aylac.top
1{
2 self,
3 config,
4 lib,
5 ...
6}: {
7 imports = [
8 ./home.nix
9 ./secrets.nix
10 self.nixosModules.locale-en-ca
11 ];
12
13 networking.hostName = "morgana";
14 system.stateVersion = "25.05";
15 time.timeZone = "America/Sao_Paulo";
16 myHardware.acer.aspire.A515-52G.enable = true;
17
18 myNixOS = {
19 programs = {
20 lanzaboote.enable = true;
21 nix.enable = true;
22 nix-ld.enable = true;
23 steam.enable = true;
24 };
25 profiles = {
26 base.enable = true;
27 workstation.enable = true;
28
29 btrfs = {
30 enable = true;
31 deduplicate = true;
32 snapshots = true;
33 };
34 tmpOnTmpfs.enable = true;
35 };
36 desktop.gnome.enable = true;
37 services = {
38 gdm.enable = true;
39 dnsmasq = {
40 enable = true;
41 longCaches = false;
42 };
43 flatpak.enable = true;
44 tailscale = {
45 enable = true;
46 enableCaddy = false;
47 operator = "ayla";
48 };
49 syncthing = {
50 enable = true;
51 certFile = config.age.secrets.syncthingCert.path;
52 keyFile = config.age.secrets.syncthingKey.path;
53 user = "ayla";
54 };
55 };
56 };
57
58 security.sudo-rs.wheelNeedsPassword = lib.mkForce true;
59
60 myUsers = {
61 ayla = {
62 enable = true;
63 passwordFile = config.age.secrets.aylaPassword.path;
64 };
65 };
66
67 boot.initrd = {
68 availableKernelModules = [
69 "xhci_pci"
70 "ahci"
71 "usb_storage"
72 "sd_mod"
73 "rtsx_pci_sdmmc"
74 ];
75
76 luks.devices = {
77 crypted1.device = "/dev/disk/by-uuid/796c4c65-22b9-40e2-a928-66d20d528330";
78 crypted2.device = "/dev/disk/by-uuid/7665834d-1f38-4c1e-9b44-449ea8fc055c";
79 };
80 };
81
82 fileSystems = {
83 "/" = {
84 device = "/dev/disk/by-uuid/e88969b5-98a0-4d46-a059-8e07ebf2689e";
85 fsType = "btrfs";
86 options = ["subvol=@" "compress=zstd" "noatime"];
87 };
88
89 "/home" = {
90 device = "/dev/disk/by-uuid/e88969b5-98a0-4d46-a059-8e07ebf2689e";
91 fsType = "btrfs";
92 options = ["subvol=@home" "compress=zstd" "noatime"];
93 };
94
95 "/home/.snapshots" = {
96 device = "/dev/disk/by-uuid/e88969b5-98a0-4d46-a059-8e07ebf2689e";
97 fsType = "btrfs";
98 options = ["subvol=.snapshots" "compress=zstd" "noatime"];
99 };
100
101 "/nix" = {
102 device = "/dev/disk/by-uuid/e88969b5-98a0-4d46-a059-8e07ebf2689e";
103 fsType = "btrfs";
104 options = ["subvol=@nix" "compress=zstd" "noatime"];
105 };
106
107 "/boot" = {
108 device = "/dev/disk/by-uuid/0CC3-3395";
109 fsType = "vfat";
110 options = ["fmask=0077" "dmask=0077"];
111 };
112
113 "/data" = {
114 device = "/dev/disk/by-uuid/e5cf35fa-55bc-499f-a39b-e844a442e0f0";
115 fsType = "btrfs";
116 options = ["subvol=@data" "compress=zstd" "noatime"];
117 };
118 };
119
120 # samba for ps2 opl
121 services.samba = {
122 enable = true;
123 openFirewall = true;
124 winbindd.enable = false;
125 nmbd.enable = false;
126 settings = {
127 global = {
128 "workgroup" = "WORKGROUP";
129 "server string" = "smbnix";
130 "netbios name" = "smbnix";
131 "security" = "user";
132
133 "bind interfaces only" = "yes";
134 "interfaces" = "lo enp2s0f1";
135
136 "client min protocol" = "CORE";
137 "client max protocol" = "NT1";
138 "server max protocol" = "SMB3";
139 "server min protocol" = "LANMAN1";
140 "strict sync" = "no";
141 "keepalive" = "0";
142
143 "getwd cache" = "yes";
144 "large readwrite" = "yes";
145 "aio read size" = "0";
146 "aio write size" = "0";
147 "strict locking" = "no";
148 "strict allocate" = "no";
149 "read raw" = "no";
150 "write raw" = "no";
151
152 "server signing" = "disabled";
153 "smb encrypt" = "disabled";
154 "socket options" = "TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE";
155
156 "load printers" = "no";
157 "disable spoolss" = "yes";
158
159 "map to guest" = "bad user";
160
161 "available" = "yes";
162 "create mask" = "0777";
163 "directory mask" = "0777";
164 "force user" = "ayla";
165 "force group" = "users";
166 };
167 "PS2SMB" = {
168 "comment" = "PS2 SMB";
169 "path" = "/data/PS2SMB";
170 "browseable" = "yes";
171 "read only" = "no";
172 "guest ok" = "yes";
173 "public" = "yes";
174 "strict sync" = "no";
175 };
176 };
177 };
178}