{ pkgs, config, lib, inputs, flake, system, ... }: { imports = [ inputs.stylix.nixosModules.stylix inputs.home-manager.nixosModules.home-manager inputs.sops-nix.nixosModules.sops "${flake}/modules/nixos/lanzaboote.nix" "${flake}/modules/tidal.nix" ]; time.timeZone = "Europe/Amsterdam"; i18n.defaultLocale = "en_US.UTF-8"; programs.ssh.startAgent = true; services = { gnome.gnome-keyring.enable = lib.mkForce false; tailscale = { enable = true; useRoutingFeatures = "client"; }; xserver = { enable = true; displayManager.gdm = { enable = true; }; desktopManager.gnome.enable = true; excludePackages = with pkgs; [ xterm ]; }; printing = { enable = true; drivers = [ pkgs.hplip pkgs.gutenprint ]; }; pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; }; }; users = { users.pim = { isNormalUser = true; extraGroups = [ "wheel" "docker" "input" "wireshark" "dialout" ]; }; }; environment = { # https://nix-community.github.io/home-manager/options.xhtml#opt-programs.zsh.enableCompletion pathsToLink = [ "/share/zsh" ]; systemPackages = (with pkgs; [ age borgbackup btop btrfs-progs curl dig exfat f3 fastfetch file git gnome.gnome-shell-extensions jq kubectl nmap poppler_utils # For pdfunite ripgrep sbctl silicon sops tree units vim wget yq ncdu lshw ]) ++ (with pkgs.gnomeExtensions; [ pop-shell window-is-ready-remover random-wallpaper workspaces-indicator-by-open-apps tailscale-status ]); gnome.excludePackages = (with pkgs; [ epiphany gnome-connections gnome-console gnome-tour ]) ++ (with pkgs.gnome; [ geary gnome-calendar gnome-clocks gnome-contacts gnome-font-viewer gnome-logs gnome-maps gnome-music seahorse totem yelp gnome-weather ]); }; system = { stateVersion = "23.05"; activationScripts.diff = '' if [[ -e /run/current-system ]]; then ${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig" fi ''; }; security = { rtkit.enable = true; sudo.extraConfig = '' Defaults timestamp_timeout=30 ''; }; nix = { package = pkgs.nixFlakes; settings.trusted-users = [ "root" "pim" ]; extraOptions = '' experimental-features = nix-command flakes ''; gc = { automatic = true; persistent = true; dates = "weekly"; options = "--delete-older-than 7d"; }; }; networking = { useDHCP = lib.mkDefault true; networkmanager.unmanaged = [ "tailscale0" ]; wg-quick.interfaces = { home = { privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path; address = [ "10.225.191.4/24" ]; dns = [ "192.168.30.131" ]; autostart = false; mtu = 1412; peers = [{ presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path; endpoint = "wg.kun.is:51820"; publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg="; allowedIPs = [ "0.0.0.0/0" ]; }]; }; home-no-pihole = { privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path; address = [ "10.225.191.4/24" ]; dns = [ "192.168.10.1" ]; autostart = false; mtu = 1412; peers = [{ presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path; endpoint = "wg.kun.is:51820"; publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg="; allowedIPs = [ "0.0.0.0/0" ]; }]; }; }; }; virtualisation.docker = { enable = true; rootless = { enable = true; setSocketVariable = true; }; }; nixpkgs = { hostPlatform = lib.mkDefault "x86_64-linux"; config = { allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "vmware-horizon-client" "libfprint-2-tod1-goodix" "vmware-workstation" "ipu6-camera-bins-unstable" "ipu6-camera-bins" "ivsc-firmware-unstable" "ivsc-firmware" ]; }; overlays = [ inputs.nur.overlay (final: _prev: { unstable = import inputs.nixpkgs-unstable { inherit system; config.allowUnfree = true; }; }) ]; }; boot = { kernelModules = [ "kvm-intel" "cdrom" ]; extraModulePackages = [ ]; initrd = { availableKernelModules = [ "sd_mod" ]; kernelModules = [ ]; }; kernel.sysctl = { "net.core.default_qdisc" = "fq"; "net.ipv4.tcp_congestion_control" = "bbr"; }; }; hardware = { cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; pulseaudio.enable = false; }; stylix = { enable = true; base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml"; image = "${inputs.nixos-artwork}/wallpapers/nix-wallpaper-binary-blue.png"; cursor = { package = pkgs.bibata-cursors; name = "Bibata-Modern-Classic"; size = 28; }; fonts = { monospace = { package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; }; name = "JetBrainsMono Nerd Font Mono"; }; sansSerif = { package = pkgs.dejavu_fonts; name = "DejaVu Sans"; }; serif = { package = pkgs.dejavu_fonts; name = "DejaVu Serif"; }; }; }; home-manager = { useGlobalPkgs = true; useUserPackages = true; extraSpecialArgs = { inherit flake inputs; }; users.pim.imports = [ ./home.nix ]; }; sops = { age.keyFile = "/home/pim/.config/sops/age/keys.txt"; defaultSopsFile = ./secrets/secrets.yaml; secrets = { "wireguard/home/presharedKey" = { }; "wireguard/home/privateKey" = { }; }; }; }