some changes after nix 2.0
parent
7c01fddce1
commit
ba70783346
4
conf
4
conf
|
@ -15,6 +15,10 @@ stable)
|
|||
export NIX_PATH="nixpkgs=https://nixos.org/channels/nixos-17.03/nixexprs.tar.xz:nixos-config=`pwd`/logical/$2.nix:$NIX_PATH"
|
||||
eval ${@:3}
|
||||
;;
|
||||
checkout)
|
||||
export NIX_PATH="nixpkgs=`pwd`/../nixpkgs:nixos-config=`pwd`/logical/$2.nix:$NIX_PATH"
|
||||
eval ${@:3}
|
||||
;;
|
||||
channel)
|
||||
export NIX_PATH="/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=`pwd`/logical/$2.nix:$NIX_PATH"
|
||||
eval ${@:3}
|
||||
|
|
|
@ -1,7 +1,3 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let secrets = import <secrets>;
|
||||
|
@ -13,34 +9,12 @@ in
|
|||
../roles/workstation.nix
|
||||
];
|
||||
|
||||
system.stateVersion = "17.09";
|
||||
# no, not that Ascanius.
|
||||
networking.hostName = secrets.hostnames.ascanius;
|
||||
services.tor.hiddenServices.ssh.map = [
|
||||
{ port = 22; }
|
||||
];
|
||||
services.tor.service-keys.ssh = "/run/keys/torkeys/ssh.ascanius.key";
|
||||
|
||||
nixpkgs.config = {
|
||||
packageOverrides = pkgs : {
|
||||
bluez = pkgs.bluez5;
|
||||
# https://github.com/NixOS/nixpkgs/issues/22099
|
||||
trustedGrub = pkgs.grub2.overrideDerivation (attr: rec {
|
||||
version = "2.x-20170910";
|
||||
name = "trustedGRUB2-${version}";
|
||||
buildInputs = attr.buildInputs ++ (with pkgs;[autoconf automake]);
|
||||
prePatch = ''
|
||||
rm -rf po
|
||||
tar Jxf ${pkgs.grub2.src} grub-2.02/po
|
||||
cp -r grub-2.02/po po
|
||||
./autogen.sh
|
||||
'';
|
||||
src = pkgs.fetchFromGitHub {
|
||||
repo = "TrustedGRUB2";
|
||||
owner = "Rohde-Schwarz-Cybersecurity";
|
||||
rev = "e656aaabd3bc5abda6c62c8967ebfd0c53ef179b";
|
||||
sha256 = "08lq4prqhn923i8a7q79s4lsfnqgk4jd255xzk1wy12vg45dwlsc";
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
services.tor.hiddenServices.ssh.map = [{ port = 22; }];
|
||||
nix.gc.automatic = pkgs.lib.mkOverride 30 false;
|
||||
}
|
||||
|
|
|
@ -1,7 +1,3 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
|
@ -23,10 +19,5 @@
|
|||
services.xserver.displayManager.sessionCommands = ''
|
||||
${pkgs.xorg.xrandr}/bin/xrandr --dpi 192
|
||||
'';
|
||||
nix.gc.automatic = pkgs.lib.mkOverride 30 false;
|
||||
# nix.trustedBinaryCaches = [http://192.168.1.27:5000];
|
||||
# nix.binaryCachePublicKeys = [
|
||||
# "hydra.example.org-1:NbZfmBIhIevVM5OZ81TbwruSC9etkIrdi1mR6AAdm98="
|
||||
# ];
|
||||
virtualisation.virtualbox.host.enable = pkgs.lib.mkOverride 30 false;
|
||||
}
|
||||
|
|
|
@ -1,25 +1,30 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
secrets = import <secrets>;
|
||||
mkFuseMount = device: opts: {
|
||||
# todo: "ServerAliveCountMax=3" "ServerAliveInterval=30"
|
||||
|
||||
device = "${pkgs.sshfsFuse}/bin/sshfs#${device}";
|
||||
fsType = "fuse";
|
||||
options = ["noauto" "x-systemd.automount" "_netdev" "users" "idmap=user"
|
||||
"defaults" "allow_other" "transform_symlinks" "default_permissions"
|
||||
"uid=1000"
|
||||
"reconnect" "IdentityFile=/root/.ssh/id_sshfs"] ++ opts;
|
||||
};
|
||||
in
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
../physical/nuc.nix
|
||||
../roles/common.nix
|
||||
../roles/collectd.nix
|
||||
../modules/tor-hidden-service.nix
|
||||
# ../roles/collectd.nix
|
||||
../roles/graphical.nix
|
||||
];
|
||||
|
||||
networking.hostName = secrets.hostnames.woodhouse;
|
||||
|
||||
# The NixOS release to be compatible with for stateful data such as databases.
|
||||
system.stateVersion = "16.09";
|
||||
system.stateVersion = "17.09";
|
||||
|
||||
|
||||
services.xserver = {
|
||||
|
@ -27,42 +32,14 @@ in
|
|||
};
|
||||
|
||||
|
||||
|
||||
services.tor.hiddenServices = [
|
||||
{ name = "ssh";
|
||||
port = 22;
|
||||
hostname = secrets.tor_hostnames."ssh.woodhouse";
|
||||
private_key = "/run/keys/torkeys/ssh.woodhouse.key"; }
|
||||
];
|
||||
services.tor.hiddenServices.ssh.map = [ {port = 22;} ];
|
||||
services.tor.service-keys.ssh = "/run/keys/torkeys/ssh.woodhouse.key";
|
||||
|
||||
system.fsPackages = [ pkgs.sshfsFuse ];
|
||||
fileSystems."/mnt/frumar" = {
|
||||
# todo: "ServerAliveCountMax=3" "ServerAliveInterval=30"
|
||||
|
||||
device = "${pkgs.sshfsFuse}/bin/sshfs#yorick@" + secrets.hostnames.frumar + ":/data/yorick";
|
||||
fsType = "fuse";
|
||||
options = ["noauto" "x-systemd.automount" "_netdev" "users" "idmap=user"
|
||||
"defaults" "allow_other" "transform_symlinks" "default_permissions"
|
||||
"uid=1000"
|
||||
"reconnect" "IdentityFile=/root/.ssh/id_sshfs"];
|
||||
};
|
||||
fileSystems."/mnt/oxygen" = {
|
||||
device = "${pkgs.sshfsFuse}/bin/sshfs#yorick@oxygen.obfusk.ch:";
|
||||
fsType = "fuse";
|
||||
options = ["noauto" "x-systemd.automount" "_netdev" "users" "idmap=user"
|
||||
"defaults" "allow_other" "transform_symlinks" "default_permissions"
|
||||
"uid=1000"
|
||||
"reconnect" "IdentityFile=/root/.ssh/id_sshfs"];
|
||||
};
|
||||
|
||||
fileSystems."/mnt/nyamsas" = {
|
||||
device = "${pkgs.sshfsFuse}/bin/sshfs#yorick@nyamsas.quezacotl.nl:";
|
||||
fsType = "fuse";
|
||||
options = ["noauto" "x-systemd.automount" "_netdev" "users" "idmap=user"
|
||||
"defaults" "allow_other" "transform_symlinks" "default_permissions"
|
||||
"uid=1000"
|
||||
"reconnect" "IdentityFile=/root/.ssh/id_sshfs" "port=1337"];
|
||||
};
|
||||
fileSystems."/mnt/frumar" = mkFuseMount "yorick@${secrets.hostnames.frumar}:/data/yorick" [];
|
||||
fileSystems."/mnt/oxygen" = mkFuseMount "yorick@oxygen.obfusk.ch:" [];
|
||||
fileSystems."/mnt/nyamsas" = mkFuseMount "yorick@nyamsas.quezacotl.nl:" ["port=1337"];
|
||||
|
||||
|
||||
networking.firewall.allowedTCPPorts = [7 8080 9090 9777]; # kodi
|
||||
|
|
|
@ -3,25 +3,15 @@
|
|||
with lib;
|
||||
|
||||
let
|
||||
hiddenServices = config.services.tor.hiddenServices;
|
||||
service-keys = config.services.tor.service-keys;
|
||||
torDir = "/var/lib/tor";
|
||||
in {
|
||||
options.services.tor = {
|
||||
hiddenServices = mkOption { default = []; };
|
||||
options.services.tor.service-keys = mkOption {
|
||||
default = {};
|
||||
type = with types; loaOf string;
|
||||
};
|
||||
|
||||
config = mkIf (hiddenServices != []) {
|
||||
assertions = map (hiddenService: {
|
||||
assertion = hasAttr "name" hiddenService && hasAttr "port" hiddenService;
|
||||
message = "all hidden services should define a name and a port..";
|
||||
}) hiddenServices;
|
||||
|
||||
services.tor.enable = true;
|
||||
|
||||
services.tor.extraConfig = concatStringsSep "\n" (map (hiddenService: ''
|
||||
HiddenServiceDir /var/lib/tor/${hiddenService.name}
|
||||
HiddenServicePort ${toString (if hasAttr "remote_port" hiddenService then hiddenService.remote_port else hiddenService.port)} 127.0.0.1:${toString hiddenService.port}
|
||||
'') hiddenServices);
|
||||
|
||||
config = mkIf (service-keys != {}) {
|
||||
systemd.services."install-tor-hidden-service-keys" = {
|
||||
wantedBy = ["tor.service"];
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
@ -29,14 +19,13 @@ in {
|
|||
serviceConfig.Group = "keys";
|
||||
# TODO: update on change?
|
||||
# TODO: better ways to get the keys on the server
|
||||
script = concatStringsSep "\n" (map (hiddenService: if (hasAttr "private_key" hiddenService && hasAttr "hostname" hiddenService) then ''
|
||||
if ! [[ -e /var/lib/tor/${hiddenService.name}/private_key ]]; then
|
||||
mkdir -p /var/lib/tor/${hiddenService.name}/
|
||||
cp ${hiddenService.private_key} /var/lib/tor/${hiddenService.name}/private_key
|
||||
echo ${hiddenService.hostname} > /var/lib/tor/${hiddenService.name}/hostname
|
||||
chmod -R 700 /var/lib/tor/${hiddenService.name};
|
||||
script = concatStringsSep "\n" (mapAttrsToList (name: keypath: ''
|
||||
if ! [[ -e ${torDir}/onion/${name}/private_key ]]; then
|
||||
mkdir -p ${torDir}/onion/${name}/
|
||||
cp ${keypath} ${torDir}/onion/${name}/private_key
|
||||
chmod -R 700 ${torDir}/onion/${name}
|
||||
fi
|
||||
'' else "true") hiddenServices);
|
||||
'') service-keys);
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -9,8 +9,7 @@
|
|||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
yorick.cpu = "intel";
|
||||
|
||||
# Use the GRUB 2 boot loader.
|
||||
boot.loader.grub.enable = true;
|
||||
|
|
|
@ -1,47 +1,27 @@
|
|||
# I'm modifying this file anyways.
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
./hp8570w/powerdown.nix
|
||||
];
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
./hp8570w/powerdown.nix
|
||||
];
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
yorick = { cpu = "intel"; gpu = "nvidia"; laptop = true; };
|
||||
|
||||
boot = {
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
device = "/dev/sda";
|
||||
trustedBoot = {
|
||||
enable = true;
|
||||
systemHasTPM = "YES_TPM_is_activated";
|
||||
};
|
||||
};
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
kernelModules = ["nvidiabl" "kvm-intel"];
|
||||
};
|
||||
services.xserver.videoDrivers = ["nouveau"];
|
||||
services.xserver.synaptics.enable = true;
|
||||
|
||||
networking.wireless.enable = true;
|
||||
hardware.bluetooth.enable = true;
|
||||
|
||||
|
||||
# ideal... doesn't work.
|
||||
#services.udev.extraRules = ''
|
||||
# KERNEL=="nvidia_backlight", SUBSYSTEM=="backlight", MODE="666"
|
||||
#'';
|
||||
# for now
|
||||
systemd.services."display-manager".preStart = ''
|
||||
chmod a+w $(realpath /sys/class/backlight/nv_backlight/brightness) || true
|
||||
'';
|
||||
# this makes sure my wifi doesn't take a minute to work
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="firmware", ACTION=="add", ATTR{loading}="-1"
|
||||
'';
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usbhid" "usb_storage" "btrfs" "dm_crypt" ];
|
||||
boot.initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usbhid" "usb_storage" ];
|
||||
boot.initrd.luks.devices = [ {
|
||||
name = "nix-root-enc";
|
||||
device = "/dev/sdb2";
|
||||
|
@ -65,6 +45,6 @@
|
|||
|
||||
nix.maxJobs = 8;
|
||||
|
||||
services.tcsd.enable = true; # it has a TPM. maybe use this?
|
||||
environment.systemPackages = with pkgs; [btrfs-progs tpm-tools];
|
||||
#services.tcsd.enable = true; # it has a TPM. maybe use this?
|
||||
#environment.systemPackages = with pkgs; [tpm-tools];
|
||||
}
|
||||
|
|
|
@ -13,15 +13,9 @@ in
|
|||
SUBSYSTEM=="power_supply", ATTR{online}=="1", RUN+="${powersw}"
|
||||
'';
|
||||
|
||||
systemd.services.powerswitch = {
|
||||
enable = true;
|
||||
wantedBy = [ "multi-user.target" "suspend.target" ];
|
||||
after = [ "suspend.target" "display-manager.service" ];
|
||||
description = "Run powerswitch sometimes";
|
||||
preStart = "sleep 4s";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = powersw;
|
||||
};
|
||||
};
|
||||
powerManagement.powerUpCommands = ''
|
||||
sleep 4s
|
||||
${powersw}/bin/powerswitch
|
||||
'';
|
||||
|
||||
}
|
||||
|
|
|
@ -9,9 +9,7 @@
|
|||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
yorick = { cpu = "intel"; gpu = "intel"; };
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
|
|
@ -1,40 +1,22 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
yorick = { cpu = "intel"; gpu = "intel"; laptop = true; };
|
||||
|
||||
|
||||
boot = {
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
};
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
boot.blacklistedKernelModules = ["psmouse"];
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
|
||||
|
||||
services.xserver.libinput.enable = true;
|
||||
services.thermald.enable = true;
|
||||
|
||||
networking.wireless.enable = true;
|
||||
networking.dhcpcd.extraConfig = ''
|
||||
noarp
|
||||
'';
|
||||
hardware.bluetooth.enable = true;
|
||||
# https://wiki.archlinux.org/index.php/Dell_XPS_13_(9360)#Module-based_Powersaving_Options
|
||||
# might require linux 4.11
|
||||
boot.kernelParams = ["i915.enable_fbc=1" "i915.enable_guc_loading=1" "i915.enable_guc_submission=1" "i915.enable_huc=1" "i915.enable_psr=2" "intel_iommu=on"];
|
||||
# now we wait until enable_psr=1 is fixed
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/a751e4ea-f1aa-48e1-9cbe-423878e29b62";
|
||||
|
@ -57,24 +39,7 @@
|
|||
];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
|
||||
environment.systemPackages = [pkgs.btrfs-progs];
|
||||
|
||||
# ideal... doesn't work.
|
||||
#services.udev.extraRules = ''
|
||||
# KERNEL=="intel_backlight", SUBSYSTEM=="backlight", MODE="666"
|
||||
#'';
|
||||
# for now
|
||||
systemd.services."display-manager".preStart = ''
|
||||
chmod a+w $(realpath /sys/class/backlight/intel_backlight/brightness) || true
|
||||
'';
|
||||
# this makes sure my wifi doesn't take a minute to work
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="firmware", ACTION=="add", ATTR{loading}="-1"
|
||||
'';
|
||||
|
||||
services.xserver.videoDrivers = ["modesetting"];
|
||||
hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
|
||||
# bigger console font
|
||||
i18n.consoleFont = "latarcyrheb-sun32";
|
||||
}
|
||||
|
|
|
@ -56,11 +56,11 @@ in
|
|||
libxml2 = null;
|
||||
libtool = null;
|
||||
lvm2 = null;
|
||||
libmysql = null;
|
||||
mysql = null;
|
||||
protobufc = null;
|
||||
python = null;
|
||||
rabbitmq-c = null;
|
||||
riemann = null;
|
||||
riemann_c_client = null;
|
||||
rrdtool = null;
|
||||
varnish = null;
|
||||
yajl = null;
|
||||
|
|
|
@ -2,7 +2,10 @@ let secrets = import <secrets>;
|
|||
in
|
||||
{ config, pkgs, lib, ...}:
|
||||
{
|
||||
imports = [];
|
||||
imports = [
|
||||
../roles/hardware.nix
|
||||
../modules/tor-hidden-service.nix
|
||||
];
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
users.mutableUsers = false;
|
||||
users.extraUsers.root = {
|
||||
|
@ -12,6 +15,7 @@ in
|
|||
|
||||
};
|
||||
services.timesyncd.enable = true;
|
||||
services.fail2ban.enable = true;
|
||||
users.extraUsers.yorick = {
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
|
@ -22,6 +26,7 @@ in
|
|||
|
||||
# Nix
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
nix.package = pkgs.nixUnstable;
|
||||
|
||||
|
||||
nix.trustedBinaryCaches = config.nix.binaryCaches ++ [http://hydra.cryp.to];
|
||||
|
@ -32,10 +37,6 @@ in
|
|||
|
||||
nix.extraOptions = ''
|
||||
allow-unsafe-native-code-during-evaluation = true
|
||||
allow-unfree = true
|
||||
#binary-caches-parallel-connections = 3
|
||||
#connect-timeout = 5
|
||||
keep-going = true
|
||||
'';
|
||||
|
||||
# Networking
|
||||
|
|
|
@ -8,11 +8,6 @@ in
|
|||
# Enable the X11 windowing system.
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
synaptics = {
|
||||
twoFingerScroll = true;
|
||||
horizontalScroll = true;
|
||||
scrollDelta = -107; # inverted scrolling
|
||||
};
|
||||
libinput = {
|
||||
naturalScrolling = true;
|
||||
tappingDragLock = false;
|
||||
|
@ -23,16 +18,24 @@ in
|
|||
# xkbOptions = "eurosign:e";
|
||||
windowManager.i3 = {
|
||||
enable = true;
|
||||
} // (if (lib.versionAtLeast config.system.nixosRelease "17.03") then {
|
||||
package = pkgs.i3-gaps;
|
||||
} else {});
|
||||
};
|
||||
};
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
driSupport32Bit = config.yorick.support32bit;
|
||||
};
|
||||
hardware.pulseaudio.enable = true;
|
||||
hardware.pulseaudio.support32Bit = config.yorick.support32bit;
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
driSupport32Bit = config.yorick.support32bit;
|
||||
};
|
||||
sound.enable = true;
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
support32Bit = config.yorick.support32bit;
|
||||
};
|
||||
users.extraUsers.yorick.extraGroups = ["video"];
|
||||
# fix backlight permissions
|
||||
services.udev.extraRules = ''
|
||||
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
|
||||
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
|
||||
'';
|
||||
|
||||
fonts = {
|
||||
enableFontDir = true;
|
||||
|
@ -47,8 +50,8 @@ in
|
|||
];
|
||||
};
|
||||
# spotify
|
||||
networking.firewall.allowedTCPPorts = [57621];
|
||||
networking.firewall.allowedUDPPorts = [57621];
|
||||
networking.firewall.allowedTCPPorts = [55025 57621];
|
||||
networking.firewall.allowedUDPPorts = [55025 57621];
|
||||
|
||||
users.extraUsers.yorick.hashedPassword = secrets.yorick_hashedPassword;
|
||||
services.openssh.forwardX11 = true;
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let cfg = config.yorick; in
|
||||
with lib;
|
||||
{
|
||||
options.yorick = {
|
||||
cpu = mkOption {
|
||||
type = types.nullOr (types.enum ["intel"]);
|
||||
};
|
||||
gpu = mkOption {
|
||||
type = types.nullOr (types.enum ["intel" "nvidia"]);
|
||||
default = null;
|
||||
};
|
||||
laptop = mkEnableOption "laptop settings";
|
||||
};
|
||||
config = mkMerge [
|
||||
(mkIf (cfg.gpu == "intel") {
|
||||
# https://wiki.archlinux.org/index.php/Dell_XPS_13_(9360)#Module-based_Powersaving_Options
|
||||
boot.kernelParams = ["i915.enable_fbc=1" "i915.enable_guc_loading=1" "i915.enable_guc_submission=1" "i915.enable_huc=1" "i915.enable_psr=2"];
|
||||
# now we wait until enable_psr=1 is fixed
|
||||
services.xserver.videoDrivers = ["modesetting"];
|
||||
hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
|
||||
})
|
||||
(mkIf (cfg.gpu == "nvidia") {
|
||||
boot.kernelModules = ["nvidiabl"];
|
||||
services.xserver.videoDrivers = ["nvidia"];
|
||||
boot.extraModulePackages = [config.boot.kernelPackages.nvidiabl];
|
||||
})
|
||||
(mkIf (cfg.cpu == "intel") {
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
boot.kernelModules = ["kvm-intel"];
|
||||
})
|
||||
(mkIf (cfg.laptop) {
|
||||
services.xserver.libinput.enable = true;
|
||||
|
||||
networking.wireless.enable = true;
|
||||
hardware.bluetooth.enable = true;
|
||||
# gotta go faster
|
||||
networking.dhcpcd.extraConfig = ''
|
||||
noarp
|
||||
'';
|
||||
services.thermald.enable = true;
|
||||
})
|
||||
];
|
||||
}
|
|
@ -1,6 +1,4 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let secrets = import <secrets>;
|
||||
in
|
||||
{
|
||||
#imports = [../modules/nginx.nix];
|
||||
config = {
|
||||
|
|
|
@ -25,4 +25,5 @@
|
|||
'';
|
||||
virtualisation.virtualbox.host.enable = true;
|
||||
yorick.support32bit = true;
|
||||
nix.gc.automatic = pkgs.lib.mkOverride 30 false;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue