thomas/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3bced610036c9694eca246c513c61842f7731ad0
nixos-config/modules/hosts/nixos.nix
T
thomas f2e785fa8f improve mounting
2026-03-16 10:42:14 +00:00

161 lines
3.9 KiB
Nix
Raw Blame History

{
inputs,
self,
config,
...
}: let
flakeConfig = config;
in {
flake.nixosModules.nixos-host = {
pkgs,
lib,
config,
...
}: let
smbSecretFile = ../../secrets/smb-credentials.age;
hasSmbSecret = builtins.pathExists smbSecretFile;
in {
imports = [
inputs.agenix.nixosModules.default
../../hardware-configuration.nix
];
# Bootloader
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Use latest kernel
boot.kernelPackages = pkgs.linuxPackages_latest;
# Custom EDID override for Samsung 240Hz on DP-1
boot.kernelParams = ["drm.edid_firmware=DP-1:edid/g80.bin"];
hardware.firmware = [
(pkgs.runCommand "g80-edid-firmware" {} ''
install -Dm444 ${../assets/edid/g80.bin} $out/lib/firmware/edid/g80.bin
'')
];
# Hostname
networking.hostName = "nixos";
# Networking
networking.networkmanager.enable = true;
# Time zone
time.timeZone = "Europe/Lisbon";
# Locale
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "pt_PT.UTF-8";
LC_IDENTIFICATION = "pt_PT.UTF-8";
LC_MEASUREMENT = "pt_PT.UTF-8";
LC_MONETARY = "pt_PT.UTF-8";
LC_NAME = "pt_PT.UTF-8";
LC_NUMERIC = "pt_PT.UTF-8";
LC_PAPER = "pt_PT.UTF-8";
LC_TELEPHONE = "pt_PT.UTF-8";
LC_TIME = "pt_PT.UTF-8";
};
# Printing
services.printing.enable = true;
# Audio
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# SSH
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
};
};
# User account
users.users.${flakeConfig.username} = {
isNormalUser = true;
description = "Thomas Gouveia Lopes";
extraGroups = ["networkmanager" "wheel"];
};
# Programs
# Allow unfree
nixpkgs.config.allowUnfree = true;
# Enable flakes
nix.settings.experimental-features = ["nix-command" "flakes"];
# Auto-unlock gnome-keyring on login
security.pam.services.login.enableGnomeKeyring = true;
security.pam.services.gdm.enableGnomeKeyring = true;
security.pam.services.gdm-password.enableGnomeKeyring = true;
# State version
system.stateVersion = "25.11";
boot.supportedFilesystems = ["cifs"];
warnings = lib.optional (!hasSmbSecret) ''
SMB automount is disabled: missing ${toString smbSecretFile}.
Create it with agenix:
sudo env RULES=secrets/secrets.nix nix run github:ryantm/agenix -- -e secrets/smb-credentials.age -i /etc/ssh/ssh_host_ed25519_key
and set:
username=...
password=...
# optional
# domain=WORKGROUP
'';
age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"];
age.secrets."smb-credentials" = lib.mkIf hasSmbSecret {
file = smbSecretFile;
mode = "0400";
owner = "root";
group = "root";
};
fileSystems."/mnt/unraid-data" = lib.mkIf hasSmbSecret {
device = "//192.168.1.102/data";
fsType = "cifs";
options = [
"credentials=${config.age.secrets."smb-credentials".path}"
"uid=1000"
"gid=1000"
"iocharset=utf8"
"nofail"
"_netdev"
"vers=3.0"
];
};
fileSystems."/mnt/unraid-appdata" = lib.mkIf hasSmbSecret {
device = "//192.168.1.102/appdata";
fsType = "cifs";
options = [
"credentials=${config.age.secrets."smb-credentials".path}"
"uid=1000"
"gid=1000"
"iocharset=utf8"
"nofail"
"_netdev"
"vers=3.0"
];
};
fileSystems."/mnt/endeavour" = {
device = "/dev/disk/by-uuid/a32ca052-12a5-4355-bd3b-b4515d9ea4a5";
fsType = "ext4";
options = ["defaults" "noatime"];
};
};
}
Reference in New Issue View Git Blame Copy Permalink