{ inputs, outputs, lib, pkgs, config, ... }: { imports = [ #Jovian Nixos inputs.jovian.nixosModules.jovian # If you want to use modules your own flake exports (from modules/home-manager): # outputs.homeManagerModules.example inputs.home-manager.nixosModules.home-manager # Or modules exported from other flakes (such as nix-colors): # inputs.nix-colors.homeManagerModules.default # Import the shared settings ../../desktop/package-configs/firefox # You can also split up your configuration and import pieces of it here: # ./nvim.nix ./hardware-configuration.nix ../../../disko/shodan ./auto-mount.nix ]; boot = { tmp.cleanOnBoot = true; loader = { # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables # tss group has access to TPM devices # Lanzaboote currently replaces the systemd-boot module. # This setting is usually set to true in configuration.nix # generated at installation time. So we force it to false # for now. systemd-boot.enable = lib.mkForce false; systemd-boot.configurationLimit = 3; timeout = 0; efi.canTouchEfiVariables = true; }; initrd.systemd.enable = true; lanzaboote = { enable = true; pkiBundle = "/etc/secureboot"; }; consoleLogLevel = 0; kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"]; plymouth.enable = true; }; zramSwap.enable = false; networking = { domain = ""; # Enable networking networkmanager.enable = true; firewall.enable = true; firewall.allowedTCPPorts = [22]; hostName = "shodan"; wireguard.enable = true; wg-quick.interfaces = { wg0 = { autostart = true; address = ["10.0.0.4/24" "fdc9:281f:04d7:9ee9::4/64"]; dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"]; listenPort = 51821; privateKeyFile = config.sops.secrets."wg-private-key".path; peers = [ { publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg="; endpoint = "84.87.146.85:51821"; allowedIPs = ["0.0.0.0/0" "::/0"]; persistentKeepalive = 25; } ]; }; }; }; services = { openssh.enable = true; # Enables support for 32bit libs that steam uses # Enable the X11 windowing system. xserver.enable = true; # Enable the KDE Plasma Desktop Environment. desktopManager.plasma6.enable = true; avahi = { nssmdns4 = true; enable = true; ipv4 = true; ipv6 = true; publish = { enable = true; addresses = true; workstation = true; }; }; displayManager = { defaultSession = "plasma"; sddm.wayland.enable = lib.mkForce true; sddm.settings = { Autologin = { Session = "plasma.desktop"; User = "lillian"; }; }; }; # Enable flatpak support flatpak.enable = true; packagekit.enable = true; # Configure keymap in X11 xserver = { xkb.layout = "us"; xkb.variant = ""; }; # Enable CUPS to print documents. printing.enable = true; # Enable fwupd daemon and user space client fwupd.enable = true; pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; }; nixpkgs = { # You can add overlays here overlays = [ ]; # Configure your nixpkgs instance config = { # Disable if you don't want unfree packages allowUnfree = true; }; }; environment.systemPackages = with pkgs; [ # Custom tools auto-mount #System: btrfs-progs decky-loader efitools jq # noto-fonts # noto-fonts-emoji-blob-bin # noto-fonts-emoji qjackctl #rustdesk sbctl udisks util-linux waypipe python3 protonup-qt #KDE: krunner-translator # kdePackages.discover kdePackages.kcalc kdePackages.kdepim-addons kdePackages.kirigami kdePackages.kdeconnect-kde # kdePackages.krunner-ssh # kdePackages.krunner-symbols kdePackages.qtvirtualkeyboard kdePackages.packagekit-qt kdePackages.krdc kdePackages.krfb libportal #Gaming: heroic legendary-gl protontricks rare ]; jovian = { steam = { enable = true; autoStart = true; user = "lillian"; desktopSession = "plasma"; }; decky-loader = { enable = true; package = pkgs.decky-loader-prerelease; extraPackages = [pkgs.python3]; }; devices.steamdeck = { enable = true; autoUpdate = true; enableGyroDsuService = true; }; }; programs = { steam = lib.mkForce { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server extest.enable = true; }; kdeconnect.enable = true; noisetorch = { enable = true; }; git = { enable = true; }; }; # # Enable automounting of removable media # services.udisks2.enable = true; # services.devmon.enable = true; # services.gvfs.enable = true; # environment.variables.GIO_EXTRA_MODULES = lib.mkForce ["${pkgs.gvfs}/lib/gio/modules"]; # Set your time zone. time.timeZone = "Europe/Amsterdam"; hardware = { graphics.enable32Bit = true; # Enable bluetooth hardware bluetooth.enable = true; # Enable sound with pipewire. pulseaudio.enable = false; }; users.users.lillian.extraGroups = ["decky" "tss" "input"]; # Enable completion of system packages by zsh environment.pathsToLink = ["/share/zsh"]; home-manager = { extraSpecialArgs = {inherit inputs outputs;}; users = { # Import your home-manager configuration lillian = import ../../../home-manager/hosts/shodan; }; }; security = { rtkit.enable = true; tpm2 = { enable = true; pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so tctiEnvironment.enable = true; }; }; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion system.stateVersion = "24.11"; }