{ config , lib , pkgs , modulesPath , system , inputs , ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ../../os-mods/cachix ../../os-mods/common ../../os-mods/netdata ../../os-mods/network ../../os-mods/virt ./disko.nix ]; config = { system.stateVersion = "23.11"; environment.systemPackages = with pkgs; [ cryptsetup ]; users.users = { root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKokTPK/Gm30kqFAd+u5AT0BL7bG/eNt6pmGf40U8j03 arch-h1" ]; tristand = { isNormalUser = true; description = "tristand"; extraGroups = [ "docker" "networkmanager" "wheel" ]; hashedPassword = "$6$Wj.XY8JgH5EWuog4$HnbtPJXDEqKXFrzkPVEjih3PytcpBCrkfL7TAwkXd0IFced7kGMlZNliNsAqQ3XqfyUzAYiiKTIqoPVJEk.s.."; shell = pkgs.fish; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de" ]; }; taq = { isNormalUser = true; description = "taq"; extraGroups = [ "docker" "networkmanager" "wheel" ]; hashedPassword = "$6$rkCVbHd2sV36Y38p$e5WTTK58ha7RDDYnfjxAdbzYyNJ2miMD2tkE9.8BHCGyb5vjPNYslClrzYIhxOmujEOllmREXcIgGiUpiMv8Y."; shell = pkgs.fish; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKokTPK/Gm30kqFAd+u5AT0BL7bG/eNt6pmGf40U8j03 arch-h1" ]; }; }; home-manager = { useUserPackages = true; useGlobalPkgs = true; users.tristand = import ../../users/admin-shell.nix { username = "tristand"; inherit pkgs config inputs system lib; }; }; nix.settings.system-features = [ "benchmark" "big-parallel" "kvm" "nixos-test" # "gccarch-x86-64-v3" # "gccarch-znver3" ]; boot = { kernelPackages = pkgs.linuxPackages_latest; kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; kernelParams = [ # "ip=192.168.1.35::192.168.1.1:255.255.255.0:my-server-initrd:eth0:none" "ip=dhcp" ]; supportedFilesystems = [ "bcachefs" ]; loader = { systemd-boot = { enable = true; configurationLimit = 32; }; efi.canTouchEfiVariables = true; }; initrd = { availableKernelModules = [ "ahci" "nvme" "xhci_pci" "sd_mod" ]; kernelModules = [ "igb" ]; systemd.enable = true; network = { enable = true; ssh = { enable = true; port = 2222; hostKeys = [ /etc/nixos/ext/ssh/ssh_host_ed25519_key /etc/nixos/ext/ssh/ssh_host_rsa_key ]; authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ]) config.users.users); }; # postCommands = '' # echo 'cryptsetup-askpass' >> /root/.profile # ''; }; }; }; networking = { hostName = "nixos-he4"; useDHCP = lib.mkDefault true; }; hardware = { enableRedistributableFirmware = true; cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }; zramSwap.enable = true; }; }