nix-config/systems/x86_64-linux/nas/default.nix

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{
  pkgs,
  namespace,
  ...
}:
{
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
    ./filesystems.nix
    ./boot.nix
    ./apps.nix
    ./grafana.nix
    # ./networking.nix - moved to modules/nixos/network
    ./ups.nix
    ./users.nix
    ./samba.nix
    ./services.nix
    ./sops.nix
  ];

  services.kmscon.enable = true;

  powerManagement.cpuFreqGovernor = "powersave";

  ${namespace} = {
    bootloader.lanzaboote.enable = true;
    impermanence.enable = true;
    desktop.cosmic.enable = false;
    development = {
      enable = true;
      includeLanguages = [
        "python"
        "c"
      ];
      includeContainers = true;
    };
    monitoring.enable = true;
    hardware.nvidia = {
      enable = true;
      enableBeta = true;
      enableOpen = true;
      nvidiaSettings = true;
      enableNvidiaDocker = true;
    };
    network = {
      hostName = "jallen-nas";
      ipv4 = {
        address = "10.0.1.3/24";
        method = "manual";
        gateway = "10.0.1.1";
        interface = "wlp6s0";
      };
      useNetworkd = true;
      hostId = "4b501480";
      nat = {
        enable = true;
        internalInterfaces = [ "ve-+" ];
        externalInterface = "wlp6s0";
        enableIPv6 = true;
      };
      firewall = {
        enable = true;
        allowPing = true;
        trustedInterfaces = [ "tailscale0" ];
      };
    };
    user = {
      name = "admin";
      linger = true;
    };
  };

  security.tpm2 = {
    enable = true;
  };

  # Configure environment
  environment = {
    systemPackages = with pkgs; [
      attic-client
      bcachefs-tools
      cryptsetup
      clevis
      deconz
      duperemove
      efibootmgr
      ffmpeg
      ipset
      llama-cpp
      networkmanagerapplet
      nut
      packagekit
      pass
      protonmail-bridge
      protonvpn-cli
      python3Packages.llama-cpp-python
      qrencode
      rcon
      sbctl
      tigervnc
      tpm2-tools
      tpm2-tss
    ];
  };

  # Configure programs
  programs = {
    virt-manager.enable = true;
    coolercontrol = {
      enable = true;
      nvidiaSupport = true;
    };
  };

  # Additional virtualization beyond what's in development module
  virtualisation.libvirtd.enable = true;
}