{ flake, config, pkgs, lib, ... }:
with lib;
{
imports = with flake.nixosModules.systemProfiles; [
default-locale nfsroot openssh
];
config = {
nixpkgs = {
system = "x86_64-linux";
externalConfig = {
allowUnfree = true;
};
};
boot = {
initrd = {
availableKernelModules = [ "nvme" "ahci" "xhci_pci" "usbhid" "sd_mod" "sr_mod" ];
kernelModules = [ "igb" ];
};
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
plymouth.enable = true;
tmp.useTmpfs = true;
};
hardware = {
enableRedistributableFirmware = true;
cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware;
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
};
graphics.enable = true;
};
networking = {
domain = "lan.yggdrasil";
search = [ "lan.yggdrasil" "yggdrasil" ];
hosts = {
"127.0.0.1" = [ "eostre.lan.yggdrasil" "eostre" ];
"::1" = [ "eostre.lan.yggdrasil" "eostre" ];
};
firewall.enable = false;
nftables = {
enable = true;
rulesetFile = ./ruleset.nft;
};
};
services.resolved = {
llmnr = "false";
};
zramSwap.enable = true;
system.stateVersion = "22.11";
console.keyMap = "us";
time.hardwareClockInLocalTime = true;
environment.systemPackages = with pkgs; [ cifs-utils ];
security.pam.mount = {
enable = true;
extraVolumes = [
""
""
];
};
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
settings = {
Users.HideUsers = "gkleen";
};
};
services.desktopManager.plasma6.enable = true;
services.openssh = {
enable = true;
startWhenNeeded = true;
settings = {
PasswordAuthentication = true;
KbdInteractiveAuthentication = true;
};
};
};
}