about summary refs log tree commit diff
path: root/users/aspen/system/system/machines/ogopogo.nix
blob: 3d41a839e17b2ef89d24ca843f25a8768a1ad597 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
{ depot, modulesPath, config, lib, pkgs, ... }:

{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    (depot.third_party.agenix.src + "/modules/age.nix")
    ../modules/common.nix
    ../modules/xserver.nix
    ../modules/fonts.nix
    ../modules/sound.nix
    ../modules/tvl.nix
    ../modules/development.nix
    ../modules/wireshark.nix
    ../modules/metrics.nix
    ../modules/prometheus-exporter.nix
  ];

  networking.hostName = "ogopogo";

  system.stateVersion = "22.11";

  boot = {
    initrd = {
      availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
      kernelModules = [ ];
    };

    kernelModules = [ "kvm-amd" ];
    blacklistedKernelModules = [ ];
    extraModulePackages = [ ];

    kernel.sysctl = {
      "kernel.perf_event_paranoid" = -1;
    };
  };

  fileSystems = {
    "/" = {
      device = "/dev/disk/by-uuid/d67506cf-7039-484d-97c0-00321a7858dc";
      fsType = "ext4";
    };

    "/boot" = {
      device = "/dev/disk/by-uuid/AE73-03A3";
      fsType = "vfat";
    };

    "/data" = {
      device = "/dev/disk/by-uuid/03e0f4dc-9778-42e2-a59e-45522610e509";
      fsType = "ext4";
    };
  };

  swapDevices = [{
    device = "/dev/disk/by-uuid/8bdae7c8-5160-491f-8cd0-4f0a79acadf9";
  }];

  services.earlyoom = {
    enable = true;
    freeMemThreshold = 5;
  };

  hardware.enableAllFirmware = true;

  hardware.pulseaudio.extraConfig = ''
    load-module module-remap-source source_name=KompleteAudio6_1 source_properties=device.description=KompleteAudio6Input1 master=alsa_input.usb-Native_Instruments_Komplete_Audio_6_458E0FFD-00.multichannel-input remix=no channels=1 master_channel_map=front-left channel_map=mono
    load-module module-remap-source source_name=KompleteAudio6_2 source_properties=device.description=KompleteAudio6Input2 master=alsa_input.usb-Native_Instruments_Komplete_Audio_6_458E0FFD-00.multichannel-input remix=no channels=1 master_channel_map=front-right channel_map=mono
    load-module module-remap-sink sink_name=KompleteAudio6_12 sink_properties=device.description=KompleteAudio6_12 remix=no master=alsa_output.usb-Native_Instruments_Komplete_Audio_6_458E0FFD-00.analog-surround-21 channels=2 master_channel_map=front-left,front-right channel_map=front-left,front-right
  '';

  services.fwupd.enable = true;

  services.tailscale.enable = true;

  hardware.keyboard.zsa.enable = true;

  # Nvidia
  services.xserver = {
    videoDrivers = [ "nvidia" ];
    dpi = 100;
  };
  hardware.graphics.enable = true;
  services.picom = {
    enable = true;
    vSync = true;
  };
  hardware.graphics.enable32Bit = true;
  hardware.nvidia.open = true;

  services.postgresql = {
    enable = true;
    enableTCPIP = true;
    authentication = "host all all 0.0.0.0/0 md5";
    dataDir = "/data/postgresql";
    package = pkgs.postgresql_15;
    settings = {
      wal_level = "logical";
    };
  };

  # ddclient
  age.secrets =
    let
      secret = name: depot.users.aspen.secrets."${name}.age";
    in
    {
      ddclient-password.file = secret "ddclient-password";
    };

  services.ddclient = {
    enable = true;
    domains = [ "home.gws.fyi" ];
    interval = "1d";
    zone = "gws.fyi";
    protocol = "cloudflare";
    username = "root@gws.fyi";
    passwordFile = config.age.secretsDir + "/ddclient-password";
    quiet = true;
  }
  # TODO(aspen): Remove when upgrading past 4.0.0
  // lib.optionalAttrs (lib.versionOlder pkgs.ddclient.version "4.0.0") {
    ssl = false;
  };
}