303 lines
6.5 KiB
Nix
303 lines
6.5 KiB
Nix
{
|
||
config,
|
||
pkgs,
|
||
...
|
||
}: {
|
||
imports = [
|
||
./hardware-configuration.nix
|
||
];
|
||
|
||
# Bootloader
|
||
boot = {
|
||
loader = {
|
||
systemd-boot.enable = true;
|
||
efi = {
|
||
canTouchEfiVariables = true;
|
||
};
|
||
};
|
||
tmp.cleanOnBoot = true;
|
||
binfmt.emulatedSystems = ["aarch64-linux"];
|
||
extraModulePackages = [
|
||
config.boot.kernelPackages.v4l2loopback
|
||
];
|
||
kernelPackages = pkgs.linuxPackages_zen;
|
||
kernelModules = ["amdgpu" "coretemp" "kvm-amd" "v4l2loopback"];
|
||
plymouth = {
|
||
enable = true;
|
||
theme = "breeze";
|
||
};
|
||
};
|
||
|
||
time.hardwareClockInLocalTime = true;
|
||
hardware = {
|
||
cpu.amd.updateMicrocode = true;
|
||
bluetooth.enable = true;
|
||
bluetooth.powerOnBoot = true;
|
||
};
|
||
nix = {
|
||
settings = {
|
||
experimental-features = ["nix-command" "flakes"];
|
||
auto-optimise-store = true;
|
||
};
|
||
gc = {
|
||
automatic = true;
|
||
dates = "weekly";
|
||
options = "--delete-older-than 15d";
|
||
};
|
||
};
|
||
nixpkgs.config.allowUnfree = true;
|
||
systemd.services.NetworkManager-wait-online.enable = false;
|
||
networking = {
|
||
hostId = "3c26267f";
|
||
hostName = "LONDON";
|
||
networkmanager.enable = true;
|
||
firewall = {
|
||
enable = true;
|
||
allowedUDPPortRanges = [
|
||
{
|
||
from = 27031;
|
||
to = 27036;
|
||
}
|
||
];
|
||
allowedTCPPortRanges = [
|
||
{
|
||
from = 27036;
|
||
to = 27037;
|
||
}
|
||
];
|
||
allowedTCPPorts = [7000 7100 7001 22000 8000 3000 9943 9944];
|
||
allowedUDPPorts = [69 6000 6001 7011 41641 3478 22000 21027 9943 9944];
|
||
trustedInterfaces = ["enp4s0" "tailscale0" "docker0"];
|
||
checkReversePath = "loose";
|
||
};
|
||
nftables.enable = true;
|
||
};
|
||
|
||
time.timeZone = "Europe/London";
|
||
i18n.defaultLocale = "en_GB.utf8";
|
||
|
||
services = {
|
||
promtail = {
|
||
enable = true;
|
||
configuration = {
|
||
server = {
|
||
http_listen_port = 3031;
|
||
grpc_listen_port = 0;
|
||
};
|
||
positions = {
|
||
filename = "/tmp/positions.yaml";
|
||
};
|
||
clients = [
|
||
{
|
||
url = "http://monitoring:3030/loki/api/v1/push";
|
||
}
|
||
];
|
||
scrape_configs = [
|
||
{
|
||
job_name = "journal";
|
||
journal = {
|
||
max_age = "12h";
|
||
labels = {
|
||
job = "systemd-journal";
|
||
host = "london";
|
||
};
|
||
};
|
||
relabel_configs = [
|
||
{
|
||
source_labels = ["__journal__systemd_unit"];
|
||
target_label = "unit";
|
||
}
|
||
];
|
||
}
|
||
];
|
||
};
|
||
};
|
||
fwupd.enable = true;
|
||
syncthing = {
|
||
enable = true;
|
||
overrideDevices = false;
|
||
overrideFolders = false;
|
||
user = "gsimmer";
|
||
dataDir = "/home/gsimmer";
|
||
guiAddress = "100.110.180.123:8384";
|
||
};
|
||
usbmuxd.enable = true;
|
||
prometheus.exporters.node = {
|
||
enable = true;
|
||
listenAddress = "100.110.180.123";
|
||
enabledCollectors = [
|
||
"systemd"
|
||
"processes"
|
||
];
|
||
};
|
||
dbus.enable = true;
|
||
yubikey-agent.enable = true;
|
||
udev.packages = with pkgs; [libu2f-host yubikey-personalization];
|
||
tailscale.enable = true;
|
||
pcscd.enable = true;
|
||
mullvad-vpn.enable = true;
|
||
xserver = {
|
||
xkb.layout = "us";
|
||
xkb.variant = "";
|
||
enable = true;
|
||
displayManager.sddm.enable = true;
|
||
};
|
||
desktopManager = {
|
||
plasma6.enable = true;
|
||
};
|
||
pipewire = {
|
||
enable = true;
|
||
alsa.enable = true;
|
||
alsa.support32Bit = true;
|
||
pulse.enable = true;
|
||
jack.enable = true;
|
||
};
|
||
printing = {
|
||
enable = true;
|
||
drivers = [pkgs.gutenprint pkgs.gutenprintBin];
|
||
};
|
||
avahi = {
|
||
nssmdns4 = true;
|
||
enable = true;
|
||
publish = {
|
||
enable = true;
|
||
userServices = true;
|
||
domain = true;
|
||
workstation = true;
|
||
hinfo = true;
|
||
};
|
||
};
|
||
};
|
||
programs.corectrl.enable = true;
|
||
hardware = {
|
||
opengl = {
|
||
enable = true;
|
||
driSupport = true;
|
||
driSupport32Bit = true;
|
||
extraPackages = with pkgs; [
|
||
rocm-opencl-icd
|
||
rocm-opencl-runtime
|
||
amdvlk
|
||
];
|
||
extraPackages32 = with pkgs; [
|
||
driversi686Linux.amdvlk
|
||
];
|
||
};
|
||
|
||
sane.enable = true;
|
||
sane.extraBackends = [pkgs.epkowa];
|
||
pulseaudio.enable = false;
|
||
};
|
||
environment.variables.AMD_VULKAN_ICD = "RADV";
|
||
xdg.portal.enable = true;
|
||
|
||
programs = {
|
||
tmux = {
|
||
enable = true;
|
||
extraConfig = ''
|
||
set -g mouse on
|
||
'';
|
||
};
|
||
gamemode.enable = true;
|
||
zsh.enable = true;
|
||
fish.enable = true;
|
||
nix-ld.enable = true;
|
||
dconf.enable = true;
|
||
kdeconnect.enable = true;
|
||
steam = {
|
||
enable = true;
|
||
remotePlay.openFirewall = true;
|
||
dedicatedServer.openFirewall = false;
|
||
};
|
||
gnupg.agent = {
|
||
enable = true;
|
||
enableSSHSupport = false;
|
||
};
|
||
};
|
||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||
users.users.gsimmer = {
|
||
shell = pkgs.fish;
|
||
isNormalUser = true;
|
||
description = "Gabriel Simmer";
|
||
extraGroups = ["networkmanager" "wheel" "libvirtd" "qemu-libvirtd" "docker"];
|
||
packages = with pkgs; [
|
||
firefox-wayland
|
||
vim
|
||
lm_sensors
|
||
];
|
||
};
|
||
|
||
virtualisation = {
|
||
docker = {
|
||
enable = true;
|
||
rootless = {
|
||
enable = true;
|
||
setSocketVariable = true;
|
||
};
|
||
};
|
||
libvirtd.enable = true;
|
||
};
|
||
|
||
fonts = {
|
||
packages = with pkgs; [
|
||
ibm-plex
|
||
jetbrains-mono
|
||
emojione
|
||
font-awesome
|
||
];
|
||
enableDefaultPackages = true;
|
||
};
|
||
|
||
environment = {
|
||
shells = with pkgs; [zsh fish];
|
||
systemPackages = with pkgs; [
|
||
os-prober
|
||
tailscale
|
||
cifs-utils
|
||
pinentry-curses
|
||
noisetorch
|
||
nix-output-monitor
|
||
xdg-utils
|
||
dracula-theme
|
||
yubikey-touch-detector
|
||
docker-compose
|
||
home-manager
|
||
libimobiledevice
|
||
ifuse
|
||
glxinfo
|
||
vulkan-tools
|
||
glmark2
|
||
libnotify
|
||
emojione
|
||
swtpm
|
||
cloudflare-warp
|
||
pcscliteWithPolkit.out
|
||
];
|
||
};
|
||
|
||
environment.plasma6.excludePackages = with pkgs.libsForQt5; [
|
||
elisa
|
||
okular
|
||
oxygen
|
||
khelpcenter
|
||
konsole
|
||
print-manager
|
||
];
|
||
|
||
security = {
|
||
polkit = {
|
||
enable = true;
|
||
extraConfig = ''
|
||
polkit.addRule(function(action, subject) {
|
||
if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
|
||
subject.isInGroup("wheel")) {
|
||
return polkit.Result.YES;
|
||
}
|
||
});
|
||
'';
|
||
};
|
||
rtkit.enable = true;
|
||
};
|
||
system.stateVersion = "23.05"; # Did you read the comment?
|
||
}
|