nixos-config/machines/loki/configuration.nix

555 lines
11 KiB
Nix
Raw Normal View History

{
nixos-hardware,
nix-ld-rs,
attic,
...
}:
2022-12-23 09:20:53 +01:00
{ pkgs, config, ... }:
2022-05-04 10:46:29 +02:00
{
imports = [
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-cpu-amd-pstate
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd
2023-12-06 08:34:33 +01:00
# microvm.nixosModules.host
2023-11-02 23:49:52 +01:00
2023-12-06 08:34:33 +01:00
# ./vm.nix
2023-11-02 23:49:52 +01:00
../../users/erwin
../../users/root
../../users/builder
];
2021-11-21 19:07:12 +01:00
2024-07-28 20:49:09 +02:00
nixpkgs.config = {
rocmSupport = true;
};
2021-11-21 19:07:12 +01:00
eboskma = {
2022-08-14 16:38:25 +02:00
users = {
erwin = {
2022-08-18 16:37:26 +02:00
enable = true;
2022-11-11 11:54:21 +01:00
home = true;
2022-08-14 16:38:25 +02:00
};
builder.enable = true;
};
2021-11-21 19:07:12 +01:00
base = {
plymouth.enable = true;
work = false;
udev-rules = {
qmk = true;
solo2 = true;
picotool = true;
blink1 = true;
probe-rs = true;
};
2021-11-21 19:07:12 +01:00
};
2021-11-22 08:04:54 +01:00
bluetooth.enable = true;
2021-11-21 19:07:12 +01:00
desktop = {
enable = true;
2022-11-11 11:54:21 +01:00
wayland = true;
2021-11-21 19:07:12 +01:00
};
2022-02-09 08:13:16 +01:00
element-web.enable = false;
2021-11-27 16:01:21 +01:00
fonts.enable = true;
gnome.enable = true;
greetd = {
enable = false;
sway = true;
2024-04-22 17:42:31 +02:00
river = true;
2023-10-09 14:39:38 +02:00
wallpaper = ../../wallpapers/river-2560.png;
};
guix.enable = true;
2021-11-21 19:07:12 +01:00
networking = {
enable = true;
};
2021-11-27 16:01:21 +01:00
nix-common = {
enable = true;
2022-10-10 18:35:50 +02:00
cross-systems = [ "aarch64-linux" ];
gc-interval = "weekly";
2021-11-27 16:01:21 +01:00
};
podman.enable = true;
regreet = {
enable = true;
wallpaper = ../../wallpapers/river-2560.png;
wayvnc = true;
};
2023-12-20 11:34:47 +01:00
tailscale.enable = true;
2023-10-23 08:12:48 +02:00
sound = {
enable = true;
jack = true;
};
2021-12-06 09:58:39 +01:00
systemd.enable = true;
2021-11-21 19:07:12 +01:00
};
2023-09-13 14:50:03 +02:00
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/42065c7e-d0aa-4de8-a913-014cf59d48ac";
fsType = "ext4";
};
2023-07-18 10:52:44 +02:00
2023-09-13 14:50:03 +02:00
"/boot" = {
device = "/dev/disk/by-uuid/4064-A1BE";
fsType = "vfat";
};
2023-07-18 10:52:44 +02:00
2023-09-13 14:50:03 +02:00
"/home" = {
device = "/dev/disk/by-uuid/082ec5d2-238e-4713-9c37-31b1cb0fb8c3";
fsType = "ext4";
};
2023-07-18 10:52:44 +02:00
};
2024-02-05 11:46:52 +01:00
swapDevices = [ { device = "/dev/disk/by-uuid/d93788f7-1b94-4687-8313-055d17f42b7e"; } ];
2023-07-18 10:52:44 +02:00
# high-resolution display
# hardware.video.hidpi.enable = lib.mkDefault true;
# Enable firmware
hardware.enableAllFirmware = true;
# i2c support
hardware.i2c.enable = true;
2023-05-28 12:48:51 +02:00
boot = {
2024-02-05 11:46:52 +01:00
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
2023-07-18 10:52:44 +02:00
initrd.kernelModules = [ ];
kernelPackages = pkgs.linuxPackages_latest;
2024-02-05 11:46:52 +01:00
kernelModules = [
"kvm-amd"
"apple-mfi-fastcharge"
"zenpower"
"nf_nat_ftp"
];
2023-07-18 10:52:44 +02:00
kernelParams = [ "amd_pstate.shared_mem=1" ];
2024-01-30 20:59:27 +01:00
extraModulePackages = with config.boot.kernelPackages; [
cpupower
2024-03-26 15:06:20 +01:00
# rtl88x2bu
2024-01-30 20:59:27 +01:00
zenpower
];
2023-07-18 10:52:44 +02:00
2023-05-28 12:48:51 +02:00
loader = {
systemd-boot = {
enable = true;
configurationLimit = 10;
};
efi.canTouchEfiVariables = true;
};
};
2021-11-21 19:07:12 +01:00
time.timeZone = "Europe/Amsterdam";
networking = {
hostName = "loki";
useDHCP = false;
2023-04-19 09:32:06 +02:00
networkmanager.enable = false;
useNetworkd = true;
firewall = {
2024-02-05 11:46:52 +01:00
trustedInterfaces = [
"lo"
"tailscale0"
];
2022-09-27 20:38:45 +02:00
allowedTCPPorts = [
# NFS
2022-10-07 20:42:59 +02:00
111
2049
4100
4101
4102
20048
2022-09-27 20:38:45 +02:00
# Horus System V2
2022-10-07 20:42:59 +02:00
12345
5555
5556
2022-09-27 20:38:45 +02:00
# Elixir/Phoenix dev environment
4000
2022-10-07 20:42:59 +02:00
2023-05-10 15:13:24 +02:00
# SteamLink
27036
27037
2022-09-27 20:38:45 +02:00
];
2022-10-07 20:42:59 +02:00
2022-09-27 20:38:45 +02:00
allowedUDPPorts = [
# NFS
2022-10-07 20:42:59 +02:00
111
2049
4100
4101
4102
20048
2022-12-23 09:20:53 +01:00
2023-05-10 15:13:24 +02:00
# SteamLink
27031
27036
2022-12-23 09:20:53 +01:00
# WireGuard
51820
2022-09-27 20:38:45 +02:00
];
2022-10-07 20:42:59 +02:00
2022-09-27 20:38:45 +02:00
allowedTCPPortRanges = [
# Sonos / noson
2024-02-05 11:46:52 +01:00
{
from = 1400;
to = 1410;
}
2022-09-27 20:38:45 +02:00
];
allowedUDPPortRanges = [
# Sunshine
2024-02-05 11:46:52 +01:00
{
from = 47998;
to = 48000;
}
# Sonos / noson / pulseaudio
2024-02-05 11:46:52 +01:00
{
from = 1400;
to = 1410;
}
2022-09-27 20:38:45 +02:00
];
2022-12-23 09:20:53 +01:00
};
2024-07-08 14:32:20 +02:00
wireless.iwd = {
enable = true;
settings = {
General = {
EnableNetworkConfiguration = true;
};
};
};
2021-11-21 19:07:12 +01:00
};
2023-11-20 17:03:05 +01:00
security = {
sudo-rs = {
enable = true;
};
sudo.enable = false;
2024-03-26 15:06:20 +01:00
pam.services.swaylock = {
unixAuth = true;
setLoginUid = true;
enableGnomeKeyring = true;
allowNullPassword = true;
updateWtmp = true;
startSession = true;
};
};
systemd = {
network = {
enable = true;
wait-online = {
anyInterface = true;
};
netdevs = {
2024-06-27 14:57:45 +02:00
"10-horus0" = {
netdevConfig = {
Kind = "wireguard";
MTUBytes = "1420";
2024-06-27 14:57:45 +02:00
Name = "horus0";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets.wireguard-horus-privkey.path;
ListenPort = 51820;
};
wireguardPeers = [
{
PublicKey = "6faxlUG8+F7uVrKk/OJqqy5k2+OzrhXc/cV6Zsfbl0c=";
AllowedIPs = [
"192.168.4.0/23"
"192.168.6.0/24"
"192.168.7.0/24"
"192.168.8.0/24"
];
Endpoint = "212.45.34.195:51820";
PersistentKeepalive = 25;
}
];
};
};
networks = {
"40-enp4s0" = {
matchConfig = {
Name = "enp4s0";
};
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
2024-06-27 14:57:45 +02:00
"40-horus0" = {
matchConfig = {
2024-06-27 14:57:45 +02:00
Name = "horus0";
};
linkConfig = {
ActivationPolicy = "manual";
};
networkConfig = {
DHCP = "no";
DNS = "192.168.4.1";
2024-02-05 11:46:52 +01:00
Domains = [
"bedum.horus.nu"
"internal.horus.nu"
];
};
2024-02-05 11:46:52 +01:00
address = [ "10.10.4.2/24" ];
routes = [
{
2024-06-03 11:12:33 +02:00
Destination = "192.168.4.0/23";
Scope = "link";
}
{
2024-06-03 11:12:33 +02:00
Destination = "192.168.6.0/24";
Scope = "link";
}
{
2024-06-03 11:12:33 +02:00
Destination = "192.168.7.0/24";
Scope = "link";
}
{
2024-06-03 11:12:33 +02:00
Destination = "192.168.8.0/24";
Scope = "link";
}
];
};
};
2023-01-06 00:14:33 +01:00
links = {
"40-enp4s0" = {
matchConfig = {
OriginalName = "enp4s0";
};
linkConfig = {
WakeOnLan = "magic";
};
2023-01-06 00:14:33 +01:00
};
};
};
};
2021-11-21 19:07:12 +01:00
2023-09-13 14:50:03 +02:00
services = {
udev = {
extraHwdb = ''
evdev:name:ELECOM TrackBall Mouse HUGE TrackBall:*
ID_INPUT_KEY=1
KEYBOARD_KEY_90008=red
KEYBOARD_KEY_90007=copy
KEYBOARD_KEY_90006=paste
'';
extraRules = ''
ACTION=="add", ATTRS{idVendor}=="0951", ATTRS{idProduct}=="1666", NAME=keys
2023-09-15 21:21:48 +02:00
ACTION=="add", ATTRS{idVendor}=="0781", ATTRS{idProduct}=="55b1", NAME=vault
2023-09-13 14:50:03 +02:00
'';
};
2021-11-26 22:21:16 +01:00
2023-09-13 14:50:03 +02:00
openssh.enable = true;
2023-11-20 17:03:05 +01:00
colord.enable = true;
2023-09-13 14:50:03 +02:00
udisks2 = {
enable = true;
};
2024-01-30 20:59:27 +01:00
envfs.enable = true;
2023-09-13 14:50:03 +02:00
cpupower-gui.enable = true;
2023-10-05 14:58:32 +02:00
teamviewer.enable = true;
2023-09-13 14:50:03 +02:00
sunshine = {
enable = true;
2024-04-23 16:31:37 +02:00
capSysAdmin = true;
# user = "erwin";
2023-09-13 14:50:03 +02:00
openFirewall = true;
};
2023-10-05 14:58:32 +02:00
nfs.server = {
enable = true;
exports = ''
/home/erwin/proxmox-backup 10.0.0.0/24(rw,sync,no_subtree_check,anonuid=1000,anongid=100,all_squash)
'';
lockdPort = 4101;
mountdPort = 4102;
statdPort = 4100;
};
};
2023-09-13 14:50:03 +02:00
programs = {
2024-03-26 15:06:20 +01:00
sway = {
enable = true;
package = pkgs.swayfx;
wrapperFeatures = {
gtk = true;
base = true;
};
extraPackages = with pkgs; [
swaylock
swayidle
];
};
river.enable = true;
2023-09-13 14:50:03 +02:00
gnome-disks.enable = true;
# ssh.startAgent = true;
2023-01-10 08:19:33 +01:00
2023-09-13 14:50:03 +02:00
gamemode = {
enable = true;
settings = {
general = {
renice = 5;
};
custom = {
start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
};
};
};
appimage = {
enable = true;
binfmt = true;
};
ryzen-monitor-ng.enable = true;
2023-12-20 11:38:26 +01:00
nix-ld = {
enable = true;
package = nix-ld-rs.packages.${pkgs.hostPlatform.system}.nix-ld-rs;
libraries = with pkgs; [
alsa-lib
at-spi2-atk
at-spi2-core
atk
cairo
cups
curl
dbus
expat
fontconfig
freetype
fuse3
gdk-pixbuf
glib
gtk3
icu
libGL
libappindicator-gtk3
libdrm
libglvnd
libnotify
libpulseaudio
libunwind
libusb1
libuuid
libxkbcommon
mesa
nspr
nss
openssl
pango
pipewire
sqlite
stdenv.cc.cc
systemd
vulkan-loader
xorg.libX11
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXtst
xorg.libxcb
xorg.libxkbfile
xorg.libxshmfence
zlib
];
};
};
2023-01-31 17:13:02 +01:00
powerManagement = {
cpuFreqGovernor = "ondemand";
};
environment = {
sessionVariables = {
AMD_VULKAN_ICD = "RADV";
# WLR_RENDERER = "vulkan";
};
systemPackages = with pkgs; [
2024-01-03 01:16:06 +01:00
incus
2024-07-08 14:32:20 +02:00
iwgtk
tailscale
];
};
2023-04-09 23:19:58 +02:00
nix.settings.post-build-hook =
let
inherit (attic.packages.${pkgs.system}) attic-client;
cachedPackagePatterns = builtins.concatStringsSep "|" [ "mongodb" ];
in
pkgs.writeScript "upload-to-cache" ''
set -eu
set -f
export IFS=' '
OUT_PATHS=$(echo -n ''${OUT_PATHS} | ${pkgs.gawk}/bin/awk 'BEGIN { RS = " "; ORS = " "; } $0 ~ /(${cachedPackagePatterns})/ { print $0 }')
if [[ -z "''${OUT_PATHS}" ]]; then
echo "No matching packages to upload"
exit 0
fi
echo "Uploading paths to cache " ''${OUT_PATHS}
exec ${attic-client}/bin/attic push main ''${OUT_PATHS}
'';
2024-01-17 09:29:16 +01:00
2021-11-26 22:21:16 +01:00
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
ha_now_playing_token = {
owner = "erwin";
};
gh_token = {
owner = "erwin";
};
renovate_env = {
owner = "erwin";
};
2024-02-09 20:38:40 +01:00
livebook-env = {
2022-06-27 10:10:04 +02:00
owner = "erwin";
};
livebook-password = {
owner = "erwin";
};
wireguard-horus-privkey = {
owner = "systemd-network";
};
2023-11-08 09:29:43 +01:00
k3s-token = { };
2021-11-26 22:21:16 +01:00
};
2021-11-21 19:07:12 +01:00
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
2022-10-25 09:40:08 +02:00
system.stateVersion = "22.05"; # Did you read the comment?
2021-11-21 19:07:12 +01:00
}