{ config , pkgs , ... }: { imports = [ ./settings/base.nix ./settings/configuration/berlin.nix ./settings/configuration/british-english.nix ./settings/configuration/nix-linux.nix ./settings/configuration/user.nix ./settings/hardware/audio.nix ./settings/hardware/bare-metal.nix ./settings/hardware/mouse.nix ./settings/hardware/systemd-boot.nix ./settings/hardware/nvidia-gpu.nix ./settings/hardware/keyboard.nix ./settings/hardware/keyboard-lofree.nix ./settings/hardware/trezor.nix ./settings/services/syncthing.nix ./settings/services/virtualisation.nix ./settings/user-interface.nix ./settings/programs/base.nix ./settings/programs/kde.nix ./settings/programs/shell.nix ./settings/programs/docker.nix ./settings/dev.nix ./settings/gaming.nix ]; virtualisation.vmVariant = { disabledModules = [ ./settings/hardware/nvidia-gpu.nix ./settings/hardware/bare-metal.nix ./settings/gaming.nix ./settings/user-interface.nix ./settings/programs/kde.nix ]; services.qemuGuest.enable = true; virtualisation = { memorySize = 4096; cores = 4; }; }; nixpkgs.hostPlatform = "x86_64-linux"; services.xserver.screenSection = '' Option "MetaModes" "2560x1440_165 +0+0 { }" #Option "MetaModes" "2560x1440_120 +0+0 { AllowGSYNC=Off }" ''; services.xserver.monitorSection = '' Option "DPMS" ''; services.displayManager.autoLogin = { user = "alan"; enable = true; }; boot.kernelPackages = pkgs.linuxPackages_xanmod; boot.extraModulePackages = with config.boot.kernelPackages; [ zenpower ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.initrd.supportedFilesystems = [ "xfs" "ext4" ]; fileSystems = { "/" = { device = "/dev/disk/by-partlabel/nixos"; fsType = "xfs"; options = [ "lazytime" "nodiscard" ]; }; "/boot" = { device = "/dev/disk/by-partlabel/efi-boot"; fsType = "vfat"; }; "/home" = { device = "/dev/disk/by-partlabel/home"; fsType = "ext4"; options = [ "lazytime" "nodiscard" ]; }; "/mnt/data" = { device = "/dev/disk/by-partlabel/data"; fsType = "ntfs3"; options = [ "uid=1000" "gid=100" "x-systemd-automount" "nofail" ]; }; }; swapDevices = [ { label = "swap"; discardPolicy = "once"; } ]; services.xserver = { xautolock.enable = pkgs.lib.mkForce false; }; services.openssh = { enable = true; openFirewall = false; startWhenNeeded = true; }; systemd.services."ssh-no-sleep@" = { bindsTo = [ "sshd@%i.service" ]; wantedBy = [ "sshd@.service" ]; serviceConfig.ExecStart = "${pkgs.systemd}/bin/systemd-inhibit --mode block --what sleep --who 'ssh session '%I --why 'session still active' ${pkgs.coreutils}/bin/sleep infinity"; }; systemd.network = { networks."40-enp7s0" = { matchConfig = { Name = "enp7s0"; }; dhcpV4Config = { UseDomains = true; }; dhcpV6Config = { UseDomains = true; }; ipv6AcceptRAConfig = { UseDomains = true; }; networkConfig = { MulticastDNS = true; }; }; }; networking = { hostName = "prefect"; useDHCP = false; useNetworkd = true; interfaces.enp7s0 = { useDHCP = true; }; hosts = { "fd7a:115c:a1e0::53" = [ "tailscale" "ts" ]; "::1" = [ "alanpearce.test" "alanpearce.localhost" ]; }; nftables = { enable = true; }; firewall = { extraInputRules = '' ip saddr 10.0.0.0/8 accept ip6 saddr { fd00::/8, fe80::/10 } accept ''; }; }; services.resolved = { llmnr = "false"; dnssec = "true"; }; services.tailscale = { enable = true; extraUpFlags = [ "--accept-dns=true" "--accept-routes=false" ]; }; system.stateVersion = "23.05"; security.pki.certificates = [ '' -----BEGIN CERTIFICATE----- MIIBozCCAUqgAwIBAgIRAJ1slNK3lsucmYYUbtGRUvswCgYIKoZIzj0EAwIwMDEu MCwGA1UEAxMlQ2FkZHkgTG9jYWwgQXV0aG9yaXR5IC0gMjAyNCBFQ0MgUm9vdDAe Fw0yNDA2MjYxNTM3MTJaFw0zNDA1MDUxNTM3MTJaMDAxLjAsBgNVBAMTJUNhZGR5 IExvY2FsIEF1dGhvcml0eSAtIDIwMjQgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggq hkjOPQMBBwNCAAR1fc1TOhp9oNy/p40BfUd+E13b1/URwwocuZ5w0SKHTE/t8Hp+ 7Zd9ZTYvQ7WxFfaVxmBCcFMUJsTm7bbYTEvlo0UwQzAOBgNVHQ8BAf8EBAMCAQYw EgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUcnlbpAM2ZCRsiCzdFiM5EjCm aoEwCgYIKoZIzj0EAwIDRwAwRAIgcKf3vRiF87G0r2+vgBbyfWo4D2TDQWkSrfek Q0f1Q5UCIEmyeqrifbp5JnZqtm3IlGVIEQcUeVygqnV/xW3xCAgT -----END CERTIFICATE----- '' ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; nix.settings.trusted-users = [ "root" "nixremote" ]; services.displayManager.hiddenUsers = [ "nixremote" ]; users.users.nixremote = { shell = "/bin/sh"; isNormalUser = true; home = "/var/lib/nixremote"; createHome = true; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxa7lxDu0M4chats/VvpFzjT3ruexKa3J9UC6ASo3bN root@NanoPi.lan" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9of82WBHK8nr8L9RGeieLMfcAWaFCeCkmvYHM9LCuT nanopi" ]; }; }