{ config, pkgs, ... }: with lib; let psCfg = config.pub-solar; xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { hardware.cpu.amd.updateMicrocode = true; hardware.opengl.extraPackages = with pkgs; [ rocm-opencl-icd rocm-opencl-runtime ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; pub-solar.paranoia.enable = true; pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; pub-solar.core.hibernation.resumeOffset = 115075072; pub-solar.paperless.sync.masterNode = true; age.secrets."drone-runner-exec-config" = { file = "${self}/secrets/drone-runner-exec-config"; mode = "400"; owner = psCfg.user.name; }; pub-solar.docker-ci-runner = { enable = true; runnerVarsFile = config.age.secrets.drone-runner-exec-config.path; }; pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004"; services.openssh.openFirewall = true; networking.firewall.allowedTCPPorts = [443] ++ ( if psCfg.sway.vnc.enable then [5901] else [] ); networking.firewall.allowedUDPPorts = [43050]; environment.systemPackages = with pkgs; [ wayvnc drone-docker-runner stdenv.cc.cc.lib pkgs.hplip ]; age.secrets."vnc-key.pem" = { file = "${self}/secrets/vnc-key-chocolatebar.pem"; mode = "400"; owner = psCfg.user.name; }; age.secrets."vnc-cert.pem" = { file = "${self}/secrets/vnc-cert-chocolatebar.pem"; mode = "400"; owner = psCfg.user.name; }; pub-solar.sway.vnc.enable = true; services.printing.drivers = [ pkgs.cups-brother-hl3140cw ]; services.udev.extraRules = '' SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0" ''; home-manager.users."${psCfg.user.name}" = { xdg.configFile = mkIf psCfg.sway.enable { "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; }; home.sessionVariables = { NIX_CC = "${pkgs.stdenv.cc}"; }; home.packages = with pkgs; [ lmms audacity ]; }; musnix = { enable = true; kernel.realtime = true; }; # For OpenProject development with https security.pki.certificates = [ (builtins.readFile ./step-roots.pem) ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "20.09"; # Did you read the comment? }