{ depot, lib, ... }: config: let nixpkgs = import depot.third_party.nixpkgsSrc { config.allowUnfree = true; }; lieer = depot.third_party.lieer {}; # add google-c-style here because other machines get it from, eh, # elsewhere. frogEmacs = (depot.users.tazjin.emacs.overrideEmacs(epkgs: epkgs ++ [ depot.third_party.emacsPackages.google-c-style ])); # All Buildkite hooks are actually besadii, but it's being invoked # with different names. buildkiteHooks = depot.third_party.runCommandNoCC "buildkite-hooks" {} '' mkdir -p $out/bin ln -s ${depot.ops.besadii}/bin/besadii $out/bin/post-command ''; in depot.lib.fix(self: { imports = [ "${depot.depotPath}/ops/nixos/v4l2loopback.nix" ]; boot = { tmpOnTmpfs = true; kernelModules = [ "kvm-amd" ]; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; initrd = { luks.devices.frog-crypt.device = "/dev/disk/by-label/frog-crypt"; availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; kernelModules = [ "dm-snapshot" ]; }; kernelPackages = nixpkgs.linuxPackages_latest; kernel.sysctl = { "kernel.perf_event_paranoid" = 1; }; kernelPatches = [ depot.third_party.kernelPatches.trx40_usb_audio ]; }; hardware = { cpu.amd.updateMicrocode = true; enableRedistributableFirmware = true; pulseaudio.enable = true; u2f.enable = true; opengl = { enable = true; driSupport = true; driSupport32Bit = true; }; }; nix = { maxJobs = 48; nixPath = [ "depot=/depot" "nixpkgs=${depot.third_party.nixpkgsSrc}" ]; binaryCaches = ["ssh://nix-ssh@whitby.tvl.fyi"]; binaryCachePublicKeys = ["cache.tvl.fyi:fd+9d1ceCPvDX/xVhcfv8nAa6njEhAGAEe+oGJDEeoc="]; }; nixpkgs.pkgs = nixpkgs; networking = { hostName = "frog"; useDHCP = false; interfaces.enp67s0.useDHCP = true; # Don't use ISP's DNS servers: nameservers = [ "8.8.8.8" "8.8.4.4" ]; firewall.enable = false; }; # Generate an immutable /etc/resolv.conf from the nameserver settings # above (otherwise DHCP overwrites it): environment.etc."resolv.conf" = with lib; { source = depot.third_party.writeText "resolv.conf" '' ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") self.networking.nameservers)} options edns0 ''; }; time.timeZone = "Europe/London"; fileSystems = { "/".device = "/dev/disk/by-label/frog-root"; "/boot".device = "/dev/disk/by-label/BOOT"; "/home".device = "/dev/disk/by-label/frog-home"; }; # Configure user account users.extraUsers.tazjin = { extraGroups = [ "wheel" "audio" ]; isNormalUser = true; uid = 1000; shell = nixpkgs.fish; }; security.sudo = { enable = true; extraConfig = "wheel ALL=(ALL:ALL) SETENV: ALL"; }; fonts = { fonts = with nixpkgs; [ corefonts dejavu_fonts jetbrains-mono noto-fonts-cjk noto-fonts-emoji ]; fontconfig = { hinting.enable = true; subpixel.lcdfilter = "light"; defaultFonts = { monospace = [ "JetBrains Mono" ]; }; }; }; # Configure location (Vauxhall, London) for services that need it. location = { latitude = 51.4819109; longitude = -0.1252998; }; programs.fish.enable = true; programs.ssh.startAgent = true; services.redshift.enable = true; services.openssh.enable = true; services.fstrim.enable = true; # Required for Yubikey usage as smartcard services.pcscd.enable = true; services.udev.packages = [ nixpkgs.yubikey-personalization ]; services.xserver = { enable = true; layout = "us"; xkbOptions = "caps:super"; exportConfiguration = true; videoDrivers = [ "amdgpu" ]; displayManager = { # Give EXWM permission to control the session. sessionCommands = "${nixpkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER"; lightdm.enable = true; lightdm.greeters.gtk.clock-format = "%H·%M"; # TODO(tazjin): TZ? }; windowManager.session = lib.singleton { name = "exwm"; start = "${frogEmacs}/bin/tazjins-emacs"; }; }; # Do not restart the display manager automatically systemd.services.display-manager.restartIfChanged = lib.mkForce false; # clangd needs more than ~2GB in the runtime directory to start up services.logind.extraConfig = '' RuntimeDirectorySize=16G ''; # Configure email setup systemd.user.services.lieer-tazjin = { description = "Synchronise mail@tazj.in via lieer"; script = "${lieer}/bin/gmi sync"; serviceConfig = { WorkingDirectory = "%h/mail/account.tazjin"; Type = "oneshot"; }; }; systemd.user.timers.lieer-tazjin = { wantedBy = [ "timers.target" ]; timerConfig = { OnActiveSec = "1"; OnUnitActiveSec = "180"; }; }; # Run a Buildkite agent for depot builds services.buildkite-agents.frog = { enable = true; tokenPath = "/etc/secrets/buildkite-token"; hooks.post-command = "${buildkiteHooks}/bin/post-command"; }; environment.systemPackages = # programs from the depot (with depot; [ frogEmacs fun.idual.script fun.uggc lieer ops.kontemplate third_party.ffmpeg third_party.git third_party.lutris tools.nsfv-setup ]) ++ # programs from nixpkgs (with nixpkgs; [ age bat chromium clang-manpages clang-tools clang_10 curl direnv dnsutils emacs26 # mostly for emacsclient exa fd file gnupg go google-chrome google-cloud-sdk htop hyperfine i3lock iftop imagemagick jq kubectl linuxPackages.perf manpages miller msmtp nix-prefetch-github notmuch obs-studio obs-v4l2sink openssh openssl pass pavucontrol pciutils pinentry pinentry-emacs pmutils pwgen ripgrep rr rustup scrot spotify steam tokei transmission tree unzip usbutils v4l-utils vlc xclip yubico-piv-tool yubikey-personalization zoxide ]); # ... and other nonsense. system.stateVersion = "20.03"; })