{ config, inputs, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "amdgpu" "zfs" ]; kernelPackages = pkgs.master.linuxPackages_6_14; kernelParams = [ "amdgpu.ppfeaturemask=0xfffd3fff" "split_lock_detect=off" ]; loader = { efi = { canTouchEfiVariables = true; efiSysMountPoint = "/efiboot/efi1"; }; systemd-boot = { enable = true; extraInstallCommands = '' ${pkgs.rsync}/bin/rsync -av --delete /efiboot/efi1/ /efiboot/efi2 ''; }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; zfs.package = pkgs.master.zfs; }; environment.systemPackages = [ pkgs.angband #pkgs.assaultcube pkgs.bsdgames pkgs.bzflag pkgs.extremetuxracer #pkgs.frozen-bubble pkgs.hedgewars pkgs.kobodeluxe pkgs.mailutils pkgs.moc pkgs.nethack #pkgs.openttd pkgs.qbittorrent-nox pkgs.rdiff-backup #pkgs.scorched3d pkgs.signal-desktop pkgs.superTux pkgs.superTuxKart pkgs.umoria pkgs.vial pkgs.warzone2100 #pkgs.wine9_22.wineWowPackages.stagingFull pkgs.wpa_supplicant pkgs.xonotic-sdl #pkgs.xpilot-ng ]; imports = [ ./disks.nix ./hardware-configuration.nix ./services.nix ../common/core ../common/optional/adb.nix ../common/optional/db.nix ../common/optional/dev.nix ../common/optional/ebooks.nix ../common/optional/games.nix ../common/optional/google-authenticator.nix ../common/optional/misc.nix ../common/optional/multimedia.nix ../common/optional/pipewire.nix ../common/optional/sdr.nix ../common/optional/services/chrony.nix ../common/optional/services/openssh.nix ../common/optional/services/xorg.nix ../common/optional/sound.nix ../common/optional/wdt.nix ../common/optional/zfs.nix ../common/users/nipsy ../common/users/root ]; networking = { defaultGateway = { address = "192.168.1.1"; interface = "wlp15s0"; }; domain = "bitgnome.net"; hostId = "8981d1e5"; hostName = "caladan"; interfaces = { wlp15s0 = { ipv4.addresses = [ { address = "192.168.1.4"; prefixLength = 24; } ]; }; }; nameservers = [ "192.168.1.1" ]; nftables.enable = true; useDHCP = false; wireless = { enable = true; networks = { "Crystal Palace" = { pskRaw = "ext:psk_crystal_palace"; }; }; secretsFile = "${config.sops.secrets."wpa_supplicant".path}"; }; }; nixpkgs = { config = { allowUnfree = true; }; hostPlatform = "x86_64-linux"; overlays = [ #inputs.nvidia-patch.overlays.default outputs.overlays.additions outputs.overlays.modifications outputs.overlays.master-packages outputs.overlays.stable-packages #outputs.overlays.wine9_22-packages ]; }; services.openssh.settings.X11Forwarding = true; services.xserver.videoDrivers = [ "amdgpu" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; defaultSopsFile = ../secrets/caladan.yaml; secrets = { "nftables/ssh" = {}; "nix-access-token-github" = {}; "ssh_config".path = "/root/.ssh/config"; "wpa_supplicant" = {}; }; }; system.stateVersion = "23.11"; systemd.services = { "nftables-extra" = let rules_script = '' ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 5121 counter accept # Neverwinter Nights Server' ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 15637 counter accept # Enshrouded' ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} ''; in { description = "nftables extra firewall rules"; reload = rules_script; script = rules_script; serviceConfig = { RemainAfterExit = true; Type = "oneshot"; }; unitConfig = { ConditionPathExists = [ config.sops.secrets."nftables/ssh".path ]; ReloadPropagatedFrom = "nftables.service"; }; wantedBy = [ "multi-user.target" ]; after = [ "nftables.service" ]; partOf = [ "nftables.service" ]; }; }; }