summaryrefslogtreecommitdiff
path: root/hosts/sif/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/sif/default.nix')
-rw-r--r--hosts/sif/default.nix84
1 files changed, 12 insertions, 72 deletions
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index 0897e1d8..b0d2fd78 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -12,7 +12,7 @@ let
12in { 12in {
13 imports = with flake.nixosModules.systemProfiles; [ 13 imports = with flake.nixosModules.systemProfiles; [
14 ./hw.nix 14 ./hw.nix
15 ./mail ./libvirt ./greetd 15 ./email ./libvirt ./greetd
16 tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines niri-unstable networkmanager 16 tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines niri-unstable networkmanager
17 flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1 17 flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1
18 flakeInputs.impermanence.nixosModules.impermanence 18 flakeInputs.impermanence.nixosModules.impermanence
@@ -98,6 +98,8 @@ in {
98 server ptbtime2.ptb.de prefer iburst nts 98 server ptbtime2.ptb.de prefer iburst nts
99 server ptbtime3.ptb.de prefer iburst nts 99 server ptbtime3.ptb.de prefer iburst nts
100 server ptbtime4.ptb.de prefer iburst nts 100 server ptbtime4.ptb.de prefer iburst nts
101 pool ntppool1.time.nl prefer iburst nts
102 pool ntppool2.time.nl prefer iburst nts
101 103
102 authselectmode require 104 authselectmode require
103 minsources 3 105 minsources 3
@@ -126,40 +128,16 @@ in {
126 rulesetFile = ./ruleset.nft; 128 rulesetFile = ./ruleset.nft;
127 }; 129 };
128 130
129 # firewall = {
130 # enable = true;
131 # allowedTCPPorts = [ 22 # ssh
132 # 8000 # quickserve
133 # ];
134 # };
135
136 # wlanInterfaces = {
137 # wlan0 = {
138 # device = "wlp82s0";
139 # };
140 # };
141
142 # bonds = {
143 # "lan" = {
144 # interfaces = [ "wlan0" "enp0s31f6" "dock0" ];
145 # driverOptions = {
146 # miimon = "1000";
147 # mode = "active-backup";
148 # primary_reselect = "always";
149 # };
150 # };
151 # };
152
153 useDHCP = false; 131 useDHCP = false;
154 useNetworkd = true; 132 useNetworkd = true;
155
156 # interfaces."tinc.yggdrasil" = {
157 # virtual = true;
158 # virtualType = config.services.tinc.networks.yggdrasil.interfaceType;
159 # macAddress = "5c:93:21:c3:61:39";
160 # };
161 }; 133 };
162 134
135 environment.etc."NetworkManager/dnsmasq.d/dnssec.conf" = {
136 text = ''
137 conf-file=${pkgs.dnsmasq}/share/dnsmasq/trust-anchors.conf
138 dnssec
139 '';
140 };
163 environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = { 141 environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = {
164 text = '' 142 text = ''
165 except-interface=virbr0 143 except-interface=virbr0
@@ -402,19 +380,6 @@ in {
402 ]; 380 ];
403 381
404 services = { 382 services = {
405 uucp = {
406 enable = true;
407 nodeName = "sif";
408 remoteNodes = {
409 "ymir" = {
410 publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"];
411 hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"];
412 };
413 };
414
415 defaultCommands = lib.mkForce [];
416 };
417
418 avahi.enable = true; 383 avahi.enable = true;
419 384
420 fwupd.enable = true; 385 fwupd.enable = true;
@@ -433,8 +398,8 @@ in {
433 398
434 logind = { 399 logind = {
435 lidSwitch = "suspend"; 400 lidSwitch = "suspend";
436 lidSwitchDocked = "lock"; 401 lidSwitchDocked = "ignore";
437 lidSwitchExternalPower = "lock"; 402 lidSwitchExternalPower = "ignore";
438 }; 403 };
439 404
440 atd = { 405 atd = {
@@ -640,25 +605,6 @@ in {
640 605
641 environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf; 606 environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;
642 607
643 systemd.services."ac-plugged" = {
644 description = "Inhibit handling of lid-switch and sleep";
645
646 path = with pkgs; [ systemd coreutils ];
647
648 script = ''
649 exec systemd-inhibit --what=handle-lid-switch --why="AC is connected" --mode=block sleep infinity
650 '';
651
652 serviceConfig = {
653 Type = "simple";
654 };
655 };
656
657 services.udev.extraRules = with pkgs; lib.mkAfter ''
658 SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service"
659 SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service"
660 '';
661
662 systemd.services."nix-daemon".serviceConfig = { 608 systemd.services."nix-daemon".serviceConfig = {
663 MemoryAccounting = true; 609 MemoryAccounting = true;
664 MemoryHigh = "50%"; 610 MemoryHigh = "50%";
@@ -718,7 +664,7 @@ in {
718 directories = [ 664 directories = [
719 "/nix" 665 "/nix"
720 "/root" 666 "/root"
721 "/home" 667 "/home"
722 "/var/log" 668 "/var/log"
723 "/var/lib/sops-nix" 669 "/var/lib/sops-nix"
724 "/var/lib/nixos" 670 "/var/lib/nixos"
@@ -729,8 +675,6 @@ in {
729 "/var/lib/upower" 675 "/var/lib/upower"
730 "/var/lib/postfix" 676 "/var/lib/postfix"
731 "/etc/NetworkManager/system-connections" 677 "/etc/NetworkManager/system-connections"
732 { directory = "/var/uucp"; user = "uucp"; group = "uucp"; mode = "0700"; }
733 { directory = "/var/spool/uucp"; user = "uucp"; group = "uucp"; mode = "0750"; }
734 ]; 678 ];
735 files = [ 679 files = [
736 ]; 680 ];
@@ -751,10 +695,6 @@ in {
751 695
752 home-manager.sharedModules = [ flakeInputs.nixVirt.homeModules.default ]; 696 home-manager.sharedModules = [ flakeInputs.nixVirt.homeModules.default ];
753 697
754 environment.pathsToLink = [
755 "share/zsh"
756 ];
757
758 system.stateVersion = "24.11"; 698 system.stateVersion = "24.11";
759 }; 699 };
760} 700}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-16 23:52:17 +0000