2021-10-09 17:12:45 +01:00
|
|
|
|
#+PROPERTY: header-args :mkdirp yes
|
|
|
|
|
|
2021-10-02 20:21:54 +01:00
|
|
|
|
* Systems
|
|
|
|
|
|
|
|
|
|
I have opted to use NixOS for my systems moving forward. You can read a bit more
|
|
|
|
|
about this move [[https://blog.gabrielsimmer.com/posts/from-guix-to-nixos][here]]. I haven't dabbled with custom configuration too much so
|
|
|
|
|
this is pretty close to the default configuration.
|
|
|
|
|
|
2021-10-09 17:12:45 +01:00
|
|
|
|
** London
|
|
|
|
|
|
|
|
|
|
London is my primary desktop.
|
|
|
|
|
|
|
|
|
|
#+begin_src nix :tangle nix/configuration.nix
|
2021-10-02 20:21:54 +01:00
|
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
imports =
|
|
|
|
|
[
|
|
|
|
|
./hardware-configuration.nix
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
|
|
|
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
|
|
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
|
|
|
|
|
|
networking.hostName = "london";
|
|
|
|
|
|
|
|
|
|
# i18n stuff.
|
|
|
|
|
time.timeZone = "Europe/London";
|
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
|
console = {
|
|
|
|
|
font = "Lat2-Terminus16";
|
|
|
|
|
keyMap = "us";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Networking stuff.
|
|
|
|
|
networking.useDHCP = false;
|
|
|
|
|
networking.interfaces.enp4s0.useDHCP = true;
|
|
|
|
|
services.tailscale.enable = true;
|
|
|
|
|
|
|
|
|
|
# Enable the X11 windowing system.
|
|
|
|
|
services.xserver.enable = true;
|
|
|
|
|
services.xserver.videoDrivers = [ "nvidia" ];
|
|
|
|
|
|
2021-10-02 20:51:21 +01:00
|
|
|
|
hardware.opengl = {
|
|
|
|
|
enable = true;
|
|
|
|
|
extraPackages = with pkgs; [
|
2021-10-09 17:12:45 +01:00
|
|
|
|
vaapiIntel
|
|
|
|
|
vaapiVdpau
|
|
|
|
|
libvdpau-va-gl
|
|
|
|
|
];
|
2021-10-02 20:51:21 +01:00
|
|
|
|
setLdLibraryPath = true;
|
|
|
|
|
driSupport32Bit = true;
|
|
|
|
|
};
|
|
|
|
|
# Required for Proton games to function.
|
|
|
|
|
programs.steam.enable = true;
|
2021-10-02 20:21:54 +01:00
|
|
|
|
|
|
|
|
|
# Enable the GNOME Desktop Environment.
|
|
|
|
|
services.xserver.displayManager.gdm.enable = true;
|
|
|
|
|
services.xserver.desktopManager.gnome.enable = true;
|
2021-10-09 17:12:45 +01:00
|
|
|
|
|
2021-10-02 20:21:54 +01:00
|
|
|
|
# Configure keymap in X11
|
|
|
|
|
services.xserver.layout = "us";
|
|
|
|
|
|
2021-10-09 17:12:45 +01:00
|
|
|
|
# Disabled and replaced with Pipewire.
|
2021-10-02 20:21:54 +01:00
|
|
|
|
hardware.pulseaudio.enable = false;
|
|
|
|
|
security.rtkit.enable = true;
|
|
|
|
|
services.pipewire = {
|
|
|
|
|
enable = true;
|
|
|
|
|
alsa.enable = true;
|
|
|
|
|
alsa.support32Bit = true;
|
|
|
|
|
pulse.enable = true;
|
|
|
|
|
jack.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
programs.zsh.enable = true;
|
|
|
|
|
users.users.gsimmer = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
shell = pkgs.zsh;
|
|
|
|
|
extraGroups = [ "wheel" "networkmanager" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
vim
|
|
|
|
|
wget
|
|
|
|
|
firefox
|
|
|
|
|
emacs
|
|
|
|
|
curl
|
|
|
|
|
podman
|
|
|
|
|
tailscale
|
|
|
|
|
];
|
2021-10-07 17:38:55 +01:00
|
|
|
|
services.flatpak.enable = true;
|
2021-10-09 17:12:45 +01:00
|
|
|
|
xdg.portal.enable = true;
|
2021-10-02 20:21:54 +01:00
|
|
|
|
programs.mtr.enable = true;
|
|
|
|
|
programs.gnupg.agent = {
|
|
|
|
|
enable = true;
|
|
|
|
|
enableSSHSupport = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.firewall.enable = false;
|
|
|
|
|
|
2021-10-09 17:12:45 +01:00
|
|
|
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
|
|
|
|
|
2021-10-02 20:21:54 +01:00
|
|
|
|
# This value determines the NixOS release from which the default
|
|
|
|
|
# settings for stateful data, like file locations and database versions
|
|
|
|
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
|
|
|
# this value at the release version of the first install of this system.
|
|
|
|
|
# Before changing this value read the documentation for this option
|
|
|
|
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
|
|
|
system.stateVersion = "21.05"; # Did you read the comment?
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
#+end_src
|
|
|
|
|
|
|
|
|
|
My goal here is to leverage the hardware configuration generated by
|
|
|
|
|
the NixOS to seperate out the specific-to-my-current-hardware configuration.
|
|
|
|
|
|
2021-10-09 17:12:45 +01:00
|
|
|
|
#+begin_src nix :tangle nix/hardware-configuration.nix
|
2021-10-02 20:21:54 +01:00
|
|
|
|
{ config, lib, pkgs, modulesPath, ... }:
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
imports =
|
|
|
|
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
|
|
|
|
boot.initrd.kernelModules = [ ];
|
|
|
|
|
boot.kernelModules = [ "kvm-amd" ];
|
|
|
|
|
boot.extraModulePackages = [ ];
|
|
|
|
|
|
|
|
|
|
services.xserver = {
|
|
|
|
|
libinput = {
|
|
|
|
|
enable = true;
|
|
|
|
|
mouse = { accelProfile = "flat"; };
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileSystems."/" =
|
|
|
|
|
{ device = "/dev/disk/by-uuid/eb8699bd-a9e9-4166-8879-559b244caa20";
|
|
|
|
|
fsType = "ext4";
|
|
|
|
|
options = [ "noatime" "nodiratime" "discard" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileSystems."/boot" =
|
|
|
|
|
{ device = "/dev/disk/by-uuid/D582-4408";
|
|
|
|
|
fsType = "vfat";
|
|
|
|
|
options = [ "noatime" "nodiratime" "discard" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileSystems."/mnt/wd" =
|
|
|
|
|
{ device = "/dev/disk/by-partlabel/WD";
|
|
|
|
|
fsType = "ext4";
|
|
|
|
|
options = [ "noatime" "nodiratime" "discard" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileSystems."/mnt/fhg" =
|
|
|
|
|
{ device = "/dev/disk/by-label/FHG";
|
|
|
|
|
fsType = "ext4";
|
|
|
|
|
options = [ "noatime" "nodiratime" "discard" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
swapDevices =
|
|
|
|
|
[ { device = "/dev/disk/by-uuid/8a0c74ad-a88f-4ecd-a6ac-d7985355bce6"; }
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# high-resolution display
|
|
|
|
|
hardware.video.hidpi.enable = lib.mkDefault true;
|
|
|
|
|
}
|
|
|
|
|
#+end_src
|
2021-10-09 17:12:45 +01:00
|
|
|
|
|
|
|
|
|
** Raspberry Pis
|
|
|
|
|
|
|
|
|
|
I have two Raspberry Pis - a 3B+ ("watcher"), and a 4 ("panda"). Watcher
|
|
|
|
|
serves as a watchdog for my self hosted services, usually living on Panda.
|
|
|
|
|
|
2021-10-09 17:52:37 +01:00
|
|
|
|
*** The Installer Image
|
|
|
|
|
|
|
|
|
|
Very minimal changes required here, only really need to enabled the SSH daemon
|
|
|
|
|
and add my key so I can push the actual configuration.
|
|
|
|
|
|
|
|
|
|
I might investigate bundling the "real" configurations into the live installer
|
|
|
|
|
image, so I have to run fewer commands.
|
|
|
|
|
|
|
|
|
|
[[https://nixos.wiki/wiki/NixOS_on_ARM#Getting_the_installer][More info on the NixOS Wiki]]
|
|
|
|
|
|
2021-10-09 17:12:45 +01:00
|
|
|
|
#+begin_src nix :tangle nix/image-configuration.nix
|
|
|
|
|
{ ... }: {
|
|
|
|
|
imports = [
|
|
|
|
|
<nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
services.sshd.enable = true;
|
|
|
|
|
services.ntp.enable = true;
|
|
|
|
|
|
|
|
|
|
users.users.gsimmer = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
extraGroups = [ "wheel" ];
|
|
|
|
|
password = "pass"; # This gets changed. Don't get any ideas.
|
|
|
|
|
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"];
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#+end_src
|
|
|
|
|
|
|
|
|
|
*** Watcher
|
|
|
|
|
|
|
|
|
|
Watcher is my Raspberry Pi 3B+ responsible for monitoring various
|
|
|
|
|
services and devices on my network (and generally the wider web).
|
|
|
|
|
It uses [[https://github.com/gmemstr/platypus][Platypus]] (my custom monitoring platform) for this, along
|
2021-10-09 17:52:37 +01:00
|
|
|
|
with some cron jobs to curl the services themselves.
|
2021-10-09 17:12:45 +01:00
|
|
|
|
|
2021-10-09 17:52:37 +01:00
|
|
|
|
Actually declaractive install of Platypus is TODO, once I have the
|
|
|
|
|
next release tagged.
|
2021-10-09 17:12:45 +01:00
|
|
|
|
|
|
|
|
|
#+begin_src nix :tangle nix/watcher-configuration.nix
|
|
|
|
|
{ config, pkgs, lib, ... }: {
|
|
|
|
|
|
|
|
|
|
boot.loader.grub.enable = false;
|
|
|
|
|
boot.loader.generic-extlinux-compatible.enable = true;
|
|
|
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
services.sshd.enable = true;
|
|
|
|
|
services.ntp.enable = true;
|
|
|
|
|
|
|
|
|
|
users.users.gsimmer = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
extraGroups = [ "wheel" ];
|
|
|
|
|
password = "pass"; # This gets changed. Don't get any ideas.
|
|
|
|
|
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
environment.systemPackages = [ pkgs.git pkgs.curl ];
|
|
|
|
|
|
|
|
|
|
systemd.user.services.ensure-curlscript = {
|
|
|
|
|
script = ''
|
|
|
|
|
# At some point this will pull down a more complete script.
|
|
|
|
|
echo "Done!"
|
|
|
|
|
'';
|
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Enable cron services
|
|
|
|
|
services.cron = {
|
|
|
|
|
enable = true;
|
|
|
|
|
systemCronJobs = [
|
|
|
|
|
"*/5 * * * * gsimmer curl -I -o /dev/null -w \"$(date)|\\%{http_code}\" https://pw.gmem.ca > /home/gsimmer/pw-status"
|
|
|
|
|
"*/5 * * * * gsimmer curl -I -o /dev/null -w \"$(date)|\\%{http_code}\" https://hue.gmem.ca > /home/gsimmer/hue-status"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileSystems = {
|
|
|
|
|
"/" = {
|
|
|
|
|
device = "/dev/disk/by-label/NIXOS_SD";
|
|
|
|
|
fsType = "ext4";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.firewall.enable = false;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
#+end_src
|
|
|
|
|
|
|
|
|
|
*** Panda
|
|
|
|
|
|
|
|
|
|
Panda is a general-purpose Raspberry Pi 4, responsible for hosting
|
|
|
|
|
some network shares and my password manager (using [[https://github.com/dani-garcia/vaultwarden][Vaultwarden]]).
|
|
|
|
|
|
2021-10-09 17:52:37 +01:00
|
|
|
|
Largely TODO, this currently runs Raspbian until I'm happy with my
|
|
|
|
|
testbed.
|
|
|
|
|
|
2021-10-09 17:12:45 +01:00
|
|
|
|
#+begin_src nix :tangle nix/panda-configuration.nix
|
|
|
|
|
{ ... }: {
|
|
|
|
|
imports = [
|
|
|
|
|
<nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>
|
|
|
|
|
];
|
|
|
|
|
# put your own configuration here, for example ssh keys:
|
|
|
|
|
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
#+end_src
|