{ config, pkgs, lib, ... }: { imports = [ ./acme.nix ./attic ./docker ./gitea.nix ./firewall.nix ./haproxy ./hardware-changes.nix ./hydra.nix ./minio.nix ./networking.nix ./nextcloud.nix ./samba.nix ./postgresql.nix ./zfs.nix ]; programs.git.lfs.enable = false; nixpkgs.config.packageOverrides = pkgs: { vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; }; boot = { loader.grub.device = "/dev/sda"; useSystemdBoot = true; kernelParams = [ "i915.force_probe=56a5" "i915.enable_guc=2" ]; kernel.sysctl = { "vm.overcommit_memory" = lib.mkForce 1; "vm.swappiness" = 10; }; binfmt.emulatedSystems = [ "aarch64-linux" ]; }; hardware = { enableAllFirmware = true; graphics = { enable = true; extraPackages = with pkgs; [ intel-media-driver # LIBVA_DRIVER_NAME=iHD vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) vaapiVdpau libvdpau-va-gl intel-compute-runtime intel-media-sdk ]; }; }; environment.systemPackages = with pkgs; [ chromedriver chromium docker-compose intel-gpu-tools jellyfin-ffmpeg jq yt-dlp yq ]; services = { samba.enable = true; nfs.server.enable = true; openssh.ports = [ 666 ]; smartd.enable = true; calibre-server.enable = false; }; nix.gc.options = "--delete-older-than 150d"; # TODO: revert this once UPS is plugged in # Not reverting this before the merge as the UPS not being plugged in is # causing upgrades to fail power.ups = { enable = false; ups."LX1325GU3" = { driver = "usbhid-ups"; port = "auto"; description = "CyberPower LX1325GU3"; }; users.upsmon = { passwordFile = config.sops.secrets."upsmon/password".path; upsmon = "primary"; }; upsmon.monitor."LX1325GU3".user = "upsmon"; }; sops = { defaultSopsFile = ./secrets.yaml; secrets = { "postgres/init".owner = "postgres"; "upsmon/password".owner = "root"; }; }; system.stateVersion = "23.05"; }