{ config, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "moonshadow"; # Define your hostname. # Set your time zone. time.timeZone = "America/Chicago"; # Enable sound. services.pipewire = { enable = true; pulse.enable = true; }; # Enable KDE Plasma 6 services.displayManager.sddm.enable = true; services.displayManager.sddm.wayland.enable = true; services.displayManager.defaultSession = "plasma"; services.desktopManager.plasma6.enable = true; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ arp-scan autossh bat borgbackup curl dig discord diskonaut doggo duf dust element-desktop emacs28 fblog fd ffmpeg-full firefox gcc git glances glow gum htop hyfetch hyperfine just killall kdePackages.isoimagewriter kdePackages.kasts kdePackages.kate kdePackages.kcalc kdePackages.kcron kdePackages.kdeconnect-kde kdePackages.kget kdePackages.kjournald kdePackages.kleopatra kdePackages.kontrast kdePackages.kpeople kdePackages.tokodon kdePackages.yakuake lagrange lsd lynx neovim nix-diff nix-doc nix-du nix-health nix-inspect nix-template nix-top nixfmt-rfc-style nixos-icons nmap nodePackages_latest.prettier parallel procs ripgrep rsync rustscan starship tealdeer trash-cli vivid wget wireshark wl-clipboard wthrr yazi zellij ]; # Enable the OpenSSH daemon. services.openssh.enable = true; # Tailscale services.tailscale = { enable = true; authKeyFile = "/etc/tailscale-auth"; }; # Open ports in the firewall. networking.firewall = { allowedTCPPorts = [ 22 ]; allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; }; # Enable NetworkManager networking.networkmanager.enable = true; # Enable atop programs.atop = { enable = true; atopRotateTimer.enable = true; atopService.enable = true; atopacctService.enable = true; }; # Enable Zsh programs.zsh.enable = true; # sudo without password security.sudo.extraRules = [ { users = [ "jas" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } ]; ## HOME MANAGER users.users.jas = { isNormalUser = true; shell = pkgs.zsh; }; home-manager.users.jas = { config, ... }: { home.username = "jas"; home.homeDirectory = "/home/jas"; home.stateVersion = "24.05"; # dotfiles home.file = { ".justfile".source = dotfiles/just/.justfile; ".zshrc".source = dotfiles/zsh/.zshrc; ".zshrc.d".source = dotfiles/zsh/.zshrc.d; ".zpath".source = dotfiles/zsh/.zpath; ".zshenv".source = dotfiles/zsh/.zshenv; ".config/zellij".source = dotfiles/config/.config/zellij; ".config/starship.toml".source = dotfiles/config/.config/starship.toml; }; # git programs.git = { enable = true; diff-so-fancy = { enable = true; pagerOpts = [ "--tabs=4" "-RFX" ]; }; userName = "Jeffrey Serio"; userEmail = "hyperreal@moonshadow.dev"; extraConfig = { core.editor = "emacsclient"; init.defaultBranch = "main"; pull.rebase = true; }; }; # SSH config programs.ssh.enable = true; programs.ssh.matchBlocks = { "nixos.tail7dd4a.ts.net" = { hostname = "nixos.tail7dd4a.ts.net"; user = "jas"; identityFile = "~/.ssh/id_ed25519"; }; "aux-vm" = { hostname = "10.0.0.26"; user = "jas"; identityFile = "~/.ssh/id_ed25519"; }; "bttracker.nirn.quest" = { hostname = "bttracker.nirn.quest"; user = "jas"; identityFile = "~/.ssh/id_ed25519"; }; "hyperreal.coffee" = { hostname = "hyperreal.coffee"; user = "jas"; identityFile = "~/.ssh/id_ed25519"; }; "qbittorrent" = { hostname = "qbittorrent.tail7dd4a.ts.net"; user = "jas"; identityFile = "~/.ssh/id_ed25519"; }; "truenas" = { hostname = "truenas-scale.tail7dd4a.ts.net"; user = "admin"; identityFile = "~/.ssh/id_ed25519"; }; }; # direnv programs.direnv = { enable = true; enableZshIntegration = true; nix-direnv.enable = true; }; # XDG user dirs xdg.userDirs = { enable = true; createDirectories = true; desktop = "/home/jas/desktop"; documents = "/home/jas/shared/documents"; download = "/home/jas/downloads"; music = null; pictures = "/home/jas/shared/pictures"; publicShare = "/home/jas/shared"; templates = null; videos = null; }; }; # Nix settings nix = { settings = { allowed-users = [ "jas" ]; auto-optimise-store = true; experimental-features = [ "flakes" "nix-command" "repl-flake" ]; trusted-users = [ "jas" "root" ]; keep-derivations = true; keep-outputs = true; warn-dirty = false; }; gc = { automatic = true; dates = "weekly"; randomizedDelaySec = "14min"; }; }; # Nixpkgs nixpkgs.config = { allowUnfree = true; allowUnfreePredicate = _: true; }; # ZFS snapshots services.znapzend = { enable = true; autoCreation = true; pure = true; zetup = { "rpool/home" = { plan = "1d=>1h,1m=>1d,1y=>1m"; recursive = true; destinations = { remote = { host = "root@10.0.0.81"; dataset = "coffeeNAS/moonshadow"; }; }; }; }; }; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. system.copySystemConfiguration = true; # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any reason, # even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how # to actually do that. # # This value being lower than the current NixOS release does NOT mean your system is # out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, # and migrated your data accordingly. # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "24.05"; # Did you read the comment? }