refactoring
parent
e540fab11c
commit
0e37e0bf13
|
@ -1,8 +1,6 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
imports = [ ../physical/3950x.nix ../roles/workstation.nix ];
|
||||
|
||||
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
|
||||
|
||||
system.stateVersion = "19.09";
|
||||
|
||||
yorick.lumi-vpn = {
|
||||
|
@ -10,8 +8,7 @@
|
|||
mtu = 1408;
|
||||
};
|
||||
|
||||
xdg.autostart.enable = false;
|
||||
|
||||
# backups
|
||||
services.znapzend = {
|
||||
enable = true;
|
||||
pure = true;
|
||||
|
@ -31,12 +28,8 @@
|
|||
};
|
||||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="usb", ATTRS{idVendor}=="20b7", ATTRS{idProduct}=="9db1", MODE="0660", GROUP="dialout", TAG+="uaccess"
|
||||
'';
|
||||
|
||||
# lars user
|
||||
nix.settings.trusted-users = [ "lars" ];
|
||||
users.users.yorick.extraGroups = [ "docker" ];
|
||||
users.users.lars = {
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
|
@ -44,8 +37,8 @@
|
|||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvdQ963wjgWyFMp6djRTqVwZr3/PQ/V+Qm5JTcxRTdY lumi@channelwood"
|
||||
];
|
||||
};
|
||||
|
||||
# docker
|
||||
virtualisation.docker.enable = true;
|
||||
# castnow
|
||||
networking.firewall.allowedUDPPorts = [ 5353 ];
|
||||
networking.firewall.allowedTCPPortRanges = [ { from = 4100; to = 4105; } ];
|
||||
users.users.yorick.extraGroups = [ "docker" ];
|
||||
}
|
||||
|
|
|
@ -1,35 +1,9 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let sources = import ../../nix/sources.nix;
|
||||
in {
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
"${sources.nixos-hardware}/lenovo/thinkpad/x1"
|
||||
../physical/x11-hardware-config.nix
|
||||
../roles/workstation.nix
|
||||
{
|
||||
imports = [ ../physical/x11.nix ../roles/workstation.nix ];
|
||||
|
||||
];
|
||||
yorick.lumi-vpn.enable = lib.mkForce false;
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.zfs.requestEncryptionCredentials = true;
|
||||
|
||||
networking.hostName = "smithers";
|
||||
networking.wireless.iwd.enable = true;
|
||||
networking.hostId = "54a8968e";
|
||||
|
||||
hardware.bluetooth.enable = true;
|
||||
services.fprintd.enable = true;
|
||||
system.stateVersion = "21.05";
|
||||
boot.kernelPackages = pkgs.linuxPackages_5_15;
|
||||
|
||||
boot.initrd.availableKernelModules = [ "i915" ];
|
||||
boot.loader.timeout = 1;
|
||||
boot.kernelParams = ["i915.fastboot=1" "i915.enable_psr=0" ]; # todo: 2?, "quiet"
|
||||
#boot.plymouth.enable = true;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.yorick.lumi-cache;
|
||||
nixNetrcFile = pkgs.runCommand "nix-netrc-file" {
|
||||
hostname = "cache.lumi.guide";
|
||||
username = "lumi";
|
||||
} ''
|
||||
cat > $out <<EOI
|
||||
machine $hostname
|
||||
login $username
|
||||
password ${
|
||||
builtins.readFile
|
||||
/home/yorick/engineering/lumi/secrets/shared/passwords/nix-serve-password
|
||||
}
|
||||
EOI
|
||||
'';
|
||||
in {
|
||||
options.yorick.lumi-cache = with lib; {
|
||||
enable = mkEnableOption "lumi cache";
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
nix = {
|
||||
settings.substituters = [ "https://cache.lumi.guide/" ];
|
||||
settings.netrc-file = nixNetrcFile;
|
||||
settings.trusted-public-keys = [
|
||||
"cache.lumi.guide-1:z813xH+DDlh+wvloqEiihGvZqLXFmN7zmyF8wR47BHE="
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,27 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let sources = import ../../nix/sources.nix;
|
||||
in {
|
||||
imports = [
|
||||
./.
|
||||
"${sources.nixos-hardware}/lenovo/thinkpad/x1"
|
||||
./x11-hardware-config.nix
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.zfs.requestEncryptionCredentials = true;
|
||||
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
networking.wireless.iwd.enable = true;
|
||||
networking.hostId = "54a8968e";
|
||||
|
||||
services.zfs.autoScrub.enable = true;
|
||||
services.zfs.trim.enable = true;
|
||||
hardware.bluetooth.enable = true;
|
||||
services.fprintd.enable = true;
|
||||
|
||||
boot.initrd.availableKernelModules = [ "i915" ];
|
||||
boot.loader.timeout = 1;
|
||||
boot.kernelParams = [ "i915.fastboot=1" ];
|
||||
#boot.plymouth.enable = true;
|
||||
}
|
|
@ -7,10 +7,14 @@ in {
|
|||
imports = [
|
||||
../modules/tor-hidden-service.nix
|
||||
../modules/nginx.nix
|
||||
../modules/lumi-cache.nix
|
||||
../modules/lumi-vpn.nix
|
||||
../deploy/keys.nix
|
||||
../services
|
||||
];
|
||||
|
||||
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
|
||||
|
||||
networking.domain = "yori.cc";
|
||||
networking.hostName = machine;
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
|
@ -99,7 +103,6 @@ in {
|
|||
rsync
|
||||
|
||||
#gitMinimal
|
||||
#rxvt_unicode.terminfo
|
||||
];
|
||||
nix.gc.automatic = true;
|
||||
|
||||
|
@ -132,4 +135,5 @@ in {
|
|||
disabledCollectors = [ "rapl" ];
|
||||
};
|
||||
networking.firewall.interfaces.wg-y.allowedTCPPorts = [ 9100 ];
|
||||
xdg.autostart.enable = false;
|
||||
}
|
||||
|
|
|
@ -1,49 +0,0 @@
|
|||
let secrets = import <secrets>;
|
||||
in { config, lib, pkgs, ... }: {
|
||||
imports = [ ./. ];
|
||||
options.yorick.support32bit = with lib;
|
||||
mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
config = {
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
driSupport32Bit = config.yorick.support32bit;
|
||||
};
|
||||
users.users.yorick.extraGroups = [ "video" ];
|
||||
# fix backlight permissions
|
||||
services.udev.extraRules = ''
|
||||
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
|
||||
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
|
||||
'';
|
||||
|
||||
fonts = {
|
||||
fontDir.enable = true;
|
||||
enableGhostscriptFonts = true;
|
||||
fonts = with pkgs; [
|
||||
corefonts # Micrsoft free fonts
|
||||
inconsolata # monospaced
|
||||
source-code-pro
|
||||
ubuntu_font_family # Ubuntu fonts
|
||||
source-han-sans-japanese
|
||||
iosevka
|
||||
font-awesome
|
||||
];
|
||||
};
|
||||
# spotify
|
||||
networking.firewall.allowedTCPPorts = [ 55025 57621 ];
|
||||
networking.firewall.allowedUDPPorts = [ 55025 57621 ];
|
||||
|
||||
services.openssh.forwardX11 = true;
|
||||
|
||||
programs.sway = {
|
||||
enable = true;
|
||||
extraSessionCommands = ''
|
||||
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${
|
||||
lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,87 +1,54 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
nixNetrcFile = pkgs.runCommand "nix-netrc-file" {
|
||||
hostname = "cache.lumi.guide";
|
||||
username = "lumi";
|
||||
} ''
|
||||
cat > $out <<EOI
|
||||
machine $hostname
|
||||
login $username
|
||||
password ${
|
||||
builtins.readFile
|
||||
/home/yorick/engineering/lumi/secrets/shared/passwords/nix-serve-password
|
||||
}
|
||||
EOI
|
||||
'';
|
||||
in {
|
||||
imports = [ ./graphical.nix ];
|
||||
{
|
||||
imports = [ ./default.nix ];
|
||||
|
||||
users.extraUsers.yorick.extraGroups = [ "input" "wireshark" "dialout" ];
|
||||
users.users.yorick = {
|
||||
extraGroups = [ "input" "wireshark" "dialout" "video" "libvirtd" ];
|
||||
shell = pkgs.fish;
|
||||
};
|
||||
services.printing = {
|
||||
enable = true;
|
||||
drivers = [ pkgs.gutenprint pkgs.cups-dymo ];
|
||||
drivers = with pkgs; [ gutenprint cups-dymo ];
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
pkgs.ghostscript
|
||||
pkgs.yubikey-manager
|
||||
pkgs.glib
|
||||
ghostscript yubikey-manager glib
|
||||
];
|
||||
environment.sessionVariables.XDG_DATA_DIRS = with pkgs; [
|
||||
"${gnome-themes-extra}/share"
|
||||
"${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}"
|
||||
# emacs?
|
||||
];
|
||||
programs.dconf.enable = true;
|
||||
virtualisation.virtualbox.host.enable = false;
|
||||
programs.noisetorch.enable = true;
|
||||
yorick.support32bit = true;
|
||||
services.pcscd.enable = true;
|
||||
#environment.systemPackages = [pkgs.yubikey-manager];
|
||||
fonts.fonts = [ pkgs.emojione ];
|
||||
programs.wireshark.enable = true;
|
||||
nix = {
|
||||
gc.automatic = pkgs.lib.mkOverride 30 false;
|
||||
settings.substituters = [
|
||||
"https://cache.nixos.org"
|
||||
"https://cache.lumi.guide/"
|
||||
#"s3://yori-nix?endpoint=s3.eu-central-003.backblazeb2.com&profile=backblaze-read"
|
||||
#"https://nixpkgs-wayland.cachix.org"
|
||||
];
|
||||
settings.trusted-substituters = config.nix.settings.substituters ++ [
|
||||
"ssh://yorick@jupiter.serokell.io"
|
||||
"ssh-ng://jupiter"
|
||||
"https://serokell.cachix.org"
|
||||
];
|
||||
settings.trusted-public-keys = [
|
||||
"serokell:ic/49yTkeFIk4EBX1CZ/Wlt5fQfV7yCifaJyoM+S3Ss="
|
||||
"serokell-1:aIojg2Vxgv7MkzPJoftOO/I8HKX622sT+c0fjnZBLj0="
|
||||
(lib.mkIf config.yorick.lumi-vpn.enable "cache.lumi.guide-1:z813xH+DDlh+wvloqEiihGvZqLXFmN7zmyF8wR47BHE=")
|
||||
"serokell.cachix.org-1:5DscEJD6c1dD1Mc/phTIbs13+iW22AVbx0HqiSb+Lq8="
|
||||
#"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
|
||||
"yorick:Pmd0gyrTvVdzpQyb/raHJKdoOag8RLaj434qBgMm4I0="
|
||||
];
|
||||
extraOptions = lib.mkIf config.yorick.lumi-vpn.enable ''
|
||||
netrc-file = ${nixNetrcFile}
|
||||
# '';
|
||||
};
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
nssmdns = true;
|
||||
};
|
||||
virtualisation.libvirtd.enable = true;
|
||||
users.users.yorick.extraGroups = [ "libvirtd" "pico" ];
|
||||
users.users.yorick.shell = pkgs.fish;
|
||||
# fix glasgow, fomu, backlight
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5bf0", MODE="0664", GROUP="dialout"
|
||||
SUBSYSTEM=="usb", ATTRS{idVendor}=="20b7", ATTRS{idProduct}=="9db1", TAG+="uaccess"
|
||||
SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5bf0", TAG+="uaccess"
|
||||
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
|
||||
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
|
||||
'';
|
||||
|
||||
# picoscope
|
||||
#users.users.yorick.extraGroups = ["pico"];
|
||||
services.udev.packages = [
|
||||
(pkgs.writeTextDir "lib/udev/rules.d/95-pico.rules" ''
|
||||
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ce9", MODE="664",GROUP="pico"
|
||||
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ce9", TAG+="uaccess"
|
||||
'')
|
||||
];
|
||||
users.groups.pico = { };
|
||||
|
||||
# development
|
||||
services.postgresql = {
|
||||
|
@ -94,6 +61,7 @@ in {
|
|||
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
|
||||
|
||||
yorick.lumi-vpn.enable = true;
|
||||
yorick.lumi-cache.enable = true;
|
||||
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
|
@ -104,7 +72,7 @@ in {
|
|||
media-session.config.bluez-monitor.rules = [
|
||||
{
|
||||
# Matches all cards
|
||||
matches = [ { "device.name" = "~bluez_card.*"; } ];
|
||||
matches = [{ "device.name" = "~bluez_card.*"; }];
|
||||
actions = {
|
||||
"update-props" = {
|
||||
"bluez5.reconnect-profiles" = [ "hfp_hf" "hsp_hs" "a2dp_sink" ];
|
||||
|
@ -118,13 +86,13 @@ in {
|
|||
{
|
||||
matches = [
|
||||
# Matches all sources
|
||||
{ "node.name" = "~bluez_input.*"; }
|
||||
{
|
||||
"node.name" = "~bluez_input.*";
|
||||
}
|
||||
# Matches all outputs
|
||||
{ "node.name" = "~bluez_output.*"; }
|
||||
];
|
||||
actions = {
|
||||
"node.pause-on-idle" = false;
|
||||
};
|
||||
actions = { "node.pause-on-idle" = false; };
|
||||
}
|
||||
];
|
||||
};
|
||||
|
@ -133,4 +101,44 @@ in {
|
|||
extraPortals = with pkgs; [ xdg-desktop-portal-wlr xdg-desktop-portal-gtk ];
|
||||
gtkUsePortal = true;
|
||||
};
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
|
||||
fonts = {
|
||||
fontDir.enable = true;
|
||||
enableGhostscriptFonts = true;
|
||||
fonts = with pkgs; [
|
||||
corefonts # Micrsoft free fonts
|
||||
inconsolata # monospaced
|
||||
source-code-pro
|
||||
ubuntu_font_family # Ubuntu fonts
|
||||
source-han-sans-japanese
|
||||
iosevka
|
||||
emojione
|
||||
font-awesome
|
||||
];
|
||||
};
|
||||
# spotify, castnow
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ 55025 57621 5353 ];
|
||||
allowedTCPPortRanges = [ { from = 4100; to = 4105; } ];
|
||||
allowedUDPPorts = [ 55025 57621 ];
|
||||
};
|
||||
|
||||
programs = {
|
||||
dconf.enable = true;
|
||||
noisetorch.enable = true;
|
||||
wireshark.enable = true;
|
||||
sway = {
|
||||
enable = true;
|
||||
extraSessionCommands = ''
|
||||
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${
|
||||
lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
services.pcscd.enable = true;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue