1 files changed, 355 insertions, 0 deletions
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
new file mode 100644
index 00000000..c0b7f50c
--- /dev/null
+++ b/hosts/sif/default.nix
@@ -0,0 +1,355 @@
+{ flake, pkgs, customUtils, lib, config, path, ... }:
+{
+  imports = with flake.nixosModules.systemProfiles; [
+    ./hw.nix
+    ./mail
+    initrd-all-crypto-modules default-locale openssh
+  ];
+  config = {
+    nixpkgs = {
+      system = "x86_64-linux";
+      config = {
+        allowUnfree = true;
+      };
+    };
+    boot = {
+      initrd = {
+        luks.devices = {
+          nvm0.device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb";
+          nvm1.device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a";
+        };
+        availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+        kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ];
+      };
+      blacklistedKernelModules = [ "nouveau" ];
+      # Use the systemd-boot EFI boot loader.
+      loader = {
+        systemd-boot.enable = true;
+        efi.canTouchEfiVariables = true;
+        timeout = null;
+      };
+      plymouth.enable = true;
+      kernelPackages = pkgs.linuxPackages_latest;
+      kernelParams = [ "i915.fastboot=1" "intel_pstate=no_hwp" "acpi_backlight=vendor" "thinkpad-acpi.brightness_enable=1" "quiet" ];
+      extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
+      kernelModules = ["v4l2loopback"];
+      tmpOnTmpfs = true;
+    };
+    networking = {
+      domain = "midgard.yggdrasil";
+      hosts = {
+        "127.0.0.1" = [ "sif.midgard.yggdrasil" "sif" ];
+        "::1" = [ "sif.midgard.yggdrasil" "sif" ];
+      };
+      firewall = {
+        enable = true;
+        allowedTCPPorts = [ 22 # ssh
+                            8000 # quickserve
+                          ];
+        allowedUDPPorts = [ 8554 # gopro webcam
+                          ];
+      };
+      networkmanager = {
+        enable = true;
+        dhcp = "internal";
+        dns = lib.mkForce "dnsmasq";
+        extraConfig = ''
+          [connectivity]
+          uri=https://online.yggdrasil.li
+        '';
+      };
+      wlanInterfaces = {
+        wlan0 = {
+          device = "wlp82s0";
+        };
+      };
+      bonds = {
+        "lan" = {
+          interfaces = [ "wlan0" "enp0s31f6" "dock0" ];
+          driverOptions = {
+            miimon = "1000";
+            mode = "active-backup";
+            primary_reselect = "always";
+          };
+        };
+      };
+      dhcpcd.enable = false;
+      useDHCP = false;
+      useNetworkd = true;
+      interfaces.yggdrasil = {
+        virtual = true;
+        virtualType = config.services.tinc.networks.yggdrasil.interfaceType;
+        macAddress = "5c:93:21:c3:61:39";
+      };
+    };
+    systemd.services."NetworkManager-wait-online".enable = false;
+    systemd.services."systemd-networkd-wait-online".enable = false;
+    environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = {
+      text = ''
+        server=/sif.libvirt/192.168.122.1
+      '';
+    };
+    services.openssh.enable = true;
+    powerManagement = {
+      enable = true;
+      cpuFreqGovernor = "schedutil";
+    };
+    environment.systemPackages = with pkgs; [
+      nvtop brightnessctl config.boot.kernelPackages.v4l2loopback s-tui
+    ];
+    services = {
+      tinc.yggdrasil.enable = true;
+      uucp = {
+        enable = true;
+        nodeName = "sif";
+        remoteNodes = {
+          "ymir" = {
+            publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"];
+            hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"];
+          };
+        };
+        defaultCommands = lib.mkForce [];
+      };
+      avahi.enable = true;
+      fwupd.enable = true;
+      fprintd.enable = true;
+      blueman.enable = true;
+    
+      colord.enable = true;
+    
+      vnstat.enable = true;
+      logind = {
+        lidSwitch = "suspend";
+        lidSwitchDocked = "lock";
+        lidSwitchExternalPower = "lock";
+      };
+      atd = {
+        enable = true;
+        allowEveryone = true;
+      };
+      xserver = {
+        enable = true;
+        layout = "us";
+        xkbVariant = "dvp";
+        xkbOptions = "compose:caps";
+        displayManager.lightdm = {
+          enable = true;
+          greeters.gtk = {
+            clock-format = "%H:%M %a %b %_d";
+            indicators = ["~host" "~spacer" "~clock" "~session" "~power"];
+            theme = {
+              package = pkgs.equilux-theme;
+              name = "Equilux-compact";
+            };
+            iconTheme = {
+              package = pkgs.paper-icon-theme;
+              name = "Paper";
+            };
+            extraConfig = ''
+              background = #000000
+              user-background = false
+              active-monitor = #cursor
+              hide-user-image = true
+              [monitor: DP-2]
+                laptop = true
+            '';
+          };
+        };
+        displayManager.setupCommands = ''
+          ${pkgs.xorg.xinput}/bin/xinput disable 'SynPS/2 Synaptics TouchPad'
+        '';
+        desktopManager.xterm.enable = true;
+        windowManager.twm.enable = true;
+        displayManager.defaultSession = "xterm+twm";
+        wacom.enable = true;
+        libinput.enable = true;
+        dpi = 282;
+        videoDrivers = [ "nvidia" ];
+        screenSection = ''
+          Option "metamodes" "nvidia-auto-select +0+0 { ForceCompositionPipeline = On }"
+        '';
+        deviceSection = ''
+          Option "AccelMethod" "SNA"
+          Option "TearFree" "True"
+        '';
+        exportConfiguration = true;
+      };
+    };
+    users = {
+      users.gkleen.extraGroups = [ "media" ];
+      groups.media = {};
+    };
+    hardware = {
+      pulseaudio = {
+        enable = true;
+        package = with pkgs; pulseaudioFull;
+        support32Bit = true;
+      };
+      bluetooth = {
+        enable = true;   
+        settings = {
+          General = {
+            Enable = "Source,Sink,Media,Socket";
+          };
+        };
+      };
+      trackpoint = {
+        enable = true;
+        emulateWheel = true;
+        sensitivity = 255;
+        speed = 255;
+      };
+      nvidia = {
+        modesetting.enable = true;
+        prime = {
+          nvidiaBusId = "PCI:1:0:0";
+          intelBusId = "PCI:0:2:0";
+          sync.enable = true;
+        };
+      };
+      opengl = {
+        enable = true;
+        driSupport32Bit = true;
+        setLdLibraryPath = true;
+      };
+      firmware = [ pkgs.firmwareLinuxNonfree ];
+    };
+    sound.enable = true;
+    nix = {
+      autoOptimiseStore = true;
+      daemonNiceLevel = 10;
+      daemonIONiceLevel = 3;
+    };
+    environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;
+    systemd.services."ac-plugged" = {
+      description = "Inhibit handling of lid-switch and sleep";
+      path = with pkgs; [ systemd coreutils ];
+      script = ''
+        exec systemd-inhibit --what=handle-lid-switch --why="AC is connected" --mode=block sleep infinity
+      '';
+      serviceConfig = {
+        Type = "simple";
+      };
+    };
+    services.udev.extraRules = with pkgs; lib.mkAfter ''
+      SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service"
+      SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service"
+      ACTION=="add", SUBSYSTEM=="net", DEVTYPE!="?*", ATTR{address}=="3c:e1:a1:b9:cd:e5", NAME="dock0"
+    '';
+    services.borgbackup = {
+      snapshots = "btrfs";
+      prefix = "yggdrasil.midgard.sif.";
+      targets = {
+        "munin" = {
+          repo = "borg.munin:borg";
+          paths = [ "/home/gkleen" ];
+          prune = {
+            "home" =
+              [ "--keep-within" "24H"
+                "--keep-daily" "31"
+                "--keep-monthly" "12"
+                "--keep-yearly" "-1"
+              ];
+          };
+          keyFile = "/run/secrets/borg-repokey--borg_munin__borg";
+        };
+      };
+    };
+    sops.secrets.borg-repokey--borg_munin__borg = {
+      sopsFile = /. + path + "/modules/borgbackup/repokeys/borg_munin__borg.yaml";
+      key = "key";
+    };
+    services.btrfs.autoScrub = {
+      enable = true;
+      fileSystems = [ "/" "/home" ];
+      interval = "weekly";
+    };
+    systemd.services."nix-daemon".serviceConfig = {
+      MemoryAccounting = true;
+      MemoryHigh = "50%";
+      MemoryMax = "75%";
+    };
+    services.journald.extraConfig = ''
+      SystemMaxUse=100M
+    '';
+    services.dbus.packages = with pkgs;
+      [ dbus gnome3.dconf
+      ];
+    programs = {
+      light.enable = true;
+      wireshark.enable = true;
+    };
+    virtualisation.libvirtd = {
+      enable = true;
+    };
+    zramSwap.enable = true;
+    services.pcscd.enable = true;
+    system.stateVersion = "20.03";
+  };
+}

diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix new file mode 100644 index 00000000..c0b7f50c --- /dev/null +++ b/hosts/sif/default.nix
@@ -0,0 +1,355 @@
	1	{ flake, pkgs, customUtils, lib, config, path, ... }:
	2	{
	3	imports = with flake.nixosModules.systemProfiles; [
	4	./hw.nix
	5	./mail
	6	initrd-all-crypto-modules default-locale openssh
	7	];
	8
	9	config = {
	10	nixpkgs = {
	11	system = "x86_64-linux";
	12	config = {
	13	allowUnfree = true;
	14	};
	15	};
	16
	17	boot = {
	18	initrd = {
	19	luks.devices = {
	20	nvm0.device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb";
	21	nvm1.device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a";
	22	};
	23	availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
	24	kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ];
	25	};
	26
	27	blacklistedKernelModules = [ "nouveau" ];
	28
	29	# Use the systemd-boot EFI boot loader.
	30	loader = {
	31	systemd-boot.enable = true;
	32	efi.canTouchEfiVariables = true;
	33	timeout = null;
	34	};
	35
	36	plymouth.enable = true;
	37
	38	kernelPackages = pkgs.linuxPackages_latest;
	39	kernelParams = [ "i915.fastboot=1" "intel_pstate=no_hwp" "acpi_backlight=vendor" "thinkpad-acpi.brightness_enable=1" "quiet" ];
	40	extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
	41	kernelModules = ["v4l2loopback"];
	42
	43	tmpOnTmpfs = true;
	44	};
	45
	46	networking = {
	47	domain = "midgard.yggdrasil";
	48	hosts = {
	49	"127.0.0.1" = [ "sif.midgard.yggdrasil" "sif" ];
	50	"::1" = [ "sif.midgard.yggdrasil" "sif" ];
	51	};
	52
	53	firewall = {
	54	enable = true;
	55	allowedTCPPorts = [ 22 # ssh
	56	8000 # quickserve
	57	];
	58	allowedUDPPorts = [ 8554 # gopro webcam
	59	];
	60	};
	61
	62	networkmanager = {
	63	enable = true;
	64	dhcp = "internal";
	65	dns = lib.mkForce "dnsmasq";
	66	extraConfig = ''
	67	[connectivity]
	68	uri=https://online.yggdrasil.li
	69	'';
	70	};
	71
	72	wlanInterfaces = {
	73	wlan0 = {
	74	device = "wlp82s0";
	75	};
	76	};
	77
	78	bonds = {
	79	"lan" = {
	80	interfaces = [ "wlan0" "enp0s31f6" "dock0" ];
	81	driverOptions = {
	82	miimon = "1000";
	83	mode = "active-backup";
	84	primary_reselect = "always";
	85	};
	86	};
	87	};
	88
	89	dhcpcd.enable = false;
	90	useDHCP = false;
	91	useNetworkd = true;
	92
	93	interfaces.yggdrasil = {
	94	virtual = true;
	95	virtualType = config.services.tinc.networks.yggdrasil.interfaceType;
	96	macAddress = "5c:93:21:c3:61:39";
	97	};
	98	};
	99
	100	systemd.services."NetworkManager-wait-online".enable = false;
	101	systemd.services."systemd-networkd-wait-online".enable = false;
	102
	103	environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = {
	104	text = ''
	105	server=/sif.libvirt/192.168.122.1
	106	'';
	107	};
	108
	109	services.openssh.enable = true;
	110
	111	powerManagement = {
	112	enable = true;
	113
	114	cpuFreqGovernor = "schedutil";
	115	};
	116
	117	environment.systemPackages = with pkgs; [
	118	nvtop brightnessctl config.boot.kernelPackages.v4l2loopback s-tui
	119	];
	120
	121	services = {
	122	tinc.yggdrasil.enable = true;
	123
	124	uucp = {
	125	enable = true;
	126	nodeName = "sif";
	127	remoteNodes = {
	128	"ymir" = {
	129	publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"];
	130	hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"];
	131	};
	132	};
	133
	134	defaultCommands = lib.mkForce [];
	135	};
	136
	137	avahi.enable = true;
	138
	139	fwupd.enable = true;
	140
	141	fprintd.enable = true;
	142
	143	blueman.enable = true;
	144
	145	colord.enable = true;
	146
	147	vnstat.enable = true;
	148
	149	logind = {
	150	lidSwitch = "suspend";
	151	lidSwitchDocked = "lock";
	152	lidSwitchExternalPower = "lock";
	153	};
	154
	155	atd = {
	156	enable = true;
	157	allowEveryone = true;
	158	};
	159
	160	xserver = {
	161	enable = true;
	162
	163	layout = "us";
	164	xkbVariant = "dvp";
	165	xkbOptions = "compose:caps";
	166
	167	displayManager.lightdm = {
	168	enable = true;
	169	greeters.gtk = {
	170	clock-format = "%H:%M %a %b %_d";
	171	indicators = ["~host" "~spacer" "~clock" "~session" "~power"];
	172	theme = {
	173	package = pkgs.equilux-theme;
	174	name = "Equilux-compact";
	175	};
	176	iconTheme = {
	177	package = pkgs.paper-icon-theme;
	178	name = "Paper";
	179	};
	180	extraConfig = ''
	181	background = #000000
	182	user-background = false
	183	active-monitor = #cursor
	184	hide-user-image = true
	185
	186	[monitor: DP-2]
	187	laptop = true
	188	'';
	189	};
	190	};
	191
	192	displayManager.setupCommands = ''
	193	${pkgs.xorg.xinput}/bin/xinput disable 'SynPS/2 Synaptics TouchPad'
	194	'';
	195
	196	desktopManager.xterm.enable = true;
	197	windowManager.twm.enable = true;
	198	displayManager.defaultSession = "xterm+twm";
	199
	200	wacom.enable = true;
	201	libinput.enable = true;
	202
	203	dpi = 282;
	204
	205	videoDrivers = [ "nvidia" ];
	206
	207	screenSection = ''
	208	Option "metamodes" "nvidia-auto-select +0+0 { ForceCompositionPipeline = On }"
	209	'';
	210
	211	deviceSection = ''
	212	Option "AccelMethod" "SNA"
	213	Option "TearFree" "True"
	214	'';
	215
	216	exportConfiguration = true;
	217	};
	218	};
	219
	220	users = {
	221	users.gkleen.extraGroups = [ "media" ];
	222	groups.media = {};
	223	};
	224
	225	hardware = {
	226	pulseaudio = {
	227	enable = true;
	228	package = with pkgs; pulseaudioFull;
	229	support32Bit = true;
	230	};
	231
	232	bluetooth = {
	233	enable = true;
	234	settings = {
	235	General = {
	236	Enable = "Source,Sink,Media,Socket";
	237	};
	238	};
	239	};
	240
	241	trackpoint = {
	242	enable = true;
	243	emulateWheel = true;
	244	sensitivity = 255;
	245	speed = 255;
	246	};
	247
	248	nvidia = {
	249	modesetting.enable = true;
	250	prime = {
	251	nvidiaBusId = "PCI:1:0:0";
	252	intelBusId = "PCI:0:2:0";
	253	sync.enable = true;
	254	};
	255	};
	256
	257	opengl = {
	258	enable = true;
	259	driSupport32Bit = true;
	260	setLdLibraryPath = true;
	261	};
	262
	263	firmware = [ pkgs.firmwareLinuxNonfree ];
	264	};
	265
	266	sound.enable = true;
	267
	268	nix = {
	269	autoOptimiseStore = true;
	270	daemonNiceLevel = 10;
	271	daemonIONiceLevel = 3;
	272	};
	273
	274	environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;
	275
	276	systemd.services."ac-plugged" = {
	277	description = "Inhibit handling of lid-switch and sleep";
	278
	279	path = with pkgs; [ systemd coreutils ];
	280
	281	script = ''
	282	exec systemd-inhibit --what=handle-lid-switch --why="AC is connected" --mode=block sleep infinity
	283	'';
	284
	285	serviceConfig = {
	286	Type = "simple";
	287	};
	288	};
	289
	290	services.udev.extraRules = with pkgs; lib.mkAfter ''
	291	SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service"
	292	SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service"
	293	ACTION=="add", SUBSYSTEM=="net", DEVTYPE!="?*", ATTR{address}=="3c:e1:a1:b9:cd:e5", NAME="dock0"
	294	'';
	295
	296	services.borgbackup = {
	297	snapshots = "btrfs";
	298	prefix = "yggdrasil.midgard.sif.";
	299	targets = {
	300	"munin" = {
	301	repo = "borg.munin:borg";
	302	paths = [ "/home/gkleen" ];
	303	prune = {
	304	"home" =
	305	[ "--keep-within" "24H"
	306	"--keep-daily" "31"
	307	"--keep-monthly" "12"
	308	"--keep-yearly" "-1"
	309	];
	310	};
	311	keyFile = "/run/secrets/borg-repokey--borg_munin__borg";
	312	};
	313	};
	314	};
	315	sops.secrets.borg-repokey--borg_munin__borg = {
	316	sopsFile = /. + path + "/modules/borgbackup/repokeys/borg_munin__borg.yaml";
	317	key = "key";
	318	};
	319
	320	services.btrfs.autoScrub = {
	321	enable = true;
	322	fileSystems = [ "/" "/home" ];
	323	interval = "weekly";
	324	};
	325
	326	systemd.services."nix-daemon".serviceConfig = {
	327	MemoryAccounting = true;
	328	MemoryHigh = "50%";
	329	MemoryMax = "75%";
	330	};
	331
	332	services.journald.extraConfig = ''
	333	SystemMaxUse=100M
	334	'';
	335
	336	services.dbus.packages = with pkgs;
	337	[ dbus gnome3.dconf
	338	];
	339
	340	programs = {
	341	light.enable = true;
	342	wireshark.enable = true;
	343	};
	344
	345	virtualisation.libvirtd = {
	346	enable = true;
	347	};
	348
	349	zramSwap.enable = true;
	350
	351	services.pcscd.enable = true;
	352
	353	system.stateVersion = "20.03";
	354	};
	355	}