hosts/morgana/default.nix at 7698c108499aafea212da58525d9ab03a853e7a8 · aylac.top/nixcfg-own-knot

this repo has no description
nixcfg-own-knot / hosts / morgana / default.nix
at 7698c108499aafea212da58525d9ab03a853e7a8 4.5 kB view raw
  1{
  2  self,
  3  config,
  4  lib,
  5  ...
  6}: {
  7  imports = [
  8    ./home.nix
  9    ./secrets.nix
 10    self.nixosModules.locale-en-ca
 11  ];
 12
 13  networking.hostName = "morgana";
 14  system.stateVersion = "25.05";
 15  time.timeZone = "America/Sao_Paulo";
 16  myHardware.acer.aspire.A515-52G.enable = true;
 17
 18  myNixOS = {
 19    programs = {
 20      lanzaboote.enable = true;
 21      nix.enable = true;
 22      nix-ld.enable = true;
 23      steam.enable = true;
 24    };
 25    profiles = {
 26      base.enable = true;
 27      workstation.enable = true;
 28
 29      btrfs = {
 30        enable = true;
 31        deduplicate = true;
 32        snapshots = true;
 33      };
 34      tmpOnTmpfs.enable = true;
 35
 36      hibernation = {
 37        enable = true;
 38        swap = {
 39          size = 24576;
 40          location = "/data/.swapfile";
 41          keyFile = "/.swapkey";
 42          blkDev = "/dev/disk/by-uuid/e88969b5-98a0-4d46-a059-8e07ebf2689e";
 43        };
 44      };
 45    };
 46    desktop.gnome.enable = true;
 47    services = {
 48      gdm.enable = true;
 49      dnsmasq = {
 50        enable = true;
 51        longCaches = false;
 52      };
 53      flatpak.enable = true;
 54      tailscale = {
 55        enable = true;
 56        enableCaddy = false;
 57        operator = "ayla";
 58      };
 59      syncthing = {
 60        enable = true;
 61        certFile = config.age.secrets.syncthingCert.path;
 62        keyFile = config.age.secrets.syncthingKey.path;
 63        user = "ayla";
 64      };
 65    };
 66  };
 67
 68  security.sudo-rs.wheelNeedsPassword = lib.mkForce true;
 69
 70  myUsers = {
 71    ayla = {
 72      enable = true;
 73      passwordFile = config.age.secrets.aylaPassword.path;
 74    };
 75  };
 76
 77  boot.initrd = {
 78    availableKernelModules = [
 79      "xhci_pci"
 80      "ahci"
 81      "usb_storage"
 82      "sd_mod"
 83      "rtsx_pci_sdmmc"
 84    ];
 85
 86    luks.devices = {
 87      crypted1.device = "/dev/disk/by-uuid/796c4c65-22b9-40e2-a928-66d20d528330";
 88      crypted2.device = "/dev/disk/by-uuid/7665834d-1f38-4c1e-9b44-449ea8fc055c";
 89    };
 90  };
 91
 92  fileSystems = {
 93    "/" = {
 94      device = "/dev/disk/by-uuid/e88969b5-98a0-4d46-a059-8e07ebf2689e";
 95      fsType = "btrfs";
 96      options = ["subvol=@" "compress=zstd" "noatime"];
 97    };
 98
 99    "/home" = {
100      device = "/dev/disk/by-uuid/e88969b5-98a0-4d46-a059-8e07ebf2689e";
101      fsType = "btrfs";
102      options = ["subvol=@home" "compress=zstd" "noatime"];
103    };
104
105    "/home/.snapshots" = {
106      device = "/dev/disk/by-uuid/e88969b5-98a0-4d46-a059-8e07ebf2689e";
107      fsType = "btrfs";
108      options = ["subvol=.snapshots" "compress=zstd" "noatime"];
109    };
110
111    "/nix" = {
112      device = "/dev/disk/by-uuid/e88969b5-98a0-4d46-a059-8e07ebf2689e";
113      fsType = "btrfs";
114      options = ["subvol=@nix" "compress=zstd" "noatime"];
115    };
116
117    "/boot" = {
118      device = "/dev/disk/by-uuid/0CC3-3395";
119      fsType = "vfat";
120      options = ["fmask=0077" "dmask=0077"];
121    };
122
123    "/data" = {
124      device = "/dev/disk/by-uuid/e5cf35fa-55bc-499f-a39b-e844a442e0f0";
125      fsType = "btrfs";
126      options = ["subvol=@data" "compress=zstd" "noatime"];
127    };
128  };
129
130  # samba for ps2 opl
131  services.samba = {
132    enable = true;
133    openFirewall = true;
134    winbindd.enable = false;
135    nmbd.enable = false;
136    settings = {
137      global = {
138        "workgroup" = "WORKGROUP";
139        "server string" = "smbnix";
140        "netbios name" = "smbnix";
141        "security" = "user";
142
143        "bind interfaces only" = "yes";
144        "interfaces" = "lo enp2s0f1";
145
146        "client min protocol" = "CORE";
147        "client max protocol" = "NT1";
148        "server max protocol" = "SMB3";
149        "server min protocol" = "LANMAN1";
150        "strict sync" = "no";
151        "keepalive" = "0";
152
153        "getwd cache" = "yes";
154        "large readwrite" = "yes";
155        "aio read size" = "0";
156        "aio write size" = "0";
157        "strict locking" = "no";
158        "strict allocate" = "no";
159        "read raw" = "no";
160        "write raw" = "no";
161
162        "server signing" = "disabled";
163        "smb encrypt" = "disabled";
164        "socket options" = "TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE";
165
166        "load printers" = "no";
167        "disable spoolss" = "yes";
168
169        "map to guest" = "bad user";
170
171        "available" = "yes";
172        "create mask" = "0777";
173        "directory mask" = "0777";
174        "force user" = "ayla";
175        "force group" = "users";
176      };
177      "PS2SMB" = {
178        "comment" = "PS2 SMB";
179        "path" = "/data/PS2SMB";
180        "browseable" = "yes";
181        "read only" = "no";
182        "guest ok" = "yes";
183        "public" = "yes";
184        "strict sync" = "no";
185      };
186    };
187  };
188}