diff options
Diffstat (limited to 'users/wpcarro/nixos')
| -rw-r--r-- | users/wpcarro/nixos/ava/ava.el | 46 | ||||
| -rw-r--r-- | users/wpcarro/nixos/ava/default.nix | 118 | ||||
| -rw-r--r-- | users/wpcarro/nixos/ava/hardware.nix | 31 | ||||
| -rw-r--r-- | users/wpcarro/nixos/default.nix | 53 | ||||
| -rw-r--r-- | users/wpcarro/nixos/diogenes/README.md | 13 | ||||
| -rw-r--r-- | users/wpcarro/nixos/diogenes/default.nix | 160 | ||||
| -rw-r--r-- | users/wpcarro/nixos/iso.nix | 17 | ||||
| -rw-r--r-- | users/wpcarro/nixos/marcus/default.nix | 172 | ||||
| -rw-r--r-- | users/wpcarro/nixos/marcus/hardware.nix | 29 | ||||
| -rw-r--r-- | users/wpcarro/nixos/marcus/marcus.el | 37 |
10 files changed, 676 insertions, 0 deletions
diff --git a/users/wpcarro/nixos/ava/ava.el b/users/wpcarro/nixos/ava/ava.el new file mode 100644 index 000000000000..77320b113e11 --- /dev/null +++ b/users/wpcarro/nixos/ava/ava.el @@ -0,0 +1,46 @@ +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Dependencies +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(require 'display) +(require 'window-manager) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Monitor Configuration +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(display-register primary + :output "HDMI-1" + :primary t + :coords (0 0) + :size (2560 1440) + :rate 30.0 + :dpi 96 + :rotate normal) + +(display-register secondary + :output "HDMI-2" + :primary nil + :coords (2561 0) + :size (2560 1440) + :rate 30.0 + :dpi 96 + :rotate normal) + +(display-arrangement main :displays (primary secondary)) + +(setq window-manager-named-workspaces + (list (make-window-manager-named-workspace + :label "Web Browsing" + :kbd "c" + :display display-secondary) + (make-window-manager-named-workspace + :label "Coding" + :kbd "d" + :display display-primary) + (make-window-manager-named-workspace + :label "Chatting" + :kbd "h" + :display display-secondary))) + +(window-manager-init :init-hook #'display-arrange-main) diff --git a/users/wpcarro/nixos/ava/default.nix b/users/wpcarro/nixos/ava/default.nix new file mode 100644 index 000000000000..9fb2414dbbf5 --- /dev/null +++ b/users/wpcarro/nixos/ava/default.nix @@ -0,0 +1,118 @@ +{ depot, pkgs, lib, ... }: +{ ... }: + +let + inherit (depot.users) wpcarro; + + wpcarrosEmacs = wpcarro.emacs.nixos { + load = [ ./ava.el ]; + }; + + quasselClient = pkgs.quassel.override { + client = true; + enableDaemon = false; + monolithic = false; + }; +in +{ + imports = [ ./hardware.nix ]; + + # Use the TVL binary cache + tvl.cache.enable = true; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + time.timeZone = "America/Los_Angeles"; + + networking = { + # The global useDHCP flag is deprecated, therefore explicitly set to false + # here. Per-interface useDHCP will be mandatory in the future, so this + # generated config replicates the default behaviour. + useDHCP = false; + hostName = "ava"; + networkmanager.enable = true; + interfaces.enp1s0.useDHCP = true; + interfaces.enp3s0.useDHCP = true; + interfaces.wlp2s0.useDHCP = true; + }; + + services = wpcarro.common.services // { + openssh.enable = true; + + xserver = { + enable = true; + layout = "us"; + xkbOptions = "caps:escape"; + displayManager = { + # Give EXWM permission to control the session (from tazjin's setup). + sessionCommands = "${pkgs.xorg.xhost}/bin/xhost +SI:localhost:$USER"; + lightdm.enable = true; + }; + windowManager.session = lib.singleton { + name = "exwm"; + start = "${wpcarrosEmacs}/bin/wpcarros-emacs"; + }; + }; + }; + + # Enable sound. + sound.enable = true; + hardware.pulseaudio.enable = true; + + users.mutableUsers = true; + users.users.root.openssh.authorizedKeys.keys = [ + wpcarro.keys.nathan + ]; + users.users.wpcarro = { + isNormalUser = true; + extraGroups = [ + "networkmanager" + "wheel" + "docker" + ]; + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ + wpcarro.keys.nathan + ]; + }; + + security.sudo.wheelNeedsPassword = false; + + fonts = { + fonts = with pkgs; [ + jetbrains-mono + ]; + + fontconfig = { + defaultFonts = { + monospace = [ "JetBrains Mono" ]; + }; + }; + }; + + programs = wpcarro.common.programs; + + virtualisation.docker.enable = true; + + environment.variables = { + EDITOR = "emacsclient"; + ALTERNATE_EDITOR = "emacs -q -nw"; + VISUAL = "emacsclient"; + }; + + environment.systemPackages = + wpcarro.common.shell-utils ++ + (with pkgs; [ + alacritty + firefox + google-chrome + pavucontrol + quasselClient + tdesktop + wpcarrosEmacs + xsecurelock + ]); + + system.stateVersion = "21.11"; +} diff --git a/users/wpcarro/nixos/ava/hardware.nix b/users/wpcarro/nixos/ava/hardware.nix new file mode 100644 index 000000000000..9892bdc58185 --- /dev/null +++ b/users/wpcarro/nixos/ava/hardware.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/60d92789-c44e-4620-885d-1d81d0759f1d"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/C62C-9B32"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + # high-resolution display + hardware.video.hidpi.enable = lib.mkDefault true; +} diff --git a/users/wpcarro/nixos/default.nix b/users/wpcarro/nixos/default.nix new file mode 100644 index 000000000000..466b4a30c169 --- /dev/null +++ b/users/wpcarro/nixos/default.nix @@ -0,0 +1,53 @@ +{ depot, pkgs, ... }: + +let + inherit (depot.users.wpcarro.nixos) diogenes; + systemFor = sys: (depot.ops.nixos.nixosFor sys).system; +in +{ + avaSystem = systemFor depot.users.wpcarro.nixos.ava; + + marcusSystem = systemFor depot.users.wpcarro.nixos.marcus; + + # Apply terraform updates and rebuild NixOS for diogenes. + deploy-diogenes = pkgs.writeShellScriptBin "deploy-diogenes" '' + set -euo pipefail + readonly TF_STATE_DIR=/depot/users/wpcarro/terraform + rm -f $TF_STATE_DIR/*.json + readonly STORE_PATH="${diogenes.json}" + # We can't use the result symlink because terraform looks for a *.json file + # in the current working directory. + cp $STORE_PATH $TF_STATE_DIR + + if [ ! -d $TF_STATE_DIR/.terraform ]; then + ${pkgs.terraform}/bin/terraform -chdir="$TF_STATE_DIR" init + fi + + function cleanup() { + rm -f "$TF_STATE_DIR/$(basename $STORE_PATH)" + } + trap cleanup EXIT + + ${pkgs.terraform}/bin/terraform -chdir="$TF_STATE_DIR" apply + ''; + + # Rebuild NixOS for diogenes without applying terraform updates. + rebuild-diogenes = pkgs.writeShellScriptBin "rebuild-diogenes" '' + set -euo pipefail + readonly target="root@billandhiscomputer.com" + + # We need to call nix-build here on the drvPath because it may not be in + # /nix/store yet. + readonly STORE_PATH="$(nix-build ${diogenes.drvPath} --no-out-link --show-trace)" + nix-copy-closure --to $target ${diogenes.osPath} \ + --gzip --use-substitutes $STORE_PATH + + ssh $target 'nix-env --profile /nix/var/nix/profiles/system --set ${diogenes.osPath}' + ssh $target '${diogenes.osPath}/bin/switch-to-configuration switch' + ''; + + meta.ci.targets = [ + "avaSystem" + "marcusSystem" + ]; +} diff --git a/users/wpcarro/nixos/diogenes/README.md b/users/wpcarro/nixos/diogenes/README.md new file mode 100644 index 000000000000..f77c01d2d425 --- /dev/null +++ b/users/wpcarro/nixos/diogenes/README.md @@ -0,0 +1,13 @@ +# diogenes + +diogenes is a NixOS machine deployed on a Google VM. It hosts +https://billandhiscomputer.com. + +## Deployment + +I manage diogenes's deployment with Terraform. My current workflow looks like +this: + +```shell +deploy-diogenes +``` diff --git a/users/wpcarro/nixos/diogenes/default.nix b/users/wpcarro/nixos/diogenes/default.nix new file mode 100644 index 000000000000..9f80d0b1bafc --- /dev/null +++ b/users/wpcarro/nixos/diogenes/default.nix @@ -0,0 +1,160 @@ +{ depot, pkgs, ... }: + +let + inherit (depot.users) wpcarro; + name = "diogenes"; + domainName = "billandhiscomputer.com"; +in +wpcarro.terraform.googleCloudVM { + project = "wpcarros-infrastructure"; + name = "diogenes"; + region = "us-central1"; + zone = "us-central1-a"; + + # DNS configuration + extraConfig = { + # billandhiscomputer.com + resource.google_dns_managed_zone."${name}" = { + inherit name; + dns_name = "${domainName}."; + }; + + resource.google_dns_record_set."${name}" = { + name = "${domainName}."; + type = "A"; + ttl = 300; # 5m + managed_zone = "\${google_dns_managed_zone.${name}.name}"; + rrdatas = [ "\${google_compute_instance.${name}.network_interface[0].access_config[0].nat_ip}" ]; + }; + + resource.google_compute_instance."${name}" = { + network_interface.access_config = { + public_ptr_domain_name = "${domainName}."; + }; + }; + }; + + configuration = { + imports = [ + "${depot.path}/ops/modules/quassel.nix" + ]; + + networking = { + firewall.allowedTCPPorts = [ + 22 # ssh + 80 # http + 443 # https + 6698 # quassel + ]; + firewall.allowedUDPPortRanges = [ + { from = 60000; to = 61000; } # mosh + ]; + }; + + # Use the TVL binary cache + tvl.cache.enable = true; + + users = { + mutableUsers = true; + users = { + root = { + openssh.authorizedKeys.keys = wpcarro.keys.all; + }; + wpcarro = { + isNormalUser = true; + extraGroups = [ "wheel" "quassel" ]; + openssh.authorizedKeys.keys = wpcarro.keys.all; + shell = pkgs.fish; + }; + # This is required so that quasselcore can read the ACME cert in + # /var/lib/acme, which is only available to user=acme or group=nginx. + quassel.extraGroups = [ "nginx" ]; + }; + }; + + security = { + acme = { + acceptTerms = true; + defaults.email = "wpcarro@gmail.com"; + }; + + sudo.wheelNeedsPassword = false; + }; + + programs = wpcarro.common.programs // { + mosh.enable = true; + }; + + # I won't have an Emacs server running on diogenes, and I'll likely be in an + # SSH session from within vterm. As such, Vim is one of the few editors that + # I tolerably navigate this way. + environment.variables = { + EDITOR = "vim"; + }; + + environment.systemPackages = wpcarro.common.shell-utils; + + services = wpcarro.common.services // { + # TODO(wpcarro): Re-enable this when rebuild-system better supports + # terraform deployments. + # depot.auto-deploy = { + # enable = true; + # interval = "1h"; + # }; + + # TODO(wpcarro): Re-enable this after debugging ACME and NXDOMAIN. + depot.quassel = { + enable = true; + acmeHost = domainName; + bindAddresses = [ + "0.0.0.0" + ]; + }; + + journaldriver = { + enable = true; + logStream = "home"; + googleCloudProject = "wpcarros-infrastructure"; + applicationCredentials = "/etc/gcp/key.json"; + }; + + nginx = { + enable = true; + enableReload = true; + + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + # for journaldriver + commonHttpConfig = '' + log_format json_combined escape=json + '{' + '"remote_addr":"$remote_addr",' + '"method":"$request_method",' + '"host":"$host",' + '"uri":"$request_uri",' + '"status":$status,' + '"request_size":$request_length,' + '"response_size":$body_bytes_sent,' + '"response_time":$request_time,' + '"referrer":"$http_referer",' + '"user_agent":"$http_user_agent"' + '}'; + + access_log syslog:server=unix:/dev/log,nohostname json_combined; + ''; + + virtualHosts = { + "${domainName}" = { + addSSL = true; + enableACME = true; + root = wpcarro.website.root; + }; + }; + }; + }; + + system.stateVersion = "21.11"; + }; +} diff --git a/users/wpcarro/nixos/iso.nix b/users/wpcarro/nixos/iso.nix new file mode 100644 index 000000000000..8102c98fb893 --- /dev/null +++ b/users/wpcarro/nixos/iso.nix @@ -0,0 +1,17 @@ +# TODO(wpcarro): Support the workflow outlined in these docs. +# +# Usage: +# $ lsblk # get your USB dev path (e.g. /dev/sdb) +# $ create-installer --dev=/dev/sdb //users/wpcarro/nixos/marcus + +{ pkgs, ... }: + +{ + imports = [ + "${pkgs.nixos}/modules/installer/cd-graphical-gnome.nix" + ]; + + config = { + networking.wireless.enable = true; + }; +} diff --git a/users/wpcarro/nixos/marcus/default.nix b/users/wpcarro/nixos/marcus/default.nix new file mode 100644 index 000000000000..1957070dfc45 --- /dev/null +++ b/users/wpcarro/nixos/marcus/default.nix @@ -0,0 +1,172 @@ +{ depot, pkgs, lib, ... }: +{ ... }: + +let + inherit (depot.users) wpcarro; + + wpcarrosEmacs = wpcarro.emacs.nixos { + load = [ ./marcus.el ]; + }; + + quasselClient = pkgs.quassel.override { + client = true; + enableDaemon = false; + monolithic = false; + }; +in +{ + imports = [ + (depot.path + "/users/wpcarro/nixos/marcus/hardware.nix") + "${pkgs.home-manager.src}/nixos" + ]; + + # Use the TVL binary cache + tvl.cache.enable = true; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking = { + # The global useDHCP flag is deprecated, therefore explicitly set to false + # here. Per-interface useDHCP will be mandatory in the future, so this + # generated config replicates the default behaviour. + useDHCP = false; + hostName = "marcus"; + networkmanager.enable = true; + interfaces.enp0s31f6.useDHCP = true; + interfaces.wlp0s20f3.useDHCP = true; + }; + + # Schedule daily reboots. + systemd.timers.auto-reboot = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "*-*-* 03:00:00"; + Unit = "reboot.target"; + }; + }; + + services = wpcarro.common.services // { + tzupdate.enable = true; + + depot.auto-deploy = { + enable = true; + interval = "1d"; + }; + + xserver = { + enable = true; + libinput = { + enable = true; + touchpad.naturalScrolling = false; + touchpad.tapping = false; + }; + layout = "us"; + xkbOptions = "caps:escape"; + displayManager = { + # Give EXWM permission to control the session (from tazjin's setup). + sessionCommands = "${pkgs.xorg.xhost}/bin/xhost +SI:localhost:$USER"; + lightdm.enable = true; + }; + extraConfig = '' + Section "InputClass" + Identifier "Touchscreen catchall" + MatchIsTouchscreen "on" + Option "Ignore" "on" + EndSection + ''; + windowManager.session = lib.singleton { + name = "exwm"; + start = "${wpcarrosEmacs}/bin/wpcarros-emacs"; + }; + }; + }; + + # Enable sound. + sound.enable = true; + hardware.pulseaudio.enable = true; + + users.mutableUsers = true; + users.users.wpcarro = { + isNormalUser = true; + extraGroups = [ + "networkmanager" + "wheel" + "video" # needed to control the screen brightness + ]; + shell = pkgs.fish; + }; + + security.sudo.wheelNeedsPassword = false; + + fonts = { + fonts = with pkgs; [ + jetbrains-mono + ]; + + fontconfig = { + defaultFonts = { + monospace = [ "JetBrains Mono" ]; + }; + }; + }; + + programs = wpcarro.common.programs // { + light.enable = true; + }; + + environment.variables = { + EDITOR = "emacsclient"; + ALTERNATE_EDITOR = "emacs -q -nw"; + VISUAL = "emacsclient"; + }; + + home-manager.useGlobalPkgs = true; + home-manager.users.wpcarro = { config, lib, ... }: { + programs.git = { + enable = true; + userName = "William Carroll"; + userEmail = "wpcarro@gmail.com"; + extraConfig = { + pull.rebase = true; + }; + }; + + services.picom = { + enable = true; + vSync = true; + backend = "glx"; + }; + + services.redshift = { + enable = true; + latitude = 37.4223931; + longitude = -122.0864016; + }; + + services.dunst.enable = true; + xdg.configFile."dunst/dunstrc" = { + source = wpcarro.dotfiles.dunstrc; + onChange = '' + ${pkgs.procps}/bin/pkill -u "$USER" ''${VERBOSE+-e} dunst || true + ''; + }; + + systemd.user.startServices = true; + }; + + environment.systemPackages = + wpcarro.common.shell-utils ++ + (with pkgs; [ + alacritty + firefox + pavucontrol + quasselClient + tdesktop + weechat + wpcarrosEmacs + xsecurelock + ]); + + system.stateVersion = "21.11"; +} diff --git a/users/wpcarro/nixos/marcus/hardware.nix b/users/wpcarro/nixos/marcus/hardware.nix new file mode 100644 index 000000000000..cd80685abe13 --- /dev/null +++ b/users/wpcarro/nixos/marcus/hardware.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/b8b911ee-e9b9-40ea-89d6-551f11350e7b"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/A7EA-369C"; + fsType = "vfat"; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/b87e2b8f-c835-4179-a428-fe466a846df0"; } + ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/users/wpcarro/nixos/marcus/marcus.el b/users/wpcarro/nixos/marcus/marcus.el new file mode 100644 index 000000000000..94dd164a1237 --- /dev/null +++ b/users/wpcarro/nixos/marcus/marcus.el @@ -0,0 +1,37 @@ +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Dependencies +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(require 'display) +(require 'window-manager) + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Monitor Configuration +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +(display-register laptop + :output "eDP-1" + :primary t + :coords (0 0) + :size (1920 1080) + :rate 30.0 + :dpi 96 + :rotate normal) + +(display-arrangement primary :displays (laptop)) + +(setq window-manager-named-workspaces + (list (make-window-manager-named-workspace + :label "Web Browsing" + :kbd "c" + :display display-laptop) + (make-window-manager-named-workspace + :label "Coding" + :kbd "d" + :display display-laptop) + (make-window-manager-named-workspace + :label "Chatting" + :kbd "h" + :display display-laptop))) + +(window-manager-init :init-hook #'display-arrange-primary) |