sif: import config

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-01-02 20:53:17 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-01-03 16:21:34 +0100
commit: f6e600c20d6a97ebeda23fa2bb5621646222b2b0 (patch)
tree: 5551a23218db79e3edbf41557b474121f0745821 /hosts/sif/default.nix
parent: f4fa33d0d258c4f66f804ed3fc3be590d8039e6e (diff)
download: nixos-f6e600c20d6a97ebeda23fa2bb5621646222b2b0.tar
nixos-f6e600c20d6a97ebeda23fa2bb5621646222b2b0.tar.gz
nixos-f6e600c20d6a97ebeda23fa2bb5621646222b2b0.tar.bz2
nixos-f6e600c20d6a97ebeda23fa2bb5621646222b2b0.tar.xz
nixos-f6e600c20d6a97ebeda23fa2bb5621646222b2b0.zip
1 files changed, 295 insertions, 0 deletions
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
new file mode 100644
index 00000000..4e9826bd
--- /dev/null
+++ b/hosts/sif/default.nix
@@ -0,0 +1,295 @@
+{ flake, pkgs, customUtils, lib, config, ... }:
+{
+  imports = with flake.nixosModules.systemProfiles; [
+    ./hw.nix
+    ./mail
+    initrd-all-crypto-modules default-locale openssh
+  ];
+  config = {
+    nixpkgs = {
+      system = "x86_64-linux";
+      config = {
+        allowUnfree = true;
+      };
+    };
+    boot = {
+      initrd = {
+        luks.devices = {
+          nvm0.device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb";
+          nvm1.device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a";
+        };
+        availableKernelModules = [ "drbg" "nvme" "fbcon" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+        kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ];
+      };
+      blacklistedKernelModules = [ "nouveau" ];
+      # Use the systemd-boot EFI boot loader.
+      loader = {
+        systemd-boot.enable = true;
+        efi.canTouchEfiVariables = true;
+        timeout = null;
+      };
+      plymouth.enable = true;
+      kernelPackages = pkgs.linuxPackages_latest;
+      kernelParams = [ "i915.fastboot=1" "intel_pstate=no_hwp" "acpi_backlight=vendor" "thinkpad-acpi.brightness_enable=1" "quiet" ];
+      tmpOnTmpfs = true;
+    };
+    networking = {
+      domain = "midgard.yggdrasil";
+      hosts = {
+        "127.0.0.1" = [ "sif.midgard.yggdrasil" "sif" ];
+        "::1" = [ "sif.midgard.yggdrasil" "sif" ];
+      };
+      firewall = {
+        enable = true;
+        allowedTCPPorts = [ 22 # ssh
+                            8000 # quickserve
+                          ];
+      };
+      networkmanager = {
+        enable = true;
+        dhcp = "internal";
+        dns = "dnsmasq";
+        extraConfig = ''
+          [connectivity]
+          uri=https://online.yggdrasil.li
+        '';
+      };
+      dhcpcd.enable = false;
+      interfaces.yggdrasil = {
+        virtual = true;
+        virtualType = config.services.tinc.networks.yggdrasil.interfaceType;
+        macAddress = "5c:93:21:c3:61:39";
+      };
+    };
+    environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = {
+      text = ''
+        server=/sif.libvirt/192.168.122.1
+      '';
+    };
+    powerManagement.enable = true;
+    environment.systemPackages = with pkgs; [
+      nvtop brightnessctl
+    ];
+    services = {
+      tinc.yggdrasil.enable = true;
+      uucp = {
+        enable = true;
+        nodeName = "sif";
+        remoteNodes = {
+          "ymir" = {
+            publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"];
+            hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"];
+          };
+        };
+        defaultCommands = lib.mkForce [];
+      };
+      avahi.enable = true;
+      fwupd.enable = true;
+      fprintd.enable = true;
+      blueman.enable = true;
+    
+      colord.enable = true;
+    
+      vnstat.enable = true;
+      logind = {
+        lidSwitch = "suspend";
+        lidSwitchDocked = "lock";
+        lidSwitchExternalPower = "lock";
+      };
+      atd = {
+        enable = true;
+        allowEveryone = true;
+      };
+      xserver = {
+        enable = true;
+        layout = "us";
+        xkbVariant = "dvp";
+        xkbOptions = "compose:caps";
+        displayManager.lightdm = {
+          enable = true;
+          greeters.gtk = {
+            clock-format = "%H:%M %a %b %_d";
+            indicators = ["~host" "~spacer" "~clock" "~session" "~power"];
+            theme = {
+              package = pkgs.equilux-theme;
+              name = "Equilux-compact";
+            };
+            iconTheme = {
+              package = pkgs.paper-icon-theme;
+              name = "Paper";
+            };
+            extraConfig = ''
+              background = #000000
+              user-background = false
+              active-monitor = #cursor
+              hide-user-image = true
+              [monitor: DP-2]
+                laptop = true
+            '';
+          };
+        };
+        displayManager.setupCommands = ''
+          ${pkgs.xorg.xinput}/bin/xinput disable 'SynPS/2 Synaptics TouchPad'
+        '';
+        desktopManager.xterm.enable = true;
+        windowManager.twm.enable = true;
+        displayManager.defaultSession = "xterm+twm";
+        wacom.enable = true;
+        libinput.enable = true;
+        dpi = 282;
+        videoDrivers = [ "nvidia" ];
+        screenSection = ''
+          Option "metamodes" "nvidia-auto-select +0+0 { ForceCompositionPipeline = On }"
+        '';
+        deviceSection = ''
+          Option "AccelMethod" "SNA"
+          Option "TearFree" "True"
+        '';
+        exportConfiguration = true;
+      };
+    };
+    users = {
+      users.gkleen.extraGroups = [ "media" ];
+    };
+    hardware = {
+      pulseaudio = {
+        enable = true;
+        package = with pkgs; pulseaudioFull;
+        support32Bit = true;
+      };
+      bluetooth = {
+        enable = true;   
+        config = {
+          General = {
+            Enable = "Source,Sink,Media,Socket";
+          };
+        };
+      };
+      trackpoint = {
+        enable = true;
+        emulateWheel = true;
+        sensitivity = 255;
+        speed = 255;
+      };
+      nvidia = {
+        modesetting.enable = true;
+        prime = {
+          nvidiaBusId = "PCI:1:0:0";
+          intelBusId = "PCI:0:2:0";
+          sync.enable = true;
+        };
+      };
+      opengl = {
+        enable = true;
+        driSupport32Bit = true;
+        setLdLibraryPath = true;
+      };
+      firmware = [ pkgs.firmwareLinuxNonfree ];
+    };
+    sound.enable = true;
+    nix = {
+      autoOptimiseStore = true;
+      daemonNiceLevel = 10;
+      daemonIONiceLevel = 3;
+    };
+    environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;
+    systemd.services."ac-plugged" = {
+      description = "Inhibit handling of lid-switch and sleep";
+      path = with pkgs; [ systemd coreutils ];
+      script = ''
+        exec systemd-inhibit --what=handle-lid-switch --why="AC is connected" --mode=block sleep infinity
+      '';
+      serviceConfig = {
+        Type = "simple";
+      };
+    };
+    services.udev.extraRules = with pkgs; ''
+      SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service"
+      SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service"
+    '';
+    services.btrfs.autoScrub = {
+      enable = true;
+      fileSystems = [ "/" "/home" ];
+      interval = "weekly";
+    };
+    systemd.services."nix-daemon".serviceConfig = {
+      MemoryAccounting = true;
+      MemoryHigh = "50%";
+      MemoryMax = "75%";
+    };
+    services.journald.extraConfig = ''
+      SystemMaxUse=100M
+    '';
+    services.dbus.packages = with pkgs;
+      [ dbus gnome3.dconf
+      ];
+    programs = {
+      light.enable = true;
+      wireshark.enable = true;
+    };
+    virtualisation.libvirtd = {
+      enable = true;
+    };
+    zramSwap.enable = true;
+    system.stateVersion = "20.03";
+  };
+}
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-01-02 20:53:17 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-01-03 16:21:34 +0100
commit	f6e600c20d6a97ebeda23fa2bb5621646222b2b0 (patch)
tree	5551a23218db79e3edbf41557b474121f0745821 /hosts/sif/default.nix
parent	f4fa33d0d258c4f66f804ed3fc3be590d8039e6e (diff)
download	nixos-f6e600c20d6a97ebeda23fa2bb5621646222b2b0.tar nixos-f6e600c20d6a97ebeda23fa2bb5621646222b2b0.tar.gz nixos-f6e600c20d6a97ebeda23fa2bb5621646222b2b0.tar.bz2 nixos-f6e600c20d6a97ebeda23fa2bb5621646222b2b0.tar.xz nixos-f6e600c20d6a97ebeda23fa2bb5621646222b2b0.zip

diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix new file mode 100644 index 00000000..4e9826bd --- /dev/null +++ b/hosts/sif/default.nix
@@ -0,0 +1,295 @@
	1	{ flake, pkgs, customUtils, lib, config, ... }:
	2	{
	3	imports = with flake.nixosModules.systemProfiles; [
	4	./hw.nix
	5	./mail
	6	initrd-all-crypto-modules default-locale openssh
	7	];
	8
	9	config = {
	10	nixpkgs = {
	11	system = "x86_64-linux";
	12	config = {
	13	allowUnfree = true;
	14	};
	15	};
	16
	17	boot = {
	18	initrd = {
	19	luks.devices = {
	20	nvm0.device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb";
	21	nvm1.device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a";
	22	};
	23	availableKernelModules = [ "drbg" "nvme" "fbcon" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
	24	kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ];
	25	};
	26
	27	blacklistedKernelModules = [ "nouveau" ];
	28
	29	# Use the systemd-boot EFI boot loader.
	30	loader = {
	31	systemd-boot.enable = true;
	32	efi.canTouchEfiVariables = true;
	33	timeout = null;
	34	};
	35
	36	plymouth.enable = true;
	37
	38	kernelPackages = pkgs.linuxPackages_latest;
	39	kernelParams = [ "i915.fastboot=1" "intel_pstate=no_hwp" "acpi_backlight=vendor" "thinkpad-acpi.brightness_enable=1" "quiet" ];
	40
	41	tmpOnTmpfs = true;
	42	};
	43
	44	networking = {
	45	domain = "midgard.yggdrasil";
	46	hosts = {
	47	"127.0.0.1" = [ "sif.midgard.yggdrasil" "sif" ];
	48	"::1" = [ "sif.midgard.yggdrasil" "sif" ];
	49	};
	50
	51	firewall = {
	52	enable = true;
	53	allowedTCPPorts = [ 22 # ssh
	54	8000 # quickserve
	55	];
	56	};
	57
	58	networkmanager = {
	59	enable = true;
	60	dhcp = "internal";
	61	dns = "dnsmasq";
	62	extraConfig = ''
	63	[connectivity]
	64	uri=https://online.yggdrasil.li
	65	'';
	66	};
	67
	68	dhcpcd.enable = false;
	69
	70	interfaces.yggdrasil = {
	71	virtual = true;
	72	virtualType = config.services.tinc.networks.yggdrasil.interfaceType;
	73	macAddress = "5c:93:21:c3:61:39";
	74	};
	75	};
	76
	77	environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = {
	78	text = ''
	79	server=/sif.libvirt/192.168.122.1
	80	'';
	81	};
	82
	83	powerManagement.enable = true;
	84
	85	environment.systemPackages = with pkgs; [
	86	nvtop brightnessctl
	87	];
	88
	89	services = {
	90	tinc.yggdrasil.enable = true;
	91
	92	uucp = {
	93	enable = true;
	94	nodeName = "sif";
	95	remoteNodes = {
	96	"ymir" = {
	97	publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"];
	98	hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"];
	99	};
	100	};
	101
	102	defaultCommands = lib.mkForce [];
	103	};
	104
	105	avahi.enable = true;
	106
	107	fwupd.enable = true;
	108
	109	fprintd.enable = true;
	110
	111	blueman.enable = true;
	112
	113	colord.enable = true;
	114
	115	vnstat.enable = true;
	116
	117	logind = {
	118	lidSwitch = "suspend";
	119	lidSwitchDocked = "lock";
	120	lidSwitchExternalPower = "lock";
	121	};
	122
	123	atd = {
	124	enable = true;
	125	allowEveryone = true;
	126	};
	127
	128	xserver = {
	129	enable = true;
	130
	131	layout = "us";
	132	xkbVariant = "dvp";
	133	xkbOptions = "compose:caps";
	134
	135	displayManager.lightdm = {
	136	enable = true;
	137	greeters.gtk = {
	138	clock-format = "%H:%M %a %b %_d";
	139	indicators = ["~host" "~spacer" "~clock" "~session" "~power"];
	140	theme = {
	141	package = pkgs.equilux-theme;
	142	name = "Equilux-compact";
	143	};
	144	iconTheme = {
	145	package = pkgs.paper-icon-theme;
	146	name = "Paper";
	147	};
	148	extraConfig = ''
	149	background = #000000
	150	user-background = false
	151	active-monitor = #cursor
	152	hide-user-image = true
	153
	154	[monitor: DP-2]
	155	laptop = true
	156	'';
	157	};
	158	};
	159
	160	displayManager.setupCommands = ''
	161	${pkgs.xorg.xinput}/bin/xinput disable 'SynPS/2 Synaptics TouchPad'
	162	'';
	163
	164	desktopManager.xterm.enable = true;
	165	windowManager.twm.enable = true;
	166	displayManager.defaultSession = "xterm+twm";
	167
	168	wacom.enable = true;
	169	libinput.enable = true;
	170
	171	dpi = 282;
	172
	173	videoDrivers = [ "nvidia" ];
	174
	175	screenSection = ''
	176	Option "metamodes" "nvidia-auto-select +0+0 { ForceCompositionPipeline = On }"
	177	'';
	178
	179	deviceSection = ''
	180	Option "AccelMethod" "SNA"
	181	Option "TearFree" "True"
	182	'';
	183
	184	exportConfiguration = true;
	185	};
	186	};
	187
	188	users = {
	189	users.gkleen.extraGroups = [ "media" ];
	190	};
	191
	192	hardware = {
	193	pulseaudio = {
	194	enable = true;
	195	package = with pkgs; pulseaudioFull;
	196	support32Bit = true;
	197	};
	198
	199	bluetooth = {
	200	enable = true;
	201	config = {
	202	General = {
	203	Enable = "Source,Sink,Media,Socket";
	204	};
	205	};
	206	};
	207
	208	trackpoint = {
	209	enable = true;
	210	emulateWheel = true;
	211	sensitivity = 255;
	212	speed = 255;
	213	};
	214
	215	nvidia = {
	216	modesetting.enable = true;
	217	prime = {
	218	nvidiaBusId = "PCI:1:0:0";
	219	intelBusId = "PCI:0:2:0";
	220	sync.enable = true;
	221	};
	222	};
	223
	224	opengl = {
	225	enable = true;
	226	driSupport32Bit = true;
	227	setLdLibraryPath = true;
	228	};
	229
	230	firmware = [ pkgs.firmwareLinuxNonfree ];
	231	};
	232
	233	sound.enable = true;
	234
	235	nix = {
	236	autoOptimiseStore = true;
	237	daemonNiceLevel = 10;
	238	daemonIONiceLevel = 3;
	239	};
	240
	241	environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;
	242
	243	systemd.services."ac-plugged" = {
	244	description = "Inhibit handling of lid-switch and sleep";
	245
	246	path = with pkgs; [ systemd coreutils ];
	247
	248	script = ''
	249	exec systemd-inhibit --what=handle-lid-switch --why="AC is connected" --mode=block sleep infinity
	250	'';
	251
	252	serviceConfig = {
	253	Type = "simple";
	254	};
	255	};
	256
	257	services.udev.extraRules = with pkgs; ''
	258	SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service"
	259	SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service"
	260	'';
	261
	262	services.btrfs.autoScrub = {
	263	enable = true;
	264	fileSystems = [ "/" "/home" ];
	265	interval = "weekly";
	266	};
	267
	268	systemd.services."nix-daemon".serviceConfig = {
	269	MemoryAccounting = true;
	270	MemoryHigh = "50%";
	271	MemoryMax = "75%";
	272	};
	273
	274	services.journald.extraConfig = ''
	275	SystemMaxUse=100M
	276	'';
	277
	278	services.dbus.packages = with pkgs;
	279	[ dbus gnome3.dconf
	280	];
	281
	282	programs = {
	283	light.enable = true;
	284	wireshark.enable = true;
	285	};
	286
	287	virtualisation.libvirtd = {
	288	enable = true;
	289	};
	290
	291	zramSwap.enable = true;
	292
	293	system.stateVersion = "20.03";
	294	};
	295	}