refactoring
parent
e540fab11c
commit
0e37e0bf13
|
@ -1,8 +1,6 @@
|
||||||
{ config, pkgs, lib, ... }: {
|
{ config, pkgs, lib, ... }: {
|
||||||
imports = [ ../physical/3950x.nix ../roles/workstation.nix ];
|
imports = [ ../physical/3950x.nix ../roles/workstation.nix ];
|
||||||
|
|
||||||
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
|
|
||||||
|
|
||||||
system.stateVersion = "19.09";
|
system.stateVersion = "19.09";
|
||||||
|
|
||||||
yorick.lumi-vpn = {
|
yorick.lumi-vpn = {
|
||||||
|
@ -10,8 +8,7 @@
|
||||||
mtu = 1408;
|
mtu = 1408;
|
||||||
};
|
};
|
||||||
|
|
||||||
xdg.autostart.enable = false;
|
# backups
|
||||||
|
|
||||||
services.znapzend = {
|
services.znapzend = {
|
||||||
enable = true;
|
enable = true;
|
||||||
pure = true;
|
pure = true;
|
||||||
|
@ -31,12 +28,8 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
# lars user
|
||||||
SUBSYSTEM=="usb", ATTRS{idVendor}=="20b7", ATTRS{idProduct}=="9db1", MODE="0660", GROUP="dialout", TAG+="uaccess"
|
|
||||||
'';
|
|
||||||
|
|
||||||
nix.settings.trusted-users = [ "lars" ];
|
nix.settings.trusted-users = [ "lars" ];
|
||||||
users.users.yorick.extraGroups = [ "docker" ];
|
|
||||||
users.users.lars = {
|
users.users.lars = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
|
@ -44,8 +37,8 @@
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvdQ963wjgWyFMp6djRTqVwZr3/PQ/V+Qm5JTcxRTdY lumi@channelwood"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvdQ963wjgWyFMp6djRTqVwZr3/PQ/V+Qm5JTcxRTdY lumi@channelwood"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# docker
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
# castnow
|
users.users.yorick.extraGroups = [ "docker" ];
|
||||||
networking.firewall.allowedUDPPorts = [ 5353 ];
|
|
||||||
networking.firewall.allowedTCPPortRanges = [ { from = 4100; to = 4105; } ];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,35 +1,9 @@
|
||||||
# Edit this configuration file to define what should be installed on
|
|
||||||
# your system. Help is available in the configuration.nix(5) man page
|
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
||||||
|
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let sources = import ../../nix/sources.nix;
|
{
|
||||||
in {
|
imports = [ ../physical/x11.nix ../roles/workstation.nix ];
|
||||||
imports =
|
|
||||||
[ # Include the results of the hardware scan.
|
|
||||||
"${sources.nixos-hardware}/lenovo/thinkpad/x1"
|
|
||||||
../physical/x11-hardware-config.nix
|
|
||||||
../roles/workstation.nix
|
|
||||||
|
|
||||||
];
|
|
||||||
yorick.lumi-vpn.enable = lib.mkForce false;
|
yorick.lumi-vpn.enable = lib.mkForce false;
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
boot.zfs.requestEncryptionCredentials = true;
|
|
||||||
|
|
||||||
networking.hostName = "smithers";
|
|
||||||
networking.wireless.iwd.enable = true;
|
|
||||||
networking.hostId = "54a8968e";
|
|
||||||
|
|
||||||
hardware.bluetooth.enable = true;
|
|
||||||
services.fprintd.enable = true;
|
|
||||||
system.stateVersion = "21.05";
|
system.stateVersion = "21.05";
|
||||||
boot.kernelPackages = pkgs.linuxPackages_5_15;
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "i915" ];
|
|
||||||
boot.loader.timeout = 1;
|
|
||||||
boot.kernelParams = ["i915.fastboot=1" "i915.enable_psr=0" ]; # todo: 2?, "quiet"
|
|
||||||
#boot.plymouth.enable = true;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.yorick.lumi-cache;
|
||||||
|
nixNetrcFile = pkgs.runCommand "nix-netrc-file" {
|
||||||
|
hostname = "cache.lumi.guide";
|
||||||
|
username = "lumi";
|
||||||
|
} ''
|
||||||
|
cat > $out <<EOI
|
||||||
|
machine $hostname
|
||||||
|
login $username
|
||||||
|
password ${
|
||||||
|
builtins.readFile
|
||||||
|
/home/yorick/engineering/lumi/secrets/shared/passwords/nix-serve-password
|
||||||
|
}
|
||||||
|
EOI
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
options.yorick.lumi-cache = with lib; {
|
||||||
|
enable = mkEnableOption "lumi cache";
|
||||||
|
};
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
nix = {
|
||||||
|
settings.substituters = [ "https://cache.lumi.guide/" ];
|
||||||
|
settings.netrc-file = nixNetrcFile;
|
||||||
|
settings.trusted-public-keys = [
|
||||||
|
"cache.lumi.guide-1:z813xH+DDlh+wvloqEiihGvZqLXFmN7zmyF8wR47BHE="
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,27 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let sources = import ../../nix/sources.nix;
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
./.
|
||||||
|
"${sources.nixos-hardware}/lenovo/thinkpad/x1"
|
||||||
|
./x11-hardware-config.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
boot.zfs.requestEncryptionCredentials = true;
|
||||||
|
|
||||||
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
|
networking.wireless.iwd.enable = true;
|
||||||
|
networking.hostId = "54a8968e";
|
||||||
|
|
||||||
|
services.zfs.autoScrub.enable = true;
|
||||||
|
services.zfs.trim.enable = true;
|
||||||
|
hardware.bluetooth.enable = true;
|
||||||
|
services.fprintd.enable = true;
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "i915" ];
|
||||||
|
boot.loader.timeout = 1;
|
||||||
|
boot.kernelParams = [ "i915.fastboot=1" ];
|
||||||
|
#boot.plymouth.enable = true;
|
||||||
|
}
|
|
@ -7,10 +7,14 @@ in {
|
||||||
imports = [
|
imports = [
|
||||||
../modules/tor-hidden-service.nix
|
../modules/tor-hidden-service.nix
|
||||||
../modules/nginx.nix
|
../modules/nginx.nix
|
||||||
|
../modules/lumi-cache.nix
|
||||||
../modules/lumi-vpn.nix
|
../modules/lumi-vpn.nix
|
||||||
../deploy/keys.nix
|
../deploy/keys.nix
|
||||||
../services
|
../services
|
||||||
];
|
];
|
||||||
|
|
||||||
|
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
|
||||||
|
|
||||||
networking.domain = "yori.cc";
|
networking.domain = "yori.cc";
|
||||||
networking.hostName = machine;
|
networking.hostName = machine;
|
||||||
time.timeZone = "Europe/Amsterdam";
|
time.timeZone = "Europe/Amsterdam";
|
||||||
|
@ -99,7 +103,6 @@ in {
|
||||||
rsync
|
rsync
|
||||||
|
|
||||||
#gitMinimal
|
#gitMinimal
|
||||||
#rxvt_unicode.terminfo
|
|
||||||
];
|
];
|
||||||
nix.gc.automatic = true;
|
nix.gc.automatic = true;
|
||||||
|
|
||||||
|
@ -132,4 +135,5 @@ in {
|
||||||
disabledCollectors = [ "rapl" ];
|
disabledCollectors = [ "rapl" ];
|
||||||
};
|
};
|
||||||
networking.firewall.interfaces.wg-y.allowedTCPPorts = [ 9100 ];
|
networking.firewall.interfaces.wg-y.allowedTCPPorts = [ 9100 ];
|
||||||
|
xdg.autostart.enable = false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,49 +0,0 @@
|
||||||
let secrets = import <secrets>;
|
|
||||||
in { config, lib, pkgs, ... }: {
|
|
||||||
imports = [ ./. ];
|
|
||||||
options.yorick.support32bit = with lib;
|
|
||||||
mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
};
|
|
||||||
config = {
|
|
||||||
hardware.opengl = {
|
|
||||||
enable = true;
|
|
||||||
driSupport32Bit = config.yorick.support32bit;
|
|
||||||
};
|
|
||||||
users.users.yorick.extraGroups = [ "video" ];
|
|
||||||
# fix backlight permissions
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
|
|
||||||
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
|
|
||||||
'';
|
|
||||||
|
|
||||||
fonts = {
|
|
||||||
fontDir.enable = true;
|
|
||||||
enableGhostscriptFonts = true;
|
|
||||||
fonts = with pkgs; [
|
|
||||||
corefonts # Micrsoft free fonts
|
|
||||||
inconsolata # monospaced
|
|
||||||
source-code-pro
|
|
||||||
ubuntu_font_family # Ubuntu fonts
|
|
||||||
source-han-sans-japanese
|
|
||||||
iosevka
|
|
||||||
font-awesome
|
|
||||||
];
|
|
||||||
};
|
|
||||||
# spotify
|
|
||||||
networking.firewall.allowedTCPPorts = [ 55025 57621 ];
|
|
||||||
networking.firewall.allowedUDPPorts = [ 55025 57621 ];
|
|
||||||
|
|
||||||
services.openssh.forwardX11 = true;
|
|
||||||
|
|
||||||
programs.sway = {
|
|
||||||
enable = true;
|
|
||||||
extraSessionCommands = ''
|
|
||||||
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${
|
|
||||||
lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,87 +1,54 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
{
|
||||||
nixNetrcFile = pkgs.runCommand "nix-netrc-file" {
|
imports = [ ./default.nix ];
|
||||||
hostname = "cache.lumi.guide";
|
|
||||||
username = "lumi";
|
|
||||||
} ''
|
|
||||||
cat > $out <<EOI
|
|
||||||
machine $hostname
|
|
||||||
login $username
|
|
||||||
password ${
|
|
||||||
builtins.readFile
|
|
||||||
/home/yorick/engineering/lumi/secrets/shared/passwords/nix-serve-password
|
|
||||||
}
|
|
||||||
EOI
|
|
||||||
'';
|
|
||||||
in {
|
|
||||||
imports = [ ./graphical.nix ];
|
|
||||||
|
|
||||||
users.extraUsers.yorick.extraGroups = [ "input" "wireshark" "dialout" ];
|
users.users.yorick = {
|
||||||
|
extraGroups = [ "input" "wireshark" "dialout" "video" "libvirtd" ];
|
||||||
|
shell = pkgs.fish;
|
||||||
|
};
|
||||||
services.printing = {
|
services.printing = {
|
||||||
enable = true;
|
enable = true;
|
||||||
drivers = [ pkgs.gutenprint pkgs.cups-dymo ];
|
drivers = with pkgs; [ gutenprint cups-dymo ];
|
||||||
};
|
};
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
pkgs.ghostscript
|
ghostscript yubikey-manager glib
|
||||||
pkgs.yubikey-manager
|
|
||||||
pkgs.glib
|
|
||||||
];
|
];
|
||||||
environment.sessionVariables.XDG_DATA_DIRS = with pkgs; [
|
environment.sessionVariables.XDG_DATA_DIRS = with pkgs; [
|
||||||
"${gnome-themes-extra}/share"
|
"${gnome-themes-extra}/share"
|
||||||
"${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}"
|
"${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}"
|
||||||
|
# emacs?
|
||||||
];
|
];
|
||||||
programs.dconf.enable = true;
|
|
||||||
virtualisation.virtualbox.host.enable = false;
|
|
||||||
programs.noisetorch.enable = true;
|
|
||||||
yorick.support32bit = true;
|
|
||||||
services.pcscd.enable = true;
|
|
||||||
#environment.systemPackages = [pkgs.yubikey-manager];
|
|
||||||
fonts.fonts = [ pkgs.emojione ];
|
|
||||||
programs.wireshark.enable = true;
|
|
||||||
nix = {
|
nix = {
|
||||||
gc.automatic = pkgs.lib.mkOverride 30 false;
|
gc.automatic = pkgs.lib.mkOverride 30 false;
|
||||||
settings.substituters = [
|
settings.substituters = [
|
||||||
"https://cache.nixos.org"
|
"https://cache.nixos.org"
|
||||||
"https://cache.lumi.guide/"
|
|
||||||
#"s3://yori-nix?endpoint=s3.eu-central-003.backblazeb2.com&profile=backblaze-read"
|
#"s3://yori-nix?endpoint=s3.eu-central-003.backblazeb2.com&profile=backblaze-read"
|
||||||
#"https://nixpkgs-wayland.cachix.org"
|
#"https://nixpkgs-wayland.cachix.org"
|
||||||
];
|
];
|
||||||
settings.trusted-substituters = config.nix.settings.substituters ++ [
|
|
||||||
"ssh://yorick@jupiter.serokell.io"
|
|
||||||
"ssh-ng://jupiter"
|
|
||||||
"https://serokell.cachix.org"
|
|
||||||
];
|
|
||||||
settings.trusted-public-keys = [
|
settings.trusted-public-keys = [
|
||||||
"serokell:ic/49yTkeFIk4EBX1CZ/Wlt5fQfV7yCifaJyoM+S3Ss="
|
|
||||||
"serokell-1:aIojg2Vxgv7MkzPJoftOO/I8HKX622sT+c0fjnZBLj0="
|
|
||||||
(lib.mkIf config.yorick.lumi-vpn.enable "cache.lumi.guide-1:z813xH+DDlh+wvloqEiihGvZqLXFmN7zmyF8wR47BHE=")
|
|
||||||
"serokell.cachix.org-1:5DscEJD6c1dD1Mc/phTIbs13+iW22AVbx0HqiSb+Lq8="
|
|
||||||
#"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
|
#"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
|
||||||
"yorick:Pmd0gyrTvVdzpQyb/raHJKdoOag8RLaj434qBgMm4I0="
|
"yorick:Pmd0gyrTvVdzpQyb/raHJKdoOag8RLaj434qBgMm4I0="
|
||||||
];
|
];
|
||||||
extraOptions = lib.mkIf config.yorick.lumi-vpn.enable ''
|
|
||||||
netrc-file = ${nixNetrcFile}
|
|
||||||
# '';
|
|
||||||
};
|
};
|
||||||
services.avahi = {
|
services.avahi = {
|
||||||
enable = true;
|
enable = true;
|
||||||
nssmdns = true;
|
nssmdns = true;
|
||||||
};
|
};
|
||||||
virtualisation.libvirtd.enable = true;
|
virtualisation.libvirtd.enable = true;
|
||||||
users.users.yorick.extraGroups = [ "libvirtd" "pico" ];
|
# fix glasgow, fomu, backlight
|
||||||
users.users.yorick.shell = pkgs.fish;
|
|
||||||
services.udev.extraRules = ''
|
services.udev.extraRules = ''
|
||||||
SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5bf0", MODE="0664", GROUP="dialout"
|
SUBSYSTEM=="usb", ATTRS{idVendor}=="20b7", ATTRS{idProduct}=="9db1", TAG+="uaccess"
|
||||||
|
SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5bf0", TAG+="uaccess"
|
||||||
|
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
|
||||||
|
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# picoscope
|
# picoscope
|
||||||
#users.users.yorick.extraGroups = ["pico"];
|
|
||||||
services.udev.packages = [
|
services.udev.packages = [
|
||||||
(pkgs.writeTextDir "lib/udev/rules.d/95-pico.rules" ''
|
(pkgs.writeTextDir "lib/udev/rules.d/95-pico.rules" ''
|
||||||
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ce9", MODE="664",GROUP="pico"
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ce9", TAG+="uaccess"
|
||||||
'')
|
'')
|
||||||
];
|
];
|
||||||
users.groups.pico = { };
|
|
||||||
|
|
||||||
# development
|
# development
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
|
@ -94,6 +61,7 @@ in {
|
||||||
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
|
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
|
||||||
|
|
||||||
yorick.lumi-vpn.enable = true;
|
yorick.lumi-vpn.enable = true;
|
||||||
|
yorick.lumi-cache.enable = true;
|
||||||
|
|
||||||
security.rtkit.enable = true;
|
security.rtkit.enable = true;
|
||||||
services.pipewire = {
|
services.pipewire = {
|
||||||
|
@ -104,7 +72,7 @@ in {
|
||||||
media-session.config.bluez-monitor.rules = [
|
media-session.config.bluez-monitor.rules = [
|
||||||
{
|
{
|
||||||
# Matches all cards
|
# Matches all cards
|
||||||
matches = [ { "device.name" = "~bluez_card.*"; } ];
|
matches = [{ "device.name" = "~bluez_card.*"; }];
|
||||||
actions = {
|
actions = {
|
||||||
"update-props" = {
|
"update-props" = {
|
||||||
"bluez5.reconnect-profiles" = [ "hfp_hf" "hsp_hs" "a2dp_sink" ];
|
"bluez5.reconnect-profiles" = [ "hfp_hf" "hsp_hs" "a2dp_sink" ];
|
||||||
|
@ -118,13 +86,13 @@ in {
|
||||||
{
|
{
|
||||||
matches = [
|
matches = [
|
||||||
# Matches all sources
|
# Matches all sources
|
||||||
{ "node.name" = "~bluez_input.*"; }
|
{
|
||||||
|
"node.name" = "~bluez_input.*";
|
||||||
|
}
|
||||||
# Matches all outputs
|
# Matches all outputs
|
||||||
{ "node.name" = "~bluez_output.*"; }
|
{ "node.name" = "~bluez_output.*"; }
|
||||||
];
|
];
|
||||||
actions = {
|
actions = { "node.pause-on-idle" = false; };
|
||||||
"node.pause-on-idle" = false;
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -133,4 +101,44 @@ in {
|
||||||
extraPortals = with pkgs; [ xdg-desktop-portal-wlr xdg-desktop-portal-gtk ];
|
extraPortals = with pkgs; [ xdg-desktop-portal-wlr xdg-desktop-portal-gtk ];
|
||||||
gtkUsePortal = true;
|
gtkUsePortal = true;
|
||||||
};
|
};
|
||||||
|
hardware.opengl = {
|
||||||
|
enable = true;
|
||||||
|
driSupport32Bit = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
fonts = {
|
||||||
|
fontDir.enable = true;
|
||||||
|
enableGhostscriptFonts = true;
|
||||||
|
fonts = with pkgs; [
|
||||||
|
corefonts # Micrsoft free fonts
|
||||||
|
inconsolata # monospaced
|
||||||
|
source-code-pro
|
||||||
|
ubuntu_font_family # Ubuntu fonts
|
||||||
|
source-han-sans-japanese
|
||||||
|
iosevka
|
||||||
|
emojione
|
||||||
|
font-awesome
|
||||||
|
];
|
||||||
|
};
|
||||||
|
# spotify, castnow
|
||||||
|
networking.firewall = {
|
||||||
|
allowedTCPPorts = [ 55025 57621 5353 ];
|
||||||
|
allowedTCPPortRanges = [ { from = 4100; to = 4105; } ];
|
||||||
|
allowedUDPPorts = [ 55025 57621 ];
|
||||||
|
};
|
||||||
|
|
||||||
|
programs = {
|
||||||
|
dconf.enable = true;
|
||||||
|
noisetorch.enable = true;
|
||||||
|
wireshark.enable = true;
|
||||||
|
sway = {
|
||||||
|
enable = true;
|
||||||
|
extraSessionCommands = ''
|
||||||
|
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${
|
||||||
|
lib.makeLibraryPath (with pkgs; [ libxkbcommon libglvnd wayland ])
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.pcscd.enable = true;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue