yorick
/
dotfiles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

some changes after nix 2.0

auto-flake-update
Yorick van Pelt 2018-02-27 16:31:16 +01:00
parent 7c01fddce1
commit ba70783346
16 changed files with 137 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
conf
View File

@ -15,6 +15,10 @@ stable)
export NIX_PATH="nixpkgs=https://nixos.org/channels/nixos-17.03/nixexprs.tar.xz:nixos-config=`pwd`/logical/$2.nix:$NIX_PATH" export NIX_PATH="nixpkgs=https://nixos.org/channels/nixos-17.03/nixexprs.tar.xz:nixos-config=`pwd`/logical/$2.nix:$NIX_PATH"
eval ${@:3} eval ${@:3}
;; ;;
checkout)
export NIX_PATH="nixpkgs=`pwd`/../nixpkgs:nixos-config=`pwd`/logical/$2.nix:$NIX_PATH"
eval ${@:3}
;;
channel) channel)
export NIX_PATH="/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=`pwd`/logical/$2.nix:$NIX_PATH" export NIX_PATH="/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=`pwd`/logical/$2.nix:$NIX_PATH"
eval ${@:3} eval ${@:3}

36
logical/ascanius.nix
View File

@ -1,7 +1,3 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }: { config, pkgs, ... }:
let secrets = import <secrets>; let secrets = import <secrets>;
@ -13,34 +9,12 @@ in
../roles/workstation.nix ../roles/workstation.nix
]; ];
system.stateVersion = "17.09";
# no, not that Ascanius. # no, not that Ascanius.
networking.hostName = secrets.hostnames.ascanius; networking.hostName = secrets.hostnames.ascanius;
services.tor.hiddenServices.ssh.map = [
{ port = 22; }
];
services.tor.service-keys.ssh = "/run/keys/torkeys/ssh.ascanius.key";
nixpkgs.config = {
packageOverrides = pkgs : {
bluez = pkgs.bluez5;
# https://github.com/NixOS/nixpkgs/issues/22099
trustedGrub = pkgs.grub2.overrideDerivation (attr: rec {
version = "2.x-20170910";
name = "trustedGRUB2-${version}";
buildInputs = attr.buildInputs ++ (with pkgs;[autoconf automake]);
prePatch = ''
rm -rf po
tar Jxf ${pkgs.grub2.src} grub-2.02/po
cp -r grub-2.02/po po
./autogen.sh
'';
src = pkgs.fetchFromGitHub {
repo = "TrustedGRUB2";
owner = "Rohde-Schwarz-Cybersecurity";
rev = "e656aaabd3bc5abda6c62c8967ebfd0c53ef179b";
sha256 = "08lq4prqhn923i8a7q79s4lsfnqgk4jd255xzk1wy12vg45dwlsc";
};
});
};
};
services.tor.hiddenServices.ssh.map = [{ port = 22; }];
nix.gc.automatic = pkgs.lib.mkOverride 30 false;
} }

9
logical/jarvis.nix
View File

@ -1,7 +1,3 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
@ -23,10 +19,5 @@
services.xserver.displayManager.sessionCommands = '' services.xserver.displayManager.sessionCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --dpi 192 ${pkgs.xorg.xrandr}/bin/xrandr --dpi 192
''; '';
nix.gc.automatic = pkgs.lib.mkOverride 30 false;
# nix.trustedBinaryCaches = [http://192.168.1.27:5000];
# nix.binaryCachePublicKeys = [
# "hydra.example.org-1:NbZfmBIhIevVM5OZ81TbwruSC9etkIrdi1mR6AAdm98="
# ];
virtualisation.virtualbox.host.enable = pkgs.lib.mkOverride 30 false; virtualisation.virtualbox.host.enable = pkgs.lib.mkOverride 30 false;
} }

57
logical/woodhouse.nix
View File

@ -1,25 +1,30 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
secrets = import <secrets>; secrets = import <secrets>;
mkFuseMount = device: opts: {
# todo: "ServerAliveCountMax=3" "ServerAliveInterval=30"
device = "${pkgs.sshfsFuse}/bin/sshfs#${device}";
fsType = "fuse";
options = ["noauto" "x-systemd.automount" "_netdev" "users" "idmap=user"
"defaults" "allow_other" "transform_symlinks" "default_permissions"
"uid=1000"
"reconnect" "IdentityFile=/root/.ssh/id_sshfs"] ++ opts;
};
in in
{ {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
../physical/nuc.nix ../physical/nuc.nix
../roles/common.nix ../roles/common.nix
../roles/collectd.nix # ../roles/collectd.nix
../modules/tor-hidden-service.nix
../roles/graphical.nix ../roles/graphical.nix
]; ];
networking.hostName = secrets.hostnames.woodhouse; networking.hostName = secrets.hostnames.woodhouse;
# The NixOS release to be compatible with for stateful data such as databases. # The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "16.09"; system.stateVersion = "17.09";
services.xserver = { services.xserver = {
@ -27,42 +32,14 @@ in
}; };
services.tor.hiddenServices.ssh.map = [ {port = 22;} ];
services.tor.hiddenServices = [ services.tor.service-keys.ssh = "/run/keys/torkeys/ssh.woodhouse.key";
{ name = "ssh";
port = 22;
hostname = secrets.tor_hostnames."ssh.woodhouse";
private_key = "/run/keys/torkeys/ssh.woodhouse.key"; }
];
system.fsPackages = [ pkgs.sshfsFuse ]; system.fsPackages = [ pkgs.sshfsFuse ];
fileSystems."/mnt/frumar" = {
# todo: "ServerAliveCountMax=3" "ServerAliveInterval=30"
device = "${pkgs.sshfsFuse}/bin/sshfs#yorick@" + secrets.hostnames.frumar + ":/data/yorick"; fileSystems."/mnt/frumar" = mkFuseMount "yorick@${secrets.hostnames.frumar}:/data/yorick" [];
fsType = "fuse"; fileSystems."/mnt/oxygen" = mkFuseMount "yorick@oxygen.obfusk.ch:" [];
options = ["noauto" "x-systemd.automount" "_netdev" "users" "idmap=user" fileSystems."/mnt/nyamsas" = mkFuseMount "yorick@nyamsas.quezacotl.nl:" ["port=1337"];
"defaults" "allow_other" "transform_symlinks" "default_permissions"
"uid=1000"
"reconnect" "IdentityFile=/root/.ssh/id_sshfs"];
};
fileSystems."/mnt/oxygen" = {
device = "${pkgs.sshfsFuse}/bin/sshfs#yorick@oxygen.obfusk.ch:";
fsType = "fuse";
options = ["noauto" "x-systemd.automount" "_netdev" "users" "idmap=user"
"defaults" "allow_other" "transform_symlinks" "default_permissions"
"uid=1000"
"reconnect" "IdentityFile=/root/.ssh/id_sshfs"];
};
fileSystems."/mnt/nyamsas" = {
device = "${pkgs.sshfsFuse}/bin/sshfs#yorick@nyamsas.quezacotl.nl:";
fsType = "fuse";
options = ["noauto" "x-systemd.automount" "_netdev" "users" "idmap=user"
"defaults" "allow_other" "transform_symlinks" "default_permissions"
"uid=1000"
"reconnect" "IdentityFile=/root/.ssh/id_sshfs" "port=1337"];
};
networking.firewall.allowedTCPPorts = [7 8080 9090 9777]; # kodi networking.firewall.allowedTCPPorts = [7 8080 9090 9777]; # kodi

35
modules/tor-hidden-service.nix
View File

@ -3,25 +3,15 @@
with lib; with lib;
let let
hiddenServices = config.services.tor.hiddenServices; service-keys = config.services.tor.service-keys;
torDir = "/var/lib/tor";
in { in {
options.services.tor = { options.services.tor.service-keys = mkOption {
hiddenServices = mkOption { default = []; }; default = {};
type = with types; loaOf string;
}; };
config = mkIf (hiddenServices != []) { config = mkIf (service-keys != {}) {
assertions = map (hiddenService: {
assertion = hasAttr "name" hiddenService && hasAttr "port" hiddenService;
message = "all hidden services should define a name and a port..";
}) hiddenServices;
services.tor.enable = true;
services.tor.extraConfig = concatStringsSep "\n" (map (hiddenService: ''
HiddenServiceDir /var/lib/tor/${hiddenService.name}
HiddenServicePort ${toString (if hasAttr "remote_port" hiddenService then hiddenService.remote_port else hiddenService.port)} 127.0.0.1:${toString hiddenService.port}
'') hiddenServices);
systemd.services."install-tor-hidden-service-keys" = { systemd.services."install-tor-hidden-service-keys" = {
wantedBy = ["tor.service"]; wantedBy = ["tor.service"];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
@ -29,14 +19,13 @@ in {
serviceConfig.Group = "keys"; serviceConfig.Group = "keys";
# TODO: update on change? # TODO: update on change?
# TODO: better ways to get the keys on the server # TODO: better ways to get the keys on the server
script = concatStringsSep "\n" (map (hiddenService: if (hasAttr "private_key" hiddenService && hasAttr "hostname" hiddenService) then '' script = concatStringsSep "\n" (mapAttrsToList (name: keypath: ''
if ! [[ -e /var/lib/tor/${hiddenService.name}/private_key ]]; then if ! [[ -e ${torDir}/onion/${name}/private_key ]]; then
mkdir -p /var/lib/tor/${hiddenService.name}/ mkdir -p ${torDir}/onion/${name}/
cp ${hiddenService.private_key} /var/lib/tor/${hiddenService.name}/private_key cp ${keypath} ${torDir}/onion/${name}/private_key
echo ${hiddenService.hostname} > /var/lib/tor/${hiddenService.name}/hostname chmod -R 700 ${torDir}/onion/${name}
chmod -R 700 /var/lib/tor/${hiddenService.name};
fi fi
'' else "true") hiddenServices); '') service-keys);
}; };
}; };
} }

3
physical/fractal.nix
View File

@ -9,8 +9,7 @@
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ]; yorick.cpu = "intel";
boot.extraModulePackages = [ ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;

36
physical/hp8570w.nix
View File

@ -1,47 +1,27 @@
# I'm modifying this file anyways.
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = imports = [
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
./hp8570w/powerdown.nix ./hp8570w/powerdown.nix
]; ];
hardware.cpu.intel.updateMicrocode = true; yorick = { cpu = "intel"; gpu = "nvidia"; laptop = true; };
boot = { boot = {
loader.grub = { loader.grub = {
enable = true; enable = true;
device = "/dev/sda"; device = "/dev/sda";
trustedBoot = {
enable = true;
systemHasTPM = "YES_TPM_is_activated";
};
}; };
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
kernelModules = ["nvidiabl" "kvm-intel"];
}; };
services.xserver.videoDrivers = ["nouveau"];
services.xserver.synaptics.enable = true;
networking.wireless.enable = true;
hardware.bluetooth.enable = true;
# ideal... doesn't work.
#services.udev.extraRules = ''
# KERNEL=="nvidia_backlight", SUBSYSTEM=="backlight", MODE="666"
#'';
# for now
systemd.services."display-manager".preStart = ''
chmod a+w $(realpath /sys/class/backlight/nv_backlight/brightness) || true
'';
# this makes sure my wifi doesn't take a minute to work # this makes sure my wifi doesn't take a minute to work
services.udev.extraRules = '' services.udev.extraRules = ''
SUBSYSTEM=="firmware", ACTION=="add", ATTR{loading}="-1" SUBSYSTEM=="firmware", ACTION=="add", ATTR{loading}="-1"
''; '';
boot.initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usbhid" "usb_storage" "btrfs" "dm_crypt" ]; boot.initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usbhid" "usb_storage" ];
boot.initrd.luks.devices = [ { boot.initrd.luks.devices = [ {
name = "nix-root-enc"; name = "nix-root-enc";
device = "/dev/sdb2"; device = "/dev/sdb2";
@ -65,6 +45,6 @@
nix.maxJobs = 8; nix.maxJobs = 8;
services.tcsd.enable = true; # it has a TPM. maybe use this? #services.tcsd.enable = true; # it has a TPM. maybe use this?
environment.systemPackages = with pkgs; [btrfs-progs tpm-tools]; #environment.systemPackages = with pkgs; [tpm-tools];
} }

16
physical/hp8570w/powerdown.nix
View File

@ -13,15 +13,9 @@ in
SUBSYSTEM=="power_supply", ATTR{online}=="1", RUN+="${powersw}" SUBSYSTEM=="power_supply", ATTR{online}=="1", RUN+="${powersw}"
''; '';
systemd.services.powerswitch = { powerManagement.powerUpCommands = ''
enable = true; sleep 4s
wantedBy = [ "multi-user.target" "suspend.target" ]; ${powersw}/bin/powerswitch
after = [ "suspend.target" "display-manager.service" ]; '';
description = "Run powerswitch sometimes";
preStart = "sleep 4s";
serviceConfig = {
Type = "oneshot";
ExecStart = powersw;
};
};
} }

4
physical/nuc.nix
View File

@ -9,9 +9,7 @@
]; ];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ]; yorick = { cpu = "intel"; gpu = "intel"; };
boot.extraModulePackages = [ ];
hardware.cpu.intel.updateMicrocode = true;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;

61
physical/xps9360.nix
View File

@ -1,40 +1,22 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = imports = [
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
]; ];
yorick = { cpu = "intel"; gpu = "intel"; laptop = true; };
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelPackages = pkgs.linuxPackages_latest;
};
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.blacklistedKernelModules = ["psmouse"]; boot.blacklistedKernelModules = ["psmouse"];
boot.kernelPackages = pkgs.linuxPackages_latest;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
hardware.cpu.intel.updateMicrocode = true;
services.xserver.libinput.enable = true;
services.thermald.enable = true;
networking.wireless.enable = true;
networking.dhcpcd.extraConfig = ''
noarp
'';
hardware.bluetooth.enable = true;
# https://wiki.archlinux.org/index.php/Dell_XPS_13_(9360)#Module-based_Powersaving_Options
# might require linux 4.11
boot.kernelParams = ["i915.enable_fbc=1" "i915.enable_guc_loading=1" "i915.enable_guc_submission=1" "i915.enable_huc=1" "i915.enable_psr=2" "intel_iommu=on"];
# now we wait until enable_psr=1 is fixed
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/a751e4ea-f1aa-48e1-9cbe-423878e29b62"; { device = "/dev/disk/by-uuid/a751e4ea-f1aa-48e1-9cbe-423878e29b62";
@ -57,24 +39,7 @@
]; ];
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
environment.systemPackages = [pkgs.btrfs-progs];
# ideal... doesn't work.
#services.udev.extraRules = ''
# KERNEL=="intel_backlight", SUBSYSTEM=="backlight", MODE="666"
#'';
# for now
systemd.services."display-manager".preStart = ''
chmod a+w $(realpath /sys/class/backlight/intel_backlight/brightness) || true
'';
# this makes sure my wifi doesn't take a minute to work
services.udev.extraRules = ''
SUBSYSTEM=="firmware", ACTION=="add", ATTR{loading}="-1"
'';
services.xserver.videoDrivers = ["modesetting"];
hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
# bigger console font # bigger console font
i18n.consoleFont = "latarcyrheb-sun32"; i18n.consoleFont = "latarcyrheb-sun32";
} }

4
roles/collectd.nix
View File

@ -56,11 +56,11 @@ in
libxml2 = null; libxml2 = null;
libtool = null; libtool = null;
lvm2 = null; lvm2 = null;
libmysql = null; mysql = null;
protobufc = null; protobufc = null;
python = null; python = null;
rabbitmq-c = null; rabbitmq-c = null;
riemann = null; riemann_c_client = null;
rrdtool = null; rrdtool = null;
varnish = null; varnish = null;
yajl = null; yajl = null;

11
roles/common.nix
View File

@ -2,7 +2,10 @@ let secrets = import <secrets>;
in in
{ config, pkgs, lib, ...}: { config, pkgs, lib, ...}:
{ {
imports = []; imports = [
../roles/hardware.nix
../modules/tor-hidden-service.nix
];
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
users.mutableUsers = false; users.mutableUsers = false;
users.extraUsers.root = { users.extraUsers.root = {
@ -12,6 +15,7 @@ in
}; };
services.timesyncd.enable = true; services.timesyncd.enable = true;
services.fail2ban.enable = true;
users.extraUsers.yorick = { users.extraUsers.yorick = {
isNormalUser = true; isNormalUser = true;
uid = 1000; uid = 1000;
@ -22,6 +26,7 @@ in
# Nix # Nix
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nix.package = pkgs.nixUnstable;
nix.trustedBinaryCaches = config.nix.binaryCaches ++ [http://hydra.cryp.to]; nix.trustedBinaryCaches = config.nix.binaryCaches ++ [http://hydra.cryp.to];
@ -32,10 +37,6 @@ in
nix.extraOptions = '' nix.extraOptions = ''
allow-unsafe-native-code-during-evaluation = true allow-unsafe-native-code-during-evaluation = true
allow-unfree = true
#binary-caches-parallel-connections = 3
#connect-timeout = 5
keep-going = true
''; '';
# Networking # Networking

33
roles/graphical.nix
View File

@ -8,11 +8,6 @@ in
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver = { services.xserver = {
enable = true; enable = true;
synaptics = {
twoFingerScroll = true;
horizontalScroll = true;
scrollDelta = -107; # inverted scrolling
};
libinput = { libinput = {
naturalScrolling = true; naturalScrolling = true;
tappingDragLock = false; tappingDragLock = false;
@ -23,16 +18,24 @@ in
# xkbOptions = "eurosign:e"; # xkbOptions = "eurosign:e";
windowManager.i3 = { windowManager.i3 = {
enable = true; enable = true;
} // (if (lib.versionAtLeast config.system.nixosRelease "17.03") then {
package = pkgs.i3-gaps; package = pkgs.i3-gaps;
} else {}); };
}; };
hardware.opengl = { hardware.opengl = {
enable = true; enable = true;
driSupport32Bit = config.yorick.support32bit; driSupport32Bit = config.yorick.support32bit;
}; };
hardware.pulseaudio.enable = true; sound.enable = true;
hardware.pulseaudio.support32Bit = config.yorick.support32bit; hardware.pulseaudio = {
enable = true;
support32Bit = config.yorick.support32bit;
};
users.extraUsers.yorick.extraGroups = ["video"];
# fix backlight permissions
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
'';
fonts = { fonts = {
enableFontDir = true; enableFontDir = true;
@ -47,8 +50,8 @@ in
]; ];
}; };
# spotify # spotify
networking.firewall.allowedTCPPorts = [57621]; networking.firewall.allowedTCPPorts = [55025 57621];
networking.firewall.allowedUDPPorts = [57621]; networking.firewall.allowedUDPPorts = [55025 57621];
users.extraUsers.yorick.hashedPassword = secrets.yorick_hashedPassword; users.extraUsers.yorick.hashedPassword = secrets.yorick_hashedPassword;
services.openssh.forwardX11 = true; services.openssh.forwardX11 = true;

44
roles/hardware.nix Normal file
View File

@ -0,0 +1,44 @@
{ config, lib, pkgs, ... }:
let cfg = config.yorick; in
with lib;
{
options.yorick = {
cpu = mkOption {
type = types.nullOr (types.enum ["intel"]);
};
gpu = mkOption {
type = types.nullOr (types.enum ["intel" "nvidia"]);
default = null;
};
laptop = mkEnableOption "laptop settings";
};
config = mkMerge [
(mkIf (cfg.gpu == "intel") {
# https://wiki.archlinux.org/index.php/Dell_XPS_13_(9360)#Module-based_Powersaving_Options
boot.kernelParams = ["i915.enable_fbc=1" "i915.enable_guc_loading=1" "i915.enable_guc_submission=1" "i915.enable_huc=1" "i915.enable_psr=2"];
# now we wait until enable_psr=1 is fixed
services.xserver.videoDrivers = ["modesetting"];
hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
})
(mkIf (cfg.gpu == "nvidia") {
boot.kernelModules = ["nvidiabl"];
services.xserver.videoDrivers = ["nvidia"];
boot.extraModulePackages = [config.boot.kernelPackages.nvidiabl];
})
(mkIf (cfg.cpu == "intel") {
hardware.cpu.intel.updateMicrocode = true;
boot.kernelModules = ["kvm-intel"];
})
(mkIf (cfg.laptop) {
services.xserver.libinput.enable = true;
networking.wireless.enable = true;
hardware.bluetooth.enable = true;
# gotta go faster
networking.dhcpcd.extraConfig = ''
noarp
'';
services.thermald.enable = true;
})
];
}

2
roles/pub.nix
View File

@ -1,6 +1,4 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let secrets = import <secrets>;
in
{ {
#imports = [../modules/nginx.nix]; #imports = [../modules/nginx.nix];
config = { config = {

1
roles/workstation.nix
View File

@ -25,4 +25,5 @@
''; '';
virtualisation.virtualbox.host.enable = true; virtualisation.virtualbox.host.enable = true;
yorick.support32bit = true; yorick.support32bit = true;
nix.gc.automatic = pkgs.lib.mkOverride 30 false;
} }