{ config, pkgs, lib, nix-xilinx, sops-nix, system, nvim, zremap, ... }: { imports = []; system.stateVersion = "23.05"; system.autoUpgrade.enable = false; sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; sops.secrets."peerix/private" = { sopsFile = ./secrets/peerix.yaml; mode = "0400"; owner = config.users.users.nobody.name; group = config.users.users.nobody.group; }; sops.secrets."wg_privkey" = { sopsFile = ./secrets/wg_privkey.yaml; }; sops.secrets."borgbase_enc_key" = { sopsFile = ./secrets/borgbase_enc_key.yaml; owner = config.users.users.akill.name; }; sops.secrets."borgbase_ssh_key" = { sopsFile = ./secrets/borgbase_ssh_key.yaml; owner = config.users.users.akill.name; }; nix = { optimise.automatic = true; gc.automatic = true; gc.options = "--delete-older-than 7d"; package = pkgs.nixUnstable; settings = { sandbox = true; experimental-features = ["nix-command" "flakes"]; }; }; boot = { extraModulePackages = with config.boot.kernelPackages; [usbip v4l2loopback]; initrd.compressor = "zstd"; initrd.kernelModules = ["amdgpu"]; binfmt.emulatedSystems = ["wasm32-wasi" "x86_64-windows"]; kernelPackages = pkgs.linuxPackages_latest; kernelParams = ["psmouse.synaptics_intertouch=0" "mem_sleep_default=deep"]; kernel.sysctl = { "net.core.default_qdisc" = "fq"; "net.ipv4.tcp_congestion_control" = "bbr"; }; loader.efi.canTouchEfiVariables = true; loader.systemd-boot = { editor = false; enable = true; memtest86.enable = true; }; readOnlyNixStore = true; supportedFilesystems = ["btrfs" "nfs"]; tmp.useTmpfs = true; }; security = { rtkit.enable = true; allowSimultaneousMultithreading = true; sudo.enable = true; doas.enable = true; doas.extraRules = [ { users = ["akill"]; keepEnv = true; persist = true; } ]; }; powerManagement = { enable = true; }; networking = { firewall = { enable = true; allowedTCPPorts = [80 443 51820]; }; hostName = "nixy"; nameservers = ["127.0.0.1" "::1"]; dhcpcd.extraConfig = "nohook resolv.conf"; extraHosts = '' 192.168.88.171 jellyfin.mediabox.lan 192.168.88.171 jellyseerr.mediabox.lan 192.168.88.171 mediabox.lan 192.168.88.171 qbittorrent.mediabox.lan 192.168.88.1 router.lan 192.168.88.231 workstation.lan 192.168.88.121 ender.lan ''; networkmanager = { enable = true; dns = "none"; wifi.backend = "iwd"; }; wireless.iwd = { enable = true; settings = { General = { AddressRandomization = "network"; #EnableNetworkConfiguration = true; }; }; }; wireguard.interfaces = { wg0 = { ips = ["10.100.0.6/24"]; listenPort = 51820; privateKeyFile = config.sops.secrets."wg_privkey".path; peers = [ { publicKey = builtins.readFile ../magpie/wg_pubkey; allowedIPs = ["10.100.0.1"]; endpoint = "5.75.229.224:51820"; persistentKeepalive = 25; } ]; }; }; }; time.timeZone = "Europe/Sarajevo"; nixpkgs.config.allowUnfree = true; nixpkgs.overlays = [nix-xilinx.overlay nvim.overlays.${system}.overlay]; environment = { extraInit = '' unset -v SSH_ASKPASS ''; homeBinInPath = true; variables = { PATH = "$HOME/.cargo/bin"; }; }; programs = { gnupg.agent = { enable = true; enableSSHSupport = true; }; zsh.enable = true; firejail.enable = true; adb.enable = true; wireshark.enable = true; sway.enable = true; }; # List services that you want to enable: systemd = { services = { "zremap" = { description = "Intercepts keyboard udev events"; wants = ["systemd-udevd.service"]; wantedBy = ["multi-user.target"]; serviceConfig.Nice = -20; script = '' sleep 1 ${zremap.defaultPackage.${system}}/bin/zremap \ /dev/input/by-path/platform-i8042-serio-0-event-kbd ''; }; }; extraConfig = '' DefaultTimeoutStartSec=30s DefaultTimeoutStopSec=30s ''; }; services = { acpid.enable = true; btrfs.autoScrub.enable = true; dbus.enable = true; fstrim.enable = true; fwupd.enable = true; ntp.enable = true; openssh.enable = true; printing.enable = true; rpcbind.enable = true; pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; xserver = { enable = true; dpi = 144; libinput.enable = true; desktopManager.xterm.enable = false; displayManager = { lightdm.enable = false; startx.enable = true; defaultSession = "none+i3"; }; windowManager.i3.enable = false; }; udev = { packages = [pkgs.rtl-sdr pkgs.openhantek6022 pkgs.openocd]; extraRules = '' #Xilinx FTDI ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666" #Xilinx Digilent ATTR{idVendor}=="1443", MODE:="666" ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Digilent", MODE:="666" #Arduino UNO r4 SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", MODE:="0666" ''; }; tlp = { enable = true; }; batteryNotifier = { enable = true; notifyCapacity = 20; suspendCapacity = 10; }; actkbd = { enable = true; bindings = [ { keys = [113]; events = ["key"]; command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master toggle'"; } { keys = [114]; events = ["key" "rep"]; command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%- unmute'"; } { keys = [115]; events = ["key" "rep"]; command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%+ unmute'"; } { keys = [224]; events = ["key"]; command = "${pkgs.light}/bin/light -U 5"; } { keys = [225]; events = ["key"]; command = "${pkgs.light}/bin/light -A 5"; } ]; }; dnscrypt-proxy2 = { enable = true; settings = { ipv6_servers = true; require_dnssec = true; sources.public-resolvers = { urls = [ "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" ]; cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md"; minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; }; }; }; borgbackup.jobs."borgbase" = let user = config.users.users.akill; home = user.home; in { user = user.name; paths = [ (home + "/pic/priv") (home + "/pproj") (home + "/videos/priv") ]; exclude = [ "**/.ccls_cache" "**/*.d" "**/*.map" "**/*.o" "**/zig-cache" "**/zig-out" ]; repo = "ssh://oda929rv@oda929rv.repo.borgbase.com/./repo"; encryption = { mode = "repokey-blake2"; passCommand = "${pkgs.coreutils-full}/bin/cat ${config.sops.secrets."borgbase_enc_key".path}"; }; environment.BORG_RSH = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borgbase_ssh_key".path}"; compression = "auto,zstd"; startAt = "daily"; }; nix-serve = { enable = false; secretKeyFile = "/var/cache-priv-key.pem"; }; journald.extraConfig = '' SystemMaxUse=50M ''; logind.extraConfig = '' KillUserProcesses=yes ''; }; fonts = { fontconfig = { cache32Bit = true; allowBitmaps = true; useEmbeddedBitmaps = true; defaultFonts = { monospace = ["JetBrainsMono"]; }; }; packages = with pkgs; [ dejavu_fonts dina-font fira-code fira-code-symbols font-awesome font-awesome_4 inconsolata iosevka jetbrains-mono liberation_ttf noto-fonts noto-fonts-cjk noto-fonts-emoji proggyfonts siji terminus_font terminus_font_ttf ubuntu_font_family ]; }; virtualisation = { containers.storage.settings = { storage = { driver = "btrfs"; graphroot = "/var/lib/containers/storage"; runroot = "/run/containers/storage"; }; }; podman = { enable = true; autoPrune.enable = true; dockerCompat = true; }; }; sound.enable = true; hardware = { bluetooth = { enable = true; settings = { General = { Enable = "Source,Sink,Media,Socket"; }; }; }; opengl = { enable = true; driSupport = true; driSupport32Bit = true; extraPackages = with pkgs; []; }; }; zramSwap = { enable = false; algorithm = "zstd"; }; users.users.akill = { isNormalUser = true; shell = pkgs.zsh; extraGroups = ["wireshark" "kvm" "tty" "audio" "sound" "adbusers" "dialout" "wheel"]; }; }