{ inputs, self, config, ... }: let flakeConfig = config; in { flake.nixosModules.nixos-host = { pkgs, lib, config, ... }: let smbSecretFile = ../../secrets/smb-credentials.age; hasSmbSecret = builtins.pathExists smbSecretFile; in { imports = [ inputs.agenix.nixosModules.default ../../hardware-configuration.nix ]; # Bootloader boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; # Use latest kernel boot.kernelPackages = pkgs.linuxPackages_latest; # Custom EDID override for Samsung 240Hz on DP-1 boot.kernelParams = ["drm.edid_firmware=DP-1:edid/g80.bin"]; hardware.firmware = [ (pkgs.runCommand "g80-edid-firmware" {} '' install -Dm444 ${../assets/edid/g80.bin} $out/lib/firmware/edid/g80.bin '') ]; # Hostname networking.hostName = "nixos"; # Networking networking.networkmanager.enable = true; # Time zone time.timeZone = "Europe/Lisbon"; # Locale i18n.defaultLocale = "en_GB.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "pt_PT.UTF-8"; LC_IDENTIFICATION = "pt_PT.UTF-8"; LC_MEASUREMENT = "pt_PT.UTF-8"; LC_MONETARY = "pt_PT.UTF-8"; LC_NAME = "pt_PT.UTF-8"; LC_NUMERIC = "pt_PT.UTF-8"; LC_PAPER = "pt_PT.UTF-8"; LC_TELEPHONE = "pt_PT.UTF-8"; LC_TIME = "pt_PT.UTF-8"; }; # Printing services.printing.enable = true; # Audio services.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; # SSH services.openssh = { enable = true; settings = { PermitRootLogin = "no"; }; }; # User account users.users.${flakeConfig.username} = { isNormalUser = true; description = "Thomas Gouveia Lopes"; extraGroups = ["networkmanager" "wheel"]; }; # Programs # Allow unfree nixpkgs.config.allowUnfree = true; # Enable flakes nix.settings.experimental-features = ["nix-command" "flakes"]; # Auto-unlock gnome-keyring on login security.pam.services.login.enableGnomeKeyring = true; security.pam.services.gdm.enableGnomeKeyring = true; security.pam.services.gdm-password.enableGnomeKeyring = true; # State version system.stateVersion = "25.11"; boot.supportedFilesystems = ["cifs"]; warnings = lib.optional (!hasSmbSecret) '' SMB automount is disabled: missing ${toString smbSecretFile}. Create it with agenix: sudo env RULES=secrets/secrets.nix nix run github:ryantm/agenix -- -e secrets/smb-credentials.age -i /etc/ssh/ssh_host_ed25519_key and set: username=... password=... # optional # domain=WORKGROUP ''; age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"]; age.secrets."smb-credentials" = lib.mkIf hasSmbSecret { file = smbSecretFile; mode = "0400"; owner = "root"; group = "root"; }; fileSystems."/mnt/unraid-data" = lib.mkIf hasSmbSecret { device = "//192.168.1.102/data"; fsType = "cifs"; options = [ "credentials=${config.age.secrets."smb-credentials".path}" "uid=1000" "gid=1000" "iocharset=utf8" "nofail" "_netdev" "vers=3.0" ]; }; fileSystems."/mnt/unraid-appdata" = lib.mkIf hasSmbSecret { device = "//192.168.1.102/appdata"; fsType = "cifs"; options = [ "credentials=${config.age.secrets."smb-credentials".path}" "uid=1000" "gid=1000" "iocharset=utf8" "nofail" "_netdev" "vers=3.0" ]; }; fileSystems."/mnt/endeavour" = { device = "/dev/disk/by-uuid/a32ca052-12a5-4355-bd3b-b4515d9ea4a5"; fsType = "ext4"; options = ["defaults" "noatime"]; }; }; }