{ config, pkgs, options, lib, ... }: let # Set common boot paramaters commonKernelParams = [ # Nvidia settings "nvidia_drm.fbdev=1" # VM/GPU passthrough "amd_iommu=on" "iommu=pt" "nested=1" # Virtualization nonsense "transparent_hugepage=never" # Isolate devices into IOMMU groups "pcie_acs_override=downstream,multifunction" "pci=routeirq" ]; in { # Import other nix files and firmware imports = let homeManager = fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz"; in [ ./hardware-configuration.nix ./jimbo.nix "${homeManager}/nixos" ]; # Allow unfree packages and accept packages from the Nix User Repos nixpkgs = { config = { allowUnfree = true; packageOverrides = pkgs: { unstable = import ( fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz" ) { inherit pkgs; config.allowUnfree = true; }; nur = import ( fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz" ) {inherit pkgs;}; }; }; # Package overlays/patches overlays = [ # MPV scripts (self: super: { mpv = super.mpv.override { scripts = with self.mpvScripts; [mpris sponsorblock thumbnail]; }; }) ]; }; # Allow flakes and enable garbage collection nix = { settings.experimental-features = ["nix-command" "flakes"]; gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 14d"; }; }; # Set all boot options boot = { # Set a kernel version and load/blacklist drivers kernelPackages = pkgs.unstable.linuxPackages_zen; blacklistedKernelModules = ["pcspkr"]; kernelParams = commonKernelParams ++ ["vfio-pci.ids=10de:1f82,10de:10fa"]; initrd.kernelModules = ["vfio" "vfio_pci" "vfio_iommu_type1"]; kernel.sysctl."vm.max_map_count" = 2147483642; # Manage supported filesystems supportedFilesystems = { ntfs = true; zfs = lib.mkForce false; }; # Modprobe settings extraModprobeConfig = '' options hid_apple fnmode=2 ''; # Use the Systemd-Boot bootloader loader.systemd-boot = { enable = true; netbootxyz.enable = true; }; }; # Additional entry to boot from the second GPU specialisation = { gputwo.configuration = { boot.kernelParams = commonKernelParams ++ ["vfio-pci.ids=10de:2504,10de:228e"]; }; }; # Allow binary firmware hardware.enableRedistributableFirmware = true; # Enable video drivers services.xserver.videoDrivers = ["nvidia"]; hardware.nvidia = { modesetting.enable = true; nvidiaSettings = false; package = config.boot.kernelPackages.nvidiaPackages.beta; open = true; }; # Enable a permissioning system security = { sudo.enable = false; doas = { enable = true; extraRules = [ # Give wheel root access, allow persistant session { groups = ["wheel"]; keepEnv = true; persist = true; } ]; }; }; # Enable the ZSH shell programs.zsh.enable = true; # Disable Nano programs.nano.enable = false; # Timezone time.timeZone = "America/New_York"; # Define user accounts users.users.jimbo = { description = "Jimbo Awesome"; isNormalUser = true; hashedPassword = "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKC8Uqxb09V3msBgDv6lD/nETMYr/X0OgtpDo8ldcMK jimbo@JimDebianServer" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLe/HioxCOkszFQdm1vb3ZwuzLzsOThqHNvEI4IXeXZ JimPhone" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPeqiMCRXtpoP+BvKBmzvkL7oLKKCmbfdaQIF3yk/S8I jimbo@DV-JHAMPTON-NIXOS" ]; extraGroups = [ "wheel" "audio" "video" "input" "disk" "dialout" "networkmanager" "rtkit" "kvm" "libvirtd" "qemu-libvirtd" ]; uid = 1000; shell = pkgs.zsh; }; # Install programs system-wide environment.systemPackages = with pkgs; [ # Essential system tools cifs-utils parted git # Printer control system-config-printer # Virtual machines virt-manager virtiofsd dnsmasq spice-vdagent looking-glass-client ]; # Disable the HTML documentation link documentation = { nixos.enable = false; info.enable = false; }; # Enable graphics hardware.opengl = { enable = true; driSupport32Bit = true; extraPackages = with pkgs; [ vulkan-loader vulkan-validation-layers vulkan-extension-layer ]; }; # Enable Steam hardware and gamemode hardware.steam-hardware.enable = true; programs.gamemode.enable = true; # Networking settings networking = { # Set hostname hostName = "JimNixPC"; # Choose networking method dhcpcd.enable = true; wireless.enable = false; #networkmanager.enable = true; #enableB43Firmware = true; # Enable firewall firewall = { allowPing = false; extraInputRules = '' ip saddr 10.0.0.2 accept comment "Accept Server Connections" ''; }; # Enable nftables over iptables nftables.enable = true; # Set hostnames hosts = { "10.0.0.2" = ["server"]; "10.0.0.3" = ["pc"]; }; }; # Enable Bluetooth hardware.bluetooth = { enable = true; settings = { General.Experimental = "true"; Policy.AutoEnable = "true"; }; }; # Enable lingering for Bluetooth and allow Looking-Glass permissions systemd.tmpfiles.rules = [ "f /var/lib/systemd/linger/jimbo" "f /dev/shm/looking-glass 0660 jimbo libvirtd -" ]; # Make udev rules to make PDP controller and Oculus Rift CV1 work services.udev = let oculusRules = pkgs.writeTextFile { name = "10-oculus.rules"; text = '' KERNEL=="hidraw*", ATTRS{idVendor}=="0e6f", ATTRS{idProduct}=="0184", MODE="0660", TAG+="uaccess" ''; destination = "/etc/udev/rules.d/10-oculus.rules"; }; pdpRules = pkgs.writeTextFile { name = "10-pdp.rules"; text = '' SUBSYSTEM=="usb", ATTR{idVendor}=="2833", MODE="0666" ''; destination = "/etc/udev/rules.d/10-pdp.rules"; }; in { packages = [oculusRules pdpRules]; }; # Enable audio security.rtkit.enable = true; hardware.pulseaudio.enable = false; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; #jack.enable = true; wireplumber.configPackages = [ (pkgs.writeTextDir "share/wireplumber/wireplumber.conf.d/11-bluetooth-policy.conf" '' wireplumber.settings = { bluetooth.autoswitch-to-headset-profile = false } '') ]; }; # Fonts fonts = { packages = with pkgs; [ liberation_ttf twitter-color-emoji ubuntu_font_family noto-fonts sarasa-gothic orbitron (nerdfonts.override {fonts = ["UbuntuMono"];}) ]; fontconfig.defaultFonts.emoji = ["Twitter Color Emoji"]; }; # Enable Dconf and some portals services.dbus.enable = true; programs.dconf.enable = true; programs.light.enable = true; security.pam.services.swaylock = {}; xdg.portal = { enable = true; config.common.default = "*"; wlr = { enable = true; settings = { screencast = { max_fps = 60; chooser_type = "simple"; chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or -B 00000066 -b 00000099"; }; }; }; extraPortals = with pkgs; [xdg-desktop-portal-gtk]; }; # Configure greetd for remote login services.greetd = let startSway = pkgs.writeScript "startsway" '' # Use NVIDIA variables if drivers are in use if lspci -k | grep "Kernel driver in use: nvidia" &> /dev/null; then # NVIDIA/AMD variables export LIBVA_DRIVER_NAME=nvidia export GBM_BACKEND=nvidia-drm export __GLX_VENDOR_LIBRARY_NAME=nvidia export WLR_NO_HARDWARE_CURSORS=1 else : fi # Sway/Wayland export XDG_CURRENT_DESKTOP=sway export QT_QPA_PLATFORM="wayland;xcb" # Start Sway sway --unsupported-gpu ''; in { enable = true; restart = true; settings = { terminal = { vt = 2; switch = true; }; default_session = { command = "${startSway}"; user = "jimbo"; }; }; }; # Enable printing services = { printing = { enable = true; drivers = with pkgs; [hplip]; webInterface = false; }; avahi = { enable = true; nssmdns4 = true; openFirewall = true; }; }; # Enable virtualization virtualisation = { libvirtd = { enable = true; onBoot = "ignore"; onShutdown = "shutdown"; qemu = { ovmf = { enable = true; packages = [pkgs.OVMFFull.fd]; }; swtpm.enable = true; }; }; spiceUSBRedirection.enable = true; }; # Enable SSH services.openssh = { enable = true; settings = { LogLevel = "VERBOSE"; PermitRootLogin = "no"; PrintLastLog = "no"; PasswordAuthentication = false; }; }; # Block SSH connections after numerous attempts services.fail2ban = { enable = true; maxretry = 5; bantime = "5m"; }; # Enable AppImages programs.appimage = { enable = true; binfmt = true; }; # Enable Sunshine as a service services.sunshine = { enable = true; settings.port = 57989; autoStart = false; }; # Enable MPD services.mpd = { enable = true; user = "jimbo"; group = "users"; musicDirectory = "/home/jimbo/JimboNFS/Music"; playlistDirectory = "/home/jimbo/JimboNFS/Music/Playlists"; extraConfig = '' audio_output { type "pipewire" name "Local Pipewire" } ''; }; systemd.services.mpd.environment = { XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.jimbo.uid}"; }; # Enable AppArmor security.apparmor.enable = true; # Enable a keying agent services.gnome.gnome-keyring.enable = true; # Enable Polkit for authentication security.polkit.enable = true; # Battery saver for laptops services.tlp.enable = true; # Enable extra functionality in file managers services.gvfs.enable = true; # Attempt to automount USB drives services.udisks2.enable = true; # Enable school VPN services.globalprotect.enable = true; # Define the initial install version and allow auto-upgrades system.stateVersion = "23.11"; system.autoUpgrade.enable = true; }