hosts/focalor/default.nix at main · nekomimi.pet/nixcfg

nekomimi.pet / nixcfg
my nix configs for my servers and desktop
nixcfg / hosts / focalor / default.nix
at main 5.4 kB view raw
  1# hosts/focalor/configuration.nix (or default.nix)
  2{ config, lib, system, pkgs, modulesPath, inputs, ... }:
  3{
  4  # =============================================================================
  5  # IMPORTS
  6  # =============================================================================
  7  imports = [
  8    # Host-specific hardware
  9    ./hardware.nix
 10    ./secrets.nix
 11    ./vfio.nix
 12    
 13    # Common modules shared across hosts
 14    ../../common/system.nix
 15    ../../common/users.nix
 16    ../../common/services.nix
 17    ../../common/efi.nix
 18    ../../common/bluetooth.nix
 19    
 20    # Desktop modules
 21    ../../common/desktop/core.nix
 22    ../../common/desktop/sway.nix
 23    ../../common/desktop/vnc.nix
 24    
 25    # Hardware-specific
 26    ../../common/nvidia.nix
 27    
 28    # Common secrets
 29    ../../host-secrets.nix
 30  ];
 31
 32  services.syncthing = {
 33    enable = true;
 34    openDefaultPorts = true;
 35    user = "regent";
 36    dataDir = "/home/regent";
 37    configDir = "/home/regent/.config/syncthing";
 38  };
 39
 40  # =============================================================================
 41  # SYSTEM CONFIGURATION
 42  # =============================================================================
 43  system.stateVersion = "25.05";
 44  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 45  
 46  # Cross-compilation support
 47  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 48  nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems;
 49
 50  # =============================================================================
 51  # NETWORKING
 52  # =============================================================================
 53  networking = {
 54    hostName = "focalor";
 55    hostId = "84bdc587";
 56    firewall.enable = false;
 57    firewall.trustedInterfaces = [ "tailscale0" ];
 58    nameservers = [ "10.0.0.210" "1.1.1.1" ];
 59  };
 60
 61  # Systemd networking with bridge
 62  systemd.network = {
 63    enable = true;
 64    
 65    netdevs."br0" = {
 66      netdevConfig = {
 67        Name = "br0";
 68        Kind = "bridge";
 69      };
 70    };
 71    
 72    networks = {
 73      "10-lan" = {
 74        matchConfig.Name = ["enp5s0" "vm-*"];
 75        networkConfig = {
 76          Bridge = "br0";
 77        };
 78      };
 79      
 80      "10-lan-bridge" = {
 81        matchConfig.Name = "br0";
 82        networkConfig = {
 83          Address = ["10.0.0.34/24" "2601:5c2:8400:26c0:aaa1:59ff:fe94:5aba/64"];
 84          Gateway = "10.0.0.1";
 85          DNS = ["10.0.0.210" "1.1.1.1"];
 86          IPv6AcceptRA = true;
 87        };
 88        linkConfig.RequiredForOnline = "routable";
 89      };
 90    };
 91  };
 92
 93  # DNS resolution
 94  services.resolved = {
 95    enable = true;
 96    dnssec = "true";
 97    domains = [ "~." ];
 98    fallbackDns = [ "10.0.0.210" "1.0.0.1#one.one.one.one" ];
 99    dnsovertls = "true";
100  };
101
102  # =============================================================================
103  # FILESYSTEM & STORAGE
104  # =============================================================================
105  boot.supportedFilesystems = [ "nfs" ];
106  
107  /*fileSystems."/mnt/storage" = {
108    device = "valefar:/storage";
109    fsType = "nfs";
110  };*/
111
112  # =============================================================================
113  # SERVICES
114  # =============================================================================
115  services.vscode-server = {
116    enable = true;
117    nodejsPackage = pkgs.nodejs_20;
118  };
119
120  # =============================================================================
121  # PROGRAMS & APPLICATIONS
122  # =============================================================================
123  programs.steam.enable = true;
124  
125  programs.obs-studio = {
126    enable = true;
127    enableVirtualCamera = true;
128    plugins = with pkgs.obs-studio-plugins; [
129      droidcam-obs
130    ];
131  };
132
133  # =============================================================================
134  # VIRTUALIZATION
135  # =============================================================================
136  virtualisation.docker = {
137    enable = true;
138    enableOnBoot = true;
139  };
140
141  # =============================================================================
142  # DESKTOP ENVIRONMENT
143  # =============================================================================
144  # Vulkan renderer for Wayland
145  environment.sessionVariables.WLR_RENDERER = "vulkan";
146  
147  # XDG Portals
148  xdg.portal = {
149    enable = true;
150    wlr.enable = true;
151    extraPortals = with pkgs; [
152      xdg-desktop-portal-gtk
153      xdg-desktop-portal-gnome
154    ];
155  };
156
157  # =============================================================================
158  # PACKAGES
159  # =============================================================================
160  environment.systemPackages = with pkgs; [
161    inputs.agenix.packages.x86_64-linux.default
162    prismlauncher
163    temurin-bin
164    signal-desktop
165  ];
166
167  # =============================================================================
168  # COMMENTED OUT / DISABLED
169  # =============================================================================
170  # ZFS support (disabled for this host)
171  # boot.supportedFilesystems = [ "zfs" ];
172  # boot.kernelModules = [ "nct6775" "coretemp" ];
173  # services.zfs.autoScrub.enable = true;
174  # services.zfs.trim.enable = true;
175  
176  # Additional packages (commented out)
177  # lm_sensors
178  # code-server
179  
180  # DHCP (disabled in favor of systemd-networkd)
181  networking.useDHCP = false;
182  # firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002];
183}