hosts/focalor/default.nix at 2ba4eea37f7cffd0ba2b0ff3ed7bc1ebdf479630 · nekomimi.pet/nixcfg

nekomimi.pet / nixcfg
my nix configs for my servers and desktop
nixcfg / hosts / focalor / default.nix
at 2ba4eea37f7cffd0ba2b0ff3ed7bc1ebdf479630 5.2 kB view raw
  1# hosts/focalor/configuration.nix (or default.nix)
  2{ config, lib, system, pkgs, modulesPath, inputs, ... }:
  3{
  4  # =============================================================================
  5  # IMPORTS
  6  # =============================================================================
  7  imports = [
  8    # Host-specific hardware
  9    ./hardware.nix
 10    ./secrets.nix
 11    ./vfio.nix
 12    
 13    # Common modules shared across hosts
 14    ../../common/system.nix
 15    ../../common/users.nix
 16    ../../common/services.nix
 17    ../../common/efi.nix
 18    ../../common/bluetooth.nix
 19    
 20    # Desktop modules
 21    ../../common/desktop/core.nix
 22    ../../common/desktop/sway.nix
 23    ../../common/desktop/vnc.nix
 24    
 25    # Hardware-specific
 26    ../../common/nvidia.nix
 27    
 28    # Common secrets (commented out)
 29    # ../../host-secrets.nix
 30  ];
 31
 32  # =============================================================================
 33  # SYSTEM CONFIGURATION
 34  # =============================================================================
 35  system.stateVersion = "25.05";
 36  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 37  
 38  # Cross-compilation support
 39  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 40  nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems;
 41
 42  # =============================================================================
 43  # NETWORKING
 44  # =============================================================================
 45  networking = {
 46    hostName = "focalor";
 47    hostId = "84bdc587";
 48    firewall.enable = false;
 49    firewall.trustedInterfaces = [ "tailscale0" ];
 50    nameservers = [ "10.0.0.210" "1.1.1.1" ];
 51  };
 52
 53  # Systemd networking with bridge
 54  systemd.network = {
 55    enable = true;
 56    
 57    netdevs."br0" = {
 58      netdevConfig = {
 59        Name = "br0";
 60        Kind = "bridge";
 61      };
 62    };
 63    
 64    networks = {
 65      "10-lan" = {
 66        matchConfig.Name = ["enp5s0" "vm-*"];
 67        networkConfig = {
 68          Bridge = "br0";
 69        };
 70      };
 71      
 72      "10-lan-bridge" = {
 73        matchConfig.Name = "br0";
 74        networkConfig = {
 75          Address = ["10.0.0.34/24" "2601:5c2:8400:26c0:aaa1:59ff:fe94:5aba/64"];
 76          Gateway = "10.0.0.1";
 77          DNS = ["10.0.0.210" "1.1.1.1"];
 78          IPv6AcceptRA = true;
 79        };
 80        linkConfig.RequiredForOnline = "routable";
 81      };
 82    };
 83  };
 84
 85  # DNS resolution
 86  services.resolved = {
 87    enable = true;
 88    dnssec = "true";
 89    domains = [ "~." ];
 90    fallbackDns = [ "10.0.0.210" "1.0.0.1#one.one.one.one" ];
 91    dnsovertls = "true";
 92  };
 93
 94  # =============================================================================
 95  # FILESYSTEM & STORAGE
 96  # =============================================================================
 97  boot.supportedFilesystems = [ "nfs" ];
 98  
 99  fileSystems."/mnt/storage" = {
100    device = "valefar:/storage";
101    fsType = "nfs";
102  };
103
104  # =============================================================================
105  # SERVICES
106  # =============================================================================
107  services.vscode-server = {
108    enable = true;
109    nodejsPackage = pkgs.nodejs_20;
110  };
111
112  # =============================================================================
113  # PROGRAMS & APPLICATIONS
114  # =============================================================================
115  programs.steam.enable = true;
116  
117  programs.obs-studio = {
118    enable = true;
119    enableVirtualCamera = true;
120    plugins = with pkgs.obs-studio-plugins; [
121      droidcam-obs
122    ];
123  };
124
125  # =============================================================================
126  # VIRTUALIZATION
127  # =============================================================================
128  virtualisation.docker = {
129    enable = true;
130    enableOnBoot = true;
131    package = pkgs.docker.override {
132      buildGoModule = pkgs.buildGo123Module;
133    };
134  };
135
136  # =============================================================================
137  # DESKTOP ENVIRONMENT
138  # =============================================================================
139  # Vulkan renderer for Wayland
140  environment.sessionVariables.WLR_RENDERER = "vulkan";
141  
142  # XDG Portals
143  xdg.portal = {
144    enable = true;
145    wlr.enable = true;
146    extraPortals = with pkgs; [
147      xdg-desktop-portal-gtk
148      xdg-desktop-portal-gnome
149    ];
150  };
151
152  # =============================================================================
153  # PACKAGES
154  # =============================================================================
155  environment.systemPackages = with pkgs; [
156    inputs.agenix.packages.x86_64-linux.default
157  ];
158
159  # =============================================================================
160  # COMMENTED OUT / DISABLED
161  # =============================================================================
162  # ZFS support (disabled for this host)
163  # boot.supportedFilesystems = [ "zfs" ];
164  # boot.kernelModules = [ "nct6775" "coretemp" ];
165  # services.zfs.autoScrub.enable = true;
166  # services.zfs.trim.enable = true;
167  
168  # Additional packages (commented out)
169  # lm_sensors
170  # code-server
171  
172  # DHCP (disabled in favor of systemd-networkd)
173  # useDHCP = true;
174  # firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002];
175}