{ config, pkgs, options, lib, ... }: let # Import home manager, set common boot paramaters homeManager = fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz"; commonKernelParams = [ # Nvidia GSP firmware "nouveau.config=NvGspRm=1" # VM/GPU passthrough "amd_iommu=on" "iommu=pt" "nested=1" # Virtualization nonsense "transparent_hugepage=never" # Isolate devices into IOMMU groups "pcie_acs_override=downstream,multifunction" "pci=routeirq" ]; in { # Import other nix files and firmware imports = [ ./hardware-configuration.nix ./jimbo.nix "${homeManager}/nixos" ]; # Allow unfree packages and accept packages from the Nix User Repos nixpkgs = { config = { allowUnfree = true; packageOverrides = pkgs: { unstable = import (builtins.fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz") { inherit pkgs; config.allowUnfree = true; }; nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") { inherit pkgs; }; }; }; # Package overlays/patches overlays = [ # MPV scripts (self: super: { mpv = super.mpv.override { scripts = with self.mpvScripts; [ mpris sponsorblock thumbnail ]; }; }) ]; }; # Allow flakes and enable garbage collection nix = { settings.experimental-features = [ "nix-command" "flakes" ]; gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 14d"; }; }; # Set all boot options boot = { # Set a kernel version and load/blacklist drivers kernelPackages = pkgs.unstable.linuxPackages_zen; blacklistedKernelModules = [ "pcspkr" ]; kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ]; initrd.kernelModules = [ "vfio" "vfio_pci" "vfio_iommu_type1" ]; kernel.sysctl."vm.max_map_count" = 2147483642; # Manage supported filesystems supportedFilesystems = { ntfs = true; zfs = lib.mkForce false; }; # Modprobe settings extraModprobeConfig = '' options hid_apple fnmode=2 ''; # Use the Systemd-Boot bootloader loader.systemd-boot = { enable = true; netbootxyz.enable = true; }; }; # Add a kernel entry to boot from the secondary GPU specialisation = { gputwo.configuration = { boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ]; }; }; # Allow binary firmware hardware.enableRedistributableFirmware = true; # Enable the Nouveau drivers services.xserver.videoDrivers = [ "nvidia" ]; hardware.nvidia = { modesetting.enable = true; nvidiaSettings = false; package = config.boot.kernelPackages.nvidiaPackages.beta; }; # Enable a permissioning system security = { sudo.enable = false; doas = { enable = true; extraRules = [ # Give wheel root access, allow persistant session { groups = [ "wheel" ]; keepEnv = true; persist = true; } ]; }; }; # Enable the ZSH shell programs.zsh.enable = true; # Disable Nano programs.nano.enable = false; # Timezone time.timeZone = "America/New_York"; # Define user accounts users.users.jimbo = { description = "Jimbo Awesome"; isNormalUser = true; hashedPassword = "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKC8Uqxb09V3msBgDv6lD/nETMYr/X0OgtpDo8ldcMK jimbo@JimDebianServer" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLe/HioxCOkszFQdm1vb3ZwuzLzsOThqHNvEI4IXeXZ JimPhone" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPeqiMCRXtpoP+BvKBmzvkL7oLKKCmbfdaQIF3yk/S8I jimbo@DV-JHAMPTON-NIXOS" ]; extraGroups = [ "wheel" "audio" "video" "input" "disk" "dialout" "networkmanager" "rtkit" "kvm" "libvirtd" "qemu-libvirtd" ]; uid = 1000; shell = pkgs.zsh; }; # Installed programs to the system profile. environment.systemPackages = with pkgs; [ # Essential system tools cifs-utils parted git # Printer control system-config-printer # Virtual machines virt-manager virtiofsd dnsmasq spice-vdagent looking-glass-client ]; # Disable the HTML documentation link documentation = { nixos.enable = false; info.enable = false; }; # Enable OpenGL hardware.opengl = { enable = true; driSupport = true; driSupport32Bit = true; extraPackages = with pkgs; [ vulkan-loader vulkan-validation-layers vulkan-extension-layer ]; }; # Enable Steam hardware and gamemode hardware.steam-hardware.enable = true; programs.gamemode.enable = true; # Networking settings networking = { # Set hostname hostName = "JimNixPC"; # Choose networking method dhcpcd.enable = true; wireless.enable = false; #networkmanager.enable = true; #enableB43Firmware = true; # Enable nftables over iptables nftables.enable = true; # Enable firewall firewall = { allowPing = false; extraInputRules = '' ip saddr 192.168.2.11 accept comment "Accept Server Connections" ''; }; # Set hostnames hosts = { "192.168.2.10" = [ "pc" ]; "192.168.2.11" = [ "server" ]; "172.16.0.2" = [ "vm" ]; }; # Set nameserver nameservers = [ "9.9.9.9" "1.1.1.1" ]; }; # Enable Bluetooth hardware.bluetooth = { enable = true; settings = { General.Experimental = "true"; Policy.AutoEnable = "true"; }; }; # Enable lingering for Bluetooth and allow Looking-Glass permissions systemd.tmpfiles.rules = [ "f /var/lib/systemd/linger/jimbo" "f /dev/shm/looking-glass 0660 jimbo libvirtd -" ]; # Make udev rules to make PDP controller and Oculus Rift CV1 work services.udev = let oculusRules = pkgs.writeTextFile { name = "10-oculus.rules"; text = '' KERNEL=="hidraw*", ATTRS{idVendor}=="0e6f", ATTRS{idProduct}=="0184", MODE="0660", TAG+="uaccess" ''; destination = "/etc/udev/rules.d/10-oculus.rules"; }; pdpRules = pkgs.writeTextFile { name = "10-pdp.rules"; text = '' SUBSYSTEM=="usb", ATTR{idVendor}=="2833", MODE="0666" ''; destination = "/etc/udev/rules.d/10-pdp.rules"; }; in { packages = [ oculusRules pdpRules ]; }; # Enable audio security.rtkit.enable = true; hardware.pulseaudio.enable = false; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; #jack.enable = true; }; # Fonts fonts = { packages = with pkgs; [ liberation_ttf twitter-color-emoji ubuntu_font_family noto-fonts sarasa-gothic orbitron (nerdfonts.override { fonts = [ "UbuntuMono" ]; }) ]; fontconfig.defaultFonts.emoji = [ "Twitter Color Emoji" ]; }; # Enable Dconf and some portals services.dbus.enable = true; programs.dconf.enable = true; programs.light.enable = true; security.pam.services.swaylock = {}; xdg.portal = { enable = true; config.common.default = "*"; wlr = { enable = true; settings = { screencast = { max_fps = 60; chooser_type = "simple"; chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or -B 00000066 -b 00000099"; }; }; }; extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; }; # Configure greetd for remote login services.greetd = { enable = true; restart = true; settings = { terminal = { vt = 2; switch = true; }; default_session = { command = "/home/jimbo/.config/sway/start.sh"; user = "jimbo"; }; }; }; # QT theming qt = { enable = true; style = "gtk2"; platformTheme = "gtk2"; }; # Enable printing services = { printing = { enable = true; drivers = with pkgs; [ hplip ]; webInterface = false; }; avahi = { enable = true; nssmdns4 = true; openFirewall = true; }; }; # Enable virtualization virtualisation = { libvirtd = { enable = true; onBoot = "ignore"; onShutdown = "shutdown"; qemu = { ovmf = { enable = true; packages = [ pkgs.OVMFFull.fd ]; }; swtpm.enable = true; }; }; spiceUSBRedirection.enable = true; }; # Enable SSH services.openssh = { enable = true; openFirewall = false; settings = { LogLevel = "VERBOSE"; PermitRootLogin = "no"; PrintLastLog = "no"; PasswordAuthentication = false; }; ports = [ 2211 ]; }; # Block SSH connections after numerous attempts services.fail2ban = { enable = true; maxretry = 5; bantime = "5m"; }; # Enable AppImages programs.appimage = { enable = true; binfmt = true; }; # Enable Sunshine as a service services.sunshine = { enable = true; settings.port = 57989; autoStart = false; }; # Enable MPD services.mpd = { enable = true; user = "jimbo"; group = "users"; musicDirectory = "/home/jimbo/JimboNFS/Music"; playlistDirectory = "/home/jimbo/JimboNFS/Music/Playlists"; extraConfig = '' audio_output { type "pipewire" name "Local Pipewire" } ''; }; systemd.services.mpd.environment = { XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.jimbo.uid}"; }; # Enable AppArmor security.apparmor.enable = true; # Enable a keying agent services.gnome.gnome-keyring.enable = true; # Enable Polkit for authentication security.polkit.enable = true; # Battery saver for laptops services.tlp.enable = true; # Enable extra functionality in file managers services.gvfs.enable = true; # Attempt to automount USB drives services.udisks2.enable = true; # Enable school VPN services.globalprotect.enable = true; # Define the initial install version and allow auto-upgrades system.stateVersion = "23.11"; system.autoUpgrade.enable = true; }