configuration/hosts/main/nixos.nix

{ config, lib, pkgs, ... }:

{
  imports = [
    ../../common/nixos.nix
    <nixos-hardware/lenovo/thinkpad/p14s/amd/gen2>
    /etc/nixos/hardware-configuration.nix
    ./local/nixos.nix
  ];

  # Nix
  system.stateVersion = "21.05"; # Permanent
  nixpkgs = import ./nixpkgs.nix;

  # Filesystems
  services.fstrim.enable = true;
  # TODO: Set `chattr +i` on intermittent mount points
  fileSystems = {
    "/home/ak/annex" = {
      device = "closet:/mnt/hdd/home-ak-annex";
      fsType = "nfs";
      options = [ "noauto" "user" ];
    };

    "/home/ak/services-hdd" = {
      device = "closet:/mnt/hdd/services";
      fsType = "nfs";
      options = [ "noauto" "user" ];
    };

    "/home/ak/services-ssd" = {
      device = "closet:/mnt/ssd/services";
      fsType = "nfs";
      options = [ "noauto" "user" ];
    };
  };
  # Workaround for:
  #   - https://github.com/NixOS/nixpkgs/issues/24913
  #   - https://github.com/NixOS/nixpkgs/issues/9848
  security.wrappers = {
    "mount.nfs" = {
      source = "${pkgs.nfs-utils}/bin/mount.nfs";
      owner = "root"; group = "root"; setuid = true;
    };
    "umount.nfs" = {
      source = "${pkgs.nfs-utils}/bin/umount.nfs";
      owner = "root"; group = "root"; setuid = true;
    };
  };

  # Networking
  networking.hostName = "main";
  networking.domain = "home.arpa";
  networking.search = [ "home.arpa" ];
  systemd.network.links = {
    "10-dock".linkConfig.Name = "dock";
    "10-jack".linkConfig.Name = "jack";
    "10-wifi".linkConfig.Name = "wifi";
  };
  networking.interfaces.dock.useDHCP = true;
  networking.interfaces.jack.useDHCP = true;
  networking.interfaces.wifi.useDHCP = true;

  # Keyboard
  kmonad.keyboards.default = {
    device = "/dev/input/by-path/platform-i8042-serio-0-event-kbd";
    config = builtins.readFile ./halmakish.kbd;
  };

  # Authentication
  security.pam.u2f.appId = "pam://main";

  # Mail
  services.postfix.mapFiles.smtp_sasl_password_maps = ./local/smtp-sasl-password-maps;

  # Backup
  systemd.services.mirror.script = builtins.readFile ./local/mirror.sh;
}