1
Fork 0

Prepare calypso install

This commit is contained in:
prescientmoon 2024-08-26 17:38:47 +02:00
parent 3a4d400fef
commit 454aae8f88
Signed by: prescientmoon
SSH key fingerprint: SHA256:UUF9JT2s8Xfyv76b8ZuVL7XrmimH4o49p4b+iexbVH4
36 changed files with 707 additions and 285 deletions

View file

@ -1,26 +1,33 @@
keys:
- &users:
- &prescientmoon age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
- &prescientmoon_tethys age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
- &prescientmoon_calypso age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
- &hosts:
- &tethys age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
- &lapetus age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
- &calypso age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
creation_rules:
- path_regex: hosts/nixos/common/secrets.yaml
key_groups:
- age:
- *prescientmoon
- *prescientmoon_tethys
- *prescientmoon_calypso
- *tethys
- *lapetus
- *calypso
- path_regex: hosts/nixos/lapetus/secrets.yaml
key_groups:
- age:
- *prescientmoon
- *prescientmoon_tethys
- *prescientmoon_calypso
- *lapetus
- path_regex: home/features/desktop/wakatime/secrets.yaml
key_groups:
- age:
- *prescientmoon
- *prescientmoon_tethys
- *prescientmoon_calypso
- path_regex: home/features/cli/productivity/secrets.yaml
key_groups:
- age:
- *prescientmoon
- *prescientmoon_tethys
- *prescientmoon_calypso

View file

@ -17,9 +17,9 @@ The current state of this repo is a refactor of my old, messy nixos config, base
This repo's structure is based on the concept of hosts - individual machines configured by me. I'm naming each host based on things in space/mythology (_they are the same picture_). The hosts I have right now are:
- [tethys](./hosts/nixos/tethys/) — my personal laptop
- [calypso](./hosts/nixos/calypso/) — my personal laptop
- [tethys](./hosts/nixos/tethys/) — my previous personal laptop
- [lapetus](./hosts/nixos/lapetus/) — older laptop running as a server
- [euporie](./hosts/nixos/euporie/) — barebones host for testing things insdie a VM
- enceladus — my android phone. Although not configured using nix, this name gets referenced in some places
## File structure

View file

@ -1,13 +1,24 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
stylix.fonts = {
# monospace = { name = "Iosevka"; package = pkgs.iosevka; };
monospace = { name = "Cascadia Code"; package = pkgs.cascadia-code; };
sansSerif = { name = "CMUSansSerif"; package = pkgs.cm_unicode; };
serif = { name = "CMUSerif-Roman"; package = pkgs.cm_unicode; };
monospace = {
name = "Cascadia Code";
package = pkgs.cascadia-code;
};
sansSerif = {
name = "CMUSansSerif";
package = pkgs.cm_unicode;
};
serif = {
name = "CMUSerif-Roman";
package = pkgs.cm_unicode;
};
sizes = {
desktop = 13;
applications = 15;
terminal = 25;
};
};
}

View file

@ -491,11 +491,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1720411406,
"narHash": "sha256-Z3tMBbMeYQKz1YYmSnbLglG9lm1l/EU+h3CFPJCli4I=",
"lastModified": 1723521794,
"narHash": "sha256-mmcakr+6z7/SDg+e2p1TYQorjYvUzWqG2KUIsmikARM=",
"ref": "refs/heads/master",
"rev": "a2a2d880d5ec199ee333c9bf929865d65f92a1d4",
"revCount": 3677,
"rev": "abafaabfa893ac432bae898a8652bc4a83c49d27",
"revCount": 3727,
"type": "git",
"url": "https://gitlab.com/rycee/nur-expressions?dir=pkgs/firefox-addons"
},

113
flake.nix
View file

@ -60,7 +60,7 @@
spicetify-nix.inputs.nixpkgs.follows = "nixpkgs";
# }}}
# {{{ Theming
darkmatter-grub-theme.url = gitlab:VandalByte/darkmatter-grub-theme;
darkmatter-grub-theme.url = "gitlab:VandalByte/darkmatter-grub-theme";
darkmatter-grub-theme.inputs.nixpkgs.follows = "nixpkgs";
stylix.url = "github:danth/stylix/a33d88cf8f75446f166f2ff4f810a389feed2d56";
@ -73,7 +73,13 @@
};
# }}}
outputs = { self, nixpkgs, home-manager, ... }@inputs:
outputs =
{
self,
nixpkgs,
home-manager,
...
}@inputs:
let
# {{{ Common helpers
inherit (self) outputs;
@ -84,33 +90,37 @@
upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
};
# }}}
in
# }}}
{
# {{{ Packages
# Accessible through 'nix build', 'nix shell', etc
packages = forAllSystems
(system:
let
pkgs = nixpkgs.legacyPackages.${system};
upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
myPkgs = import ./pkgs { inherit pkgs upkgs; };
in
myPkgs // {
octodns = upkgs.octodns.withProviders
(ps: [ myPkgs.octodns-cloudflare ]);
} // (import ./dns/pkgs.nix) { inherit pkgs self system; }
);
packages = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
myPkgs = import ./pkgs { inherit pkgs upkgs; };
in
myPkgs
// {
octodns = upkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]);
}
// (import ./dns/pkgs.nix) { inherit pkgs self system; }
);
# }}}
# {{{ Bootstrapping and other pinned devshells
# Accessible through 'nix develop'
devShells = forAllSystems
(system:
let
pkgs = nixpkgs.legacyPackages.${system};
args = { inherit pkgs; } // specialArgs system;
in
import ./devshells args);
devShells = forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
args = {
inherit pkgs;
} // specialArgs system;
in
import ./devshells args
);
# }}}
# {{{ Overlays and modules
# Custom packages and modifications, exported as overlays
@ -126,24 +136,38 @@
# NixOS configuration entrypoint
# Available through 'nixos-rebuild --flake .#...
nixosConfigurations =
let nixos = { system, hostname }: nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = specialArgs system;
let
nixos =
{ system, hostname }:
nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = specialArgs system;
modules = [
home-manager.nixosModules.home-manager
{
home-manager.users.pilot = import ./home/${hostname}.nix;
home-manager.extraSpecialArgs = specialArgs system // { inherit hostname; };
home-manager.useUserPackages = true;
modules = [
# {{{ Import home manager
(
{ lib, ... }:
{
imports = lib.lists.optional (builtins.pathExists ./home/${hostname}.nix) [
home-manager.nixosModules.home-manager
{
home-manager.users.pilot = import ./home/${hostname}.nix;
home-manager.extraSpecialArgs = specialArgs system // {
inherit hostname;
};
home-manager.useUserPackages = true;
stylix.homeManagerIntegration.followSystem = false;
stylix.homeManagerIntegration.autoImport = false;
}
stylix.homeManagerIntegration.followSystem = false;
stylix.homeManagerIntegration.autoImport = false;
}
];
}
)
# }}}
./hosts/nixos/${hostname}
];
};
./hosts/nixos/${hostname}
];
};
in
{
tethys = nixos {
@ -156,14 +180,15 @@
hostname = "lapetus";
};
# Disabled because `flake check` complains about filesystems and bootloader
# options not being set. This is not an issue in practice, as this config is
# supposed to be used inside a VM, but there's not much I can do about it.
# euporie = nixos {
# system = "x86_64-linux";
# hostname = "euporie";
# };
calypso = nixos {
system = "x86_64-linux";
hostname = "calypso";
};
iso = nixos {
system = "x86_64-linux";
hostname = "iso";
};
};
# }}}
};

74
home/calypso.nix Normal file
View file

@ -0,0 +1,74 @@
{ pkgs, ... }:
{
imports = [
./global.nix
./features/desktop/zathura.nix
./features/desktop/spotify.nix
./features/desktop/obsidian.nix
./features/desktop/foot.nix
./features/desktop/firefox
./features/desktop/discord
./features/cli/productivity
./features/cli/pass.nix
./features/cli/zellij.nix
./features/cli/nix-index.nix
./features/cli/catgirl.nix
./features/cli/lazygit.nix
./features/wayland/hyprland
./features/neovim
];
# Arbitrary extra packages
home.packages = with pkgs; [
# {{{ Communication
# signal-desktop # Signal client
element-desktop # Matrix client
# zoom-us # Zoom client 🤮
# }}}
# {{{ Editors for different formats
gimp # Image editing
# lmms # Music software
# kicad # PCB editing
# libreoffice # Free office suite
# }}}
# {{{ Gaming
# wine # Windows compat layer or whatever
# lutris # Game launcher
# }}}
# {{{ Clis
sops # Secret editing
# sherlock # Search for usernames across different websites
# }}}
# {{{ Misc
bitwarden # Password-manager
qbittorrent # Torrent client
# google-chrome # Not my primary browser, but sometimes needed in webdev
# plover.dev # steno engine
overskride # Bluetooth client
# }}}
# {{{ Media playing/recording
mpv # Video player
imv # Image viewer
# peek # GIF recorder
# obs-studio # video recorder
# }}}
];
home.username = "moon";
home.stateVersion = "24.05";
satellite = {
# Symlink some commonly modified dotfiles outside the nix store
dev.enable = true;
monitors = [
{
name = "eDP-1";
width = 1920;
height = 1080;
}
];
};
}

View file

@ -1,11 +0,0 @@
{
imports = [
./global.nix
./features/wayland/hyprland
];
# Set up my custom imperanence wrapper
satellite.persistence = {
enable = true;
};
}

View file

@ -12,11 +12,20 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwYkx3eWhxZUpTRVR3R1R4
Vm9hMTVsbXBnU0tFU093amU3TTNjalhsVHdvCmZURElTY2Q0eTQvR3M1V3AzTVl4
VkR2NXRHR2FiTURqNUp5Y3VDWFQ1UjgKLS0tIEVlRWs3YUFaZzdvd1Q5bmFwazJi
Y2E3bmM1TkZoOEN0anJqYUNSQUN5ZDAKtobUBBKbfaUeiPtKN4/oTNaxY3C2joCK
8h4FlRLXd+CGnAyjN2p4FliWzLgmOg4HFNmZSmYLpIh4E9yqadNSSg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTk5WWWlsK2ZyTEJEQjFH
ZW1XWm9uTlZBeXB2ZUFzaDVYUTNlSDh3aWpnClRmbExNQmRXMVVNS3BYODF1d2Ez
bVQ3UGZ5TTMrdm5GVjlQMk5sak55Qk0KLS0tIEVLVys2cnJ0Z0EvRmpUV3B2Nk9J
NzVJZmpmODYramRNaHFxL0wzOHduSTgKgq0kqWffjhQnXoiBvsBYCTxHoA6u1jug
xb5LuisZElikx3BVKoNV1HpuUwWe83VSK2hJw1lfpQZ/DFByrv5YfA==
-----END AGE ENCRYPTED FILE-----
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcFlQYjZ1N0JrSnVoUENB
MXl2Um9PMEhCVHFySU1MWnpqNjcxamZJRjJ3CjlMS1N3TjdxOVl1REZ3M2hSYlhi
VW9qZy9FbnJqKy9ObVc5bGNNRksrT3MKLS0tIDY5aGVZUVpkVUgvSVFHbFcwOWVY
SFVUTlpIaDlZUDhJT3hicWpxRzBia2sK6hu2aJMyHMYRwlEkbcPDtqUlU9VsDCsR
fBXvietF/w/TpfY+G2fCEDcWJAtQ7lLM0tNiiNqbUQwWBWddPVyPBA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-12T23:55:37Z"
mac: ENC[AES256_GCM,data:RvJMumDJ2S8JgHwRLG/jhyj1a/ekBmjbzFFk7+6hrDg1/Zi8UzzATLEsEBUhX0X4vlqHBUxv4r61SQEroCl5GXBst+Wtac/zxMGIKm5PDH92HccjJhi4aftGP22PHlYCEOis7+D/Vw7W8ovRCFpEYVxxslxibCIo9RuUf8vDE94=,iv:kavw38JSPem1eChO+ntLwLFt6bAJT1rd8s00nmHNzGY=,tag:QuncWa50NvpLqMZGS0F9ug==,type:str]

View file

@ -15,4 +15,7 @@
package = pkgs.papirus-icon-theme;
name = "Papirus";
};
# Bigger text in qt apps
home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4;
}

View file

@ -8,11 +8,20 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDR0RmdFIxNFJpQTdGYXlq
bkZrNktMaFlrOEZtSXh6Y1l6NTN0REN6N2dnCmNMRUk2TXA3RWhtZVlnbTg2aE00
eFVwejBTcWRaTUhGWFFIS1RlVkhhQ28KLS0tIEdWWGRWSDZOQW9pQkdCRFFncTM2
cURjWFplY1pyMzY4a0h6cTRLS2I2ZW8KqGtYjCsdriSWdKhC+kGBAMSY9WVDL3tE
oMxyhrgDMtWndZEGv1+J3XLLmatDKmEcJO2k0CXZlCWWj17O4Rm+eA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2dDhCMWVSY280NUlsd3Bu
L3QreE1zSGdQWnV3Tm1SQzh2SUF0VDlBcTMwCjNhdE51VzlRdXlRY241VXpaVkFR
MndqZTQxQ0FCQ3pvb3BXcXRrR3BYc2cKLS0tIElLYkVLL2h2NXNabW5CRXVla0pa
LzY0ejRvMDVmR21ISkdraHZzTndmRmcKVcQeKFytVs8QlkQpMA1GfLL8ccrbSqD+
7+5YJoDMiHS01Jgbh+4HNFIg/P3S3yIOCRx+ukvWF2/p7GP55Braxg==
-----END AGE ENCRYPTED FILE-----
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBackQ3NzRMZ25RekM5cjNz
dlRXeTUyTVFlSDFRSC9jeFFoYlVKbWJRbEFNCnpKZHViK2F2VWJYTTBlNXpITUo1
SFlUZUR0WTE4cUFZQlE0YzJJdS9TVVEKLS0tIE45Y25Bam5mdUNkTXkwOGkzb09t
ejU0YlVQR3JhaUE2aHBRUFhXaEdTV1EKgsHa/nufIXbLnrkvXNsZJ30dH1L2tMKf
jZufrpkQuPXWYzubUYejgQ0/yHGTDQtT9ptn72isGKKgSJZllCnPiA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-09T13:00:44Z"
mac: ENC[AES256_GCM,data:pvcHe28Vnv/Trq84YwQjDKNiITdX5HbdRaLtoq0gzVGzuN9VL5GtufQN+rtZY3RLFDdEt6qeJe4ichVSK88S0VUEsc5CtsvR1QR59aZ20dsiELI6a9qyOLlCJCP80J9XWCe3Gr93v7AoelKdpPFo2BcRL7TNbkYxJC9t0JienSY=,iv:PtIH5IeCA7SmgekT8hs9p0kXtg4xrivhOz3HWG9UpTA=,tag:1B+POnrhCXFP/WsrfOnn3w==,type:str]

View file

@ -1,4 +1,10 @@
{ inputs, lib, config, outputs, ... }:
{
inputs,
lib,
config,
outputs,
...
}:
let
# {{{ Imports
imports = [
@ -23,8 +29,8 @@ let
../common
# }}}
];
# }}}
in
# }}}
{
# Import all modules defined in modules/home-manager
imports = builtins.attrValues outputs.homeManagerModules ++ imports;
@ -32,10 +38,9 @@ in
# {{{ Nixpkgs
nixpkgs = {
# Add all overlays defined in the overlays directory
overlays = builtins.attrValues outputs.overlays ++
lib.lists.optional
config.satellite.toggles.neovim-nightly.enable
inputs.neovim-nightly-overlay.overlay;
overlays =
builtins.attrValues outputs.overlays
++ lib.lists.optional config.satellite.toggles.neovim-nightly.enable inputs.neovim-nightly-overlay.overlay;
config.allowUnfree = true;
@ -55,7 +60,6 @@ in
home = {
username = lib.mkDefault "adrielus";
homeDirectory = "/home/${config.home.username}";
stateVersion = lib.mkDefault "23.05";
};
# }}}
# {{{ Ad-hoc settings

View file

@ -1,3 +1,4 @@
{
imports = [ ./global.nix ];
home.stateVersion = "23.05";
}

View file

@ -1,4 +1,5 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
imports = [
./global.nix
@ -20,7 +21,6 @@
# Arbitrary extra packages
home.packages = with pkgs; [
alacritty
# {{{ Communication
# signal-desktop # Signal client
element-desktop # Matrix client
@ -57,15 +57,18 @@
];
home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4; # Bigger text in qt apps
home.stateVersion = "23.05";
satellite = {
# Symlink some commonly modified dotfiles outside the nix store
dev.enable = true;
monitors = [{
name = "eDP-1";
width = 1920;
height = 1080;
}];
monitors = [
{
name = "eDP-1";
width = 1920;
height = 1080;
}
];
};
}

View file

@ -0,0 +1,56 @@
{ config, ... }:
{
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.05";
# {{{ Imports
imports = [
../common/global
../common/users/pilot.nix
../common/optional/bluetooth.nix
../common/optional/greetd.nix
../common/optional/oci.nix
../common/optional/quietboot.nix
../common/optional/desktop
../common/optional/desktop/steam.nix
../common/optional/wayland/hyprland.nix
../common/optional/services/kanata.nix
../common/optional/services/syncthing.nix
../common/optional/services/restic
./services/snapper.nix
./filesystems
./hardware
];
# }}}
# {{{ Machine ids
networking.hostName = "calypso";
networking.hostId = "";
environment.etc.machine-id.text = "";
# }}}
# {{{ Tailscale internal IP DNS records
satellite.dns.records = [
# {
# at = config.networking.hostName;
# type = "A";
# value = "100.93.136.59";
# }
# {
# at = config.networking.hostName;
# type = "AAAA";
# value = "fd7a:115c:a1e0::e75d:883b";
# }
];
# }}}
# {{{ A few ad-hoc programs
programs.kdeconnect.enable = true;
programs.firejail.enable = true;
# }}}
satellite.pilot.name = "moon";
boot.loader.systemd-boot.enable = true;
}

View file

@ -0,0 +1,40 @@
{ lib, pkgs, ... }:
{
imports = [ (import ./partitions.nix { }) ];
boot.supportedFilesystems = [ "btrfs" ];
services.btrfs.autoScrub.enable = true;
# {{{ Mark a bunch of paths as needed for boot
fileSystems =
lib.attrsets.genAttrs
[
"/"
"/nix"
"/persist/data"
"/persist/state"
"/persist/local/cache"
"/boot"
]
(p: {
neededForBoot = true;
});
# }}}
# {{{ Rollback
boot.initrd.systemd.services.rollback = {
path = [ pkgs.btrfs-progs ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
unitConfig.DefaultDependencies = "no";
wantedBy = [ "initrd.target" ];
after = [ "systemd-cryptsetup@enc.service" ];
before = [ "sysroot.mount" ];
script = ''
btrfs subvolume delete /root
btrfs subvolume snapshot /blank /root
'';
};
# }}}
}

View file

@ -0,0 +1,102 @@
{
disks ? [ "/dev/sda" ],
...
}:
{
disko.devices.disk.main = {
type = "disk";
device = builtins.elemAt disks 0;
content = {
type = "gpt";
partitions = {
# {{{ Boot
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
# }}}
# {{{ Luks
luks = {
size = "384G"; # The remaining space is left for windows
content = {
type = "luks";
name = "crypted";
passwordFile = "/hermes/secrets/calypso/disk.key";
settings.allowDiscards = true;
content = {
type = "btrfs";
extraArgs = [ "-f" ];
postCreateHook = ''
# We then take an empty *readonly* snapshot of the root subvolume,
# which we'll eventually rollback to on every boot.
btrfs subvolume snapshot -r /root /blank
'';
subvolumes = {
# {{{ /root
"/root" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
];
};
# }}}
# {{{ /swap
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "20G";
};
# }}}
# {{{ /root/persist/data
"/root/persist/data" = {
mountpoint = "/persist/data";
mountOptions = [
"compress=zstd"
"noatime"
];
};
# }}}
# {{{ /root/persist/state
"/root/persist/state" = {
mountpoint = "/persist/state";
mountOptions = [
"compress=zstd"
"noatime"
];
};
# }}}
# {{{ /root/local/nix
"/root/local/nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
];
};
# }}}
# {{{ /root/local/cache
"/root/local/cache" = {
mountpoint = "/persist/local/cache";
mountOptions = [
"compress=zstd"
"noatime"
];
};
# }}}
};
};
};
};
# }}}
};
};
};
}

View file

@ -0,0 +1,28 @@
{ inputs, ... }:
{
# {{{ Imports
imports = with inputs.nixos-hardware.nixosModules; [
common-cpu-amd
common-gpu-amd
common-pc-laptop
common-pc-ssd
./generated.nix
];
# }}}
# {{{ Misc
hardware.enableAllFirmware = true;
hardware.opengl.enable = true;
hardware.opentabletdriver.enable = true;
hardware.keyboard.qmk.enable = true;
# }}}
# {{{ Power management
powerManagement.cpuFreqGovernor = "performance";
services.tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_BAT = "performance";
CPU_SCALING_GOVERNOR_ON_AC = "performance";
};
};
# }}}
}

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBwFNYf8q84oGOwiGCXmJqeBPdglTPcWJB9nnLpmS2RG root@tethys

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASX1E4WYg5dydret3G0fWYJLQn2oRxNZdHWWaJojW1a root@tethys

View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAfRDNDA5B0YlnR0K5wQ0w6pMl0Pi8WIjanKol5SA615VDye3caBdv3UzxdC221ECIa9bZQcaKt/ncIuj/3fE49W8D0+2wL/1Eruy4ximAVAtLgIMzm+hl/dP3KsyTjUajIUbso08S9PUjtJl8PgmiiEPEppMAo++hwKycn5bRoUywE/VoNgPhAB5sgKaFZiQhPu4q0mZWhikGiaJzKPRi84bP4gCL9/h0slSWP3VmhWE7Vyvyjv6OKHdfjXoJA/AjSd3VogmGnzDWUI5lkwJzkHv/ybie9+7y+0o+wBu4+0lJlchBEq0f6dp9fw0MZRt84DYw8/MFDa+SXq5cO5aAwHARpRYeAHkPIRnwJbxTqn6uDlAdWrIxY8SPXIrrBpfnVSoaH8SJN/spsEoILkqrOpncQi5QP1rY8Bi2zaI13WD1kYsh9l4FqmqvCeawEgN0pedudZf2qqHWD93lDTAWxM7k5rPHSSgnnfsgwE35peBpmepJH8ZNFaBqw+aCvIM= root@tethys

View file

@ -0,0 +1,37 @@
{
services.snapper = {
snapshotInterval = "hourly";
cleanupInterval = "1d";
# http://snapper.io/manpages/snapper-configs.html
configs = {
# {{{ Data
data = {
SUBVOLUME = "/root/persist/data";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
BACKGROUND_COMPARISON = "yes";
TIMELINE_LIMIT_HOURLY = "24";
TIMELINE_LIMIT_DAILY = "7";
TIMELINE_LIMIT_WEEKLY = "4";
TIMELINE_LIMIT_MONTHLY = "12";
TIMELINE_LIMIT_YEARLY = "0";
};
# }}}
# {{{ State
state = {
SUBVOLUME = "/root/persist/state";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
BACKGROUND_COMPARISON = "yes";
TIMELINE_LIMIT_HOURLY = "6";
TIMELINE_LIMIT_DAILY = "3";
TIMELINE_LIMIT_WEEKLY = "1";
TIMELINE_LIMIT_MONTHLY = "1";
TIMELINE_LIMIT_YEARLY = "0";
};
# }}}
};
};
}

View file

@ -1,12 +0,0 @@
{ pkgs, inputs, lib, ... }: {
security.sudo = {
enable = true;
extraRules = [{
commands = [{
command = lib.getExe inputs.deploy-rs.packages.${pkgs.system}.default;
options = [ "NOPASSWD" ];
}];
groups = [ "wheel" ];
}];
};
}

View file

@ -1,5 +1,11 @@
# Configuration pieces included on all (nixos) hosts
{ inputs, lib, config, outputs, ... }:
{
inputs,
lib,
config,
outputs,
...
}:
let
# {{{ Imports
imports = [
@ -23,8 +29,8 @@ let
../../../../common
# }}}
];
# }}}
in
# }}}
{
# Import all modules defined in modules/nixos
imports = builtins.attrValues outputs.nixosModules ++ imports;
@ -44,13 +50,17 @@ in
# Boot using systemd
boot.initrd.systemd.enable = true;
# }}}
# {{{ Disable sudo default lecture
security.sudo.extraConfig = ''
Defaults lecture = never
'';
# }}}
nixpkgs = {
# Add all overlays defined in the overlays directory
overlays = builtins.attrValues outputs.overlays ++
lib.lists.optional
config.satellite.toggles.neovim-nightly.enable
inputs.neovim-nightly-overlay.overlay;
overlays =
builtins.attrValues outputs.overlays
++ lib.lists.optional config.satellite.toggles.neovim-nightly.enable inputs.neovim-nightly-overlay.overlay;
config.allowUnfree = true;
};

View file

@ -1,5 +1,10 @@
# This setups a SSH server.
{ outputs, config, lib, ... }:
{
outputs,
config,
lib,
...
}:
let
# Record containing all the hosts
hosts = outputs.nixosConfigurations;
@ -15,8 +20,8 @@ in
enable = true;
settings = {
PermitRootLogin = "no"; # Forbid root login through SSH.
PasswordAuthentication = false; # Use keys only.
PermitRootLogin = lib.mkDefault "no"; # Forbid root login through SSH.
PasswordAuthentication = lib.mkDefault false; # Use keys only.
};
# Automatically remove stale sockets
@ -26,7 +31,10 @@ in
# Generate ssh key
hostKeys =
let mkKey = type: path: extra: { inherit type path; } // extra;
let
mkKey =
type: path: extra:
{ inherit type path; } // extra;
in
[
(mkKey "ed25519" "/persist/state/etc/ssh/ssh_host_ed25519_key" { })
@ -43,19 +51,22 @@ in
# attrsetof host -> attrsetof { ... }
(builtins.mapAttrs
# string -> host -> { ... }
(name: _: {
publicKeyFile = pubKey name;
extraHostNames = lib.optional (name == hostname) "localhost";
}))
(
name: _: {
publicKeyFile = pubKey name;
extraHostNames = lib.optional (name == hostname) "localhost";
}
)
)
# attrsetof { ... } -> attrsetof { ... }
(lib.attrsets.filterAttrs
# string -> { ... } -> bool
(_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile))
(_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile)
)
];
};
# By default, this will ban failed ssh attempts
services.fail2ban.enable = true;

View file

@ -0,0 +1,8 @@
{
imports = [
../pipewire.nix
./xdg-portal.nix
];
stylix.targets.gtk.enable = true;
}

View file

@ -1,14 +1,8 @@
{
virtualisation.oci-containers.backend = "docker";
environment.persistence = {
"/persist/state".directories = [
"/var/lib/containers/storage"
];
"/persist/local/cache".directories = [
"/var/lib/containers/cache"
];
"/persist/state".directories = [ "/var/lib/containers/storage" ];
"/persist/local/cache".directories = [ "/var/lib/containers/cache" ];
};
}

View file

@ -11,29 +11,47 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbzNLcXFBcTlIM3hjZTN0
bTFZUDJnS3lROExSREVkd0FMeHU3RGVWdzJnCkszOVROZlBmZWl2cjFkcTZ1OWZw
eThXSTliNmxHM3o3NzhUOUkvU0YzNzgKLS0tIHBWSmRTTlJBdmlKQy9YWHR0NGds
ak5kUFRJK3JCcUYvSFY2eGtIOTk3RkkKl3yBZjjBExU9RoZbaKBixfsywqFWFnq4
n7olhkNMVIC+BcLYno0oIT2oILASMkE3NbH85IHlYZY2qQvFKDbG7w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRVRLdlFuS3I5aXRKRmdF
TjFHY3Yvc2NUUlpYRUR6Y2JHRVgzTkhOZjFNCkhnZjU0R0VIbDJSNVNSb2hZUDd3
SERkaExNdkRDOXRSWlg5enluY3dXRUUKLS0tIFZBNTJYaHhxbmZhMG56UGFtd25u
aVNDS2h1NnFmMERIMzdUanp1MitBTGcKp4s32NVcyeJNI6BDeU1GGz5xjoSW/iH7
hUxXrZaRqtiVegq7Ukv7mXCVjAy1x/Flb4dDag4Ym4ReTsyKZpQf/w==
-----END AGE ENCRYPTED FILE-----
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZzNPU0pBVjJPREF2SGhQ
REl2ckdxakwrdHFPU0RPN0J1K0s1TWFsK0NzCjMzeGgyRktTWWpVVkFxQUpFZDBC
bDRuRHZOOU5ueHN6RlY2VUwxQThmNXcKLS0tIEtVU3F3VUZSRGJtU0VBcVh0NXRh
eFA2TWtCYmpGN2paWnRSQlBoZk83MkkKwIDlq6u31cc1toMfBHvA932dJyozUYa0
e45KrBC3gy/5wZWcN7MktBgqd2khufa+KEMQv7c3ldyixKXokuBRhw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aExaRC9SclVvT1g4WFI0
N1grVzZWWmpPaGEwRmx3TjUyK0dvL0RNdmhjClY5UmI0eWZOTXZqbGFxT05OSnk1
RTAyYStRN0NsRnZlWk03eXIrajdiRjQKLS0tIHlMdzBVNFEzR2FuVFZEWStFY1hh
MnFiSGt3dWZxWnF3M2FkbTJzSTA2VTAKtD40Gp12vB24Wnr8NvY7/ZWr9XVDF9Bl
FUL34R1mpgweNJ1IowFPgQbxsyMTG7iYB4jC50JZNOKJxe9NaeOUlQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VC9ia21rTWpPSnJaamM3
YzZqMzNJZDA4Q095OTMrR0JGTzczU2RWMVJNCnE0QzNvWWhscnQyWk5WOTV4Vld4
SmJSdVdOMTRWWDFxUzJxc3hWZmxzUTQKLS0tIE9LWEtjc0x5WkpGWTUwMEt2d25K
TVJJWktOdW1Ic2E4MWpIbjQrdllkMzgK6M8T6M4rAMGgnWcVao/tp0PWG4NXvTTZ
/yNJgLZdBeHQevceLc4madD42IcrX7P2zeb6TM7l0DQVWCy+cBTN8w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtK0pFcWlheEwzV3N3bVFQ
K3EwNXI5MXQyYld6Z3J1aVNHWlQ4UjlxSzIwCktDbG9iMFRVQnJBenhWVFhLa2N1
SWRMR3JLajJscWFqMy84aGNFcy9UK1UKLS0tIEZoT0d2bVJpV3ByWmV0eENZVjM3
WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U
sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNmRXMFVKWnB3QjN3dDNj
QmRaRDRGUVJiczUzWE5WdFNReldBdkNOWlVvCmZCKzY4MThrUmNXeGVPTC9LSGtl
OFJOcGZVbVVjY0RveXR5WXNjU3p6UjgKLS0tIENyUHRpbjRyZjZpdjNlUktuL1g5
QmNJVlIvTlhSRXJldUZhZjdsR0gwaHMKuNZcv3s65MtylIYzgDUd0qss4OEeJr8V
aI82/McWGJ6Lg0BVmvTUHbYcF09aMEJHeYEZNAzLiJ1a77tlhmY/jw==
-----END AGE ENCRYPTED FILE-----
- recipient: age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVVU5Wis5dkJRSE5lRy9U
QjFHb21uc0Z3Zmc4Z2J3NTVaajhmQy9nb2xJCjRqK1htbk82M0dnOWNEV0hHcmFz
RXFrSGE2UjdhTWh6RmwvR1psV05lbnMKLS0tIDRidEFBY0x2cXMrSHJXaXBuaE4r
WXFQQXh2cjlMdzhpa1JUdVVBK3pNbTQK6peUF0mWtmfSuN6KnoYPTEg8sIp/t0R2
ygJEf8cpNiVxN0vsF/4kwyC/V4JE4XllsKrKF4NhVrBq96m1RmKlYg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-29T19:34:39Z"
mac: ENC[AES256_GCM,data:ruCV2JKgFN6BiTYjOwlhNmjDCh9ZRJ9E+H0x0uVevZnsTEcFlTUh5iNSiw3uJtcKcA4H4kuGPXlolyxuGVGsAhVFD4G3zR84i9TTHmGT4STC2dNebcA9VUXVnfPhEUFAExrPRxbEqvx3o0QPZIfGonPQzl3xhJzOPahYsRJOwTQ=,iv:rSuuhOgzOgE7DosgVEWDT1jenF3m+NqnCSEKjoCBrfE=,tag:7pAV4jKvJYG1vPqEEMqOPg==,type:str]

View file

@ -1,6 +1,12 @@
{ pkgs, outputs, config, lib, ... }:
{
satellite.pilot.name = "adrielus";
pkgs,
outputs,
config,
lib,
...
}:
{
satellite.pilot.name = lib.mkDefault "adrielus";
sops.secrets.pilot_password = {
sopsFile = ../secrets.yaml;
@ -33,12 +39,10 @@
"syncthing" # syncthing!
];
hashedPasswordFile = config.sops.secrets.pilot_password.path;
shell = pkgs.fish;
openssh.authorizedKeys.keyFiles =
(import ./common.nix).authorizedKeys { inherit outputs lib; };
openssh.authorizedKeys.keyFiles = (import ./common.nix).authorizedKeys { inherit outputs lib; };
};
};
}

View file

@ -1,20 +0,0 @@
{ lib, ... }: {
imports = [
../common/global
../common/users/guest.nix
../common/optional/greetd.nix
../common/optional/pipewire.nix
../common/optional/desktop/xdg-portal.nix
../common/optional/wayland/hyprland.nix
];
# Usually included in the hardware-configuration
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
# Set the name of this machine!
networking.hostName = "euporie";
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "22.11";
}

View file

@ -0,0 +1,13 @@
{ modulesPath, pkgs, ... }:
{
imports = [
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
../common/global/services/openssh.nix
../common/global/locale.nix
../common/global/cli/fish.nix
../common/global/nix.nix
];
environment.systemPackages = [ pkgs.neovim ];
}

View file

@ -1,4 +1,9 @@
{ config, ... }: {
{ config, ... }:
{
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "23.05";
# {{{ Imports
imports = [
../common/global
../common/users/pilot.nix
@ -38,19 +43,13 @@
./filesystems
./hardware
];
# Machine ids
# }}}
# {{{ Machine ids
networking.hostName = "lapetus";
networking.hostId = "08357db3";
environment.etc.machine-id.text = "d9571439c8a34e34b89727b73bad3587";
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "23.05";
# Bootloader
boot.loader.systemd-boot.enable = true;
# Tailscale internal IP DNS records
# }}}
# {{{ Tailscale internal IP DNS records
satellite.dns.records = [
{
at = config.networking.hostName;
@ -63,4 +62,7 @@
value = "fd7a:115c:a1e0::e75d:883b";
}
];
# }}}
boot.loader.systemd-boot.enable = true;
}

View file

@ -18,20 +18,29 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcjFoRm1WNW9jOUJjUC9W
NmxhWGRjWlFHd2tRaXJ6WnpaaWlxSFQ0RlZnCllVNTZ0b0MvL0VURDhQRUE1dDdW
L1NkYzBRRDFLcFpwTTgzRnphLy9GT00KLS0tIFcvU2ZUQ21FZU1NTEFJaHRTVjV3
eU1YeEZIOTJKa3I4c3ZwbVdPMlBLbmMKCBhopcTXWiAwR8ACyDf+P11SYcPrPSSv
QRPJ6I8Y1Lc7KTCbkO8zW2hBb6fdbvWBJQtW0rOfCuGQ831OyArr0w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYQzgvU0NQZUFWT0pjZVBZ
ZThMRTVMWStMRThFYTF6Nkl2MlBXTWhkNUNZCmpVWW52NHNyTjZkZTN3c1NoajFR
M2MyZHFDM2czZHdPMUg2MDNPMnNqaVUKLS0tIHhwRThOYnBHY2FUajN0b0pBQ1Fn
dmZtT0xXR3RjVzd1ckNyVGpaRktnSkkKlPSmdYTQ5Qc3PVn9PhxmetF0fO7rWOwM
OTt7EF41IWwCwwhyQLpUcaCnO08jddPui1C5qnvjSFb/LZILiWQkFA==
-----END AGE ENCRYPTED FILE-----
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMjdib09GZC9DNGVoNCtK
Z3BnZGNXNzNEb1U3aU1xb1pkaUhPcituSEQwClhiVlMvNlU5OUZhbFE0MnZGTGha
eHpRSHlXaExzNnV0VlNEdnpqQmlDa2MKLS0tIFpPc0ovVnhnZ1IyWGNWTEFYZG81
a1NaNzE4VVFNRlBwUHRWdTFwWjJ5a00KJvIyBz6XGV2+lfawWzHqFOMILTXt0Vlx
OTs0i0tNER2kMucEo3LHIayIM/SB1ncXv+vl0rwHCVfbKdQ0ABhb2Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGV2VmdmJ2QlVVbUF6MUtt
dzZFUGJFS3cyKzlTTHJiWjlqRmJkUm04WXh3CktSdGRIUWxJRU5oVVdkUTFwaEZr
M1Y4NnRtclZVTkltOHNjNXAxVW9yaFEKLS0tIGlRYjgwd0FkN0FBU1RSQjRnVWpW
RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTGIzcjYyLyt2QVh1QzJZ
L2NKK0ZFaS9kckdKbjNCd0lBckxlNWV2Qm5NCkoyLy8rOXVPOWt0U1BwTHB3ZTNl
NWVzdEQ0TUU4UjgrbzliRU5kZ0FqWjgKLS0tIE9YNkN1OWFLMVhDd1I3T1Y4Qi9O
VGNDUEo4NmxYR0JQR0NPcUZVdFl1MVEKISsE+UOuBXLZ/5qOeWSf9tPw6XOsNrWa
09bm8O66Ai0AQGhbn0G3Qf/AlcqF+8eRFYZDmpk0HXryuNZYuj7hBw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-13T14:52:30Z"
mac: ENC[AES256_GCM,data:EXVbpc8P8SzTSYw0TWwJBEWYZRpGOAXm4wFS0JbzeiNaWEybZk6Y07Vr5tyaEWucpu52VxLrVwoZn8YSdF9JPAHtTQYYY35MccBkB01+GVXpVDQfxCG9UNYO24qExNboQIs5QRWmtaX7zTbut+ETcOFKHlkqR9g95PZQhsNZx4c=,iv:1Bu9g4/V2ixRvJJBijlkdNO9pdoR+qwDGTeUgr24dsg=,tag:gyF34lCSbF0It4KPmtQYJA==,type:str]

View file

@ -1,15 +1,22 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
# {{{ Jupyterhub/lab env
appEnv = pkgs.python3.withPackages (p: with p; [
jupyterhub
jupyterlab
jupyterhub-systemdspawner
jupyter-collaboration
jupyterlab-git
]);
# }}}
appEnv = pkgs.python3.withPackages (
p: with p; [
jupyterhub
jupyterlab
jupyterhub-systemdspawner
jupyter-collaboration
jupyterlab-git
]
);
in
# }}}
{
systemd.services.jupyterhub.path = [
pkgs.texlive.combined.scheme-full # LaTeX stuff is useful for matplotlib
@ -25,8 +32,8 @@ in
# {{{ Spwaner & auth config
extraConfig = ''
c.Authenticator.allowed_users = {'adrielus', 'javi'}
c.Authenticator.admin_users = {'adrielus'}
c.Authenticator.allowed_users = {'${config.users.users.pilot.name}', 'javi'}
c.Authenticator.admin_users = {'${config.users.users.pilot.name}'}
c.Spawner.notebook_dir='${config.users.users.pilot.home}/projects/notebooks'
c.SystemdSpawner.mem_limit = '2G'
@ -35,13 +42,18 @@ in
# }}}
# {{{ Python 3 kernel
kernels.python3 =
let env = (pkgs.python3.withPackages (p: with p; [
ipykernel
numpy
scipy
matplotlib
tabulate
]));
let
env = (
pkgs.python3.withPackages (
p: with p; [
ipykernel
numpy
scipy
matplotlib
tabulate
]
)
);
in
{
displayName = "Numerical mathematics setup";

View file

@ -1,4 +1,5 @@
{ config, ... }: {
{ config, ... }:
{
# {{{ Zfs config
services.zfs = {
trim.enable = true;
@ -36,12 +37,4 @@
# }}}
};
# }}}
# {{{ Syncoid
# Automatically sync certain snapshot to rsync.net
services.syncoid = {
enable = true;
commands."zroot/root/persist/data".target = "root@rsync.net:zroot/root/persist/data";
commands."zroot/root/persist/state".target = "root@rsync.net:zroot/root/persist/state";
};
# }}}
}

View file

@ -1,88 +1,48 @@
{ pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "22.11";
# {{{ Imports
imports = [
../common/global
../common/users/pilot.nix
../common/optional/pipewire.nix
../common/optional/bluetooth.nix
../common/optional/greetd.nix
../common/optional/oci.nix
../common/optional/quietboot.nix
../common/optional/desktop
../common/optional/desktop/steam.nix
../common/optional/desktop/xdg-portal.nix
../common/optional/wayland/hyprland.nix
../common/optional/services/kanata.nix
../common/optional/services/restic
./services/syncthing.nix
./hardware
./boot.nix
./services/syncthing.nix
];
# }}}
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "22.11";
services.mullvad-vpn.enable = true;
# {{{ Machine ids
networking.hostName = "tethys";
environment.etc.machine-id.text = "08357db3540c4cd2b76d4bb7f825ec88";
# }}}
# {{{ A few ad-hoc hardware settings
hardware.enableAllFirmware = true;
hardware.opengl.enable = true;
hardware.opentabletdriver.enable = true;
hardware.keyboard.qmk.enable = true;
powerManagement.cpuFreqGovernor = "performance";
services.tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_BAT = "performance";
CPU_SCALING_GOVERNOR_ON_AC = "performance";
};
};
# }}}
# {{{ A few ad-hoc programs
programs.kdeconnect.enable = true;
programs.firejail.enable = true;
programs.extra-container.enable = true;
virtualisation.docker.enable = true;
virtualisation.waydroid.enable = true;
# virtualisation.spiceUSBRedirection.enable = true; # This was required for the vm usb passthrough tomfoolery
# }}}
# {{{ Ad-hoc stylix targets
stylix.targets.gtk.enable = true;
# }}}
# {{{ Some ad-hoc site blocking
networking.extraHosts =
let
blacklisted = [
# "twitter.com"
# "www.reddit.com"
"minesweeper.online"
];
blacklist = lib.concatStringsSep "\n" (lib.forEach blacklisted (host: "127.0.0.1 ${host}"));
in
blacklist;
# }}}
services.mullvad-vpn.enable = true;
services.mysql = {
enable = true;
package = pkgs.mysql80;
};
programs.dconf.enable = true;
services.gnome.evolution-data-server.enable = true;
services.gnome.gnome-online-accounts.enable = true;
# Tailscale internal IP DNS records
# }}}
# {{{ Ad-hoc stylix targets
stylix.targets.gtk.enable = true;
# }}}
# {{{ Tailscale internal IP DNS records
satellite.dns.records = [
# {
# at = config.networking.hostName;
@ -95,4 +55,5 @@
# value = "fd7a:115c:a1e0::e75d:883b";
# }
];
# }}}
}

View file

@ -1,5 +1,6 @@
{ inputs, ... }:
{
# {{{ Imports
imports = with inputs.nixos-hardware.nixosModules; [
common-cpu-intel
# common-gpu-intel # This leads to a "prop ... defined twice" error
@ -7,4 +8,21 @@
common-pc-ssd
./generated.nix
];
# }}}
# {{{ Misc
hardware.enableAllFirmware = true;
hardware.opengl.enable = true;
hardware.opentabletdriver.enable = true;
hardware.keyboard.qmk.enable = true;
# }}}
# {{{ Power management
powerManagement.cpuFreqGovernor = "performance";
services.tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_BAT = "performance";
CPU_SCALING_GOVERNOR_ON_AC = "performance";
};
};
# }}}
}