hosts/focalor/default.nix at 8cd6aa6afe6414224d309d93b3d2b8f514d7842d · nekomimi.pet/nixcfg

nekomimi.pet / nixcfg
my nix configs for my servers and desktop
nixcfg / hosts / focalor / default.nix
at 8cd6aa6afe6414224d309d93b3d2b8f514d7842d 2.8 kB view raw
  1# hosts/valefar/configuration.nix (or default.nix)
  2{ config, lib, system, pkgs, modulesPath, inputs, ... }:
  3
  4{
  5  imports = [
  6    # Host-specific hardware
  7    ./hardware.nix
  8    ./secrets.nix
  9    ./vfio.nix
 10    
 11    # Common modules shared across hosts
 12    ../../common/system.nix
 13    ../../common/users.nix
 14    ../../common/services.nix
 15    ../../common/efi.nix
 16
 17    # Desktop modules
 18    ../../common/desktop/core.nix
 19    ../../common/desktop/sway.nix
 20    ../../common/desktop/vnc.nix
 21
 22    # Nvidia
 23    ../../common/nvidia.nix
 24    
 25    # Common secrets
 26    #../../host-secrets.nix
 27  ];
 28
 29  system.stateVersion = "25.05";
 30
 31  # pin host platform & microcode
 32  nixpkgs.hostPlatform               = lib.mkDefault "x86_64-linux";
 33
 34  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 35
 36  networking.hostName = "focalor";
 37  networking.hostId = "84bdc587";
 38
 39  systemd.network = {
 40    enable = true;
 41    netdevs."br0" = {
 42      netdevConfig = {
 43        Name = "br0";
 44        Kind = "bridge";
 45      };
 46    };
 47    networks = {
 48      "10-lan" = {
 49        matchConfig.Name = ["enp5s0" "vm-*"];
 50        networkConfig = {
 51          Bridge = "br0";
 52        };
 53      };
 54      "10-lan-bridge" = {
 55        matchConfig.Name = "br0";
 56        networkConfig = {
 57          Address = ["10.0.0.34/24" "2601:5c2:8400:26c0:aaa1:59ff:fe94:5aba/64"];
 58          Gateway = "10.0.0.1";
 59          DNS = ["10.0.0.210" "1.1.1.1"];
 60          IPv6AcceptRA = true;
 61        };
 62        linkConfig.RequiredForOnline = "routable";
 63      };
 64    };
 65  };
 66
 67  /*networking = {
 68    firewall.enable = false;
 69    firewall.trustedInterfaces = [
 70	    "tailscale0"
 71    ];
 72    nameservers   = [ "10.0.0.210" "1.1.1.1" ];
 73    useDHCP       = true;
 74    firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 
 75  };*/
 76
 77  services.resolved = {
 78    enable      = true;
 79    dnssec      = "true";
 80    domains     = [ "~." ];
 81    fallbackDns = [ "10.0.0.210" "1.0.0.1#one.one.one.one" ];
 82    dnsovertls  = "true";
 83  };
 84  
 85  #boot.supportedFilesystems = [ "zfs" ];
 86  #boot.kernelModules = [ "nct6775" "coretemp" ];
 87
 88  #services.zfs.autoScrub.enable = true;
 89  #services.zfs.trim.enable = true;
 90  
 91  services.vscode-server.enable = true;
 92  services.vscode-server.nodejsPackage = pkgs.nodejs_20;
 93
 94  environment.systemPackages = with pkgs; [
 95    #lm_sensors
 96    #code-server
 97    inputs.agenix.packages.x86_64-linux.default
 98  ];
 99
100  environment.sessionVariables.WLR_RENDERER = "vulkan";
101
102  virtualisation.docker = {
103    enable = true;
104    enableOnBoot = true;
105    package = pkgs.docker.override {
106      buildGoModule = pkgs.buildGo123Module;
107    };
108  };
109
110  xdg.portal = {
111    enable = true;
112    wlr.enable = true;
113    extraPortals = with pkgs; [
114      xdg-desktop-portal-gtk
115      xdg-desktop-portal-gnome
116    ];
117  };
118}