nekomimi.pet / nixcfg
my nix configs for my servers and desktop
fork atom
nixcfg / hosts / focalor / default.nix
at 6559e6f1c752d90cf3d1c059c85ea1ff73893d09 5.5 kB view raw
1# hosts/focalor/configuration.nix (or default.nix) 2{ config, lib, system, pkgs, modulesPath, inputs, ... }: 3{ 4 # ============================================================================= 5 # IMPORTS 6 # ============================================================================= 7 imports = [ 8 # Host-specific hardware 9 ./hardware.nix 10 ./secrets.nix 11 ./vfio.nix 12 13 # Common modules shared across hosts 14 ../../common/system.nix 15 ../../common/users.nix 16 ../../common/services.nix 17 ../../common/efi.nix 18 ../../common/bluetooth.nix 19 20 # Desktop modules 21 ../../common/desktop/core.nix 22 ../../common/desktop/sway.nix 23 ../../common/desktop/vnc.nix 24 25 # Hardware-specific 26 ../../common/nvidia.nix 27 28 # Common secrets 29 ../../host-secrets.nix 30 ]; 31 32 services.syncthing = { 33 enable = true; 34 openDefaultPorts = true; 35 user = "regent"; 36 dataDir = "/home/regent"; 37 configDir = "/home/regent/.config/syncthing"; 38 }; 39 40 # ============================================================================= 41 # SYSTEM CONFIGURATION 42 # ============================================================================= 43 system.stateVersion = "25.05"; 44 nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 45 46 # Cross-compilation support 47 boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; 48 nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems; 49 50 # ============================================================================= 51 # NETWORKING 52 # ============================================================================= 53 networking = { 54 hostName = "focalor"; 55 hostId = "84bdc587"; 56 firewall.enable = false; 57 firewall.trustedInterfaces = [ "tailscale0" ]; 58 nameservers = [ "10.0.0.210" "1.1.1.1" ]; 59 }; 60 61 # Systemd networking with bridge 62 systemd.network = { 63 enable = true; 64 65 netdevs."br0" = { 66 netdevConfig = { 67 Name = "br0"; 68 Kind = "bridge"; 69 }; 70 }; 71 72 networks = { 73 "10-lan" = { 74 matchConfig.Name = ["enp5s0" "vm-*"]; 75 networkConfig = { 76 Bridge = "br0"; 77 }; 78 }; 79 80 "10-lan-bridge" = { 81 matchConfig.Name = "br0"; 82 networkConfig = { 83 Address = ["10.0.0.34/24" "2601:5c2:8400:26c0:aaa1:59ff:fe94:5aba/64"]; 84 Gateway = "10.0.0.1"; 85 DNS = ["10.0.0.210" "1.1.1.1"]; 86 IPv6AcceptRA = true; 87 }; 88 linkConfig.RequiredForOnline = "routable"; 89 }; 90 }; 91 }; 92 93 # DNS resolution 94 services.resolved = { 95 enable = true; 96 dnssec = "true"; 97 domains = [ "~." ]; 98 fallbackDns = [ "10.0.0.210" "1.0.0.1#one.one.one.one" ]; 99 dnsovertls = "true"; 100 }; 101 102 # ============================================================================= 103 # FILESYSTEM & STORAGE 104 # ============================================================================= 105 boot.supportedFilesystems = [ "nfs" ]; 106 107 /*fileSystems."/mnt/storage" = { 108 device = "valefar:/storage"; 109 fsType = "nfs"; 110 };*/ 111 112 # ============================================================================= 113 # SERVICES 114 # ============================================================================= 115 services.vscode-server = { 116 enable = true; 117 nodejsPackage = pkgs.nodejs_20; 118 }; 119 120 # ============================================================================= 121 # PROGRAMS & APPLICATIONS 122 # ============================================================================= 123 programs.steam.enable = true; 124 125 programs.obs-studio = { 126 enable = true; 127 enableVirtualCamera = true; 128 plugins = with pkgs.obs-studio-plugins; [ 129 droidcam-obs 130 ]; 131 }; 132 133 # ============================================================================= 134 # VIRTUALIZATION 135 # ============================================================================= 136 virtualisation.docker = { 137 enable = true; 138 enableOnBoot = true; 139 package = pkgs.docker.override { 140 buildGoModule = pkgs.buildGo123Module; 141 }; 142 }; 143 144 # ============================================================================= 145 # DESKTOP ENVIRONMENT 146 # ============================================================================= 147 # Vulkan renderer for Wayland 148 environment.sessionVariables.WLR_RENDERER = "vulkan"; 149 150 # XDG Portals 151 xdg.portal = { 152 enable = true; 153 wlr.enable = true; 154 extraPortals = with pkgs; [ 155 xdg-desktop-portal-gtk 156 xdg-desktop-portal-gnome 157 ]; 158 }; 159 160 # ============================================================================= 161 # PACKAGES 162 # ============================================================================= 163 environment.systemPackages = with pkgs; [ 164 inputs.agenix.packages.x86_64-linux.default 165 prismlauncher 166 temurin-bin 167 signal-desktop 168 ]; 169 170 # ============================================================================= 171 # COMMENTED OUT / DISABLED 172 # ============================================================================= 173 # ZFS support (disabled for this host) 174 # boot.supportedFilesystems = [ "zfs" ]; 175 # boot.kernelModules = [ "nct6775" "coretemp" ]; 176 # services.zfs.autoScrub.enable = true; 177 # services.zfs.trim.enable = true; 178 179 # Additional packages (commented out) 180 # lm_sensors 181 # code-server 182 183 # DHCP (disabled in favor of systemd-networkd) 184 networking.useDHCP = false; 185 # firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 186}