON"; networkmanager.enable = true; firewall = { enable = true; allowedUDPPortRanges = [ { from = 27031; to = 27036; } ]; allowedTCPPortRanges = [ { from = 27036; to = 27037; } ]; allowedTCPPorts = [ 7000 7100 22000 8000 ]; allowedUDPPorts = [ 6000 6001 7011 41641 3478 22000 21027 ]; trustedInterfaces = [ "tailscale0" ]; checkReversePath = "loose"; }; nftables.enable = true; }; time.timeZone = "Europe/London"; i18n.defaultLocale = "en_GB.utf8"; services = { promtail = { enable = true; configuration = { server = { http_listen_port = 3031; grpc_listen_port = 0; }; positions = { filename = "/tmp/positions.yaml"; }; clients = [{ url = "http://monitoring:3030/loki/api/v1/push"; }]; scrape_configs = [{ job_name = "journal"; journal = { max_age = "12h"; labels = { job = "systemd-journal"; host = "london"; }; }; relabel_configs = [{ source_labels = [ "__journal__systemd_unit" ]; target_label = "unit"; }]; }]; }; }; fwupd.enable = true; syncthing = { enable = true; overrideDevices = false; overrideFolders = false; user = "gsimmer"; dataDir = "/home/gsimmer"; guiAddress = "100.95.77.62:8384"; }; usbmuxd.enable = true; prometheus.exporters.node = { enable = true; listenAddress = "100.95.77.62"; enabledCollectors = [ "systemd" "processes" ]; }; dbus.enable = true; yubikey-agent.enable = true; udev.packages = with pkgs; [ libu2f-host yubikey-personalization ]; tailscale.enable = true; pcscd.enable = true; mullvad-vpn.enable = true; xserver = { layout = "us"; xkbVariant = ""; videoDrivers = [ "nvidia" ]; enable = true; displayManager = { gdm.wayland = true; sddm.enable = true; }; desktopManager.plasma5.enable = true; }; pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; }; printing = { enable = true; drivers = [ pkgs.gutenprint pkgs.gutenprintBin ]; }; avahi = { nssmdns = true; enable = true; publish = { enable = true; userServices = true; domain = true; }; }; }; hardware = { opengl = { enable = true; driSupport = true; driSupport32Bit = true; }; nvidia = { modesetting.enable = true; nvidiaSettings = true; open = true; package = config.boot.kernelPackages.nvidiaPackages.vulkan_beta; }; sane.enable = true; sane.extraBackends = [ pkgs.epkowa ]; pulseaudio.enable = false; }; xdg = { portal = { enable = true; extraPortals = with pkgs; [ xdg-desktop-portal-wlr xdg-desktop-portal-gtk ]; }; }; environment.sessionVariables = { NIXOS_OZONE_WL = "1"; }; programs = { hyprland = { enable = true; enableNvidiaPatches = true; }; gamemode.enable = true; zsh.enable = true; fish.enable = true; nix-ld.enable = true; dconf.enable = true; steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server }; gnupg.agent = { enable = true; pinentryFlavor = "gnome3"; enableSSHSupport = false; }; }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.gsimmer = { shell = pkgs.nushell; isNormalUser = true; description = "Gabriel Simmer"; extraGroups = [ "networkmanager" "wheel" "libvirtd" "qemu-libvirtd" "docker" ]; packages = with pkgs; [ firefox-wayland vim lm_sensors ]; }; virtualisation = { docker = { enable = true; rootless = { enable = true; setSocketVariable = true; }; }; libvirtd.enable = true; }; fonts = { packages = with pkgs; [ ibm-plex jetbrains-mono emojione font-awesome ]; enableDefaultPackages = true; }; environment = { shells = with pkgs; [ zsh fish ]; systemPackages = with pkgs; [ os-prober tailscale cifs-utils pinentry-curses noisetorch nix-output-monitor pinentry-gnome xdg-utils dracula-theme yubikey-touch-detector docker-compose home-manager libimobiledevice ifuse glxinfo vulkan-tools glmark2 waybar waypipe rofi-wayland mako libnotify hyprpaper ]; }; security = { polkit.enable = true; rtkit.enable = true; }; system.stateVersion = "23.05"; # Did you read the comment? }