{ config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; vfio.enable = true; # Bootloader boot = { loader = { systemd-boot.enable = true; efi = { canTouchEfiVariables = true; }; }; tmp.cleanOnBoot = true; binfmt.emulatedSystems = ["aarch64-linux"]; extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; kernelPackages = pkgs.linuxPackages_latest; kernelModules = ["coretemp" "kvm-amd" "v4l2loopback"]; plymouth = { enable = true; theme = "breeze"; }; }; time.hardwareClockInLocalTime = true; hardware = { cpu.amd.updateMicrocode = true; bluetooth.enable = true; bluetooth.powerOnBoot = true; }; nix = { settings = { experimental-features = ["nix-command" "flakes"]; auto-optimise-store = true; }; gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 15d"; }; }; nixpkgs.config.allowUnfree = true; systemd.services.NetworkManager-wait-online.enable = false; networking = { hostId = "3c26267f"; hostName = "LONDON"; networkmanager.enable = true; interfaces.enp14s0.useDHCP = true; interfaces.br0.useDHCP = true; bridges = { "br0" = { interfaces = ["enp14s0"]; }; }; firewall = { enable = true; allowedUDPPortRanges = [ { from = 3000; to = 22000; } ]; allowedTCPPortRanges = [ { from = 3000; to = 22000; } ]; trustedInterfaces = ["enp14s0" "tailscale0" "docker0"]; checkReversePath = "loose"; }; nftables.enable = true; }; time.timeZone = "Europe/London"; i18n.defaultLocale = "en_GB.utf8"; services = { promtail = { enable = true; configuration = { server = { http_listen_port = 3031; grpc_listen_port = 0; }; positions = { filename = "/tmp/positions.yaml"; }; clients = [ { url = "http://monitoring:3030/loki/api/v1/push"; } ]; scrape_configs = [ { job_name = "journal"; journal = { max_age = "12h"; labels = { job = "systemd-journal"; host = "london"; }; }; relabel_configs = [ { source_labels = ["__journal__systemd_unit"]; target_label = "unit"; } ]; } ]; }; }; fwupd.enable = true; syncthing = { enable = true; overrideDevices = false; overrideFolders = false; user = "gsimmer"; dataDir = "/home/gsimmer"; guiAddress = "100.110.180.123:8384"; }; usbmuxd.enable = true; prometheus.exporters.node = { enable = true; listenAddress = "100.110.180.123"; enabledCollectors = [ "systemd" "processes" ]; }; dbus.enable = true; yubikey-agent.enable = true; udev.packages = with pkgs; [libu2f-host yubikey-personalization]; tailscale.enable = true; pcscd.enable = true; mullvad-vpn.enable = true; xserver = { xkb.layout = "us"; xkb.variant = ""; enable = true; }; desktopManager.plasma6.enable = true; displayManager.sddm.enable = true; pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; }; printing = { enable = true; drivers = [pkgs.gutenprint pkgs.gutenprintBin]; }; avahi = { nssmdns4 = true; enable = true; publish = { enable = true; userServices = true; domain = true; workstation = true; hinfo = true; }; }; }; programs.corectrl.enable = true; hardware = { opengl = { enable = true; driSupport = true; driSupport32Bit = true; extraPackages = with pkgs; [ rocm-opencl-icd rocm-opencl-runtime amdvlk ]; extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ]; }; sane.enable = true; sane.extraBackends = [pkgs.epkowa]; pulseaudio.enable = false; }; environment.variables.AMD_VULKAN_ICD = "RADV"; xdg.portal.enable = true; programs = { tmux = { enable = true; extraConfig = '' set -g mouse on ''; }; gamemode.enable = true; zsh.enable = true; fish.enable = true; nix-ld.enable = true; dconf.enable = true; kdeconnect.enable = true; steam = { enable = true; remotePlay.openFirewall = true; dedicatedServer.openFirewall = false; }; gnupg.agent = { enable = true; enableSSHSupport = false; }; }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.gsimmer = { shell = pkgs.fish; isNormalUser = true; description = "Gabriel Simmer"; extraGroups = ["networkmanager" "wheel" "libvirtd" "qemu-libvirtd" "docker"]; packages = with pkgs; [ firefox-wayland vim lm_sensors ]; }; virtualisation = { docker = { enable = true; rootless = { enable = true; setSocketVariable = true; }; }; libvirtd.enable = true; }; fonts = { packages = with pkgs; [ ibm-plex jetbrains-mono emojione font-awesome ]; enableDefaultPackages = true; }; environment = { shells = with pkgs; [zsh fish]; systemPackages = with pkgs; [ os-prober tailscale cifs-utils pinentry-curses noisetorch nix-output-monitor xdg-utils dracula-theme yubikey-touch-detector docker-compose home-manager libimobiledevice ifuse glxinfo vulkan-tools glmark2 libnotify emojione swtpm cloudflare-warp pcscliteWithPolkit.out ]; }; environment.plasma6.excludePackages = with pkgs.libsForQt5; [ elisa okular oxygen khelpcenter konsole print-manager ]; security = { polkit = { enable = true; extraConfig = '' polkit.addRule(function(action, subject) { if (action.id == "org.debian.pcsc-lite.access_pcsc" && subject.isInGroup("wheel")) { return polkit.Result.YES; } }); ''; }; rtkit.enable = true; }; system.stateVersion = "23.05"; # Did you read the comment? }