nix-config-v2/modules/machine/valefor/configuration.nix

{
  config,
  lib,
  pkgs,
  userName,
  ...
}: {
  imports = [
    ../../graphics
    ../../pwrMgmt
    ../../networking/core.nix
    ../../networking/dns.nix
    ../../virtualization/podman.nix
  ];

  # Enable flakes for NixOS
  nix.settings.experimental-features = ["nix-command" "flakes"];

  # Custom kernel/boot stuff
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # Enable Bluetooth if present
  hardware.bluetooth.enable = true;

  # Set your timezone
  time.timeZone = "America/Detroit";

  # Install packages to be installed system-wide
  environment.systemPackages = with pkgs; [
    vim
    neovim
    git
    patchelf
    nix-ld
  ];

  # Set the EDITOR global environment variable to neovim
  environment.variables.EDITOR = "nvim";

  # Enable OpenSSH
  services.openssh.enable = true;

  # Enable keyring
  services.gnome.gnome-keyring.enable = true;

  # Enable GnuPG
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

  # Enable SUID wrappers (some programs need them)
  programs.mtr.enable = true;

  # Enable Polkit
  security.polkit.enable = true;

  # Graphics module (../../graphics/default.nix)
  graphics = {
    enable = true;
    gpuVendor = "intel";
    wayland.enable = true;
    vulkan.enable = true;
  };

  # Power management (see ../../pwrMgmt/default.nix)
  pwrMgmt = {
    enable = true;
    cpuFreqGovernor = "performance";
    powertop.enable = false;
  };

  # Podman module (see ../../virtualization/podman.nix)
  podman = {
    enable = true;
    extraPackages = with pkgs; [
      docker-credential-helpers
      toolbox
      cosign
      crane
      podman-tui
      podman-desktop
    ];
  };

  # Core networking module (see ../../networking/core.nix)
  network = {
    firewall = {
      enable = true;
      tcpPorts = {
        allowedPorts = [8123];
      };
    };
    networkManager.enable = true;
  };

  # DNS module (see ../../networking/dns.nix)
  dns = {
    technitium.enable = true;
  };

  # Add username to groups "wheel" and "video" - more may be added here later
  users.users.${userName} = { 
    extraGroups = ["wheel" "podman" "network"]; 
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFV9eSc9L+aJLoKoexq2f/jb5rpyZnhuGiyhS8YQAbaS wyatt@wyattjmiller.com"
    ];
  };

  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFV9eSc9L+aJLoKoexq2f/jb5rpyZnhuGiyhS8YQAbaS wyatt@wyattjmiller.com"
  ];

  # Add Home Assistant service
  services.home-assistant = {
    enable = true;
    extraComponents = [
      "esphome"
      "met"
      "radio_browser"
      "homeassistant_hardware"
      "zha"
      "group"
      "mikrotik"
    ];
    config = {
      # Includes dependencies for a basic setup
      # https://www.home-assistant.io/integrations/default_config/
      default_config = {};
    };
  };

  security.sudo.wheelNeedsPassword = false;

  system.stateVersion = "24.11";
}
wip: added valefor machine config 2025-01-04 16:02:31 -05:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`userName,`
			`...`
			`}: {`
			`imports = [`
			`../../graphics`
			`../../pwrMgmt`
			`../../networking/core.nix`
			`../../networking/dns.nix`
			`../../virtualization/podman.nix`
			`];`

			`# Enable flakes for NixOS`
			`nix.settings.experimental-features = ["nix-command" "flakes"];`

			`# Custom kernel/boot stuff`
			`boot.kernelPackages = pkgs.linuxPackages_latest;`
			`boot.loader.systemd-boot.enable = true;`
			`boot.loader.efi.canTouchEfiVariables = true;`

			`# Enable Bluetooth if present`
			`hardware.bluetooth.enable = true;`

			`# Set your timezone`
			`time.timeZone = "America/Detroit";`

			`# Install packages to be installed system-wide`
			`environment.systemPackages = with pkgs; [`
			`vim`
			`neovim`
			`git`
			`patchelf`
use nixpkgs nix-ld 2025-02-09 15:36:24 -05:00			`nix-ld`
wip: added valefor machine config 2025-01-04 16:02:31 -05:00			`];`

			`# Set the EDITOR global environment variable to neovim`
			`environment.variables.EDITOR = "nvim";`

			`# Enable OpenSSH`
			`services.openssh.enable = true;`

			`# Enable keyring`
			`services.gnome.gnome-keyring.enable = true;`

			`# Enable GnuPG`
			`programs.gnupg.agent = {`
			`enable = true;`
			`enableSSHSupport = true;`
			`};`

			`# Enable SUID wrappers (some programs need them)`
			`programs.mtr.enable = true;`

			`# Enable Polkit`
			`security.polkit.enable = true;`

			`# Graphics module (../../graphics/default.nix)`
			`graphics = {`
			`enable = true;`
			`gpuVendor = "intel";`
			`wayland.enable = true;`
			`vulkan.enable = true;`
			`};`

			`# Power management (see ../../pwrMgmt/default.nix)`
			`pwrMgmt = {`
			`enable = true;`
			`cpuFreqGovernor = "performance";`
			`powertop.enable = false;`
			`};`

			`# Podman module (see ../../virtualization/podman.nix)`
			`podman = {`
			`enable = true;`
			`extraPackages = with pkgs; [`
			`docker-credential-helpers`
			`toolbox`
			`cosign`
			`crane`
			`podman-tui`
			`podman-desktop`
			`];`
			`};`

			`# Core networking module (see ../../networking/core.nix)`
redefining custom networking namespace 2025-01-04 19:07:36 -05:00			`network = {`
allowed custom tcp ports 2025-06-24 12:54:13 -04:00			`firewall = {`
			`enable = true;`
			`tcpPorts = {`
			`allowedPorts = [8123];`
			`};`
			`};`
fixed dns, modified config for valefor 2025-01-07 18:15:49 -05:00			`networkManager.enable = true;`
wip: added valefor machine config 2025-01-04 16:02:31 -05:00			`};`

			`# DNS module (see ../../networking/dns.nix)`
			`dns = {`
fixed bind interfaces 2025-01-04 18:51:51 -05:00			`technitium.enable = true;`
wip: added valefor machine config 2025-01-04 16:02:31 -05:00			`};`

			`# Add username to groups "wheel" and "video" - more may be added here later`
fixed openssh keys, trying out roles 2025-06-24 18:54:44 -04:00			`users.users.${userName} = {`
			`extraGroups = ["wheel" "podman" "network"];`
things 2025-06-24 19:27:32 -04:00			`openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFV9eSc9L+aJLoKoexq2f/jb5rpyZnhuGiyhS8YQAbaS wyatt@wyattjmiller.com"`
			`];`
fixed openssh keys, trying out roles 2025-06-24 18:54:44 -04:00			`};`
wip: added valefor machine config 2025-01-04 16:02:31 -05:00
stuff and things 2025-06-24 20:35:38 -04:00			`users.users.root.openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFV9eSc9L+aJLoKoexq2f/jb5rpyZnhuGiyhS8YQAbaS wyatt@wyattjmiller.com"`
			`];`

added home assistant might move into one of the existing modules 2025-06-24 12:48:54 -04:00			`# Add Home Assistant service`
			`services.home-assistant = {`
			`enable = true;`
			`extraComponents = [`
			`"esphome"`
			`"met"`
			`"radio_browser"`
stopping here for a while 2025-06-25 22:03:38 -04:00			`"homeassistant_hardware"`
			`"zha"`
			`"group"`
			`"mikrotik"`
added home assistant might move into one of the existing modules 2025-06-24 12:48:54 -04:00			`];`
			`config = {`
			`# Includes dependencies for a basic setup`
			`# https://www.home-assistant.io/integrations/default_config/`
			`default_config = {};`
			`};`
			`};`

getting ready for remote deployment 2025-06-24 18:48:28 -04:00			`security.sudo.wheelNeedsPassword = false;`

wip: added valefor machine config 2025-01-04 16:02:31 -05:00			`system.stateVersion = "24.11";`
			`}`