# edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { config, lib, pkgs, paths, self, keys, ... }: { # NAS Mounting hoardingcow-mount.enable = true; # Flakesss nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.trusted-users = [ "root" "gortium" ]; # Garbage collection nix.gc = { automatic = true; dates = "daily"; # You can also use "daily" or a cron-like spec options = "--delete-older-than 30d"; }; nix.settings = { keep-derivations = true; keep-outputs = true; auto-optimise-store = true; }; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = false; # 1. Force the kernel to ignore BIOS resource locks boot.kernelParams = [ "acpi_enforce_resources=lax" "nct6775.force_id=0xd120" # This forces the driver to ignore BIOS locks for NCT6116 "transparent_hugepage=always" # because mucho ram ]; # 2. Load the specific drivers found by sensors-detect boot.kernelModules = [ "nct6775" "lm96163" ]; # 3. Force the nct6775 driver to recognize the chip if it's stubborn boot.extraModprobeConfig = '' options nct6775 force_id=0xd280 ''; boot.blacklistedKernelModules = [ "eeepc_wmi" ]; networking.hostName = "lazyworkhorse"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. networking.hostId = "deadbeef"; # Set your time zone. time.timeZone = "America/Montreal"; # Locales i18n.defaultLocale = "en_CA.UTF-8"; i18n.supportedLocales = [ "en_CA.UTF-8/UTF-8" ]; i18n.extraLocaleSettings = { LC_ADDRESS = "en_CA.UTF-8"; LC_IDENTIFICATION = "en_CA.UTF-8"; LC_MEASUREMENT = "en_CA.UTF-8"; LC_MONETARY = "en_CA.UTF-8"; LC_NAME = "en_CA.UTF-8"; LC_NUMERIC = "en_CA.UTF-8"; LC_PAPER = "en_CA.UTF-8"; LC_TELEPHONE = "en_CA.UTF-8"; LC_TIME = "en_CA.UTF-8"; LC_CTYPE = "en_CA.UTF-8"; }; programs.zsh = { enable = true; autosuggestions.enable = true; syntaxHighlighting.enable = true; enableCompletion = true; setOptions = [ "HIST_IGNORE_ALL_DUPS" "SHARE_HISTORY" ]; }; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Select internationalisation properties. # i18n.defaultLocale = "en_US.UTF-8"; # console = { # font = "Lat2-Terminus16"; # keyMap = "us"; # useXkbConfig = true; # use xkb.options in tty. # }; # Configure keymap in X11 # services.xserver.xkb.layout = "us"; # services.xserver.xkb.options = "eurosign:e,caps:escape"; # Enable CUPS to print documents. services.printing.enable = true; # Enable sound. # services.pulseaudio.enable = true; # OR services.pipewire = { enable = true; pulse.enable = true; }; # Nix Helper cli tool environment.sessionVariables = { NH_FLAKE = paths.flake; }; # Enable touchpad support (enabled default in most desktopManager). # services.libinput.enable = true; # nvim please environment.variables.EDITOR = "nvim"; # List packages installed in system profile. # You can use https://Search.nixos.org/ to find more packages (and options). environment.systemPackages = with pkgs; [ neovim docker-compose wget age agenix git lm_sensors rocmPackages.rocminfo rocmPackages.rocm-smi clinfo ncurses kitty.terminfo ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # List services that you want to enable: # Enable the OpenSSH daemon services.openssh = { enable = true; ports = [ 22 2424 ]; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; PermitRootLogin = "prohibit-password"; }; hostKeys = [ { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; } ]; }; # services.ollama = { # enable = true; # acceleration = "rocm"; # # Optional: force Ollama to use the MI50 target # rocmOverrideGfx = "9.0.6"; # environmentVariables = { # ROCR_VISIBLE_DEVICES = "0,1"; # # This helps with memory allocation on dual-GPU setups # HSA_ENABLE_SDMA = "0"; # }; # }; services.dockerStacks = { versioncontrol = { path = self + "/assets/compose/versioncontrol"; ports = [ 2222 ]; }; network = { path = self + "/assets/compose/network"; envFile = config.age.secrets.containers_env.path; ports = [ 80 443 ]; }; passwordmanager = { path = self + "/assets/compose/passwordmanager"; }; ai = { path = self + "/assets/compose/ai"; envFile = config.age.secrets.containers_env.path; }; cloudstorage = { path = self + "/assets/compose/cloudstorage"; envFile = config.age.secrets.containers_env.path; }; homeautomation = { path = self + "/assets/compose/homeautomation"; envFile = config.age.secrets.containers_env.path; }; }; services.opencode = { enable = true; port = 4099; ollamaUrl = "http://127.0.0.1:11434/v1"; }; # services.systemd-fancon = { # enable = true; # config = '' # [MI50_Cooling] # # The lm96163 controller # hwmon = hwmon0 # # Most lm96163 chips use pwm1 for the main fan header # pwm = 1 # pwm = 2 # # Watch both MI50 cards # sensor = hwmon3/temp1_input # sensor = hwmon4/temp1_input # # Servers cards need air early! # # Starts spinning at 40C, full blast by 70C # curve = 40:60 55:160 70:255 # ''; # }; # Private host ssh key managed by agenix age = { identityPaths = paths.identities; secrets = { containers_env = { file = ../../secrets/containers.env.age; path = "/run/secrets/containers.env"; owner = "root"; group = "root"; mode = "0400"; }; lazyworkhorse_host_ssh_key = { file = ../../secrets/lazyworkhorse_host_ssh_key.age; owner = "root"; group = "root"; mode = "0600"; path = "/etc/ssh/ssh_host_ed25519_key"; }; n8n_ssh_key = { file = ../../secrets/n8n_ssh_key.age; owner = "root"; group = "root"; mode = "0600"; path = "/home/n8n-worker/.ssh/n8n_ssh_key"; }; }; }; # Public host ssh key (kept in sync with the private one) environment.etc."ssh/ssh_host_ed25519_key.pub".text = "${keys.hosts.lazyworkhorse.main}"; services.fstrim.enable = true; services.zfs.autoSnapshot.enable = true; services.zfs.autoScrub.enable = true; # Mi50 config hardware.graphics = { enable = true; enable32Bit = true; # Useful for some compatibility layers extraPackages = with pkgs; [ rocmPackages.clr.icd # OpenCL/HIP runtime amdvlk # Vulkan drivers ]; }; nixpkgs.config.rocmTargets = [ "gfx906" ]; environment.variables = { # This "tricks" ROCm into supporting the MI50 if using newer versions HSA_OVERRIDE_GFX_VERSION = "9.0.6"; # Ensures the system sees both GPUs HIP_VISIBLE_DEVICES = "0,1"; }; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any reason, # even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how # to actually do that. # # This value being lower than the current NixOS release does NOT mean your system is # out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, # and migrated your data accordingly. # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "25.05"; # Did you read the comment? }