infra/krops/london/configuration.nix

192 lines
4.2 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
./cachix.nix
];
# Bootloader
boot = {
loader = {
grub = {
enable = true;
device = "nodev";
useOSProber = true;
efiSupport = true;
enableCryptodisk = true;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
};
binfmt.emulatedSystems = [ "aarch64-linux" ];
extraModulePackages = with pkgs; [
config.boot.kernelPackages.v4l2loopback
];
kernelPackages = pkgs.linuxPackages_zen;
kernelModules = [ "coretemp" "kvm-amd" "v4l2loopback" ];
initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
initrd.luks.devices."luks-63100442-37df-4579-a787-cb2f2c67b3d1" = {
device = "/dev/disk/by-uuid/63100442-37df-4579-a787-cb2f2c67b3d1";
keyFile = "/crypto_keyfile.bin";
};
};
hardware.cpu.amd.updateMicrocode = true;
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 15d";
};
};
nixpkgs.config.allowUnfree = true;
networking = {
hostName = "LONDON";
networkmanager.enable = true;
firewall = {
enable = false;
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
trustedInterfaces = [ "tailscale0" ];
checkReversePath = "loose";
};
nftables.enable = true;
};
time.timeZone = "Europe/London";
i18n.defaultLocale = "en_GB.utf8";
services = {
tailscale.enable = true;
yubikey-agent.enable = true;
pcscd.enable = true;
mullvad-vpn.enable = true;
xserver = {
layout = "us";
xkbVariant = "";
videoDrivers = [ "nvidia" ];
enable = true;
displayManager = {
gdm.wayland = true;
sddm.enable = true;
};
desktopManager.plasma5.enable = true;
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
printing = {
enable = true;
drivers = [ pkgs.gutenprint pkgs.gutenprintBin ];
};
avahi = {
nssmdns = true;
enable = true;
publish = {
enable = true;
userServices = true;
domain = true;
};
};
};
hardware = {
opengl.enable = true;
nvidia.modesetting.enable = true;
sane.enable = true;
sane.extraBackends = [ pkgs.epkowa ];
pulseaudio.enable = false;
};
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
};
};
programs = {
zsh.enable = true;
fish.enable = true;
nix-ld.enable = true;
dconf.enable = true;
steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
};
gnupg.agent = {
enable = true;
pinentryFlavor = "curses";
enableSSHSupport = true;
};
};
# Define a user account. Don't forget to set a password with passwd.
users.users.gsimmer = {
shell = pkgs.fish;
isNormalUser = true;
description = "Gabriel Simmer";
extraGroups = [ "networkmanager" "wheel" "libvirtd" "qemu-libvirtd" ];
packages = with pkgs; [
firefox-wayland
vim
lm_sensors
];
};
virtualisation = {
docker = {
enable = true;
enableNvidia = true;
rootless = {
enable = true;
setSocketVariable = true;
};
};
libvirtd.enable = true;
};
fonts.fonts = with pkgs; [
ibm-plex
jetbrains-mono
emojione
];
environment = {
shells = with pkgs; [ zsh fish ];
systemPackages = with pkgs; [
os-prober
tailscale
cifs-utils
pinentry-curses
noisetorch
nix-output-monitor
];
};
security.polkit.enable = true;
system.stateVersion = "23.05"; # Did you read the comment?
}