diff options
-rw-r--r-- | ops/machines/all-systems.nix | 1 | ||||
-rw-r--r-- | users/aspen/system/home/default.nix | 6 | ||||
-rw-r--r-- | users/aspen/system/home/machines/lusca.nix | 32 | ||||
-rw-r--r-- | users/aspen/system/system/default.nix | 5 | ||||
-rw-r--r-- | users/aspen/system/system/machines/lusca.nix | 142 |
5 files changed, 186 insertions, 0 deletions
diff --git a/ops/machines/all-systems.nix b/ops/machines/all-systems.nix index 449d41a5f745..c4382fbddb2a 100644 --- a/ops/machines/all-systems.nix +++ b/ops/machines/all-systems.nix @@ -16,6 +16,7 @@ yeren mugwump ogopogo + lusca ]) ++ (with depot.users.wpcarro.nixos; [ diff --git a/users/aspen/system/home/default.nix b/users/aspen/system/home/default.nix index f821999b9957..90df02b378f6 100644 --- a/users/aspen/system/home/default.nix +++ b/users/aspen/system/home/default.nix @@ -30,7 +30,13 @@ rec { yerenHome = yeren.activation-script; + lusca = home ./machines/lusca.nix; + + luscaHome = lusca.activation-script; + meta.ci.targets = [ + "ogopogoHome" + "luscaHome" "yerenHome" ]; } diff --git a/users/aspen/system/home/machines/lusca.nix b/users/aspen/system/home/machines/lusca.nix new file mode 100644 index 000000000000..94d7fda4b599 --- /dev/null +++ b/users/aspen/system/home/machines/lusca.nix @@ -0,0 +1,32 @@ +{ pkgs, lib, config, ... }: + +let + inherit (builtins) pathExists; +in +{ + imports = [ + ../platforms/linux.nix + ../modules/common.nix + + ../modules/email.nix + ../modules/desktop.nix + ] ++ (lib.optional (pathExists ../modules/private.nix) + ../modules/private.nix); + + home.username = lib.mkForce "aspen"; + home.homeDirectory = lib.mkForce "/home/aspen"; + + # for when hacking + programs.home-manager.enable = true; + home.stateVersion = "20.03"; + + system.machine = { + wirelessInterface = "wlp1s0"; + i3FontSize = 9; + battery = 1; + }; + + home.packages = with pkgs; [ discord steam tdesktop ]; + + xsession.windowManager.i3.config.keybindings.XF86AudioMedia = "exec lock"; +} diff --git a/users/aspen/system/system/default.nix b/users/aspen/system/system/default.nix index f0f3051e9d91..07bc886c6c77 100644 --- a/users/aspen/system/system/default.nix +++ b/users/aspen/system/system/default.nix @@ -30,11 +30,16 @@ rec { yerenSystem = (depot.ops.nixos.nixosFor yeren).system; + lusca = import ./machines/lusca.nix; + + luscaSystem = (depot.ops.nixos.nixosFor lusca).system; + iso = import ./iso.nix args; meta.ci.targets = [ "mugwumpSystem" "roswellSystem" + "luscaSystem" "ogopogoSystem" "yerenSystem" diff --git a/users/aspen/system/system/machines/lusca.nix b/users/aspen/system/system/machines/lusca.nix new file mode 100644 index 000000000000..782d504aa90b --- /dev/null +++ b/users/aspen/system/system/machines/lusca.nix @@ -0,0 +1,142 @@ +{ depot, modulesPath, config, lib, pkgs, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ../modules/common.nix + ../modules/laptop.nix + ../modules/xserver.nix + ../modules/fonts.nix + ../modules/sound.nix + ../modules/tvl.nix + ../modules/development.nix + ]; + + networking.hostName = "lusca"; + + system.stateVersion = "24.05"; + + time.timeZone = "America/New_York"; + + services.avahi = { + enable = true; + nssmdns4 = true; + }; + + boot = { + initrd = { + availableKernelModules = + [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + + luks.devices."cryptroot".device = + "/dev/disk/by-uuid/9e525746-5bca-4451-8710-a6f0e09b751c"; + }; + + kernelModules = [ "kvm-amd" ]; + + kernelParams = [ + "resume=LABEL=SWAP" + "resume_offset=795904" # sudo btrfs inspect-internal map-swapfile -r /swap/swapfile + ]; + + resumeDevice = "/dev/disk/by-uuid/4c099cee-8d42-49c1-916c-62a0b5effbd2"; + + kernel.sysctl = { "kernel.perf_event_paranoid" = -1; }; + }; + + hardware.cpu.amd.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/4c099cee-8d42-49c1-916c-62a0b5effbd2"; + fsType = "btrfs"; + options = [ "subvol=root" ]; + }; + + "/home" = { + device = "/dev/disk/by-uuid/4c099cee-8d42-49c1-916c-62a0b5effbd2"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + + "/nix" = { + device = "/dev/disk/by-uuid/4c099cee-8d42-49c1-916c-62a0b5effbd2"; + fsType = "btrfs"; + options = [ "subvol=nix" ]; + }; + + "/swap" = { + device = "/dev/disk/by-uuid/4c099cee-8d42-49c1-916c-62a0b5effbd2"; + fsType = "btrfs"; + options = [ "subvol=swap" ]; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/0E7D-3C3F"; + fsType = "vfat"; + }; + }; + + swapDevices = [{ device = "/swap/swapfile"; }]; + + systemd.sleep.extraConfig = '' + HibernateDelaySec=30m + SuspendState=mem + ''; + + services.earlyoom = { + enable = true; + freeMemThreshold = 5; + }; + + services.tailscale.enable = true; + + services.fwupd = { + enable = true; + extraRemotes = [ "lvfs-testing" ]; + }; + + services.tlp.enable = lib.mkForce false; + services.power-profiles-daemon.enable = true; + + services.thermald.enable = true; + + services.fprintd.enable = true; + security.pam.services = { + login.fprintAuth = true; + sudo.fprintAuth = true; + i3lock.fprintAuth = true; + i3lock-color.fprintAuth = true; + lightdm.fprintAuth = true; + lightdm-greeter.fprintAuth = true; + }; + + security.polkit.extraConfig = '' + polkit.addRule(function(action, subject) { + if (action.id.indexOf("net.reactivated.fprint.") == 0 || action.id.indexOf("net.reactivated.Fprint.") == 0) { + polkit.log("action=" + action); + polkit.log("subject=" + subject); + return polkit.Result.YES; + } + }); + ''; + + services.udev.extraRules = '' + # Ethernet expansion card support + ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", ATTR{power/autosuspend}="20" + ''; + + hardware.sensor.iio.enable = true; + + hardware.opengl.driSupport32Bit = true; + + # TPM + security.tpm2 = { + enable = true; + pkcs11.enable = true; + tctiEnvironment.enable = true; + }; + users.users.aspen.extraGroups = [ "tss" ]; +} |