{ self, pkgs, config, lib, inputs, machine, ... }: { imports = [ ./storage.nix ./backups.nix ./networking ./data-sharing.nix ./monitoring ./k3s ./tailscale.nix machine.nixosModule inputs.disko.nixosModules.disko inputs.sops-nix.nixosModules.sops inputs.nix-snapshotter.nixosModules.nix-snapshotter ] ++ lib.lists.optional (machine.isRaspberryPi) inputs.nixos-hardware.nixosModules.raspberry-pi-4; config = { time.timeZone = "Europe/Amsterdam"; hardware.cpu.intel.updateMicrocode = lib.mkIf (! machine.isRaspberryPi) config.hardware.enableRedistributableFirmware; nixpkgs = { config.allowUnfree = true; overlays = [ (final: _prev: { unstable = import inputs.nixpkgs-unstable { system = machine.arch; }; }) ]; }; i18n = { defaultLocale = "en_US.UTF-8"; extraLocaleSettings = let extraLocale = "nl_NL.UTF-8"; in { LC_ADDRESS = extraLocale; LC_IDENTIFICATION = extraLocale; LC_MEASUREMENT = extraLocale; LC_MONETARY = extraLocale; LC_NAME = extraLocale; LC_NUMERIC = extraLocale; LC_PAPER = extraLocale; LC_TELEPHONE = extraLocale; LC_TIME = extraLocale; }; }; services = { openssh = { enable = true; openFirewall = true; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; GSSAPIAuthentication = false; UseDns = false; }; }; }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop" ]; programs.neovim = { enable = true; vimAlias = true; viAlias = true; }; environment.systemPackages = with pkgs; [ wget git btop htop ripgrep dig tree file tcpdump lsof parted radvd minicom socat pciutils dmidecode openssl nfs-utils rsync fio libva-utils jq tmux fastfetch ]; boot = lib.mkIf (! machine.isRaspberryPi) { kernelModules = ["kvm-intel"]; extraModulePackages = []; kernel.sysctl."fs.inotify.max_user_instances" = 256; initrd = { kernelModules = []; availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; }; loader = { systemd-boot.enable = lib.mkDefault true; efi.canTouchEfiVariables = true; }; }; nix = { package = pkgs.nixFlakes; extraOptions = '' experimental-features = nix-command flakes ''; gc = { automatic = true; persistent = true; dates = "weekly"; options = "--delete-older-than 7d"; }; }; system = { stateVersion = "23.05"; activationScripts.diff = '' if [[ -e /run/current-system ]]; then ${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig" fi ''; }; sops = { age.keyFile = "/root/.config/sops/age/keys.txt"; defaultSopsFile = "${self}/secrets/nixos.yaml"; }; }; }