{ config , nvim , pkgs , system , zremap , ... }: let USER = "akill"; in { imports = [ ]; system.stateVersion = "23.05"; system.autoUpgrade.enable = false; system.switch = { enable = true; enableNg = true; }; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.secrets."peerix/private" = { sopsFile = ./secrets/peerix.yaml; mode = "0400"; owner = config.users.users.nobody.name; group = config.users.users.nobody.group; }; sops.secrets."wg_privkey" = { sopsFile = ./secrets/wg_privkey.yaml; }; sops.secrets."wg_preshared/mediabox" = { sopsFile = ../common/secrets/wg_preshared.yaml; }; nix = { optimise.automatic = true; gc.automatic = true; gc.options = "--delete-older-than 7d"; package = pkgs.nixVersions.latest; settings = { experimental-features = [ "nix-command" "flakes" ]; }; }; boot = { initrd = { compressor = "zstd"; availableKernelModules = [ "e1000e" ]; network = { enable = true; udhcpc.enable = true; ssh = { enable = true; hostKeys = [ /etc/ssh_dummy_ed25519_key ]; authorizedKeys = [ (builtins.readFile ../nixy/ssh_pubkey) ]; }; }; }; kernelModules = [ "acpi_call" ]; kernelPackages = pkgs.linuxPackages_latest; kernelParams = [ "msr.allow_writes=on" ]; kernel.sysctl = { "net.core.default_qdisc" = "fq"; "net.ipv4.tcp_congestion_control" = "bbr"; }; loader.systemd-boot = { editor = false; enable = true; memtest86.enable = true; }; readOnlyNixStore = true; supportedFilesystems = [ "btrfs" ]; tmp.useTmpfs = true; }; security = { rtkit.enable = true; allowSimultaneousMultithreading = true; sudo.enable = true; doas.enable = true; doas.extraRules = [ { users = [ USER ]; keepEnv = true; persist = true; } ]; }; powerManagement = { enable = true; }; networking = { nftables.enable = true; firewall = { enable = true; allowedTCPPorts = [ 80 443 51820 8020 ]; }; hostName = "mediabox"; interfaces.enp0s25.useDHCP = true; interfaces.wlp3s0.useDHCP = false; useDHCP = false; wireless.enable = false; wireless.interfaces = [ "wlp3s0" ]; nameservers = [ "127.0.0.1" "::1" ]; dhcpcd.extraConfig = "nohook resolv.conf"; extraHosts = '' 192.168.1.173 nixy.lan 192.168.88.171 jellyfin.mediabox.lan 192.168.88.171 jellyseerr.mediabox.lan 192.168.88.171 mediabox.lan 192.168.88.171 qbittorrent.mediabox.lan 192.168.88.1 router.lan 192.168.88.231 workstation.lan 192.168.88.121 ender.lan ''; wireguard.interfaces = { wg0 = { ips = [ "10.100.0.5/24" ]; privateKeyFile = config.sops.secrets."wg_privkey".path; peers = [ { publicKey = builtins.readFile ../magpie/wg_pubkey; presharedKeyFile = config.sops.secrets."wg_preshared/mediabox".path; allowedIPs = [ "10.100.0.0/24" ]; endpoint = "5.75.229.224:51820"; persistentKeepalive = 25; } ]; }; }; }; time.timeZone = "Europe/Sarajevo"; nixpkgs.config.allowUnfree = true; nixpkgs.overlays = [ nvim.overlays.${system}.overlay ]; environment = { homeBinInPath = true; variables = { PATH = "$HOME/.cargo/bin"; }; }; programs = { steam = { enable = true; remotePlay.openFirewall = true; dedicatedServer.openFirewall = false; localNetworkGameTransfers.openFirewall = true; }; gnupg.agent = { enable = true; enableSSHSupport = true; }; appimage = { enable = true; binfmt = true; }; nix-ld = { enable = false; libraries = with pkgs; [ stdenv.cc.cc.lib zlib ]; }; zsh.enable = true; firejail.enable = true; }; # List services that you want to enable: systemd = { services = { "zremap@" = { enable = true; restartIfChanged = true; serviceConfig.Nice = -20; unitConfig = { Description = "zremap on %I"; ConditionPathExists = "%I"; }; serviceConfig = { Type = "simple"; ExecStart = "${zremap.defaultPackage.${system}}/bin/zremap %I"; }; }; "wakeonlan" = { description = "Reenable wake on lan every boot"; after = [ "network.target" ]; serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.ethtool}/sbin/ethtool -s enp0s25 wol m"; }; wantedBy = [ "default.target" "suspend.target" "shutdown.target" ]; }; }; coredump.enable = false; extraConfig = '' DefaultTimeoutStartSec=30s DefaultTimeoutStopSec=30s ''; }; services = { acpid.enable = true; btrfs.autoScrub.enable = true; dbus.enable = true; dbus.implementation = "broker"; envfs.enable = true; fstrim.enable = true; fwupd.enable = true; ntp.enable = true; openssh.enable = true; thinkfan.enable = false; xrdp = { enable = true; defaultWindowManager = "icewm"; openFirewall = true; }; logind = { lidSwitch = "ignore"; }; jellyfin = { enable = false; user = "akill"; openFirewall = true; }; jellyseerr = { enable = false; openFirewall = true; }; pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; avahi = { enable = false; nssmdns4 = false; openFirewall = true; }; libinput.enable = true; xserver = { enable = true; dpi = 144; desktopManager.xterm.enable = false; desktopManager.plasma5.bigscreen.enable = true; #desktopManager.plasma6.enable = true; displayManager = { lightdm.enable = false; startx.enable = true; sddm.enable = true; sddm.wayland.enable = true; }; windowManager.i3.enable = false; }; udev = { packages = [ ]; extraRules = '' #zremap on new keyboard ACTION=="add", SUBSYSTEM=="input", ATTRS{phys}!="", KERNEL=="event[0-9]*", ENV{ID_INPUT_KEY}=="1", ENV{ID_INPUT_KEYBOARD}=="1", TAG+="systemd", ENV{SYSTEMD_WANTS}+="zremap@$env{DEVNAME}.service" ''; }; tlp = { enable = false; }; batteryNotifier = { enable = false; notifyCapacity = 20; suspendCapacity = 10; }; actkbd = { enable = true; bindings = [ { keys = [ 115 ]; events = [ "key" ]; command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"; } { keys = [ 114 ]; events = [ "key" "rep" ]; command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"; } { keys = [ 113 ]; events = [ "key" "rep" ]; command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; } { keys = [ 224 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -U 5"; } { keys = [ 225 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -A 5"; } ]; }; dnscrypt-proxy2 = { enable = true; settings = { ipv6_servers = true; require_dnssec = true; require_nolog = true; require_nofilter = true; http3 = true; sources.public-resolvers = { urls = [ "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" ]; cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md"; minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; }; }; }; journald.extraConfig = '' SystemMaxUse=50M ''; logind.extraConfig = '' KillUserProcesses=yes ''; }; fonts = { fontconfig = { cache32Bit = true; allowBitmaps = true; useEmbeddedBitmaps = true; defaultFonts = { monospace = [ "JetBrainsMono" ]; }; }; packages = with pkgs; [ dejavu_fonts dina-font fira-code fira-code-symbols font-awesome_6 inconsolata iosevka jetbrains-mono liberation_ttf libertine noto-fonts noto-fonts-cjk-sans noto-fonts-color-emoji noto-fonts-emoji proggyfonts siji terminus_font terminus_font_ttf ubuntu_font_family vistafonts ]; }; virtualisation = { podman = { enable = false; autoPrune.enable = true; dockerCompat = true; }; }; hardware = { bluetooth = { enable = true; settings = { General = { Enable = "Source,Sink,Media,Socket"; }; }; }; graphics = { enable = true; extraPackages = [ ]; }; }; zramSwap = { enable = false; algorithm = "zstd"; }; users.users.${USER} = { isNormalUser = true; shell = pkgs.zsh; extraGroups = [ "wheel" "tty" "audio" "sound" ]; openssh.authorizedKeys.keys = [ (builtins.readFile ../nixy/ssh_pubkey) ]; }; users.users.ado = { isNormalUser = true; shell = pkgs.zsh; extraGroups = [ "wheel" "tty" "audio" "sound" ]; }; users.users.mediauser = { isNormalUser = true; shell = pkgs.bash; extraGroups = [ ]; }; }