nix/systems/nixos-he4/default.nix

{ config
, lib
, pkgs
, modulesPath
, system
, inputs
, ...
}: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    ../../os-mods/cachix
    ../../os-mods/common
    ../../os-mods/netdata
    ../../os-mods/network
    ../../os-mods/virt
    ./disko.nix
  ];

  config = {
    system.stateVersion = "23.11";
    environment.systemPackages = with pkgs; [
      cryptsetup
      bcachefs-tools
    ];

    users.users = {
      root.openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"
      ];

      # Define a user account. Don't forget to set a password with ‘passwd’.
      tristand = {
        isNormalUser = true;
        description = "tristand";
        extraGroups = [ "docker" "networkmanager" "wheel" ];
        hashedPassword = "$6$Wj.XY8JgH5EWuog4$HnbtPJXDEqKXFrzkPVEjih3PytcpBCrkfL7TAwkXd0IFced7kGMlZNliNsAqQ3XqfyUzAYiiKTIqoPVJEk.s..";
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"
        ];
      };
    };

    home-manager = {
      useUserPackages = true;
      useGlobalPkgs = true;
      users.tristand = import ../../users/admin-shell.nix {
        username = "tristand";

        inherit pkgs;
        inherit config;
        inherit inputs;
        inherit system;
        inherit lib;
      };
    };

    nix.settings.system-features = [
      "benchmark"
      "big-parallel"
      "kvm"
      "nixos-test"
      # "gccarch-x86-64-v3"
      # "gccarch-znver3"
    ];
    boot = {
      kernelPackages = pkgs.linuxPackages_latest;
      # kernelPackages = pkgs.pkgsx86_64_v3.linuxPackages_cachyos;
      kernelModules = [ "kvm-amd" ];
      extraModulePackages = [ ];
      kernelParams = [
        # "ip=192.168.1.35::192.168.1.1:255.255.255.0:my-server-initrd:eth0:none"
        "ip=dhcp"
      ];

      supportedFilesystems = [ "bcachefs" ];

      loader = {
        systemd-boot = {
          enable = true;
          configurationLimit = 32;
        };
        efi.canTouchEfiVariables = true;
      };

      initrd = {
        availableKernelModules = [ "ahci" "nvme" "xhci_pci" "sd_mod" ];
        kernelModules = [ "igb" ];
        systemd.enable = true;

        network = {
          enable = true;
          ssh = {
            enable = true;
            port = 2222;
            hostKeys = [
              /etc/nixos/ext/ssh/ssh_host_ed25519_key
              /etc/nixos/ext/ssh/ssh_host_rsa_key
            ];
            # this includes the ssh keys of all users in the wheel group, but you can just specify some keys manually
            # authorizedKeys = [ "ssh-rsa ..." ];
            authorizedKeys = with lib;
              concatLists (mapAttrsToList
                (name: user:
                  if elem "wheel" user.extraGroups
                  then user.openssh.authorizedKeys.keys
                  else [ ])
                config.users.users);
          };
          # postCommands = ''
          #   echo 'cryptsetup-askpass' >> /root/.profile
          # '';
        };
      };
    };

    # services.btrfs.autoScrub.enable = true;

    networking = {
      hostName = "nixos-he4";
      useDHCP = lib.mkDefault true;
    };

    hardware = {
      cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
    };

    zramSwap.enable = true;
  };
}