From f6e600c20d6a97ebeda23fa2bb5621646222b2b0 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 2 Jan 2021 20:53:17 +0100
Subject: sif: import config

---
 hosts/sif/default.nix | 295 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 295 insertions(+)
 create mode 100644 hosts/sif/default.nix

(limited to 'hosts/sif/default.nix')

diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
new file mode 100644
index 00000000..4e9826bd
--- /dev/null
+++ b/hosts/sif/default.nix
@@ -0,0 +1,295 @@
+{ flake, pkgs, customUtils, lib, config, ... }:
+{
+  imports = with flake.nixosModules.systemProfiles; [
+    ./hw.nix
+    ./mail
+    initrd-all-crypto-modules default-locale openssh
+  ];
+
+  config = {
+    nixpkgs = {
+      system = "x86_64-linux";
+      config = {
+        allowUnfree = true;
+      };
+    };
+
+    boot = {
+      initrd = {
+        luks.devices = {
+          nvm0.device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb";
+          nvm1.device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a";
+        };
+        availableKernelModules = [ "drbg" "nvme" "fbcon" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+        kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ];
+      };
+
+      blacklistedKernelModules = [ "nouveau" ];
+
+      # Use the systemd-boot EFI boot loader.
+      loader = {
+        systemd-boot.enable = true;
+        efi.canTouchEfiVariables = true;
+        timeout = null;
+      };
+
+      plymouth.enable = true;
+
+      kernelPackages = pkgs.linuxPackages_latest;
+      kernelParams = [ "i915.fastboot=1" "intel_pstate=no_hwp" "acpi_backlight=vendor" "thinkpad-acpi.brightness_enable=1" "quiet" ];
+
+      tmpOnTmpfs = true;
+    };
+
+    networking = {
+      domain = "midgard.yggdrasil";
+      hosts = {
+        "127.0.0.1" = [ "sif.midgard.yggdrasil" "sif" ];
+        "::1" = [ "sif.midgard.yggdrasil" "sif" ];
+      };
+
+      firewall = {
+        enable = true;
+        allowedTCPPorts = [ 22 # ssh
+                            8000 # quickserve
+                          ];
+      };
+
+      networkmanager = {
+        enable = true;
+        dhcp = "internal";
+        dns = "dnsmasq";
+        extraConfig = ''
+          [connectivity]
+          uri=https://online.yggdrasil.li
+        '';
+      };
+
+      dhcpcd.enable = false;
+
+      interfaces.yggdrasil = {
+        virtual = true;
+        virtualType = config.services.tinc.networks.yggdrasil.interfaceType;
+        macAddress = "5c:93:21:c3:61:39";
+      };
+    };
+
+    environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = {
+      text = ''
+        server=/sif.libvirt/192.168.122.1
+      '';
+    };
+
+    powerManagement.enable = true;
+
+    environment.systemPackages = with pkgs; [
+      nvtop brightnessctl
+    ];
+
+    services = {
+      tinc.yggdrasil.enable = true;
+
+      uucp = {
+        enable = true;
+        nodeName = "sif";
+        remoteNodes = {
+          "ymir" = {
+            publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"];
+            hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"];
+          };
+        };
+
+        defaultCommands = lib.mkForce [];
+      };
+
+      avahi.enable = true;
+
+      fwupd.enable = true;
+
+      fprintd.enable = true;
+
+      blueman.enable = true;
+    
+      colord.enable = true;
+    
+      vnstat.enable = true;
+
+      logind = {
+        lidSwitch = "suspend";
+        lidSwitchDocked = "lock";
+        lidSwitchExternalPower = "lock";
+      };
+
+      atd = {
+        enable = true;
+        allowEveryone = true;
+      };
+
+      xserver = {
+        enable = true;
+
+        layout = "us";
+        xkbVariant = "dvp";
+        xkbOptions = "compose:caps";
+
+        displayManager.lightdm = {
+          enable = true;
+          greeters.gtk = {
+            clock-format = "%H:%M %a %b %_d";
+            indicators = ["~host" "~spacer" "~clock" "~session" "~power"];
+            theme = {
+              package = pkgs.equilux-theme;
+              name = "Equilux-compact";
+            };
+            iconTheme = {
+              package = pkgs.paper-icon-theme;
+              name = "Paper";
+            };
+            extraConfig = ''
+              background = #000000
+              user-background = false
+              active-monitor = #cursor
+              hide-user-image = true
+
+              [monitor: DP-2]
+                laptop = true
+            '';
+          };
+        };
+
+        displayManager.setupCommands = ''
+          ${pkgs.xorg.xinput}/bin/xinput disable 'SynPS/2 Synaptics TouchPad'
+        '';
+
+        desktopManager.xterm.enable = true;
+        windowManager.twm.enable = true;
+        displayManager.defaultSession = "xterm+twm";
+
+        wacom.enable = true;
+        libinput.enable = true;
+
+        dpi = 282;
+
+        videoDrivers = [ "nvidia" ];
+
+        screenSection = ''
+          Option "metamodes" "nvidia-auto-select +0+0 { ForceCompositionPipeline = On }"
+        '';
+
+        deviceSection = ''
+          Option "AccelMethod" "SNA"
+          Option "TearFree" "True"
+        '';
+
+        exportConfiguration = true;
+      };
+    };
+
+    users = {
+      users.gkleen.extraGroups = [ "media" ];
+    };
+
+    hardware = {
+      pulseaudio = {
+        enable = true;
+        package = with pkgs; pulseaudioFull;
+        support32Bit = true;
+      };
+
+      bluetooth = {
+        enable = true;   
+        config = {
+          General = {
+            Enable = "Source,Sink,Media,Socket";
+          };
+        };
+      };
+
+      trackpoint = {
+        enable = true;
+        emulateWheel = true;
+        sensitivity = 255;
+        speed = 255;
+      };
+
+      nvidia = {
+        modesetting.enable = true;
+        prime = {
+          nvidiaBusId = "PCI:1:0:0";
+          intelBusId = "PCI:0:2:0";
+          sync.enable = true;
+        };
+      };
+
+      opengl = {
+        enable = true;
+        driSupport32Bit = true;
+        setLdLibraryPath = true;
+      };
+
+      firmware = [ pkgs.firmwareLinuxNonfree ];
+    };
+
+    sound.enable = true;
+
+    nix = {
+      autoOptimiseStore = true;
+      daemonNiceLevel = 10;
+      daemonIONiceLevel = 3;
+    };
+
+    environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;
+
+    systemd.services."ac-plugged" = {
+      description = "Inhibit handling of lid-switch and sleep";
+
+      path = with pkgs; [ systemd coreutils ];
+
+      script = ''
+        exec systemd-inhibit --what=handle-lid-switch --why="AC is connected" --mode=block sleep infinity
+      '';
+
+      serviceConfig = {
+        Type = "simple";
+      };
+    };
+
+    services.udev.extraRules = with pkgs; ''
+      SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service"
+      SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service"
+    '';
+
+    services.btrfs.autoScrub = {
+      enable = true;
+      fileSystems = [ "/" "/home" ];
+      interval = "weekly";
+    };
+
+    systemd.services."nix-daemon".serviceConfig = {
+      MemoryAccounting = true;
+      MemoryHigh = "50%";
+      MemoryMax = "75%";
+    };
+
+    services.journald.extraConfig = ''
+      SystemMaxUse=100M
+    '';
+
+    services.dbus.packages = with pkgs;
+      [ dbus gnome3.dconf
+      ];
+
+    programs = {
+      light.enable = true;
+      wireshark.enable = true;
+    };
+
+    virtualisation.libvirtd = {
+      enable = true;
+    };
+
+    zramSwap.enable = true;
+
+    system.stateVersion = "20.03";
+  };
+}
-- 
cgit v1.2.3