aylac.top
1{
2 self,
3 config,
4 lib,
5 ...
6}: {
7 imports = [
8 ./home.nix
9 ./secrets.nix
10 self.nixosModules.locale-en-ca
11 ];
12
13 networking.hostName = "morgana";
14 system.stateVersion = "25.05";
15 time.timeZone = "America/Sao_Paulo";
16 myHardware.acer.aspire.A515-52G.enable = true;
17
18 myNixOS = {
19 programs = {
20 lanzaboote.enable = true;
21 nix.enable = true;
22 nix-ld.enable = true;
23 steam.enable = true;
24 };
25 profiles = {
26 base.enable = true;
27 workstation.enable = true;
28
29 btrfs = {
30 enable = true;
31 deduplicate = true;
32 snapshots = true;
33 };
34 tmpOnTmpfs.enable = true;
35 };
36 desktop.gnome.enable = true;
37 services = {
38 dnsmasq = {
39 enable = true;
40 longCaches = false;
41 };
42 flatpak.enable = true;
43 tailscale = {
44 enable = true;
45 enableCaddy = false;
46 operator = "ayla";
47 };
48 syncthing = {
49 enable = true;
50 certFile = config.age.secrets.syncthingCert.path;
51 keyFile = config.age.secrets.syncthingKey.path;
52 user = "ayla";
53 };
54 };
55 };
56
57 security.sudo-rs.wheelNeedsPassword = lib.mkForce true;
58
59 myUsers = {
60 ayla = {
61 enable = true;
62 passwordFile = config.age.secrets.aylaPassword.path;
63 };
64 };
65
66 boot.initrd = {
67 availableKernelModules = [
68 "xhci_pci"
69 "ahci"
70 "usb_storage"
71 "sd_mod"
72 "rtsx_pci_sdmmc"
73 ];
74
75 luks.devices = {
76 crypted1.device = "/dev/disk/by-uuid/796c4c65-22b9-40e2-a928-66d20d528330";
77 crypted2.device = "/dev/disk/by-uuid/7665834d-1f38-4c1e-9b44-449ea8fc055c";
78 };
79 };
80
81 fileSystems = {
82 "/" = {
83 device = "/dev/disk/by-uuid/e88969b5-98a0-4d46-a059-8e07ebf2689e";
84 fsType = "btrfs";
85 options = ["subvol=@" "compress=zstd" "noatime"];
86 };
87
88 "/home" = {
89 device = "/dev/disk/by-uuid/e88969b5-98a0-4d46-a059-8e07ebf2689e";
90 fsType = "btrfs";
91 options = ["subvol=@home" "compress=zstd" "noatime"];
92 };
93
94 "/home/.snapshots" = {
95 device = "/dev/disk/by-uuid/e88969b5-98a0-4d46-a059-8e07ebf2689e";
96 fsType = "btrfs";
97 options = ["subvol=.snapshots" "compress=zstd" "noatime"];
98 };
99
100 "/nix" = {
101 device = "/dev/disk/by-uuid/e88969b5-98a0-4d46-a059-8e07ebf2689e";
102 fsType = "btrfs";
103 options = ["subvol=@nix" "compress=zstd" "noatime"];
104 };
105
106 "/boot" = {
107 device = "/dev/disk/by-uuid/0CC3-3395";
108 fsType = "vfat";
109 options = ["fmask=0077" "dmask=0077"];
110 };
111
112 "/data" = {
113 device = "/dev/disk/by-uuid/e5cf35fa-55bc-499f-a39b-e844a442e0f0";
114 fsType = "btrfs";
115 options = ["subvol=@data" "compress=zstd" "noatime"];
116 };
117 };
118
119 # samba for ps2 opl
120 services.samba = {
121 enable = true;
122 openFirewall = true;
123 winbindd.enable = false;
124 nmbd.enable = false;
125 settings = {
126 global = {
127 "workgroup" = "WORKGROUP";
128 "server string" = "smbnix";
129 "netbios name" = "smbnix";
130 "security" = "user";
131
132 "bind interfaces only" = "yes";
133 "interfaces" = "lo enp2s0f1";
134
135 "client min protocol" = "CORE";
136 "client max protocol" = "NT1";
137 "server max protocol" = "SMB3";
138 "server min protocol" = "LANMAN1";
139 "strict sync" = "no";
140 "keepalive" = "0";
141
142 "getwd cache" = "yes";
143 "large readwrite" = "yes";
144 "aio read size" = "0";
145 "aio write size" = "0";
146 "strict locking" = "no";
147 "strict allocate" = "no";
148 "read raw" = "no";
149 "write raw" = "no";
150
151 "server signing" = "disabled";
152 "smb encrypt" = "disabled";
153 "socket options" = "TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE";
154
155 "load printers" = "no";
156 "disable spoolss" = "yes";
157
158 "map to guest" = "bad user";
159
160 "available" = "yes";
161 "create mask" = "0777";
162 "directory mask" = "0777";
163 "force user" = "ayla";
164 "force group" = "users";
165 };
166 "PS2SMB" = {
167 "comment" = "PS2 SMB";
168 "path" = "/data/PS2SMB";
169 "browseable" = "yes";
170 "read only" = "no";
171 "guest ok" = "yes";
172 "public" = "yes";
173 "strict sync" = "no";
174 };
175 };
176 };
177}