diff options
author | Vincent Ambo <mail@tazj.in> | 2020-06-13T20·52+0100 |
---|---|---|
committer | tazjin <mail@tazj.in> | 2020-06-13T23·52+0000 |
commit | 268729083eb80c93aa402883085c37e32c8a08cf (patch) | |
tree | 0916bace8073d30976ec752bb9de8c19a06027ae /ops/nixos/nugget | |
parent | 9658e96a87178e972b656db0acf3219937013b88 (diff) |
refactor(ops/nixos): Move my NixOS configurations to //users/tazjin r/941
NixOS modules move one level up because it's unlikely that //ops/nixos will contain actual systems at this point (they're user-specific). This is the first users folder, so it is also added to the root readTree invocation for the repository. Change-Id: I546c701145fa204b7ba7518a8a56a783588629e0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/244 Reviewed-by: tazjin <mail@tazj.in>
Diffstat (limited to 'ops/nixos/nugget')
-rw-r--r-- | ops/nixos/nugget/default.nix | 280 |
1 files changed, 0 insertions, 280 deletions
diff --git a/ops/nixos/nugget/default.nix b/ops/nixos/nugget/default.nix deleted file mode 100644 index 7c9530072d41..000000000000 --- a/ops/nixos/nugget/default.nix +++ /dev/null @@ -1,280 +0,0 @@ -# This file configures nugget, my home desktop machine. -{ depot, lib, ... }: - -config: let - nixpkgs = import depot.third_party.stableNixpkgsSrc { - config.allowUnfree = true; - }; - - unstable = import depot.third_party.nixpkgsSrc {}; - lieer = (depot.third_party.lieer {}); - - # google-c-style is installed only on nugget because other - # machines get it from, eh, elsewhere. - nuggetEmacs = (depot.tools.emacs.overrideEmacs(epkgs: epkgs ++ [ - depot.third_party.emacsPackages.google-c-style - ])); -in depot.lib.fix(self: { - imports = [ - ../modules/v4l2loopback.nix - ]; - - hardware = { - pulseaudio.enable = true; - cpu.intel.updateMicrocode = true; - u2f.enable = true; - }; - - boot = { - cleanTmpDir = true; - kernelModules = [ "kvm-intel" ]; - - loader = { - timeout = 3; - systemd-boot.enable = true; - efi.canTouchEfiVariables = false; - }; - - initrd = { - luks.devices.nugget-crypt.device = "/dev/disk/by-label/nugget-crypt"; - availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - kernelModules = [ "dm-snapshot" ]; - }; - - kernel.sysctl = { - "kernel.perf_event_paranoid" = 1; - }; - }; - - nix = { - package = depot.third_party.nix; - nixPath = [ - "depot=/home/tazjin/depot" - "nixpkgs=${depot.third_party.nixpkgsSrc}" - ]; - }; - - nixpkgs.pkgs = nixpkgs; - - networking = { - hostName = "nugget"; - useDHCP = false; - interfaces.eno1.useDHCP = true; - interfaces.wlp7s0.useDHCP = true; - - # Don't use ISP's DNS servers: - nameservers = [ - "8.8.8.8" - "8.8.4.4" - ]; - - # Open Chromecast-related ports & servedir - firewall.enable = false; - firewall.allowedTCPPorts = [ 4242 5556 5558 ]; - - # Connect to the WiFi to let the Chromecast work. - wireless.enable = true; - wireless.networks = { - "How do I computer?" = { - psk = "washyourface"; - }; - }; - }; - - # Generate an immutable /etc/resolv.conf from the nameserver settings - # above (otherwise DHCP overwrites it): - environment.etc."resolv.conf" = with lib; { - source = depot.third_party.writeText "resolv.conf" '' - ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") self.networking.nameservers)} - options edns0 - ''; - }; - - time.timeZone = "Europe/London"; - - environment.systemPackages = - # programs from the depot - (with depot; [ - fun.idual.script - lieer - nuggetEmacs - ops.kontemplate - third_party.ffmpeg - third_party.git - ]) ++ - - # programs from nixpkgs - (with nixpkgs; [ - age - bat - cachix - chromium - clang-manpages - clang-tools - clang_10 - curl - direnv - dnsutils - exa - fd - gnupg - go - google-chrome - google-cloud-sdk - guile - htop - hyperfine - i3lock - imagemagick - jq - keybase-gui - kubectl - linuxPackages.perf - meson - miller - msmtp - nix-prefetch-github - notmuch - openssh - openssl - pass - pavucontrol - pinentry - pinentry-emacs - pwgen - ripgrep - rr - rustup - sbcl - scrot - spotify - steam - tokei - tree - unzip - vlc - xclip - yubico-piv-tool - yubikey-personalization - ]) ++ - - # programs from unstable nixpkgs - (with unstable; [ - zoxide - ]); - - fileSystems = { - "/".device = "/dev/disk/by-label/nugget-root"; - "/boot".device = "/dev/disk/by-label/EFI"; - "/home".device = "/dev/disk/by-label/nugget-home"; - }; - - # Configure user account - users.extraUsers.tazjin = { - extraGroups = [ "wheel" "audio" ]; - isNormalUser = true; - uid = 1000; - shell = nixpkgs.fish; - }; - - security.sudo = { - enable = true; - extraConfig = "wheel ALL=(ALL:ALL) SETENV: ALL"; - }; - - fonts = { - fonts = with nixpkgs; [ - corefonts - dejavu_fonts - jetbrains-mono - noto-fonts-cjk - noto-fonts-emoji - ]; - - fontconfig = { - hinting.enable = true; - subpixel.lcdfilter = "light"; - - defaultFonts = { - monospace = [ "JetBrains Mono" ]; - }; - }; - }; - - # Configure location (Vauxhall, London) for services that need it. - location = { - latitude = 51.4819109; - longitude = -0.1252998; - }; - - programs.fish.enable = true; - programs.ssh.startAgent = true; - - services.redshift.enable = true; - services.openssh.enable = true; - services.keybase.enable = true; - - # Required for Yubikey usage as smartcard - services.pcscd.enable = true; - services.udev.packages = [ - nixpkgs.yubikey-personalization - ]; - - services.xserver = { - enable = true; - layout = "us"; - xkbOptions = "caps:super"; - exportConfiguration = true; - videoDrivers = [ "nvidia" ]; - - displayManager = { - # Give EXWM permission to control the session. - sessionCommands = "${nixpkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER"; - - lightdm.enable = true; - lightdm.greeters.gtk.clock-format = "%H·%M"; - }; - - windowManager.session = lib.singleton { - name = "exwm"; - start = "${nuggetEmacs}/bin/tazjins-emacs"; - }; - }; - - # Do not restart the display manager automatically - systemd.services.display-manager.restartIfChanged = lib.mkForce false; - - # Configure email setup - systemd.user.services.lieer-tazjin = { - description = "Synchronise mail@tazj.in via lieer"; - script = "${lieer}/bin/gmi sync"; - - serviceConfig = { - WorkingDirectory = "%h/mail/account.tazjin"; - Type = "oneshot"; - }; - }; - - systemd.user.timers.lieer-tazjin = { - wantedBy = [ "timers.target" ]; - - timerConfig = { - OnActiveSec = "1"; - OnUnitActiveSec = "180"; - }; - }; - - # Use Tailscale \o/ - services.tailscale.enable = true; - - # nugget has an SSD - services.fstrim.enable = true; - - # clangd needs more than ~2GB in the runtime directory to start up - services.logind.extraConfig = '' - RuntimeDirectorySize=4G - ''; - - # ... and other nonsense. - system.stateVersion = "19.09"; -}) |