nix/systems/nixos-desk/default.nix

{ confin
, lib
, pkgs
, modulesPath
, system
, inputs
, ...
}: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    inputs.nixos-hardware.nixosModules.common-cpu-amd
    inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
    inputs.nixos-hardware.nixosModules.common-gpu-amd
    inputs.nixos-hardware.nixosModules.common-pc
    inputs.nixos-hardware.nixosModules.common-pc-ssd
    ../../os-mods/age
    ../../os-mods/amdgpu
    ../../os-mods/cachix
    ../../os-mods/common
    ../../os-mods/desktop
    ../../os-mods/desktop/audio.nix
    ../../os-mods/desktop/gaming.nix
    ../../os-mods/desktop/printing.nix
    ../../os-mods/netdata/client.nix
    ../../os-mods/network
    ../../os-mods/virt
    ../../os-mods/xmrig
    ../../users
    ./disko.nix
  ];

  config =
    let
      # hid-fanatecff = pkgs.callPackage ./hid-fanatecff.nix { kernelPackages = config.boot.kernelPackages; };
    in
    {
      system.stateVersion = "23.05";
      age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHvqEPN39Brd3SYJxVYROwtv0UXl/7fW6z3otUWEaEU root@nixos-desk";

      nix.settings.system-features = [
        "benchmark"
        "big-parallel"
        "kvm"
        "nixos-test"
        "gccarch-x86-64-v3"
        "gccarch-znver3"
      ];

      boot = {
        # kernelPackages = pkgs.linuxPackages_latest;
        # kernelPackages = pkgs.linuxPackages_zen;

        # kernelPackages = pkgs.linuxPackages_cachyos;
        kernelPackages = pkgs.pkgsx86_64_v3.linuxPackages_cachyos;
        kernelModules = [ "nct6775" ];
        # extraModulePackages = [ hid-fanatecff ];
        loader = {
          systemd-boot = {
            enable = lib.mkForce false; #lanzaboote
            configurationLimit = 16;
          };

          efi.canTouchEfiVariables = true;
        };

        # TODO Extract secureboot module
        lanzaboote = {
          enable = true;
          configurationLimit = 16;
          pkiBundle = "/etc/secureboot";
        };

        initrd = {
          availableKernelModules = [ "ahci" "nvme" "xhci_pci" "uas" "usbhid" "usb_storage" "sd_mod" ];
          kernelModules = [ ];
          systemd.enable = true;
        };
      };

      programs.fuse.userAllowOther = true;
      environment.systemPackages = with pkgs; [
        input-remapper
        lm_sensors
        sshfs
        coreutils-full
        cpu-x
        sbctl # secureboot debugging/config/mgmt
      ];
      environment.etc = {
        "sysconfig/lm_sensors".text = ''
          HWMON_MODULES="nct6775"
        '';
      };

      # TODO nixify current mousewheel workaround config
      # likely just need to add json to home-manager
      services.input-remapper.enable = true;

      services.btrfs.autoScrub.enable = true;
      # services.udev.packages = [ hid-fanatecff ];

      networking = {
        # tailscale docker test
        firewall.allowedTCPPorts = [ 80 443 3478 41641 ];
        firewall.allowedUDPPorts = [ 80 443 3478 41641 ];
        firewall.allowedTCPPortRanges = [
          {
            from = 39000;
            to = 42000;
          }
          {
            from = 18000;
            to = 19000;
          }
        ];
        firewall.allowedUDPPortRanges = [
          {
            from = 39000;
            to = 42000;
          }
          {
            from = 18000;
            to = 19000;
          }
        ];

        hostName = "nixos-desk";
        useDHCP = lib.mkDefault true;
        extraHosts = ''
          100.64.0.1   oekonzept.net
          100.64.0.1   camt.oekonzept.net
          100.64.0.1   camt-cbg.oekonzept.net
          100.64.0.1   camt-eth.oekonzept.net
          100.64.0.1   camt-pro.oekonzept.net
          100.64.0.1   camt-swbfk.oekonzept.net
          100.64.0.1   cloud.oekonzept.net
          100.64.0.1   office.oekonzept.net
          100.64.0.1   llama.oekonzept.net
          100.64.0.1   netdata.oekonzept.net
          100.64.0.1   oproject.oekonzept.net
          100.64.0.1   leantime.oekonzept.net
        '';
      };
      hardware = {
        enableRedistributableFirmware = true;
      };

      zramSwap.enable = true;
    };
}
Reinit after agenix setup 2025-02-24 17:26:11 +01:00			`{ confin`
			`, lib`
			`, pkgs`
			`, modulesPath`
			`, system`
			`, inputs`
			`, ...`
			`}: {`
			`imports = [`
			`(modulesPath + "/installer/scan/not-detected.nix")`
			`inputs.nixos-hardware.nixosModules.common-cpu-amd`
			`inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate`
			`inputs.nixos-hardware.nixosModules.common-gpu-amd`
			`inputs.nixos-hardware.nixosModules.common-pc`
			`inputs.nixos-hardware.nixosModules.common-pc-ssd`
			`../../os-mods/age`
			`../../os-mods/amdgpu`
			`../../os-mods/cachix`
			`../../os-mods/common`
			`../../os-mods/desktop`
			`../../os-mods/desktop/audio.nix`
			`../../os-mods/desktop/gaming.nix`
			`../../os-mods/desktop/printing.nix`
			`../../os-mods/netdata/client.nix`
			`../../os-mods/network`
			`../../os-mods/virt`
			`../../os-mods/xmrig`
			`../../users`
			`./disko.nix`
			`];`

			`config =`
			`let`
			`# hid-fanatecff = pkgs.callPackage ./hid-fanatecff.nix { kernelPackages = config.boot.kernelPackages; };`
			`in`
			`{`
			`system.stateVersion = "23.05";`
			`age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHvqEPN39Brd3SYJxVYROwtv0UXl/7fW6z3otUWEaEU root@nixos-desk";`

			`nix.settings.system-features = [`
			`"benchmark"`
			`"big-parallel"`
			`"kvm"`
			`"nixos-test"`
			`"gccarch-x86-64-v3"`
			`"gccarch-znver3"`
			`];`

			`boot = {`
			`# kernelPackages = pkgs.linuxPackages_latest;`
			`# kernelPackages = pkgs.linuxPackages_zen;`

			`# kernelPackages = pkgs.linuxPackages_cachyos;`
			`kernelPackages = pkgs.pkgsx86_64_v3.linuxPackages_cachyos;`
			`kernelModules = [ "nct6775" ];`
			`# extraModulePackages = [ hid-fanatecff ];`
			`loader = {`
			`systemd-boot = {`
			`enable = lib.mkForce false; #lanzaboote`
			`configurationLimit = 16;`
			`};`

			`efi.canTouchEfiVariables = true;`
			`};`

			`# TODO Extract secureboot module`
			`lanzaboote = {`
			`enable = true;`
			`configurationLimit = 16;`
			`pkiBundle = "/etc/secureboot";`
			`};`

			`initrd = {`
			`availableKernelModules = [ "ahci" "nvme" "xhci_pci" "uas" "usbhid" "usb_storage" "sd_mod" ];`
			`kernelModules = [ ];`
			`systemd.enable = true;`
			`};`
			`};`

			`programs.fuse.userAllowOther = true;`
			`environment.systemPackages = with pkgs; [`
			`input-remapper`
			`lm_sensors`
			`sshfs`
			`coreutils-full`
			`cpu-x`
			`sbctl # secureboot debugging/config/mgmt`
			`];`
			`environment.etc = {`
			`"sysconfig/lm_sensors".text = ''`
			`HWMON_MODULES="nct6775"`
			`'';`
			`};`

			`# TODO nixify current mousewheel workaround config`
			`# likely just need to add json to home-manager`
			`services.input-remapper.enable = true;`

			`services.btrfs.autoScrub.enable = true;`
			`# services.udev.packages = [ hid-fanatecff ];`

			`networking = {`
			`# tailscale docker test`
			`firewall.allowedTCPPorts = [ 80 443 3478 41641 ];`
			`firewall.allowedUDPPorts = [ 80 443 3478 41641 ];`
			`firewall.allowedTCPPortRanges = [`
			`{`
			`from = 39000;`
			`to = 42000;`
			`}`
			`{`
			`from = 18000;`
			`to = 19000;`
			`}`
			`];`
			`firewall.allowedUDPPortRanges = [`
			`{`
			`from = 39000;`
			`to = 42000;`
			`}`
			`{`
			`from = 18000;`
			`to = 19000;`
			`}`
			`];`

			`hostName = "nixos-desk";`
			`useDHCP = lib.mkDefault true;`
			`extraHosts = ''`
			`100.64.0.1 oekonzept.net`
			`100.64.0.1 camt.oekonzept.net`
			`100.64.0.1 camt-cbg.oekonzept.net`
			`100.64.0.1 camt-eth.oekonzept.net`
			`100.64.0.1 camt-pro.oekonzept.net`
			`100.64.0.1 camt-swbfk.oekonzept.net`
			`100.64.0.1 cloud.oekonzept.net`
			`100.64.0.1 office.oekonzept.net`
			`100.64.0.1 llama.oekonzept.net`
			`100.64.0.1 netdata.oekonzept.net`
			`100.64.0.1 oproject.oekonzept.net`
			`100.64.0.1 leantime.oekonzept.net`
			`'';`
			`};`
			`hardware = {`
			`enableRedistributableFirmware = true;`
			`};`

			`zramSwap.enable = true;`
			`};`
			`}`