{ config, pkgs, lib, inputs, ... }: { imports = [ ./hardware-configuration.nix inputs.disko.nixosModules.default (import ./disko.nix { device1 = "/dev/nvme0n1"; device2 = "/dev/nvme1n1"; }) inputs.impermanence.nixosModules.impermanence inputs.sops-nix.nixosModules.sops inputs.home-manager.nixosModules.default ]; boot = { #kernelPackages = pkgs.linuxKernel.packages.linux_6_6; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; }; hardware = { graphics.enable = true; nvidia = { modesetting.enable = true; open = false; nvidiaSettings = true; package = config.boot.kernelPackages.nvidiaPackages.stable; }; bluetooth.enable = true; pulseaudio.enable = false; }; services = { xserver = { enable = true; videoDrivers = ["nvidia"]; }; displayManager = { enable = lib.mkForce false; defaultSession = "hyprland-uwsm"; autoLogin = { enable = true; user = "nathan"; }; }; }; programs.hyprland.withUWSM = true; systemd.extraConfig = "DefaultLimitNOFILE=2048"; environment.sessionVariables = { WLR_BACKENDS = "headless"; WLR_LIBINPUT_NO_DEVICES = "1"; }; programs.zsh.enable = true; environment.shells = with pkgs; [ zsh ]; users.defaultUserShell = pkgs.zsh; nixpkgs.config.allowUnfree = true; # Set your time zone. time.timeZone = "America/Chicago"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8"; }; #services.displayManager.sddm.settings.AutoLogin = { # User = "nathan"; # Session = "hyprland"; # Relogin = true; #}; networking = { hostName = "homebox"; nameservers = [ "1.1.1.1" "1.0.0.1" ]; networkmanager.enable = true; firewall.allowedTCPPorts = [ 22 80 443 ]; firewall.interfaces."ve-traefik".allowedTCPPorts = [ 9000 8080 6080 8123 ]; hosts = { "192.168.100.11" = [ "blunkall.us" "*.blunkall.us" "*.local.blunkall.us" ]; "192.168.100.20" = [ "gitea.blunkall.us" ]; }; nftables = {}; nat = { enable = true; internalInterfaces = [ "ve-+" ]; externalInterface = "enp6s0"; }; }; system.stateVersion = "23.05"; # Did you read the comment? users.users."nathan" = { isNormalUser = true; initialPassword = "7567"; #hashedPasswordFile = config.sops.secrets."nathan/pass".path; extraGroups = [ "wheel" "docker" "podman" ]; # Enable ‘sudo’ for the user. openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" ]; }; nix = { nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; settings = { experimental-features = [ "nix-command" "flakes" ]; }; }; virtualisation.docker.enable = true; environment.systemPackages = with pkgs; [ docker docker-compose ]; boot.initrd.postDeviceCommands = lib.mkAfter '' mkdir /btrfs_tmp mount /dev/root_vg/root /btrfs_tmp if [[ -e /btrfs_tmp/root ]]; then mkdir -p /btrfs_tmp/old_roots timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" fi delete_subvolume_recursively() { IFS=$'\n' for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do delete_subvolume_recursively "/btrfs_tmp/$i" done btrfs subvolume delete "$1" } for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do delete_subvolume_recursively "$i" done btrfs subvolume create /btrfs_tmp/root umount /btrfs_tmp ''; fileSystems."/persist".neededForBoot = true; environment.persistence."/persist/system" = { hideMounts = true; directories = [ "/etc/nixos" "/var/log" "/var/lib/bluetooth" "/var/lib/nixos" "/var/lib/nixos-containers" "/var/lib/systemd/coredump" "/var/lib/docker" "/etc/NetworkManager/system-connections" ]; files = [ "/etc/machine-id" "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key.pub" ]; }; sops = { age.keyFile = "/persist/home/nathan/.config/sops/age/keys.txt"; defaultSopsFile = ./secrets/secrets.yaml; defaultSopsFormat = "yaml"; secrets = { "nathan/pass" = { neededForUsers = true; }; "authentik/pass" = {}; "authentik/secret_key" = {}; "nextcloud/pass" = {}; }; }; programs.fuse.userAllowOther = true; home-manager = { backupFileExtension = "backup"; extraSpecialArgs = {inherit inputs;}; users = { "nathan" = lib.mkMerge [ inputs.nathan-home-manager { config.homeconfig = { host = "homebox"; impermanence.enable = true; hyprland.enable = true; swaylock.enable = true; wal.enable = true; wayvnc.enable = true; mpd.enable = true; ags.enable = true; calcurse.enable = true; rofi.enable = true; firefox.enable = true; }; } ]; }; }; sysconfig = { opts = { sddm.enable = false; openssh.enable = true; pipewire.enable = true; ags.enable = true; hyprland.enable = true; git.enable = true; nh.enable = true; ollama.enable = true; wyoming.enable = true; minecraft.enable = true; steam.enable = false; virtualization = { traefik.enable = true; authentik.enable = true; jellyfin.enable = true; "blunkall.us".enable = true; pihole.enable = false; nextcloud.enable = true; #gitlab.enable = true; gitea.enable = true; homeassistant.enable = true; ntfy.enable = true; }; }; }; fonts.packages = with pkgs; [ nerdfonts ]; }