diff options
Diffstat (limited to 'ops/nixos')
-rw-r--r-- | ops/nixos/README.md | 22 | ||||
-rw-r--r-- | ops/nixos/default.nix | 53 | ||||
-rw-r--r-- | ops/nixos/nugget/default.nix | 175 |
3 files changed, 194 insertions, 56 deletions
diff --git a/ops/nixos/README.md b/ops/nixos/README.md index 4f2e870f9025..9950a113ef47 100644 --- a/ops/nixos/README.md +++ b/ops/nixos/README.md @@ -5,19 +5,15 @@ My NixOS configuration! It configures most of the packages I require on my systems, sets up Emacs the way I need and does a bunch of other interesting things. -In contrast with earlier versions of this configuration, the Nix -channel versions are now pinned in Nix (see the beginning of -[packages.nix][]). +System configuration lives in folders for each machine and a custom +fixed point evaluation (similar to standard NixOS module +configuration) is used to combine configuration together. -Machine-local configuration is kept in files with the naming scheme -`$hostname-configuration.nix` and **must** be symlinked to -`local-configuration.nix` before the first configuration run. +Building `ops.nixos.depot-switcher` yields a script that will +automatically build and activate the newest configuration based on the +current hostname. -I'm publishing this repository (and my [emacs configuration][]) as a -convenience for myself, but also as a resource that people looking for -example Nix or Emacs configurations can browse through. +## Configured hosts: -Feel free to ping me with any questions you might have. - -[packages.nix]: packages.nix -[emacs configuration]: https://github.com/tazjin/emacs.d +* `nugget` - desktop computer at home +* ~~`urdhva` - T470s~~ (currently with edef) diff --git a/ops/nixos/default.nix b/ops/nixos/default.nix index c73a1ac73403..02a42425fdc6 100644 --- a/ops/nixos/default.nix +++ b/ops/nixos/default.nix @@ -1,48 +1,15 @@ { pkgs, ... }: let - inherit (pkgs) third_party lib; - configuration = rec { - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.cleanTmpDir = true; - hardware.pulseaudio.enable = true; - hardware.cpu.intel.updateMicrocode = true; - time.timeZone = "Europe/London"; - - networking = { - # Don't use ISP's DNS servers: - nameservers = [ - "8.8.8.8" - "8.8.4.4" - ]; - - # Open Chromecast-related ports & servedir - firewall.allowedTCPPorts = [ 3000 5556 5558 ]; - }; - - # Generate an immutable /etc/resolv.conf from the nameserver settings - # above (otherwise DHCP overwrites it): - environment.etc."resolv.conf" = with lib; with pkgs; { - source = writeText "resolv.conf" '' - ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") networking.nameservers)} - options edns0 - ''; - }; - - nixpkgs.config.allowUnfree = true; - }; - - # Desktop at home - stallo = { - networking.hostName = "stallo"; - services.xserver.videoDrivers = [ "nvidia" ]; - boot.initrd.luks.devices.stallo-luks.device = "/dev/disk/by-uuid/b484cf1e-a27b-4785-8bd6-fa85a004b073"; - - fileSystems."/".device = "/dev/disk/by-label/stallo-root"; - }; + inherit (pkgs) lib; + inherit (builtins) foldl'; + + systemFor = configs: (pkgs.third_party.nixos { + configuration = lib.fix(config: + foldl' lib.recursiveUpdate {} (map (c: c config) configs) + ); + }).system; in { - stallo = third_party.nixos { - configuration = lib.recursiveUpdate configuration stallo; - }; + # TODO(tazjin): rename 'pkgs' -> 'depot'? + nuggetSystem = systemFor [ pkgs.ops.nixos.nugget ]; } diff --git a/ops/nixos/nugget/default.nix b/ops/nixos/nugget/default.nix new file mode 100644 index 000000000000..df4f05e2bfbd --- /dev/null +++ b/ops/nixos/nugget/default.nix @@ -0,0 +1,175 @@ +# This file contains the configuration for my home desktop. + +{ pkgs, ... }: + +config: let + inherit (pkgs) lib; + + nixpkgs = import pkgs.third_party.nixpkgsSrc { + config.allowUnfree = true; + }; +in pkgs.lib.fix(self: { + hardware = { + pulseaudio.enable = true; + cpu.intel.updateMicrocode = true; + }; + + boot = { + cleanTmpDir = true; + kernelModules = [ "kvm-intel" ]; + + loader = { + timeout = 3; + systemd-boot.enable = true; + efi.canTouchEfiVariables = false; + }; + + initrd = { + luks.devices.nugget-crypt.device = "/dev/disk/by-label/nugget-crypt"; + availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + kernelModules = [ "dm-snapshot" ]; + }; + }; + + nix = { + nixPath = [ + "depot=/home/tazjin/depot" + "nixpkgs=${pkgs.third_party.nixpkgsSrc}" + ]; + }; + + nixpkgs.pkgs = nixpkgs; + + networking = { + hostName = "nugget"; + useDHCP = false; + interfaces.eno1.useDHCP = true; + interfaces.wlp7s0.useDHCP = true; + + # Don't use ISP's DNS servers: + nameservers = [ + "8.8.8.8" + "8.8.4.4" + ]; + + # Open Chromecast-related ports & servedir + firewall.allowedTCPPorts = [ 4242 5556 5558 ]; + }; + + # Generate an immutable /etc/resolv.conf from the nameserver settings + # above (otherwise DHCP overwrites it): + environment.etc."resolv.conf" = with lib; with pkgs; { + source = writeText "resolv.conf" '' + ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") self.networking.nameservers)} + options edns0 + ''; + }; + + time.timeZone = "Europe/London"; + + environment.systemPackages = + # programs from the depot + (with pkgs; [ + (third_party.lieer {}) + ops.kontemplate + third_party.git + tools.emacs + ]) ++ + + # programs from nixpkgs + (with nixpkgs; [ + age + bat + chromium + curl + direnv + dnsutils + exa + fd + gnupg + go + htop + jq + notmuch + openssh + openssl + pass + pavucontrol + pinentry + pinentry-emacs + pwgen + ripgrep + rustup + spotify + tokei + tree + vlc + xclip + ]); + + fileSystems = { + "/".device = "/dev/disk/by-label/nugget-root"; + "/boot".device = "/dev/disk/by-label/EFI"; + "/home".device = "/dev/disk/by-label/nugget-home"; + }; + + # Configure user account + users.extraUsers.tazjin = { + extraGroups = [ "wheel" "audio" ]; + isNormalUser = true; + uid = 1000; + shell = nixpkgs.fish; + }; + + security.sudo = { + enable = true; + extraConfig = "wheel ALL=(ALL:ALL) SETENV: ALL"; + }; + + fonts = { + fonts = with nixpkgs; [ + corefonts + input-fonts + noto-fonts-cjk + noto-fonts-emoji + ]; + }; + + # Configure location (Vauxhall, London) for services that need it. + location = { + latitude = 51.4819109; + longitude = -0.1252998; + }; + + programs.fish.enable = true; + + services.redshift.enable = true; + services.openssh.enable = true; + + services.xserver = { + enable = true; + layout = "us"; + xkbOptions = "caps:super"; + exportConfiguration = true; + videoDrivers = [ "nvidia" ]; + + displayManager = { + # Give EXWM permission to control the session. + sessionCommands = "${nixpkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER"; + + lightdm.enable = true; + lightdm.greeters.gtk.clock-format = "%H·%M"; + }; + + windowManager.session = pkgs.lib.singleton { + name = "exwm"; + start = "${pkgs.tools.emacs}/bin/tazjins-emacs"; + }; + }; + + # Do not restart the display manager automatically + systemd.services.display-manager.restartIfChanged = lib.mkForce false; + + # ... and other nonsense. + system.stateVersion = "19.09"; +}) |