{ config, lib, pkgs, ... }: with lib; { imports = [ ./hidden.nix ]; nixfiles.modules = { ark.enable = true; wireguard.client.enable = true; ipfs.enable = true; syncthing.enable = true; openssh.server.enable = true; android.enable = true; beets.enable = true; bluetooth.enable = true; games = { lutris.enable = true; minecraft.client.enable = true; steam.enable = true; steam-run.quirks.blackIsleStudios = true; }; libvirtd.enable = true; mpd.enable = true; qutebrowser.enable = true; }; hm = { home.packages = with pkgs; [ anki gzdoom iaito kdenlive obs-studio openmw openttd qbittorrent qzdl radeontop vcmi vesktop vial xonotic ]; programs = { beets.settings.directory = mkForce "/mnt/udata/music"; mpv.config = { gpu-api = "vulkan"; profile = "gpu-hq"; vo = "gpu-next"; }; }; services.mpd.musicDirectory = mkForce "/mnt/udata/music"; }; services = { smartd = { enable = true; notifications.mail = { enable = true; sender = "admin+smartd@${my.domain.shire}"; recipient = "admin+smartd@${my.domain.shire}"; }; }; openssh.settings = { KbdInteractiveAuthentication = mkForce true; PasswordAuthentication = mkForce true; }; udev.packages = with pkgs; [vial]; }; # Usually stuff that is going to be compiled on this machine is going to have # parallelisation support enabled, so we will make sure that all cores are # utilised and limit the job queue to one. nix.settings = { max-jobs = 1; cores = 32; }; # Required[1] for using ZFS kernel modules with "unsupported" kernels. # # [1]: https://github.com/NixOS/nixpkgs/pull/121113#issuecomment-830003344 # [1]: https://github.com/NixOS/nixpkgs/pull/230498#issuecomment-1551328615 nixpkgs.config.allowBroken = true; boot = { kernelPackages = pkgs.linuxPackages_xanmod_latest; kernelParams = [ # Silence benign MCE errors: # ``` # mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 29: ffffffffffffffff # mce: [Hardware Error]: TSC 0 MISC ff1fffffffffffff SYND ffffffffffffffff IPID ffffffffffffffff # mce: [Hardware Error]: PROCESSOR 2:a60f12 TIME 1669988017 SOCKET 0 APIC 2 microcode a601201 # ``` "mce=nobootlog" # This disables[1] User Mode Instruction Protection (UMIP)[2]. This is # required for some games to run via Wine. # # [1]: https://docs.kernel.org/x86/cpuinfo.html # [2]: https://en.wikichip.org/wiki/x86/umip "clearcpuid=514" ]; # https://wiki.archlinux.org/title/improving_performance#Watchdogs blacklistedKernelModules = ["sp5100_tco"]; # The boot drive is Samsung SSD 980 PRO 2TB. initrd.kernelModules = ["nvme"]; # These pools were configured manually with a specific mountpoint. zfs.extraPools = ["udata" "vdata"]; }; # Filesystem creation: # ``` # mkfs.vfat -F 32 -l nixos-boot /dev/nvmeXnYpZ # # zpool create # -o ashift=12 # -o autotrim=on # -O acltype=posixacl # -O xattr=sa # -O compression=zstd # -O mountpoint=none # nixos # /dev/nvmeXnYpZ # # zfs create # nixos/root # # zfs create # -o encryption=aes-256-gcm # -o keyformat=passphrase # -o mountpoint=legacy # nixos/root/ark # # zfs create # -o mountpoint=legacy # nixos/root/nix # ``` # # physical structure (backside): # [ 1 ] [ 2 ] [ 3 ] # 1: disk/by-id/ata-WDC_WD20SPZX-22UA7T0_WD-WXP2E3163YW6 # 2: disk/by-id/ata-WDC_WD20SPZX-22UA7T0_WD-WXN2E312R5HP # 3: disk/by-id/ata-WDC_WD20SPZX-22UA7T0_WD-WXP2E311E6P2 # # physical structure (mobo M.2): # [ 1 ] # [ 2 ] # 1: disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENF0R872526A # 2: disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENX0T807723X fileSystems = { "/" = { device = "none"; fsType = "tmpfs"; options = ["size=8G" "mode=755"]; }; "/boot" = { device = "/dev/disk/by-uuid/1363-02E6"; fsType = "vfat"; }; "/nix" = { device = "nixos/root/nix"; fsType = "zfs"; options = ["noatime"]; }; ${config.ark.path} = { device = "nixos/root/ark"; fsType = "zfs"; neededForBoot = true; # Required by impermanence. }; # Required[1] when using impermanence with agenix. Filesystem itself is # defined as an `ark.directory` in `nixos/common/users.nix`. # # [1]: https://github.com/ryantm/agenix/issues/45#issuecomment-847852593 # [1]: https://github.com/nix-community/impermanence/issues/22 # [1]: https://github.com/NixOS/nixpkgs/pull/86967#pullrequestreview-667929259 "/home/${my.username}" = { depends = [config.ark.path]; neededForBoot = true; }; }; # No swap space is declared here because the system already has 128Gb of RAM. # I've only manage to hit around 100Gb mark when running large # computations/compiling something big. Pretty sure that a hefty chunk of it # was just cache and it wouldn't make me get to OOM situations. }