126 lines
4.1 KiB
Nix
126 lines
4.1 KiB
Nix
{ pkgs, lib, inputs, config, ... }:
|
|
let
|
|
serverIP = "10.0.0.1";
|
|
in {
|
|
imports = [
|
|
(import ../Common/default.nix { inherit inputs pkgs config; })
|
|
(import ../Common/desktop.nix { inherit inputs pkgs config; })
|
|
(import ../Common/nfs.nix { inherit pkgs serverIP; })
|
|
(import ../Common/zfs.nix {inherit inputs pkgs config; })
|
|
(import ../Common/android.nix { inherit pkgs; })
|
|
];
|
|
|
|
hardware.graphics.extraPackages = [
|
|
pkgs.intel-compute-runtime
|
|
pkgs.intel-media-driver
|
|
];
|
|
|
|
zramSwap.enable = true;
|
|
services.upower.enable = true;
|
|
services.logind.settings.Login = {
|
|
HandlePowerKey = "suspend";
|
|
};
|
|
services.throttled.enable = true;
|
|
services.thinkfan.enable = true;
|
|
|
|
programs.steam = {
|
|
enable = true;
|
|
gamescopeSession.enable = true;
|
|
};
|
|
|
|
networking.hostId = "4e859062";
|
|
networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
|
networking.wireless.iwd.enable = true;
|
|
networking.wireless.iwd.settings = {
|
|
IPv6 = {
|
|
Enabled = false;
|
|
};
|
|
Settings = {
|
|
AutoConnect = true;
|
|
};
|
|
};
|
|
|
|
systemd.services.fprintd = {
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig.Type = "simple";
|
|
};
|
|
services.fprintd = {
|
|
enable = true;
|
|
# tod = {
|
|
# enable = true;
|
|
# };
|
|
};
|
|
security.pam.services.sudo.fprintAuth = true;
|
|
|
|
# virtualisation
|
|
virtualisation.libvirtd.enable = true;
|
|
virtualisation.spiceUSBRedirection.enable = true;
|
|
programs.virt-manager.enable = true;
|
|
users.users.user.extraGroups = [ "libvirtd" ];
|
|
|
|
services.tlp = {
|
|
enable = true;
|
|
settings = {
|
|
START_CHARGE_THRESH_BAT0 = 40; # 40 and bellow it starts to charge
|
|
STOP_CHARGE_THRESH_BAT0 = 80; # 80 and above it stops charging
|
|
};
|
|
};
|
|
|
|
systemd.network.enable = true;
|
|
networking.useNetworkd = true;
|
|
systemd.network.config.networkConfig = {
|
|
ManageForeignRoutingPolicyRules = false;
|
|
ManageForeignRoutes = false;
|
|
SpeedMeter = true;
|
|
};
|
|
systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false;
|
|
|
|
networking.wg-quick.interfaces = {
|
|
Tunnel = {
|
|
address = [ "10.0.0.5/24" ];
|
|
privateKeyFile = "/home/user/.secrets/Wireguard/Aloria.key";
|
|
listenPort = 51820;
|
|
autostart = false;
|
|
postUp = "resolvectl dns Tunnel 10.0.0.1; resolvectl domain Tunnel ~thomasave.be;";
|
|
dns = ["10.0.0.1"];
|
|
peers = [{
|
|
publicKey = "/9ppjm3yeD0duDvxrqgcHscHmftXko+0s2RbivNEy2c=";
|
|
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
|
endpoint = "external.thomasave.be:13231";
|
|
persistentKeepalive = 25;
|
|
}];
|
|
};
|
|
OPNsense = {
|
|
address = [ "10.0.0.5/24" ];
|
|
privateKeyFile = "/home/user/.secrets/Wireguard/Aloria.key";
|
|
listenPort = 51820;
|
|
autostart = true;
|
|
postUp = "resolvectl dns OPNsense 10.0.0.1; resolvectl domain OPNsense ~thomasave.be;";
|
|
dns = ["10.0.0.1"];
|
|
peers = [{
|
|
publicKey = "/9ppjm3yeD0duDvxrqgcHscHmftXko+0s2RbivNEy2c=";
|
|
allowedIPs = [ "10.0.0.1/8" "192.168.1.2/32" ];
|
|
endpoint = "external.thomasave.be:13231";
|
|
persistentKeepalive = 25;
|
|
}];
|
|
};
|
|
GCP = {
|
|
address = [ "10.5.0.5/24" ];
|
|
privateKeyFile = "/home/user/.secrets/Wireguard/GCP.key";
|
|
listenPort = 51820;
|
|
autostart = false;
|
|
postUp = "resolvectl dns GCP 1.1.1.1;resolvectl dns wlan0 1.1.1.1;";
|
|
peers = [{
|
|
publicKey = "NEBNE4Czf2MkZF2X5aVhmofENH1uXjDpvXjIMJvfMFA=";
|
|
allowedIPs = [ "0.0.0.0/0" ];
|
|
endpoint = "35.201.231.151:443";
|
|
persistentKeepalive = 25;
|
|
}];
|
|
};
|
|
};
|
|
systemd.services."wg-quick-OPNsense" = {
|
|
serviceConfig = { Restart = "on-failure"; RestartSec = "2s"; };
|
|
unitConfig.StartLimitIntervalSec = 0;
|
|
};
|
|
}
|