{
config,
pkgs,
...
}:
{
imports = [
../settings/base.nix
../settings/configuration/berlin.nix
../settings/configuration/british-english.nix
../settings/configuration/nix-linux.nix
../settings/configuration/user.nix
../settings/hardware/audio.nix
../settings/hardware/bare-metal.nix
../settings/hardware/mouse.nix
../settings/hardware/systemd-boot.nix
../settings/hardware/nvidia-gpu.nix
../settings/hardware/keyboard.nix
../settings/hardware/keyboard-lofree.nix
../settings/hardware/trezor.nix
../settings/services/syncthing.nix
../settings/services/virtualisation.nix
../settings/user-interface.nix
../settings/programs/base.nix
../settings/programs/kde.nix
../settings/programs/shell.nix
../settings/programs/docker.nix
../settings/dev.nix
../settings/gaming.nix
];
virtualisation.vmVariant = {
disabledModules = [
../settings/hardware/nvidia-gpu.nix
../settings/hardware/bare-metal.nix
../settings/gaming.nix
../settings/user-interface.nix
../settings/programs/kde.nix
];
services.qemuGuest.enable = true;
virtualisation = {
memorySize = 4096;
cores = 4;
};
};
nixpkgs.hostPlatform = "x86_64-linux";
services.xserver.screenSection = ''
Option "MetaModes" "2560x1440_165 +0+0 { }"
#Option "MetaModes" "2560x1440_120 +0+0 { AllowGSYNC=Off }"
'';
services.xserver.monitorSection = ''
Option "DPMS"
'';
services.displayManager.autoLogin = {
user = "alin";
enable = true;
};
boot.kernelPackages = pkgs.linuxPackages_xanmod;
boot.extraModulePackages = with config.boot.kernelPackages; [
zenpower
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
];
boot.initrd.supportedFilesystems = [
"xfs"
"ext4"
];
fileSystems = {
"/" = {
device = "/dev/disk/by-partlabel/nixos";
fsType = "ext4";
options = [
"lazytime"
"nodiscard"
];
};
"/boot" = {
device = "/dev/disk/by-partlabel/efi-boot";
fsType = "vfat";
};
"/mnt/data" = {
device = "/dev/disk/by-partlabel/data";
fsType = "ntfs3";
options = [
"uid=1000"
"gid=100"
"x-systemd-automount"
"nofail"
];
};
"/mnt/games" = {
device = "/dev/disk/by-partlabel/games";
fsType = "xfs";
options = [
"x-systemd-automount"
"nofail"
];
};
};
swapDevices = [
{
label = "swap";
discardPolicy = "once";
}
];
services.xserver = {
xautolock.enable = pkgs.lib.mkForce false;
};
services.openssh = {
enable = true;
openFirewall = false;
startWhenNeeded = true;
};
systemd.services."ssh-no-sleep@" = {
bindsTo = [ "sshd@%i.service" ];
wantedBy = [ "sshd@.service" ];
serviceConfig.ExecStart = "${pkgs.systemd}/bin/systemd-inhibit --mode block --what sleep --who 'ssh session '%I --why 'session still active' ${pkgs.coreutils}/bin/sleep infinity";
};
networking = {
hostName = "prefect";
useDHCP = false;
useNetworkd = true;
interfaces.enp6s0 = {
useDHCP = true;
};
hosts = {
"fd7a:115c:a1e0::53" = [
"tailscale"
"ts"
];
"::1" = [
"alanpearce.test"
"alanpearce.localhost"
];
};
nftables = {
enable = true;
};
firewall = {
extraInputRules = ''
ip saddr 10.0.0.0/8 accept
ip6 saddr { fd00::/8, fe80::/10 } accept
'';
};
};
services.tailscale = {
enable = true;
extraUpFlags = [
"--accept-dns=true"
"--accept-routes=false"
];
};
system.stateVersion = "25.05";
security.pki.certificates = [
''
-----BEGIN CERTIFICATE-----
MIIBozCCAUqgAwIBAgIRAJ1slNK3lsucmYYUbtGRUvswCgYIKoZIzj0EAwIwMDEu
MCwGA1UEAxMlQ2FkZHkgTG9jYWwgQXV0aG9yaXR5IC0gMjAyNCBFQ0MgUm9vdDAe
Fw0yNDA2MjYxNTM3MTJaFw0zNDA1MDUxNTM3MTJaMDAxLjAsBgNVBAMTJUNhZGR5
IExvY2FsIEF1dGhvcml0eSAtIDIwMjQgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAAR1fc1TOhp9oNy/p40BfUd+E13b1/URwwocuZ5w0SKHTE/t8Hp+
7Zd9ZTYvQ7WxFfaVxmBCcFMUJsTm7bbYTEvlo0UwQzAOBgNVHQ8BAf8EBAMCAQYw
EgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUcnlbpAM2ZCRsiCzdFiM5EjCm
aoEwCgYIKoZIzj0EAwIDRwAwRAIgcKf3vRiF87G0r2+vgBbyfWo4D2TDQWkSrfek
Q0f1Q5UCIEmyeqrifbp5JnZqtm3IlGVIEQcUeVygqnV/xW3xCAgT
-----END CERTIFICATE-----
''
];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
nix.settings.trusted-users = [
"root"
"nixremote"
];
services.displayManager.hiddenUsers = [ "nixremote" ];
users.users.nixremote = {
shell = "/bin/sh";
isNormalUser = true;
home = "/var/lib/nixremote";
createHome = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxa7lxDu0M4chats/VvpFzjT3ruexKa3J9UC6ASo3bN root@NanoPi.lan"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9of82WBHK8nr8L9RGeieLMfcAWaFCeCkmvYHM9LCuT nanopi"
];
};
users.users.root.openssh.authorizedKeys.keys = [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHYUyDdw92TNXguAxcmcmZmn/7ECGdRp6ckjxU+5zCw3BCnsS5+xEvHBVnnFdJRoH2XpfMeJjE+fi67zFVhlbn4= root@secretive.marvin"
];
}
system/hosts/prefect.nix (view raw)