1 files changed, 52 insertions, 126 deletions
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index 7c8da63a..b0d2fd78 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -12,9 +12,8 @@ let
 in {
  imports = with flake.nixosModules.systemProfiles; [
    ./hw.nix
-    ./mail ./libvirt
+    ./email ./libvirt ./greetd
-    tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines
+    tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines niri-unstable networkmanager
-    networkmanager
    flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1
    flakeInputs.impermanence.nixosModules.impermanence
    flakeInputs.nixVirt.nixosModules.default
@@ -34,7 +33,6 @@ in {
    boot = {
      initrd = {
        systemd = {
-          enable = false;
          emergencyAccess = config.users.users.root.hashedPassword;
        };
        luks.devices = {
@@ -54,6 +52,7 @@ in {
        systemd-boot = {
          enable = true;
          configurationLimit = 15;
+          netbootxyz.enable = true;
        };
        efi.canTouchEfiVariables = true;
        timeout = null;
@@ -62,15 +61,20 @@ in {
      plymouth.enable = true;
      kernelPackages = pkgs.linuxPackages_latest;
-      extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
-      kernelModules = ["v4l2loopback"];
      kernelPatches = [
        { name = "edac-config";
          patch = null;
-          extraConfig = ''
+          extraStructuredConfig = with lib.kernel; {
-            EDAC y
+            EDAC = yes;
-            EDAC_IE31200 y
+            EDAC_IE31200 = yes;
-          '';
+          };
+        }
+        { name = "zswap-default";
+          patch = null;
+          extraStructuredConfig = with lib.kernel; {
+            ZSWAP_DEFAULT_ON = yes;
+            ZSWAP_SHRINKER_DEFAULT_ON = yes;
+          };
        }
      ];
@@ -94,6 +98,8 @@ in {
        server ptbtime2.ptb.de prefer iburst nts
        server ptbtime3.ptb.de prefer iburst nts
        server ptbtime4.ptb.de prefer iburst nts
+        pool ntppool1.time.nl prefer iburst nts
+        pool ntppool2.time.nl prefer iburst nts
        authselectmode require
        minsources 3
@@ -122,40 +128,16 @@ in {
        rulesetFile = ./ruleset.nft;
      };
-      # firewall = {
-      #   enable = true;
-      #   allowedTCPPorts = [ 22 # ssh
-      #                       8000 # quickserve
-      #                     ];
-      # };
-      # wlanInterfaces = {
-      #   wlan0 = {
-      #     device = "wlp82s0";
-      #   };
-      # };
-      # bonds = {
-      #   "lan" = {
-      #     interfaces = [ "wlan0" "enp0s31f6" "dock0" ];
-      #     driverOptions = {
-      #       miimon = "1000";
-      #       mode = "active-backup";
-      #       primary_reselect = "always";
-      #     };
-      #   };
-      # };
      useDHCP = false;
      useNetworkd = true;
-      # interfaces."tinc.yggdrasil" = {
-      #   virtual = true;
-      #   virtualType = config.services.tinc.networks.yggdrasil.interfaceType;
-      #   macAddress = "5c:93:21:c3:61:39";
-      # };
    };
+    environment.etc."NetworkManager/dnsmasq.d/dnssec.conf" = {
+      text = ''
+        conf-file=${pkgs.dnsmasq}/share/dnsmasq/trust-anchors.conf
+        dnssec
+      '';
+    };
    environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = {
      text = ''
        except-interface=virbr0
@@ -398,19 +380,6 @@ in {
    ];
    services = {
-      uucp = {
-        enable = true;
-        nodeName = "sif";
-        remoteNodes = {
-          "ymir" = {
-            publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"];
-            hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"];
-          };
-        };
-        defaultCommands = lib.mkForce [];
-      };
      avahi.enable = true;
      fwupd.enable = true;
@@ -429,8 +398,8 @@ in {
      logind = {
        lidSwitch = "suspend";
-        lidSwitchDocked = "lock";
+        lidSwitchDocked = "ignore";
-        lidSwitchExternalPower = "lock";
+        lidSwitchExternalPower = "ignore";
      };
      atd = {
@@ -439,7 +408,7 @@ in {
      };
      xserver = {
-        enable = true;
+        enable = false;
        xkb = {
          layout = "us";
@@ -465,47 +434,18 @@ in {
      };
      libinput.enable = true;
-      greetd = {
+      envfs.enable = false;
-        enable = true;
-      #   settings.default_session.command = let
-      #     cfg = config.programs.regreet;
-      #   in pkgs.writeShellScript "greeter" ''
-      #       modprobe -r nvidia_drm
-      #       exec ${pkgs.dbus}/bin/dbus-run-session ${lib.getExe pkgs.cage} ${lib.escapeShellArgs cfg.cageArgs} -- ${lib.getExe cfg.package}
+      displayManager.defaultSession = "Niri";
-      #     '';
-      };
    };
-    programs.regreet = {
-      enable = true;
-      theme = {
-        package = pkgs.equilux-theme;
-        name = "Equilux-compact";
-      };
-      iconTheme = {
-        package = pkgs.paper-icon-theme;
-        name = "Paper-Mono-Dark";
-      };
-      font = {
-        package = pkgs.fira;
-        name = "Fira Sans";
-        # size = 6;
-      };
-      cageArgs = [ "-s" "-m" "last" ];
-      settings = {
-        GTK.application_prefer_dark_theme = true;
-      };
-    };
-    programs.hyprland.enable = true;
    systemd.tmpfiles.settings = {
      "10-localtime"."/etc/localtime".L.argument = "/.bcachefs/etc/localtime";
-      "10-regreet"."/var/cache/regreet/cache.toml".C.argument = toString ((pkgs.formats.toml {}).generate "cache.toml" {
+      # "10-regreet"."/var/cache/regreet/cache.toml".C.argument = toString ((pkgs.formats.toml {}).generate "cache.toml" {
-        last_user = "gkleen";
+      #   last_user = "gkleen";
-        user_to_last_sess.gkleen = "Hyprland";
+      #   user_to_last_sess.gkleen = "Niri";
-      });
+      # });
    };
    users = {
@@ -614,15 +554,15 @@ in {
      };
      nvidia = {
-        open = true;
+        open = false;
        modesetting.enable = true;
        powerManagement.enable = true;
-        prime = {
+        # prime = {
-          nvidiaBusId = "PCI:1:0:0";
+        #   nvidiaBusId = "PCI:1:0:0";
-          intelBusId = "PCI:0:2:0";
+        #   intelBusId = "PCI:0:2:0";
-          reverseSync.enable = true;
+        #   reverseSync.enable = true;
-          offload.enableOffloadCmd = true;
+        #   offload.enableOffloadCmd = true;
-        };
+        # };
      };
      graphics = {
@@ -665,25 +605,6 @@ in {
    environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;
-    systemd.services."ac-plugged" = {
-      description = "Inhibit handling of lid-switch and sleep";
-      path = with pkgs; [ systemd coreutils ];
-      script = ''
-        exec systemd-inhibit --what=handle-lid-switch --why="AC is connected" --mode=block sleep infinity
-      '';
-      serviceConfig = {
-        Type = "simple";
-      };
-    };
-    services.udev.extraRules = with pkgs; lib.mkAfter ''
-      SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service"
-      SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service"
-    '';
    systemd.services."nix-daemon".serviceConfig = {
      MemoryAccounting = true;
      MemoryHigh = "50%";
@@ -696,6 +617,7 @@ in {
    services.dbus.packages = with pkgs;
      [ dbus dconf
+        xdg-desktop-portal-gtk
      ];
    services.udisks2.enable = true;
@@ -704,12 +626,8 @@ in {
      light.enable = true;
      wireshark.enable = true;
      dconf.enable = true;
-    };
+      niri.enable = true;
+      fuse.userAllowOther = true;
-    zramSwap = {
-      enable = true;
-      algorithm = "zstd";
-      writebackDevice = "/dev/disk/by-label/swap";
    };
    services.pcscd.enable = true;
@@ -729,6 +647,16 @@ in {
    environment.sessionVariables."GTK_USE_PORTAL" = "1";
    xdg.portal = {
      enable = true;
+      extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];
+      config.niri = {
+        default = ["gnome" "gtk"];
+        "org.freedesktop.impl.portal.FileChooser" = ["gtk"];
+        "org.freedesktop.impl.portal.OpenFile" = ["gtk"];
+        "org.freedesktop.impl.portal.Access" = ["gtk"];
+        "org.freedesktop.impl.portal.Notification" = ["gtk"];
+        "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
+        "org.freedesktop.impl.portal.Inhibit" = ["none"];
+      };
    };
    environment.persistence."/.bcachefs" = {
@@ -736,19 +664,17 @@ in {
      directories = [
        "/nix"
        "/root"
+        "/home"
        "/var/log"
        "/var/lib/sops-nix"
        "/var/lib/nixos"
        "/var/lib/systemd"
-        "/home"
        "/var/lib/chrony"
        "/var/lib/fprint"
        "/var/lib/bluetooth"
        "/var/lib/upower"
        "/var/lib/postfix"
        "/etc/NetworkManager/system-connections"
-        { directory = "/var/uucp"; user = "uucp"; group = "uucp"; mode = "0700"; }
-        { directory = "/var/spool/uucp"; user = "uucp"; group = "uucp"; mode = "0750"; }
      ];
      files = [
      ];

diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index 7c8da63a..b0d2fd78 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix
@@ -12,9 +12,8 @@ let
12	in {	12	in {
13	imports = with flake.nixosModules.systemProfiles; [	13	imports = with flake.nixosModules.systemProfiles; [
14	./hw.nix	14	./hw.nix
15	./mail ./libvirt	15	./email ./libvirt ./greetd
16	tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines	16	tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines niri-unstable networkmanager
17	networkmanager
18	flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1	17	flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1
19	flakeInputs.impermanence.nixosModules.impermanence	18	flakeInputs.impermanence.nixosModules.impermanence
20	flakeInputs.nixVirt.nixosModules.default	19	flakeInputs.nixVirt.nixosModules.default
@@ -34,7 +33,6 @@ in {
34	boot = {	33	boot = {
35	initrd = {	34	initrd = {
36	systemd = {	35	systemd = {
37	enable = false;
38	emergencyAccess = config.users.users.root.hashedPassword;	36	emergencyAccess = config.users.users.root.hashedPassword;
39	};	37	};
40	luks.devices = {	38	luks.devices = {
@@ -54,6 +52,7 @@ in {
54	systemd-boot = {	52	systemd-boot = {
55	enable = true;	53	enable = true;
56	configurationLimit = 15;	54	configurationLimit = 15;
		55	netbootxyz.enable = true;
57	};	56	};
58	efi.canTouchEfiVariables = true;	57	efi.canTouchEfiVariables = true;
59	timeout = null;	58	timeout = null;
@@ -62,15 +61,20 @@ in {
62	plymouth.enable = true;	61	plymouth.enable = true;
63		62
64	kernelPackages = pkgs.linuxPackages_latest;	63	kernelPackages = pkgs.linuxPackages_latest;
65	extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
66	kernelModules = ["v4l2loopback"];
67	kernelPatches = [	64	kernelPatches = [
68	{ name = "edac-config";	65	{ name = "edac-config";
69	patch = null;	66	patch = null;
70	extraConfig = ''	67	extraStructuredConfig = with lib.kernel; {
71	EDAC y	68	EDAC = yes;
72	EDAC_IE31200 y	69	EDAC_IE31200 = yes;
73	'';	70	};
		71	}
		72	{ name = "zswap-default";
		73	patch = null;
		74	extraStructuredConfig = with lib.kernel; {
		75	ZSWAP_DEFAULT_ON = yes;
		76	ZSWAP_SHRINKER_DEFAULT_ON = yes;
		77	};
74	}	78	}
75	];	79	];
76		80
@@ -94,6 +98,8 @@ in {
94	server ptbtime2.ptb.de prefer iburst nts	98	server ptbtime2.ptb.de prefer iburst nts
95	server ptbtime3.ptb.de prefer iburst nts	99	server ptbtime3.ptb.de prefer iburst nts
96	server ptbtime4.ptb.de prefer iburst nts	100	server ptbtime4.ptb.de prefer iburst nts
		101	pool ntppool1.time.nl prefer iburst nts
		102	pool ntppool2.time.nl prefer iburst nts
97		103
98	authselectmode require	104	authselectmode require
99	minsources 3	105	minsources 3
@@ -122,40 +128,16 @@ in {
122	rulesetFile = ./ruleset.nft;	128	rulesetFile = ./ruleset.nft;
123	};	129	};
124		130
125	# firewall = {
126	# enable = true;
127	# allowedTCPPorts = [ 22 # ssh
128	# 8000 # quickserve
129	# ];
130	# };
131
132	# wlanInterfaces = {
133	# wlan0 = {
134	# device = "wlp82s0";
135	# };
136	# };
137
138	# bonds = {
139	# "lan" = {
140	# interfaces = [ "wlan0" "enp0s31f6" "dock0" ];
141	# driverOptions = {
142	# miimon = "1000";
143	# mode = "active-backup";
144	# primary_reselect = "always";
145	# };
146	# };
147	# };
148
149	useDHCP = false;	131	useDHCP = false;
150	useNetworkd = true;	132	useNetworkd = true;
151
152	# interfaces."tinc.yggdrasil" = {
153	# virtual = true;
154	# virtualType = config.services.tinc.networks.yggdrasil.interfaceType;
155	# macAddress = "5c:93:21:c3:61:39";
156	# };
157	};	133	};
158		134
		135	environment.etc."NetworkManager/dnsmasq.d/dnssec.conf" = {
		136	text = ''
		137	conf-file=${pkgs.dnsmasq}/share/dnsmasq/trust-anchors.conf
		138	dnssec
		139	'';
		140	};
159	environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = {	141	environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = {
160	text = ''	142	text = ''
161	except-interface=virbr0	143	except-interface=virbr0
@@ -398,19 +380,6 @@ in {
398	];	380	];
399		381
400	services = {	382	services = {
401	uucp = {
402	enable = true;
403	nodeName = "sif";
404	remoteNodes = {
405	"ymir" = {
406	publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"];
407	hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"];
408	};
409	};
410
411	defaultCommands = lib.mkForce [];
412	};
413
414	avahi.enable = true;	383	avahi.enable = true;
415		384
416	fwupd.enable = true;	385	fwupd.enable = true;
@@ -429,8 +398,8 @@ in {
429		398
430	logind = {	399	logind = {
431	lidSwitch = "suspend";	400	lidSwitch = "suspend";
432	lidSwitchDocked = "lock";	401	lidSwitchDocked = "ignore";
433	lidSwitchExternalPower = "lock";	402	lidSwitchExternalPower = "ignore";
434	};	403	};
435		404
436	atd = {	405	atd = {
@@ -439,7 +408,7 @@ in {
439	};	408	};
440		409
441	xserver = {	410	xserver = {
442	enable = true;	411	enable = false;
443		412
444	xkb = {	413	xkb = {
445	layout = "us";	414	layout = "us";
@@ -465,47 +434,18 @@ in {
465	};	434	};
466	libinput.enable = true;	435	libinput.enable = true;
467		436
468	greetd = {	437	envfs.enable = false;
469	enable = true;
470	# settings.default_session.command = let
471	# cfg = config.programs.regreet;
472	# in pkgs.writeShellScript "greeter" ''
473	# modprobe -r nvidia_drm
474		438
475	# exec ${pkgs.dbus}/bin/dbus-run-session ${lib.getExe pkgs.cage} ${lib.escapeShellArgs cfg.cageArgs} -- ${lib.getExe cfg.package}	439	displayManager.defaultSession = "Niri";
476	# '';
477	};
478	};	440	};
479		441
480	programs.regreet = {
481	enable = true;
482	theme = {
483	package = pkgs.equilux-theme;
484	name = "Equilux-compact";
485	};
486	iconTheme = {
487	package = pkgs.paper-icon-theme;
488	name = "Paper-Mono-Dark";
489	};
490	font = {
491	package = pkgs.fira;
492	name = "Fira Sans";
493	# size = 6;
494	};
495	cageArgs = [ "-s" "-m" "last" ];
496	settings = {
497	GTK.application_prefer_dark_theme = true;
498	};
499	};
500	programs.hyprland.enable = true;
501
502	systemd.tmpfiles.settings = {	442	systemd.tmpfiles.settings = {
503	"10-localtime"."/etc/localtime".L.argument = "/.bcachefs/etc/localtime";	443	"10-localtime"."/etc/localtime".L.argument = "/.bcachefs/etc/localtime";
504		444
505	"10-regreet"."/var/cache/regreet/cache.toml".C.argument = toString ((pkgs.formats.toml {}).generate "cache.toml" {	445	# "10-regreet"."/var/cache/regreet/cache.toml".C.argument = toString ((pkgs.formats.toml {}).generate "cache.toml" {
506	last_user = "gkleen";	446	# last_user = "gkleen";
507	user_to_last_sess.gkleen = "Hyprland";	447	# user_to_last_sess.gkleen = "Niri";
508	});	448	# });
509	};	449	};
510		450
511	users = {	451	users = {
@@ -614,15 +554,15 @@ in {
614	};	554	};
615		555
616	nvidia = {	556	nvidia = {
617	open = true;	557	open = false;
618	modesetting.enable = true;	558	modesetting.enable = true;
619	powerManagement.enable = true;	559	powerManagement.enable = true;
620	prime = {	560	# prime = {
621	nvidiaBusId = "PCI:1:0:0";	561	# nvidiaBusId = "PCI:1:0:0";
622	intelBusId = "PCI:0:2:0";	562	# intelBusId = "PCI:0:2:0";
623	reverseSync.enable = true;	563	# reverseSync.enable = true;
624	offload.enableOffloadCmd = true;	564	# offload.enableOffloadCmd = true;
625	};	565	# };
626	};	566	};
627		567
628	graphics = {	568	graphics = {
@@ -665,25 +605,6 @@ in {
665		605
666	environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;	606	environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;
667		607
668	systemd.services."ac-plugged" = {
669	description = "Inhibit handling of lid-switch and sleep";
670
671	path = with pkgs; [ systemd coreutils ];
672
673	script = ''
674	exec systemd-inhibit --what=handle-lid-switch --why="AC is connected" --mode=block sleep infinity
675	'';
676
677	serviceConfig = {
678	Type = "simple";
679	};
680	};
681
682	services.udev.extraRules = with pkgs; lib.mkAfter ''
683	SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service"
684	SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service"
685	'';
686
687	systemd.services."nix-daemon".serviceConfig = {	608	systemd.services."nix-daemon".serviceConfig = {
688	MemoryAccounting = true;	609	MemoryAccounting = true;
689	MemoryHigh = "50%";	610	MemoryHigh = "50%";
@@ -696,6 +617,7 @@ in {
696		617
697	services.dbus.packages = with pkgs;	618	services.dbus.packages = with pkgs;
698	[ dbus dconf	619	[ dbus dconf
		620	xdg-desktop-portal-gtk
699	];	621	];
700		622
701	services.udisks2.enable = true;	623	services.udisks2.enable = true;
@@ -704,12 +626,8 @@ in {
704	light.enable = true;	626	light.enable = true;
705	wireshark.enable = true;	627	wireshark.enable = true;
706	dconf.enable = true;	628	dconf.enable = true;
707	};	629	niri.enable = true;
708		630	fuse.userAllowOther = true;
709	zramSwap = {
710	enable = true;
711	algorithm = "zstd";
712	writebackDevice = "/dev/disk/by-label/swap";
713	};	631	};
714		632
715	services.pcscd.enable = true;	633	services.pcscd.enable = true;
@@ -729,6 +647,16 @@ in {
729	environment.sessionVariables."GTK_USE_PORTAL" = "1";	647	environment.sessionVariables."GTK_USE_PORTAL" = "1";
730	xdg.portal = {	648	xdg.portal = {
731	enable = true;	649	enable = true;
		650	extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];
		651	config.niri = {
		652	default = ["gnome" "gtk"];
		653	"org.freedesktop.impl.portal.FileChooser" = ["gtk"];
		654	"org.freedesktop.impl.portal.OpenFile" = ["gtk"];
		655	"org.freedesktop.impl.portal.Access" = ["gtk"];
		656	"org.freedesktop.impl.portal.Notification" = ["gtk"];
		657	"org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
		658	"org.freedesktop.impl.portal.Inhibit" = ["none"];
		659	};
732	};	660	};
733		661
734	environment.persistence."/.bcachefs" = {	662	environment.persistence."/.bcachefs" = {
@@ -736,19 +664,17 @@ in {
736	directories = [	664	directories = [
737	"/nix"	665	"/nix"
738	"/root"	666	"/root"
		667	"/home"
739	"/var/log"	668	"/var/log"
740	"/var/lib/sops-nix"	669	"/var/lib/sops-nix"
741	"/var/lib/nixos"	670	"/var/lib/nixos"
742	"/var/lib/systemd"	671	"/var/lib/systemd"
743	"/home"
744	"/var/lib/chrony"	672	"/var/lib/chrony"
745	"/var/lib/fprint"	673	"/var/lib/fprint"
746	"/var/lib/bluetooth"	674	"/var/lib/bluetooth"
747	"/var/lib/upower"	675	"/var/lib/upower"
748	"/var/lib/postfix"	676	"/var/lib/postfix"
749	"/etc/NetworkManager/system-connections"	677	"/etc/NetworkManager/system-connections"
750	{ directory = "/var/uucp"; user = "uucp"; group = "uucp"; mode = "0700"; }
751	{ directory = "/var/spool/uucp"; user = "uucp"; group = "uucp"; mode = "0750"; }
752	];	678	];
753	files = [	679	files = [
754	];	680	];