update
parent
56f9cba5bc
commit
77a698c7c3
|
@ -5,6 +5,8 @@
|
|||
../roles/workstation.nix
|
||||
];
|
||||
|
||||
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
|
||||
|
||||
system.stateVersion = "19.09";
|
||||
|
||||
yorick.lumi-vpn = {
|
||||
|
@ -12,6 +14,8 @@
|
|||
mtu = 1408;
|
||||
};
|
||||
|
||||
xdg.autostart.enable = false;
|
||||
|
||||
services.znapzend = {
|
||||
enable = true;
|
||||
pure = true;
|
||||
|
@ -30,4 +34,18 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="usb", ATTRS{idVendor}=="20b7", ATTRS{idProduct}=="9db1", MODE="0660", GROUP="dialout", TAG+="uaccess"
|
||||
'';
|
||||
|
||||
nix.trustedUsers = [ "lars" ];
|
||||
users.users.lars = {
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbieYUtRGQ4nf4glQvrZDn72doP6W2uw2z9VqFq5sZLROXYa4jW8nwx4h+BiArGs+VPwn6lfsP19PX6yNIk74C/SkO26S1Zvbe7ffNusi6PH2BQIOWeAYKk+eZH+ZOeD8z07uDB7QffwRLwzSaPFg+zfRzsMFoXH/GE9qOQ4lnfk8czTZL7zbZf/yS7mDFztClXFciYsVwgRXNiFpfc+9mOkU0oBWtGo/WGUhB0Hds3a4ylyjjVAcC/l1H2bvc/Q3d6bbn23pUFl2V78Yg1B4b1MT34qbBV6whXAQd7KM9tND2ZhpF2XQ7Spi1QlOac0jup+sE+3bbvcjNqTI05DwJO/dX5F2gSAFkvSY4ZPqSX5ilE/hj4DQuhRgLmQdbVl5IFV9aLYqUvJcCqX9jRFMly4YTFXsFz18rGkxOYGZabcE1usBM2zRVDTtEP6Si5ii76Ocvp8aNFBB2Kf1whg8tziTv3kQEQ9fd2sRtE2J3xveJiwXjUBU2uikSOKe8JP47Tb6PYlv7Ty/6OI51aUQn++R72VNajdBJ1r1osp7leqTJ+sXuLlWLo/a7lDpDmgEI7dbxqmpjLcMce0JzqLKlP1Q2U/nkYy86xkjSTH1rNUI2JAbJx3iTcGy7bq12yfjNfcGAqY4GVXvisK1cpbF0RCjaFExwtmzorljHh6ZHjQ== openpgp:0x60F7D1FD"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvdQ963wjgWyFMp6djRTqVwZr3/PQ/V+Qm5JTcxRTdY lumi@channelwood"
|
||||
];
|
||||
};
|
||||
virtualisation.docker.enable = true;
|
||||
}
|
||||
|
|
|
@ -17,7 +17,7 @@ in
|
|||
};
|
||||
mtu = mkOption {
|
||||
type = types.int;
|
||||
default = 1371;
|
||||
default = 1371; # 1408 at home
|
||||
};
|
||||
ip = mkOption {
|
||||
type = types.str;
|
||||
|
|
|
@ -1,4 +1,16 @@
|
|||
{
|
||||
"emacs-overlay": {
|
||||
"branch": "master",
|
||||
"description": "Bleeding edge emacs overlay [maintainer=@adisbladis] ",
|
||||
"homepage": "",
|
||||
"owner": "nix-community",
|
||||
"repo": "emacs-overlay",
|
||||
"rev": "dfed6847f127bd3c2c0cdd71b28d4e63e0ec0e91",
|
||||
"sha256": "1b0871cr491cf1a4clhv2kwg492gp25gl45w72bmkyjbb6n22c7f",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/nix-community/emacs-overlay/archive/dfed6847f127bd3c2c0cdd71b28d4e63e0ec0e91.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"niv": {
|
||||
"branch": "master",
|
||||
"description": "Easy dependency management for Nix projects",
|
||||
|
@ -31,15 +43,27 @@
|
|||
"version": "ee3d38a1570a1a9aa5e2daa3284d65a35d5e8864"
|
||||
},
|
||||
"nixpkgs": {
|
||||
"branch": "nixos-unstable",
|
||||
"branch": "master",
|
||||
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
|
||||
"homepage": "https://github.com/NixOS/nixpkgs",
|
||||
"owner": "NixOS",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "733e537a8ad76fd355b6f501127f7d0eb8861775",
|
||||
"sha256": "1rjvbycd8dkkflal8qysi9d571xmgqq46py3nx0wvbzwbkvzf7aw",
|
||||
"rev": "9e377a6ce42dccd9b624ae4ce8f978dc892ba0e2",
|
||||
"sha256": "1r3ll77hyqn28d9i4cf3vqd9v48fmaa1j8ps8c4fm4f8gqf4kpl1",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/733e537a8ad76fd355b6f501127f7d0eb8861775.tar.gz",
|
||||
"url": "https://github.com/nixos/nixpkgs/archive/9e377a6ce42dccd9b624ae4ce8f978dc892ba0e2.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"nixpkgs-mozilla": {
|
||||
"branch": "master",
|
||||
"description": "mozilla related nixpkgs (extends nixos/nixpkgs repo)",
|
||||
"homepage": "",
|
||||
"owner": "mozilla",
|
||||
"repo": "nixpkgs-mozilla",
|
||||
"rev": "8c007b60731c07dd7a052cce508de3bb1ae849b4",
|
||||
"sha256": "1zybp62zz0h077zm2zmqs2wcg3whg6jqaah9hcl1gv4x8af4zhs6",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/mozilla/nixpkgs-mozilla/archive/8c007b60731c07dd7a052cce508de3bb1ae849b4.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"nixpkgs-wayland": {
|
||||
|
|
|
@ -98,7 +98,10 @@ let
|
|||
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
|
||||
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
|
||||
in
|
||||
if ersatz == "" then drv else ersatz;
|
||||
if ersatz == "" then drv else
|
||||
# this turns the string into an actual Nix path (for both absolute and
|
||||
# relative paths)
|
||||
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
|
||||
|
||||
# Ports of functions for older nix versions
|
||||
|
||||
|
|
|
@ -12,13 +12,23 @@ in
|
|||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
boot.kernelModules = [ "nct6775" ];
|
||||
boot.kernelPackages = pkgs.linuxPackages_5_9;
|
||||
boot.kernelPackages = pkgs.linuxPackages_5_10;
|
||||
networking.hostId = "c7736638";
|
||||
services.zfs.autoScrub.enable = true;
|
||||
services.zfs.trim.enable = true;
|
||||
hardware.bluetooth.enable = true;
|
||||
|
||||
networking.useDHCP = false;
|
||||
networking.interfaces.enp9s0.useDHCP = true;
|
||||
boot.kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" "amdgpu.noretry=0" "amdgpu.lockup_timeout=1000" "amdgpu.gpu_recovery=1" "amdgpu.audio=0" ];
|
||||
networking.usePredictableInterfaceNames = false;
|
||||
networking.bridges.br0.interfaces = [ "eth0" ];
|
||||
networking.interfaces.br0.useDHCP = true;
|
||||
# systemd.network.links."98-namepolicy" = {
|
||||
# matchConfig.OriginalName = "*";
|
||||
# linkConfig.NamePolicy = "mac kernel database onboard slot path";
|
||||
# };
|
||||
boot.kernelParams = [
|
||||
"amdgpu.ppfeaturemask=0xffffffff" "amdgpu.noretry=0" "amdgpu.lockup_timeout=1000" "amdgpu.gpu_recovery=1" "amdgpu.audio=0"
|
||||
# thunderbolt
|
||||
"pcie_ports=native" "pci=assign-busses,hpbussize=0x33,realloc"
|
||||
];
|
||||
}
|
||||
|
|
|
@ -99,4 +99,14 @@ in
|
|||
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
|
||||
|
||||
yorick.lumi-vpn.enable = true;
|
||||
|
||||
services.pipewire.enable = true;
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
extraPortals = with pkgs; [
|
||||
xdg-desktop-portal-wlr
|
||||
xdg-desktop-portal-gtk
|
||||
];
|
||||
gtkUsePortal = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -7,6 +7,10 @@ let cfg = config.services.yorick.public; in
|
|||
};
|
||||
#imports = [../modules/nginx.nix];
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.services.nginx.serviceConfig = {
|
||||
ProtectHome = "tmpfs";
|
||||
BindReadOnlyPaths = [ "/home/public/public" ];
|
||||
};
|
||||
users.extraUsers.public = {
|
||||
home = "/home/public";
|
||||
useDefaultShell = true;
|
||||
|
|
Loading…
Reference in New Issue