{ inputs, lib, config, pkgs, system, ... }: { imports = [./hardware.nix]; nixpkgs.config.allowUnfree = true; system.stateVersion = "23.11"; time.timeZone = "America/New_York"; age = { secrets.token.file = ../../../secrets/token.age; secrets.mailer_passwd.file = ../../../secrets/mailer_passwd.age; identityPaths = ["/root/.ssh/id_ed25519"]; }; nix = { nixPath = ["nixpkgs=flake:nixpkgs"]; registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs); settings = { auto-optimise-store = true; experimental-features = "nix-command flakes"; warn-dirty = false; trusted-users = ["marshall"]; substituters = [ "https://cache.nixos.org" "https://nix-community.cachix.org" "https://nyx.chaotic.cx/" "https://cuda-maintainers.cachix.org" ]; trusted-substituters = [ "cache.nixos.org" "nix-community.cachix.org" "nyx.chaotic.cx" "cuda-maintainers.cachix.org" ]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" "conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw=" ]; }; }; environment = { localBinInPath = true; sessionVariables.FLAKE = "/home/marshall/nix-config"; systemPackages = [ pkgs.miniupnpc inputs.agenix.packages.${system}.default ]; etc = lib.mapAttrs' (name: value: { name = "nix/path/${name}"; value.source = value.flake; }) config.nix.registry; }; fonts.packages = with pkgs; [ inter maple-mono-SC-NF nerdfonts ]; boot = { kernelPackages = pkgs.linuxPackages_xanmod_latest; supportedFilesystems = ["ntfs"]; binfmt = { emulatedSystems = ["aarch64-linux"]; registrations.appimage = { wrapInterpreterInShell = false; interpreter = "${pkgs.appimage-run}/bin/appimage-run"; recognitionType = "magic"; offset = 0; mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff''; magicOrExtension = ''\x7fELF....AI\x02''; }; }; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; }; hardware = { pulseaudio.enable = false; bluetooth = { enable = true; powerOnBoot = true; }; opengl = { enable = true; driSupport32Bit = true; extraPackages = with pkgs; [ libGL libGLU ]; }; }; networking = { hostName = "polaris-nix"; networkmanager.enable = true; firewall.enable = false; }; security = { pam.services.gdm.enableGnomeKeyring = true; rtkit.enable = true; sudo.extraConfig = '' Defaults lecture = never ''; }; programs = { fish.enable = true; gnupg.agent.enable = true; ssh.startAgent = true; }; services = { eternal-terminal.enable = true; tailscale.enable = true; xe-guest-utilities.enable = true; forgejo = let forgejoDomain = "git.pupbrained.xyz"; in { enable = true; user = "git"; group = "git"; lfs.enable = true; secrets.mailer.PASSWD = config.age.secrets.mailer_passwd.path; settings = { log.LEVEL = "Debug"; DEFAULT.APP_NAME = "MarGit"; actions = { ENABLED = true; DEFAULT_ACTIONS_URL = "github"; }; database = { SQLITE_JOURNAL_MODE = "WAL"; LOG_SQL = false; }; federation.ENABLED = true; mailer = { ENABLED = true; SMTP_ADDR = "email-smtp.us-east-2.amazonaws.com"; FROM = "noreply@git.pupbrained.xyz"; USER = "AKIAVIRH7PRQXI3FCBZ4"; SEND_AS_PLAIN_TEXT = true; }; metrics = { ENABLED = true; ENABLED_ISSUE_BY_REPOSITORY = true; ENABLED_ISSUE_BY_LABEL = true; }; oauth2_client = { ACCOUNT_LINKING = "login"; USERNAME = "nickname"; ENABLE_AUTO_REGISTRATION = false; REGISTER_EMAIL_CONFIRM = false; UPDATE_AVATAR = true; }; packages.ENABLED = true; repository = { DEFAULT_PRIVATE = "private"; ENABLE_PUSH_CREATE_USER = true; ENABLE_PUSH_CREATE_ORG = true; }; server = { HTTP_ADDR = "0.0.0.0"; HTTP_PORT = 6610; DOMAIN = forgejoDomain; ROOT_URL = "https://${forgejoDomain}/"; SSH_USER = "git"; SSH_DOMAIN = "ssh.pupbrained.xyz"; }; service = { DISABLE_REGISTRATION = false; SHOW_REGISTRATION_BUTTON = true; REGISTER_EMAIL_CONFIRM = false; ENABLE_NOTIFY_MAIL = true; }; session.COOKIE_SECURE = true; ui = { DEFAULT_THEME = "forgejo-auto"; }; "ui.meta".AUTHOR = "MarGit"; }; }; matrix-conduit = { enable = true; package = pkgs.conduwuit_git; settings.global.database_backend = "rocksdb"; settings.global.allow_registration = true; settings.global.address = "0.0.0.0"; settings.global.server_name = "pupbrained.xyz"; settings.global.registration_token = "blehh"; }; openssh = { enable = true; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; }; }; pipewire = { enable = true; pulse.enable = true; alsa = { enable = true; support32Bit = true; }; }; xserver = { enable = true; displayManager.gdm.enable = true; desktopManager.gnome.enable = true; layout = "us"; xkbVariant = ""; }; }; systemd.services.cloudflared = { description = "Point traffic to tunnel subdomain"; wantedBy = ["default.target"]; serviceConfig = { EnvironmentFile = config.age.secrets.token.path; Type = "oneshot"; ExecStart = "${lib.getExe pkgs.cloudflared} tunnel --no-autoupdate run"; }; }; users.users.marshall = { isNormalUser = true; shell = pkgs.fish; extraGroups = ["wheel" "libvirtd" "kvm"]; }; users.groups.git = {}; users.users.git = { isSystemUser = true; useDefaultShell = true; group = "git"; home = config.services.forgejo.stateDir; }; i18n = { defaultLocale = "en_US.UTF-8"; extraLocaleSettings = { LC_ADDRESS = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8"; }; }; }