Olympus/system-config/configuration/homebox/default.nix

{ config, pkgs, lib, inputs, ... }:

{
  imports =
    [
      ./hardware-configuration.nix

      inputs.disko.nixosModules.default
      
      (import ./disko.nix { device1 = "/dev/nvme0n1"; device2 = "/dev/nvme1n1"; device3 = "/dev/sda"; })
      
      inputs.impermanence.nixosModules.impermanence

      inputs.sops-nix.nixosModules.sops
      
      inputs.home-manager.nixosModules.default
      
    ];

    boot = {
        #kernelPackages = pkgs.linuxKernel.packages.linux_6_6;
        loader = {
            systemd-boot.enable = true;
            efi.canTouchEfiVariables = true;
        };
    };

  hardware = {
   
   graphics.enable = true;

    nvidia = {
      modesetting.enable = true;
      open = false;
      nvidiaSettings = true;
      package = config.boot.kernelPackages.nvidiaPackages.stable;
    };

    bluetooth.enable = true;

  };

  services = {
    xserver = {
      #enable = true;
      videoDrivers = ["nvidia"];
    };
    displayManager = {
        enable = true;
        defaultSession = "hyprland";
        autoLogin = {
            enable = true;
            user = "nathan";
        };
    };
    pulseaudio.enable = false;
  };

    systemd.extraConfig = "DefaultLimitNOFILE=2048";

  environment.sessionVariables = {
    WLR_BACKENDS = "headless";
    WLR_LIBINPUT_NO_DEVICES = "1";
  };

  programs.zsh.enable = true;
  environment.shells = with pkgs; [ zsh ];
  users.defaultUserShell = pkgs.zsh;

  nixpkgs.config.allowUnfree = true;
  
    # Set your time zone.
    time.timeZone = "America/Chicago";

    # Select internationalisation properties.
    i18n.defaultLocale = "en_US.UTF-8";

    i18n.extraLocaleSettings = {
        LC_ADDRESS = "en_US.UTF-8";
        LC_IDENTIFICATION = "en_US.UTF-8";
        LC_MEASUREMENT = "en_US.UTF-8";
        LC_MONETARY = "en_US.UTF-8";
        LC_NAME = "en_US.UTF-8";
        LC_NUMERIC = "en_US.UTF-8";
        LC_PAPER = "en_US.UTF-8";
        LC_TELEPHONE = "en_US.UTF-8";
        LC_TIME = "en_US.UTF-8";
    };

    services.displayManager.sddm.settings.AutoLogin = {
        User = "nathan";
        Session = "hyprland";
        Relogin = true;
    };

    networking = {
        hostName = "homebox";
        nameservers = [ "1.1.1.1" "1.0.0.1" ];
        networkmanager.enable = true;
        firewall.allowedTCPPorts = [ 22 80 443 ];
        firewall.interfaces."ve-traefik".allowedTCPPorts = [ 
            8080 
            8123
        ];
        firewall.interfaces."ve-novnc" = {
            allowedTCPPorts = [ 5900 ];
            allowedUDPPorts = [ 5900 ];
        };
        hosts = {
            "192.168.100.11" = [ "blunkall.us" "*.blunkall.us" ];
            "192.168.100.20" = [ "gitea.blunkall.us" ];
            "192.168.100.21:5678" = [ "n8n.blunkall.us" ];
            "192.168.100.25:8123" = [ "hass.blunkall.us" ];
        };
        nftables = {};
        nat = {
            enable = true;
            internalInterfaces = [ "ve-+" ];
            externalInterface = "enp6s0";
        };
    };

  system.stateVersion = "23.05"; # Did you read the comment?

  users.users."nathan" = {
    isNormalUser = true;
    initialPassword = "7567";
    #hashedPasswordFile = config.sops.secrets."nathan/pass".path;
    extraGroups = [ 
        "wheel"
        "docker"
        "podman"
    ]; # Enable ‘sudo’ for the user.
    openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
    ];
  };

    nix = {
        nixPath = [ "nixpkgs=${inputs.nixpkgs}" "unstable=${inputs.nixpkgs-us}" ];
        settings = {
            experimental-features = [ "nix-command" "flakes" ];
        };
    };

    virtualisation.docker.enable = true;

    environment.systemPackages = with pkgs; [
        docker
        docker-compose
    ];


  boot.initrd.postDeviceCommands = lib.mkAfter ''
    mkdir /btrfs_tmp
    mount /dev/root_vg/root /btrfs_tmp
    if [[ -e /btrfs_tmp/root ]]; then
        mkdir -p /btrfs_tmp/old_roots
        timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
        mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
    fi

    delete_subvolume_recursively() {
        IFS=$'\n'
        for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
            delete_subvolume_recursively "/btrfs_tmp/$i"
        done
        btrfs subvolume delete "$1"
    }

    for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
        delete_subvolume_recursively "$i"
    done

    btrfs subvolume create /btrfs_tmp/root
    umount /btrfs_tmp
  '';

  fileSystems."/persist".neededForBoot = true;
  environment.persistence."/persist/system" = {
    hideMounts = true;
    directories = [
      "/etc/nixos"
      "/var/log"
      "/var/lib/bluetooth"
      "/var/lib/nixos"
      "/var/lib/nixos-containers"
      "/var/lib/systemd/coredump"
      "/var/lib/docker"
      "/var/lib/mcservers"
      "/etc/NetworkManager/system-connections"
    ];
    files = [
      "/etc/machine-id"
      "/etc/ssh/ssh_host_ed25519_key"
      "/etc/ssh/ssh_host_ed25519_key.pub"
      "/etc/ssh/ssh_host_rsa_key"
      "/etc/ssh/ssh_host_rsa_key.pub"
    ];
  };

    sops = {
        age.keyFile = "/persist/home/nathan/.config/sops/age/keys.txt";
        defaultSopsFile = ./secrets.yaml;
        defaultSopsFormat = "yaml";

        secrets = {
            "nathan/pass" = {
                neededForUsers = true;
            };

            "authentik/pass" = {};
            "authentik/secret_key" = {};

            "nextcloud/pass" = {};
        };
    };

  programs.fuse.userAllowOther = true;

  home-manager = {
    backupFileExtension = "backup";
    extraSpecialArgs = {inherit inputs;};
    users = {
      "nathan" = lib.mkMerge [
        inputs.nathan-home-manager
        {
          config.homeconfig = {
            host = "homebox";
            minimal = false;
            wayvnc.enable = true;
              impermanence.enable = true;
            hyprland.enable = true;
            swaylock.enable = true;
            wal.enable = true;
            mpd.enable = true;
            ags.enable = true;
            calcurse.enable = true;
            rofi.enable = true;
            firefox.enable = true;
          };
        }
      ];
    };
  };

  sysconfig = {
    opts = {
      sddm.enable = true;
      openssh.enable = true;
      pipewire.enable = true;
      ags.enable = true;
      hyprland.enable = true;
      git.enable = true;
      nh.enable = true;
      netbird.enable = true;
      minecraft.enable = false;
      steam.enable = false;
        virtualization = {
            traefik.enable = true;
            jellyfin.enable = true;
            "blunkall.us".enable = true;
            nextcloud.enable = true;
            ntfy.enable = false;
            gitea.enable = true;
            n8n.enable = true;
            keycloak.enable = true;
            netbird.enable = true;
            ollama.enable = true;
            homeassistant.enable = true;
            wyoming = {
                enable = true;
                piper = true;
                openwakeword = true;
                faster-whisper = true;
            };
            rustdesk.enable = false; #broken
            pihole.enable = true; #broken
            code-server.enable = false;
            novnc.enable = true;
        };
    };
  };

  fonts.packages = with pkgs; [ nerd-fonts.fira-code ];

}