2023-10-22 17:12:42 +02:00
|
|
|
{ pkgs, config, lib, extraInfo, ... }:
|
|
|
|
{
|
|
|
|
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" ];
|
|
|
|
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
|
|
|
boot.kernelModules = [ "kvm-amd" ];
|
|
|
|
boot.extraModulePackages = [ ];
|
|
|
|
|
|
|
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
|
|
|
|
|
|
/* Meta */
|
|
|
|
isProfessional = false;
|
|
|
|
|
|
|
|
/* Volumes */
|
|
|
|
luksDevices = [
|
|
|
|
{
|
|
|
|
name = "crypted-nixos";
|
|
|
|
deviceUUID = "5a1ac4ae-d74f-4599-bc5a-fc0a3501a196";
|
|
|
|
isPreLVM = true;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
|
|
|
filesystems = [
|
|
|
|
{
|
|
|
|
mountpoint = "/";
|
|
|
|
deviceUUID = "8dd700f8-7bf7-426c-8869-d31687e343df";
|
|
|
|
fsType = "ext4";
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
|
|
|
mountpoint = "/boot";
|
|
|
|
deviceUUID = "F2B6-C8CA";
|
|
|
|
fsType = "vfat";
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
|
|
|
mountpoint = "/nix";
|
|
|
|
deviceUUID = "b7a643f6-a78e-4e32-a1a3-22b321465bf6";
|
|
|
|
fsType = "ext4";
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
|
|
|
mountpoint = "/home";
|
|
|
|
deviceUUID = "e26f6727-3712-4830-b8e8-fdbce5e3584b";
|
|
|
|
fsType = "ext4";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
|
|
|
swapDeviceUUID = "5fe5e76b-df3d-43ce-abf9-d2b63078df09";
|
|
|
|
|
|
|
|
|
|
|
|
/* Linux kernel */
|
|
|
|
useLatestKernel = true;
|
2024-02-18 10:08:50 +01:00
|
|
|
|
|
|
|
/* Custom udev rules for Nucleo's stlink interface */
|
|
|
|
services.udev.extraRules = ''
|
|
|
|
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374b",MODE="660",GROUP="dialout",TAG+="uaccess"
|
|
|
|
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748",MODE="660",GROUP="dialout",TAG+="uaccess"
|
|
|
|
'';
|
2023-10-22 17:12:42 +02:00
|
|
|
|
|
|
|
/* Nix */
|
|
|
|
allowUnfreePackages = true;
|
|
|
|
|
|
|
|
/* Hardware acceleration */
|
|
|
|
hwAccelerationGPU = "nvidia";
|
|
|
|
|
2024-01-20 13:38:49 +01:00
|
|
|
keymap = "fr";
|
2023-12-22 23:18:58 +01:00
|
|
|
|
2023-10-22 17:12:42 +02:00
|
|
|
/* System secrets */
|
|
|
|
sops = {
|
|
|
|
gnupg.sshKeyPaths = [ ];
|
|
|
|
age = {
|
|
|
|
sshKeyPaths = [ ];
|
|
|
|
keyFile = "/var/lib/sops-nix/key.txt";
|
|
|
|
};
|
|
|
|
defaultSopsFile = ./secrets/secrets.yaml;
|
|
|
|
secrets.wg0_private = { };
|
|
|
|
};
|
|
|
|
|
|
|
|
/* Wireguard */
|
|
|
|
networking.wg-quick.interfaces.wg0 = {
|
2023-12-24 20:41:29 +01:00
|
|
|
address = [ "10.100.0.4/8" ];
|
2023-10-22 17:12:42 +02:00
|
|
|
dns = [ "10.100.0.1" ];
|
|
|
|
|
|
|
|
listenPort = 51820;
|
|
|
|
privateKeyFile = config.sops.secrets.wg0_private.path;
|
|
|
|
|
|
|
|
peers = [
|
|
|
|
{
|
|
|
|
# Rock Pro 64
|
|
|
|
publicKey = "XVmG3/rNsCqc8KCmOx3+UUn9DJOnJ40Uxid5JGdChR4=";
|
|
|
|
endpoint = "${extraInfo.wireguard.rockProEndpoint}:51820";
|
2023-12-25 21:53:14 +01:00
|
|
|
allowedIPs = [ "10.100.0.1" ];
|
2023-10-22 17:12:42 +02:00
|
|
|
persistentKeepalive = 25;
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
|
|
|
# VPS
|
|
|
|
publicKey = "x45YsLDpMJw1pwKOvkyzdesen3lFcKpxCXACGz+xtDs=";
|
|
|
|
endpoint = "${extraInfo.wireguard.VPSEndpoint}:51820";
|
2023-12-25 21:53:14 +01:00
|
|
|
allowedIPs = [ "10.100.0.2" ];
|
2023-10-22 17:12:42 +02:00
|
|
|
persistentKeepalive = 25;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
/* User config */
|
|
|
|
machineUsers = {
|
|
|
|
dala = {
|
|
|
|
description = "Dala";
|
|
|
|
groups = [ "wheel" "video" "audio" "seat" "keys" "lp" "dialout" "network" ];
|
|
|
|
uid = 1000;
|
|
|
|
shell = pkgs.fish;
|
|
|
|
enableHomeManagerProfile = true;
|
|
|
|
homeManagerConfig = {
|
2024-02-10 14:25:13 +01:00
|
|
|
programs.helix.enable = true;
|
2023-10-22 17:12:42 +02:00
|
|
|
desktop.monitors = [
|
|
|
|
{
|
|
|
|
name = "Iiyama North America PL2470H 0x0000047B";
|
|
|
|
resolution = "1920x1080@165.003Hz";
|
|
|
|
position = "1920 0";
|
|
|
|
defaultWorkspace = 1;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
name = "Iiyama North America PL2530H 1154392601941";
|
|
|
|
resolution = "1920x1080@74.973Hz";
|
|
|
|
position = "0 0";
|
|
|
|
defaultWorkspace = 2;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
development.embedded.enableTools = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|