Flatten dir structure

machines/hephaestus/configuration.nix

@@ -0,0 +1,187 @@
+{
+  config,
+  pkgs,
+  unstable,
+  ...
+}: let
+  gnomeExtensions = with pkgs.gnomeExtensions; [
+    appindicator
+    bluetooth-quick-connect
+    blur-my-shell
+    caffeine
+    clipboard-indicator
+    dash-to-dock
+    grand-theft-focus
+    notification-banner-reloaded
+    quick-settings-tweaker
+    tailscale-status
+    tray-icons-reloaded
+  ];
+in {
+  imports = [./hardware.nix];
+
+  hardware.opengl.enable = true;
+
+  nixpkgs.config.allowUnfree = true;
+
+  networking = {
+    iproute2.enable = true;
+    hostName = "hephaestus";
+    interfaces.enp34s0 = {
+      useDHCP = true;
+    };
+    firewall = {
+      allowedUDPPorts = [
+        41641 # tailscale
+      ];
+    };
+    firewall = {
+      allowPing = false;
+      enable = true;
+      checkReversePath = "loose";
+      trustedInterfaces = ["tailscale0"];
+    };
+  };
+
+  systemd.services.NetworkManager-wait-online.enable = false;
+
+  boot.kernelPackages = pkgs.linuxPackages;
+  boot.supportedFilesystems = ["ntfs"];
+
+  system = {
+    autoUpgrade.enable = true;
+    stateVersion = "23.11";
+  };
+
+  nix = {
+    extraOptions = "experimental-features = nix-command flakes";
+    package = pkgs.nixUnstable;
+  };
+
+  users.users.dave = {
+    isNormalUser = true;
+    extraGroups = ["docker" "wheel" "libvirtd" "corectrl"];
+    shell = pkgs.zsh;
+  };
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  time.timeZone = "America/Toronto";
+
+  hardware.pulseaudio.enable = true;
+
+  # Vulkan
+  hardware.opengl.driSupport = true;
+  hardware.opengl.driSupport32Bit = true;
+
+  # Steam
+  hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [libva];
+  hardware.pulseaudio.support32Bit = true;
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+    dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+  };
+
+  virtualisation = {
+    docker.enable = true;
+    libvirtd.enable = true;
+    podman.enable = true;
+  };
+
+  programs = {
+    corectrl.enable = true;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+    zsh.enable = true;
+  };
+
+  services = {
+    avahi = {
+      enable = true;
+      nssmdns = true;
+      publish = {
+        enable = true;
+        addresses = true;
+        domain = true;
+        hinfo = true;
+        userServices = true;
+        workstation = true;
+      };
+    };
+    gnome.gnome-keyring.enable = true;
+    mullvad-vpn.enable = false;
+    printing.enable = true;
+    resolved.enable = true;
+    sshd.enable = true;
+    tailscale.enable = true;
+    xserver.videoDrivers = ["amdgpu"];
+    xserver = {
+      enable = true;
+      displayManager = {
+        gdm = {
+          enable = true;
+          wayland = false;
+        };
+      };
+      desktopManager = {
+        gnome = {
+          enable = true;
+        };
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs;
+    [
+      android-tools
+      bitwarden
+      cryptsetup
+      deja-dup
+      discord
+      docker
+      docker-compose
+      foliate
+      ghostscript
+      gimp-with-plugins
+      glibcLocales
+      gnome.gnome-tweaks
+      iputils
+      kazam
+      legendary-gl
+      lm_sensors
+      mullvad-vpn
+      netdata
+      nfs-utils
+      pavucontrol
+      pinentry-curses
+      podman
+      psst
+      qemu
+      rustup
+      ryujinx
+      strace
+      tailscale
+      traceroute
+      ungoogled-chromium
+      unstable.logseq
+      unstable.obsidian
+      unstable.signal-desktop
+      unstable.yuzu
+      unstable.zoom-us
+      usbutils
+      virt-manager
+      vlc
+      whois
+      wine
+      wine64
+      wireshark-qt
+    ]
+    ++ gnomeExtensions;
+}

machines/hephaestus/hardware.nix

@@ -0,0 +1,78 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  boot.initrd.availableKernelModules = [
+    "ahci"
+    "nvme"
+    "sd_mod"
+    "usb_storage"
+    "usbhid"
+    "xhci_pci"
+  ];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-amd"];
+  boot.extraModulePackages = with config.boot.kernelPackages; [
+    xpadneo
+  ];
+
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+
+  boot.loader.grub = {
+    enable = true;
+    device = "nodev";
+    efiSupport = true;
+    enableCryptodisk = true;
+  };
+
+  boot.initrd = {
+    luks.devices."root" = {
+      allowDiscards = true;
+      device = "/dev/disk/by-uuid/21cd166c-1528-49a4-b31b-0d408d48aa80";
+      preLVM = true;
+      keyFile = "./keyfile0.bin";
+    };
+    secrets = {
+      "keyfile0.bin" = "/etc/secrets/initrd/keyfile0.bin";
+    };
+  };
+
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/a6723178-6f18-428e-b541-9ac901861125";
+    fsType = "ext4";
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/e3ab2e1a-bddf-4ae0-b00a-bf954c6c182b";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot/efi" = {
+    device = "/dev/disk/by-uuid/3CFD-D749";
+    fsType = "vfat";
+  };
+
+  fileSystems."/mnt/synology-2b/media" = {
+    device = "192.168.1.178:/volume1/Media";
+    fsType = "nfs";
+  };
+
+  fileSystems."/mnt/synology-2b/backups" = {
+    device = "192.168.1.178:/volume1/Backups";
+    fsType = "nfs";
+  };
+
+  swapDevices = [
+    {device = "/dev/disk/by-uuid/5d6d0388-2b15-4ff1-9f0f-391818a76090";}
+  ];
+}