diff options
Diffstat (limited to 'ops/nixos/frog')
-rw-r--r-- | ops/nixos/frog/default.nix | 254 |
1 files changed, 0 insertions, 254 deletions
diff --git a/ops/nixos/frog/default.nix b/ops/nixos/frog/default.nix deleted file mode 100644 index 72b1c9ed3612..000000000000 --- a/ops/nixos/frog/default.nix +++ /dev/null @@ -1,254 +0,0 @@ -{ depot, lib, ... }: - -config: let - nixpkgs = import depot.third_party.nixpkgsSrc { - config.allowUnfree = true; - }; - - lieer = depot.third_party.lieer {}; - - # add google-c-style here because other machines get it from, eh, - # elsewhere. - frogEmacs = (depot.tools.emacs.overrideEmacs(epkgs: epkgs ++ [ - depot.third_party.emacsPackages.google-c-style - ])); -in depot.lib.fix(self: { - # TODO(tazjin): v4l2loopback - - boot = { - tmpOnTmpfs = true; - kernelModules = [ "kvm-amd" ]; - - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - initrd = { - luks.devices.frog-crypt.device = "/dev/disk/by-label/frog-crypt"; - availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; - kernelModules = [ "dm-snapshot" ]; - }; - - kernelPackages = nixpkgs.linuxPackages_latest; - kernel.sysctl = { - "kernel.perf_event_paranoid" = 1; - }; - }; - - hardware = { - cpu.amd.updateMicrocode = true; - enableRedistributableFirmware = true; - pulseaudio.enable = true; - u2f.enable = true; - opengl = { - enable = true; - driSupport = true; - }; - }; - - nix = { - maxJobs = 48; - nixPath = [ - "depot=/depot" - "nixpkgs=${depot.third_party.nixpkgsSrc}" - ]; - }; - - nixpkgs.pkgs = nixpkgs; - - networking = { - hostName = "frog"; - useDHCP = false; - interfaces.enp67s0.useDHCP = true; - - # Don't use ISP's DNS servers: - nameservers = [ - "8.8.8.8" - "8.8.4.4" - ]; - - firewall.enable = false; - }; - - # Generate an immutable /etc/resolv.conf from the nameserver settings - # above (otherwise DHCP overwrites it): - environment.etc."resolv.conf" = with lib; { - source = depot.third_party.writeText "resolv.conf" '' - ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") self.networking.nameservers)} - options edns0 - ''; - }; - - time.timeZone = "Europe/London"; - - fileSystems = { - "/".device = "/dev/disk/by-label/frog-root"; - "/boot".device = "/dev/disk/by-label/BOOT"; - "/home".device = "/dev/disk/by-label/frog-home"; - }; - - # Configure user account - users.extraUsers.tazjin = { - extraGroups = [ "wheel" "audio" ]; - isNormalUser = true; - uid = 1000; - shell = nixpkgs.fish; - }; - - security.sudo = { - enable = true; - extraConfig = "wheel ALL=(ALL:ALL) SETENV: ALL"; - }; - - fonts = { - fonts = with nixpkgs; [ - corefonts - dejavu_fonts - jetbrains-mono - noto-fonts-cjk - noto-fonts-emoji - ]; - - fontconfig = { - hinting.enable = true; - subpixel.lcdfilter = "light"; - - defaultFonts = { - monospace = [ "JetBrains Mono" ]; - }; - }; - }; - - # Configure location (Vauxhall, London) for services that need it. - location = { - latitude = 51.4819109; - longitude = -0.1252998; - }; - - programs.fish.enable = true; - programs.ssh.startAgent = true; - - services.redshift.enable = true; - services.openssh.enable = true; - services.fstrim.enable = true; - - # Required for Yubikey usage as smartcard - services.pcscd.enable = true; - services.udev.packages = [ - nixpkgs.yubikey-personalization - ]; - - services.xserver = { - enable = true; - layout = "us"; - xkbOptions = "caps:super"; - exportConfiguration = true; - displayManager = { - # Give EXWM permission to control the session. - sessionCommands = "${nixpkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER"; - - lightdm.enable = true; - lightdm.greeters.gtk.clock-format = "%H·%M"; # TODO(tazjin): TZ? - }; - - windowManager.session = lib.singleton { - name = "exwm"; - start = "${frogEmacs}/bin/tazjins-emacs"; - }; - }; - - # Do not restart the display manager automatically - systemd.services.display-manager.restartIfChanged = lib.mkForce false; - - # clangd needs more than ~2GB in the runtime directory to start up - services.logind.extraConfig = '' - RuntimeDirectorySize=16G - ''; - - # Configure email setup - systemd.user.services.lieer-tazjin = { - description = "Synchronise mail@tazj.in via lieer"; - script = "${lieer}/bin/gmi sync"; - - serviceConfig = { - WorkingDirectory = "%h/mail/account.tazjin"; - Type = "oneshot"; - }; - }; - - systemd.user.timers.lieer-tazjin = { - wantedBy = [ "timers.target" ]; - - timerConfig = { - OnActiveSec = "1"; - OnUnitActiveSec = "180"; - }; - }; - - environment.systemPackages = - # programs from the depot - (with depot; [ - fun.idual.script - lieer - frogEmacs - ops.kontemplate - third_party.ffmpeg - third_party.git - ]) ++ - - # programs from nixpkgs - (with nixpkgs; [ - age - bat - chromium - clang-manpages - clang-tools - clang_10 - curl - direnv - dnsutils - emacs26 # mostly for emacsclient - exa - fd - gnupg - go - google-chrome - google-cloud-sdk - htop - hyperfine - i3lock - imagemagick - jq - kubectl - linuxPackages.perf - miller - msmtp - nix-prefetch-github - notmuch - openssh - openssl - pass - pavucontrol - pinentry - pinentry-emacs - pwgen - ripgrep - rr - rustup - scrot - spotify - steam - tokei - tree - unzip - vlc - xclip - yubico-piv-tool - yubikey-personalization - zoxide - ]); - - # ... and other nonsense. - system.stateVersion = "20.03"; -}) |