1 files changed, 330 insertions, 0 deletions
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
new file mode 100644
index 00000000..daa37ad9
--- /dev/null
+++ b/hosts/sif/default.nix
@@ -0,0 +1,330 @@
+{ flake, pkgs, customUtils, lib, config, path, ... }:
+{
+  imports = with flake.nixosModules.systemProfiles; [
+    ./hw.nix
+    ./mail
+    initrd-all-crypto-modules default-locale openssh
+  ];
+  config = {
+    nixpkgs = {
+      system = "x86_64-linux";
+      config = {
+        allowUnfree = true;
+      };
+    };
+    boot = {
+      initrd = {
+        luks.devices = {
+          nvm0.device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb";
+          nvm1.device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a";
+        };
+        availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+        kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ];
+      };
+      blacklistedKernelModules = [ "nouveau" ];
+      # Use the systemd-boot EFI boot loader.
+      loader = {
+        systemd-boot.enable = true;
+        efi.canTouchEfiVariables = true;
+        timeout = null;
+      };
+      plymouth.enable = true;
+      kernelPackages = pkgs.linuxPackages_latest;
+      kernelParams = [ "i915.fastboot=1" "intel_pstate=no_hwp" "acpi_backlight=vendor" "thinkpad-acpi.brightness_enable=1" "quiet" ];
+      extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
+      kernelModules = ["v4l2loopback"];
+      tmpOnTmpfs = true;
+    };
+    networking = {
+      domain = "midgard.yggdrasil";
+      hosts = {
+        "127.0.0.1" = [ "sif.midgard.yggdrasil" "sif" ];
+        "::1" = [ "sif.midgard.yggdrasil" "sif" ];
+      };
+      firewall = {
+        enable = true;
+        allowedTCPPorts = [ 22 # ssh
+                            8000 # quickserve
+                          ];
+        allowedUDPPorts = [ 8554 # gopro webcam
+                          ];
+      };
+      networkmanager = {
+        enable = true;
+        dhcp = "internal";
+        dns = "dnsmasq";
+        extraConfig = ''
+          [connectivity]
+          uri=https://online.yggdrasil.li
+        '';
+      };
+      dhcpcd.enable = false;
+      interfaces.yggdrasil = {
+        virtual = true;
+        virtualType = config.services.tinc.networks.yggdrasil.interfaceType;
+        macAddress = "5c:93:21:c3:61:39";
+      };
+    };
+    environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = {
+      text = ''
+        server=/sif.libvirt/192.168.122.1
+      '';
+    };
+    powerManagement = {
+      enable = true;
+      cpuFreqGovernor = "schedutil";
+    };
+    environment.systemPackages = with pkgs; [
+      nvtop brightnessctl config.boot.kernelPackages.v4l2loopback s-tui
+    ];
+    services = {
+      tinc.yggdrasil.enable = true;
+      uucp = {
+        enable = true;
+        nodeName = "sif";
+        remoteNodes = {
+          "ymir" = {
+            publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"];
+            hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"];
+          };
+        };
+        defaultCommands = lib.mkForce [];
+      };
+      avahi.enable = true;
+      fwupd.enable = true;
+      fprintd.enable = true;
+      blueman.enable = true;
+    
+      colord.enable = true;
+    
+      vnstat.enable = true;
+      logind = {
+        lidSwitch = "suspend";
+        lidSwitchDocked = "lock";
+        lidSwitchExternalPower = "lock";
+      };
+      atd = {
+        enable = true;
+        allowEveryone = true;
+      };
+      xserver = {
+        enable = true;
+        layout = "us";
+        xkbVariant = "dvp";
+        xkbOptions = "compose:caps";
+        displayManager.lightdm = {
+          enable = true;
+          greeters.gtk = {
+            clock-format = "%H:%M %a %b %_d";
+            indicators = ["~host" "~spacer" "~clock" "~session" "~power"];
+            theme = {
+              package = pkgs.equilux-theme;
+              name = "Equilux-compact";
+            };
+            iconTheme = {
+              package = pkgs.paper-icon-theme;
+              name = "Paper";
+            };
+            extraConfig = ''
+              background = #000000
+              user-background = false
+              active-monitor = #cursor
+              hide-user-image = true
+              [monitor: DP-2]
+                laptop = true
+            '';
+          };
+        };
+        displayManager.setupCommands = ''
+          ${pkgs.xorg.xinput}/bin/xinput disable 'SynPS/2 Synaptics TouchPad'
+        '';
+        desktopManager.xterm.enable = true;
+        windowManager.twm.enable = true;
+        displayManager.defaultSession = "xterm+twm";
+        wacom.enable = true;
+        libinput.enable = true;
+        dpi = 282;
+        videoDrivers = [ "nvidia" ];
+        screenSection = ''
+          Option "metamodes" "nvidia-auto-select +0+0 { ForceCompositionPipeline = On }"
+        '';
+        deviceSection = ''
+          Option "AccelMethod" "SNA"
+          Option "TearFree" "True"
+        '';
+        exportConfiguration = true;
+      };
+    };
+    users = {
+      users.gkleen.extraGroups = [ "media" ];
+      groups.media = {};
+    };
+    hardware = {
+      pulseaudio = {
+        enable = true;
+        package = with pkgs; pulseaudioFull;
+        support32Bit = true;
+      };
+      bluetooth = {
+        enable = true;   
+        settings = {
+          General = {
+            Enable = "Source,Sink,Media,Socket";
+          };
+        };
+      };
+      trackpoint = {
+        enable = true;
+        emulateWheel = true;
+        sensitivity = 255;
+        speed = 255;
+      };
+      nvidia = {
+        modesetting.enable = true;
+        prime = {
+          nvidiaBusId = "PCI:1:0:0";
+          intelBusId = "PCI:0:2:0";
+          sync.enable = true;
+        };
+      };
+      opengl = {
+        enable = true;
+        driSupport32Bit = true;
+        setLdLibraryPath = true;
+      };
+      firmware = [ pkgs.firmwareLinuxNonfree ];
+    };
+    sound.enable = true;
+    nix = {
+      autoOptimiseStore = true;
+      daemonNiceLevel = 10;
+      daemonIONiceLevel = 3;
+    };
+    environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;
+    systemd.services."ac-plugged" = {
+      description = "Inhibit handling of lid-switch and sleep";
+      path = with pkgs; [ systemd coreutils ];
+      script = ''
+        exec systemd-inhibit --what=handle-lid-switch --why="AC is connected" --mode=block sleep infinity
+      '';
+      serviceConfig = {
+        Type = "simple";
+      };
+    };
+    services.udev.extraRules = with pkgs; ''
+      SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service"
+      SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service"
+    '';
+    services.borgbackup = {
+      snapshots = "btrfs";
+      prefix = "yggdrasil.midgard.sif.";
+      targets = {
+        "munin" = {
+          repo = "borg.munin:borg";
+          paths = [ "/home/gkleen" ];
+          prune = {
+            "home" =
+              [ "--keep-within" "24H"
+                "--keep-daily" "31"
+                "--keep-monthly" "12"
+                "--keep-yearly" "-1"
+              ];
+          };
+          keyFile = "/run/secrets/borg-repokey--borg_munin__borg";
+        };
+      };
+    };
+    sops.secrets.borg-repokey--borg_munin__borg = {
+      sopsFile = /. + path + "/modules/borgbackup/repokeys/borg_munin__borg.yaml";
+      key = "key";
+    };
+    services.btrfs.autoScrub = {
+      enable = true;
+      fileSystems = [ "/" "/home" ];
+      interval = "weekly";
+    };
+    systemd.services."nix-daemon".serviceConfig = {
+      MemoryAccounting = true;
+      MemoryHigh = "50%";
+      MemoryMax = "75%";
+    };
+    services.journald.extraConfig = ''
+      SystemMaxUse=100M
+    '';
+    services.dbus.packages = with pkgs;
+      [ dbus gnome3.dconf
+      ];
+    programs = {
+      light.enable = true;
+      wireshark.enable = true;
+    };
+    virtualisation.libvirtd = {
+      enable = true;
+    };
+    zramSwap.enable = true;
+    services.pcscd.enable = true;
+    system.stateVersion = "20.03";
+  };
+}

diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix new file mode 100644 index 00000000..daa37ad9 --- /dev/null +++ b/hosts/sif/default.nix
@@ -0,0 +1,330 @@
	1	{ flake, pkgs, customUtils, lib, config, path, ... }:
	2	{
	3	imports = with flake.nixosModules.systemProfiles; [
	4	./hw.nix
	5	./mail
	6	initrd-all-crypto-modules default-locale openssh
	7	];
	8
	9	config = {
	10	nixpkgs = {
	11	system = "x86_64-linux";
	12	config = {
	13	allowUnfree = true;
	14	};
	15	};
	16
	17	boot = {
	18	initrd = {
	19	luks.devices = {
	20	nvm0.device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb";
	21	nvm1.device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a";
	22	};
	23	availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
	24	kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ];
	25	};
	26
	27	blacklistedKernelModules = [ "nouveau" ];
	28
	29	# Use the systemd-boot EFI boot loader.
	30	loader = {
	31	systemd-boot.enable = true;
	32	efi.canTouchEfiVariables = true;
	33	timeout = null;
	34	};
	35
	36	plymouth.enable = true;
	37
	38	kernelPackages = pkgs.linuxPackages_latest;
	39	kernelParams = [ "i915.fastboot=1" "intel_pstate=no_hwp" "acpi_backlight=vendor" "thinkpad-acpi.brightness_enable=1" "quiet" ];
	40	extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
	41	kernelModules = ["v4l2loopback"];
	42
	43	tmpOnTmpfs = true;
	44	};
	45
	46	networking = {
	47	domain = "midgard.yggdrasil";
	48	hosts = {
	49	"127.0.0.1" = [ "sif.midgard.yggdrasil" "sif" ];
	50	"::1" = [ "sif.midgard.yggdrasil" "sif" ];
	51	};
	52
	53	firewall = {
	54	enable = true;
	55	allowedTCPPorts = [ 22 # ssh
	56	8000 # quickserve
	57	];
	58	allowedUDPPorts = [ 8554 # gopro webcam
	59	];
	60	};
	61
	62	networkmanager = {
	63	enable = true;
	64	dhcp = "internal";
	65	dns = "dnsmasq";
	66	extraConfig = ''
	67	[connectivity]
	68	uri=https://online.yggdrasil.li
	69	'';
	70	};
	71
	72	dhcpcd.enable = false;
	73
	74	interfaces.yggdrasil = {
	75	virtual = true;
	76	virtualType = config.services.tinc.networks.yggdrasil.interfaceType;
	77	macAddress = "5c:93:21:c3:61:39";
	78	};
	79	};
	80
	81	environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = {
	82	text = ''
	83	server=/sif.libvirt/192.168.122.1
	84	'';
	85	};
	86
	87	powerManagement = {
	88	enable = true;
	89
	90	cpuFreqGovernor = "schedutil";
	91	};
	92
	93	environment.systemPackages = with pkgs; [
	94	nvtop brightnessctl config.boot.kernelPackages.v4l2loopback s-tui
	95	];
	96
	97	services = {
	98	tinc.yggdrasil.enable = true;
	99
	100	uucp = {
	101	enable = true;
	102	nodeName = "sif";
	103	remoteNodes = {
	104	"ymir" = {
	105	publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"];
	106	hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"];
	107	};
	108	};
	109
	110	defaultCommands = lib.mkForce [];
	111	};
	112
	113	avahi.enable = true;
	114
	115	fwupd.enable = true;
	116
	117	fprintd.enable = true;
	118
	119	blueman.enable = true;
	120
	121	colord.enable = true;
	122
	123	vnstat.enable = true;
	124
	125	logind = {
	126	lidSwitch = "suspend";
	127	lidSwitchDocked = "lock";
	128	lidSwitchExternalPower = "lock";
	129	};
	130
	131	atd = {
	132	enable = true;
	133	allowEveryone = true;
	134	};
	135
	136	xserver = {
	137	enable = true;
	138
	139	layout = "us";
	140	xkbVariant = "dvp";
	141	xkbOptions = "compose:caps";
	142
	143	displayManager.lightdm = {
	144	enable = true;
	145	greeters.gtk = {
	146	clock-format = "%H:%M %a %b %_d";
	147	indicators = ["~host" "~spacer" "~clock" "~session" "~power"];
	148	theme = {
	149	package = pkgs.equilux-theme;
	150	name = "Equilux-compact";
	151	};
	152	iconTheme = {
	153	package = pkgs.paper-icon-theme;
	154	name = "Paper";
	155	};
	156	extraConfig = ''
	157	background = #000000
	158	user-background = false
	159	active-monitor = #cursor
	160	hide-user-image = true
	161
	162	[monitor: DP-2]
	163	laptop = true
	164	'';
	165	};
	166	};
	167
	168	displayManager.setupCommands = ''
	169	${pkgs.xorg.xinput}/bin/xinput disable 'SynPS/2 Synaptics TouchPad'
	170	'';
	171
	172	desktopManager.xterm.enable = true;
	173	windowManager.twm.enable = true;
	174	displayManager.defaultSession = "xterm+twm";
	175
	176	wacom.enable = true;
	177	libinput.enable = true;
	178
	179	dpi = 282;
	180
	181	videoDrivers = [ "nvidia" ];
	182
	183	screenSection = ''
	184	Option "metamodes" "nvidia-auto-select +0+0 { ForceCompositionPipeline = On }"
	185	'';
	186
	187	deviceSection = ''
	188	Option "AccelMethod" "SNA"
	189	Option "TearFree" "True"
	190	'';
	191
	192	exportConfiguration = true;
	193	};
	194	};
	195
	196	users = {
	197	users.gkleen.extraGroups = [ "media" ];
	198	groups.media = {};
	199	};
	200
	201	hardware = {
	202	pulseaudio = {
	203	enable = true;
	204	package = with pkgs; pulseaudioFull;
	205	support32Bit = true;
	206	};
	207
	208	bluetooth = {
	209	enable = true;
	210	settings = {
	211	General = {
	212	Enable = "Source,Sink,Media,Socket";
	213	};
	214	};
	215	};
	216
	217	trackpoint = {
	218	enable = true;
	219	emulateWheel = true;
	220	sensitivity = 255;
	221	speed = 255;
	222	};
	223
	224	nvidia = {
	225	modesetting.enable = true;
	226	prime = {
	227	nvidiaBusId = "PCI:1:0:0";
	228	intelBusId = "PCI:0:2:0";
	229	sync.enable = true;
	230	};
	231	};
	232
	233	opengl = {
	234	enable = true;
	235	driSupport32Bit = true;
	236	setLdLibraryPath = true;
	237	};
	238
	239	firmware = [ pkgs.firmwareLinuxNonfree ];
	240	};
	241
	242	sound.enable = true;
	243
	244	nix = {
	245	autoOptimiseStore = true;
	246	daemonNiceLevel = 10;
	247	daemonIONiceLevel = 3;
	248	};
	249
	250	environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;
	251
	252	systemd.services."ac-plugged" = {
	253	description = "Inhibit handling of lid-switch and sleep";
	254
	255	path = with pkgs; [ systemd coreutils ];
	256
	257	script = ''
	258	exec systemd-inhibit --what=handle-lid-switch --why="AC is connected" --mode=block sleep infinity
	259	'';
	260
	261	serviceConfig = {
	262	Type = "simple";
	263	};
	264	};
	265
	266	services.udev.extraRules = with pkgs; ''
	267	SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service"
	268	SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service"
	269	'';
	270
	271	services.borgbackup = {
	272	snapshots = "btrfs";
	273	prefix = "yggdrasil.midgard.sif.";
	274	targets = {
	275	"munin" = {
	276	repo = "borg.munin:borg";
	277	paths = [ "/home/gkleen" ];
	278	prune = {
	279	"home" =
	280	[ "--keep-within" "24H"
	281	"--keep-daily" "31"
	282	"--keep-monthly" "12"
	283	"--keep-yearly" "-1"
	284	];
	285	};
	286	keyFile = "/run/secrets/borg-repokey--borg_munin__borg";
	287	};
	288	};
	289	};
	290	sops.secrets.borg-repokey--borg_munin__borg = {
	291	sopsFile = /. + path + "/modules/borgbackup/repokeys/borg_munin__borg.yaml";
	292	key = "key";
	293	};
	294
	295	services.btrfs.autoScrub = {
	296	enable = true;
	297	fileSystems = [ "/" "/home" ];
	298	interval = "weekly";
	299	};
	300
	301	systemd.services."nix-daemon".serviceConfig = {
	302	MemoryAccounting = true;
	303	MemoryHigh = "50%";
	304	MemoryMax = "75%";
	305	};
	306
	307	services.journald.extraConfig = ''
	308	SystemMaxUse=100M
	309	'';
	310
	311	services.dbus.packages = with pkgs;
	312	[ dbus gnome3.dconf
	313	];
	314
	315	programs = {
	316	light.enable = true;
	317	wireshark.enable = true;
	318	};
	319
	320	virtualisation.libvirtd = {
	321	enable = true;
	322	};
	323
	324	zramSwap.enable = true;
	325
	326	services.pcscd.enable = true;
	327
	328	system.stateVersion = "20.03";
	329	};
	330	}