diff options
Diffstat (limited to 'users/wpcarro/nixos/modules')
| -rw-r--r-- | users/wpcarro/nixos/modules/.skip-subtree | 1 | ||||
| -rw-r--r-- | users/wpcarro/nixos/modules/hadrian-cache.nix | 17 | ||||
| -rw-r--r-- | users/wpcarro/nixos/modules/hardware/dell-emc-egw-5200.nix | 47 | ||||
| -rw-r--r-- | users/wpcarro/nixos/modules/hardware/nopn.nix | 53 | ||||
| -rw-r--r-- | users/wpcarro/nixos/modules/laptop.nix | 15 | ||||
| -rw-r--r-- | users/wpcarro/nixos/modules/nginx.nix | 45 |
6 files changed, 178 insertions, 0 deletions
diff --git a/users/wpcarro/nixos/modules/.skip-subtree b/users/wpcarro/nixos/modules/.skip-subtree new file mode 100644 index 000000000000..09520f8c831f --- /dev/null +++ b/users/wpcarro/nixos/modules/.skip-subtree @@ -0,0 +1 @@ +NixOS modules are not readTree compatible. diff --git a/users/wpcarro/nixos/modules/hadrian-cache.nix b/users/wpcarro/nixos/modules/hadrian-cache.nix new file mode 100644 index 000000000000..033c03c825b7 --- /dev/null +++ b/users/wpcarro/nixos/modules/hadrian-cache.nix @@ -0,0 +1,17 @@ +# If enabled, use Hadrian's Nix cache. +{ config, lib, pkgs, ... }: + +{ + options = { + hadrian.cache.enable = lib.mkEnableOption "Hadrian's binary cache"; + }; + + config = lib.mkIf config.hadrian.cache.enable { + nix.settings.trusted-public-keys = [ + "cache.hadrian.internal:XWdYSn5ZASj6IqZd4nnDBXJmahQEolBrtq9DvSe0UT0=" + ]; + nix.settings.substituters = [ + "http://cache.hadrian.internal" + ]; + }; +} diff --git a/users/wpcarro/nixos/modules/hardware/dell-emc-egw-5200.nix b/users/wpcarro/nixos/modules/hardware/dell-emc-egw-5200.nix new file mode 100644 index 000000000000..df46405629c7 --- /dev/null +++ b/users/wpcarro/nixos/modules/hardware/dell-emc-egw-5200.nix @@ -0,0 +1,47 @@ +# In a nutshell, this configuration defines the configuration required to run +# NixOS on the Dell EMC EGW 5200 (often the config that NixOS put in +# hardware.nix by default). +{ config, lib, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "usbhid" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + fileSystems."/" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/NIXBOOT"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + # Needed for Tailscale subnet routing + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + networking.useDHCP = false; + networking.interfaces.eno1.useDHCP = true; + networking.interfaces.enp3s0.useDHCP = true; + networking.interfaces.enp4s0.useDHCP = true; + + system.stateVersion = "21.11"; +} diff --git a/users/wpcarro/nixos/modules/hardware/nopn.nix b/users/wpcarro/nixos/modules/hardware/nopn.nix new file mode 100644 index 000000000000..a3569542126f --- /dev/null +++ b/users/wpcarro/nixos/modules/hardware/nopn.nix @@ -0,0 +1,53 @@ +# I tried looking up the manufacturer, product name, and version, but +# `dmidecode -t system` reported "To be filled by O.E.M." for each of these +# fields. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + fileSystems."/" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/NIXBOOT"; + fsType = "vfat"; + }; + + boot = { + initrd.availableKernelModules = [ + "xhci_pci" + "ehci_pci" + "ahci" + "usb_storage" + "usbhid" + "sd_mod" + ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + + # Can verify these settings with: + # $ lsmod + # ...or: + # $ cat /etc/modprobe.d/nixos.conf + blacklistedKernelModules = [ + # Disabling this buggy network driver (and preferring ethernet) to prevent + # my machine from becoming unresponsive. + # TODO(wpcarro): Consider replacing this module with this fork (if NixOS + # isn't already): https://github.com/tomaspinho/rtl8821ce + "rtw88_8821ce" + ]; + }; + + swapDevices = [ ]; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + # TODO(wpcarro): https://github.com/NixOS/nixpkgs/issues/222805 + # high-resolution display + # hardware.video.hidpi.enable = lib.mkDefault true; +} diff --git a/users/wpcarro/nixos/modules/laptop.nix b/users/wpcarro/nixos/modules/laptop.nix new file mode 100644 index 000000000000..03dd0f39bb81 --- /dev/null +++ b/users/wpcarro/nixos/modules/laptop.nix @@ -0,0 +1,15 @@ +# Laptop-specific NixOS configuration. +_: + +{ + # Automatically detect location for redshift. + services.geoclue2.enable = true; + location.provider = "geoclue2"; + + # Enable power-saving features. + powerManagement.powertop.enable = true; + + # Backlight control command. + programs.light.enable = true; +} + diff --git a/users/wpcarro/nixos/modules/nginx.nix b/users/wpcarro/nixos/modules/nginx.nix new file mode 100644 index 000000000000..e6cc6b0febab --- /dev/null +++ b/users/wpcarro/nixos/modules/nginx.nix @@ -0,0 +1,45 @@ +# Common configuration for Nginx. +{ pkgs, ... }: + +{ + config = { + security.acme = { + acceptTerms = true; + defaults.email = "wpcarro@gmail.com"; + }; + + services.nginx = { + enable = true; + enableReload = true; + + recommendedTlsSettings = true; + recommendedGzipSettings = true; + + # Log errors to journald (i.e. /dev/log) with debug verbosity. + logError = "syslog:server=unix:/dev/log debug"; + + # for journaldriver + commonHttpConfig = '' + log_format json_combined escape=json + '{' + '"remote_addr":"$remote_addr",' + '"method":"$request_method",' + '"host":"$host",' + '"uri":"$request_uri",' + '"status":$status,' + '"request_size":$request_length,' + '"response_size":$body_bytes_sent,' + '"response_time":$request_time,' + '"referrer":"$http_referer",' + '"user_agent":"$http_user_agent"' + '}'; + + access_log syslog:server=unix:/dev/log,nohostname json_combined; + ''; + + appendHttpConfig = '' + add_header Permissions-Policy "interest-cohort=()"; + ''; + }; + }; +} |