maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity

Add zeus

Browse source
This commit is contained in:
Malte Brandy 2021-07-04 23:52:41 +02:00
parent dd71b2aaad
commit 405b7083d2
No known key found for this signature in database
GPG key ID: 226A2D41EF5378C9
3 changed files with 292 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
home-manager/roles/state.nix Normal file
View file

@ -0,0 +1,27 @@
{ lib, ... }:
let
# Persistent means that files get snapshoted and kept for a month
# Volatile means that files just lay on the disk
# Backups are organized independently on this system
persistentStateDirs = [ "git" "media" "Maildir" ".ssh" ".task" ".gnupg" ".calendars" ".contacts" ];
persistentStateFiles = [ ".chpwd-recent-dirs" ".zsh_history" ];
volatileStateFiles = [ ];
volatileStateDirs = [ ".steam" ".local/share/Steam" ];
mkLine = type: to: from: "${type} ${to} - - - - ${from}";
mkEntry = type: persistence: name:
let
target = "/disk/${persistence}/maralorn/${name}";
in
[ (mkLine "L+" "/home/maralorn/${name}" target) (mkLine type target "") ];
in
{
systemd.user.tmpfiles.rules = lib.concatLists
(
map (mkEntry "f" "volatile") volatileStateFiles ++
map (mkEntry "d" "volatile") volatileStateDirs ++
map (mkEntry "f" "persist") persistentStateFiles ++
map (mkEntry "d" "persist") persistentStateDirs
) ++ [
(mkLine "L+" "/home/maralorn/.password-store" "git/password-store")
];
}

212
nixos/machines/zeus/configuration.nix Normal file
View file

@ -0,0 +1,212 @@
{ config, pkgs, lib, ... }:
let
#wireguard = import ../../../common/wireguard.nix;
#inherit (config.m-0) hosts prefix;
#nixos-hardware = (import ../../../nix/sources.nix).nixos-hardware;
#inherit (import ../../../common/common.nix { inherit pkgs; }) syncthing;
#vpn = (import ../../../private.nix).privateValue ({ ... }: { }) "vpn";
in
{
imports = [
#"${nixos-hardware}/lenovo/thinkpad/t480s"
./hardware-configuration.nix
../../roles
../../roles/admin.nix
../../roles/fonts.nix
../../roles/earlyoom.nix
#../../roles/boot-key.nix
../../roles/standalone
#vpn
];
fileSystems =
let
btrfsOptions = { options = [ "compress=zstd" "autodefrag" "noatime" ]; };
in
{
"/disk" = { neededForBoot = true; } // btrfsOptions;
"/boot" = btrfsOptions;
"/nix" = btrfsOptions;
};
environment.etc."nixos".source = "/disk/persist/maralorn/git/config";
systemd.services."activate-home-manager" = {
path = [ pkgs.nix pkgs.dbus ];
serviceConfig = {
Type = "oneshot";
User = "maralorn";
ExecStart = "/disk/volatile/maralorn/modes/default/activate";
};
wantedBy = [ "multi-user.target" ];
};
systemd.tmpfiles.rules = [
"d /disk/persist/root 700 root root - -"
"d /disk/persist/root/.ssh 700 root root - -"
"d /disk/persist/maralorn 700 maralorn users - -"
"d /disk/volatile/maralorn 700 maralorn users - -"
"L+ /root/.ssh - - - - /disk/persist/root/.ssh"
];
boot = {
loader = {
efi = {
efiSysMountPoint = "/boot/efi";
};
grub = {
# Enabled by default
device = "nodev"; # Dont write masterboot under efi
efiInstallAsRemovable = true; # Make loader discoverable by filename on efidisk without needing to write efivars to system
efiSupport = true;
enableCryptodisk = true;
};
};
kernelParams = [ "amdgpu.cik_support=1" ];
initrd = {
luks.devices."crypted-nixos" = {
# device defined in hardware-configuration.nix
allowDiscards = true;
keyFile = "/diskkey.bin";
};
kernelModules = [ "amdgpu" ]; # For earlier and better framebuffer
secrets = {
"diskkey.bin" = "/disk/persist/diskkey.bin"; # Key can live on crypted disk, is copied to initrd on install
};
};
};
networking = {
hostName = "zeus";
domain = "m-0.eu";
interfaces.enp34s0.useDHCP = true;
#wireguard.interfaces = {
# m0wire = {
# allowedIPsAsRoutes = false;
# ips = [ "${hosts.apollo-wg}/112" ];
# privateKeyFile = pkgs.privatePath "wireguard/apollo-private";
# peers = [
# {
# publicKey = wireguard.pub.hera;
# allowedIPs = [ "::/0" ];
# # endpoint =
# # "[${hosts.hera-wg-host}]:${builtins.toString wireguard.port}";
# endpoint = "[${hosts.hera-v4}]:${builtins.toString wireguard.port}";
# presharedKeyFile = pkgs.privatePath "wireguard/psk";
# persistentKeepalive = 25;
# }
# ];
# postSetup =
# [ "${pkgs.iproute}/bin/ip route add ${prefix}::/96 dev m0wire" ];
# };
#};
};
programs = {
#adb.enable = true;
sway.enable = true;
#ssh = {
# extraConfig = ''
# Host fb04*.mathematik.tu-darmstadt.de
# ProxyJump brandy@gwres1.mathematik.tu-darmstadt.de
# '';
# startAgent = true;
#};
seahorse.enable = lib.mkForce false;
dconf.enable = true;
};
security.rtkit.enable = true;
services = {
#teamviewer.enable = true;
pipewire = {
enable = lib.mkForce false;
#alsa = {
#enable = true;
#support32Bit = true;
#};
#pulse.enable = true;
#media-session.enable = true;
};
#fwupd.enable = true;
#upower.enable = true;
#printing = {
# enable = true;
# drivers = [ pkgs.gutenprint pkgs.hplip ];
#};
#unbound.enable = true;
#fstrim.enable = true;
#snapper = {
# configs.home = {
# subvolume = "/home";
# extraConfig = ''
# TIMELINE_MIN_AGE="3600"
# TIMELINE_LIMIT_WEEKLY="4"
# TIMELINE_LIMIT_MONTHLY="1"
# TIMELINE_LIMIT_YEARLY="0"
# TIMELINE_CREATE="yes"
# TIMELINE_CLEANUP="yes"
# '';
# };
# cleanupInterval = "15m";
# snapshotInterval = "*:00/3:00";
#};
#prometheus.exporters.node = {
# firewallFilter = "-i m0wire -p tcp -m tcp --dport 9100";
# openFirewall = true;
#};
#syncthing = {
# enable = true;
# group = "users";
# user = "maralorn";
# openDefaultPorts = true;
# declarative = syncthing.declarativeWith [ "hera" ] "/home/maralorn/media"
# // {
# cert = pkgs.privatePath "syncthing/apollo/cert.pem";
# key = pkgs.privatePath "syncthing/apollo/key.pem";
# };
#};
xserver = {
enable = true;
displayManager = {
autoLogin = {
enable = true;
user = "maralorn";
};
gdm.enable = true;
};
desktopManager.gnome.enable = true;
};
gnome = {
evolution-data-server.enable = lib.mkForce false;
gnome-keyring.enable = lib.mkForce false;
at-spi2-core.enable = lib.mkForce false;
tracker.enable = false;
tracker-miners.enable = false;
gnome-online-miners.enable = lib.mkForce false;
};
};
boot.kernel.sysctl."fs.inotify.max_user_watches" = 204800;
console.keyMap = "neo";
sound.enable = true;
hardware = {
opengl = {
enable = true;
driSupport32Bit = true; # for gw2
};
pulseaudio = {
enable = true;
support32Bit = true;
tcp = {
enable = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" "::1" ];
};
};
};
system.stateVersion = "21.05";
}

53
nixos/machines/zeus/hardware-configuration.nix Normal file
View file

@ -0,0 +1,53 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/disk" =
{
device = "/dev/disk/by-uuid/ac20f7bf-387e-42b0-b3df-b14163f45913";
fsType = "btrfs";
};
boot.initrd.luks.devices."crypted-nixos".device = "/dev/disk/by-uuid/2518e0e0-c263-40bc-b378-419832dc62cc";
fileSystems."/nix" =
{
device = "/dev/disk/by-uuid/ac20f7bf-387e-42b0-b3df-b14163f45913";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/ac20f7bf-387e-42b0-b3df-b14163f45913";
fsType = "btrfs";
options = [ "subvol=boot" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-uuid/C41C-0C8E";
fsType = "vfat";
};
swapDevices = [ ];
}