Add NixOS configurations.
This commit is contained in:
parent
4df037fc18
commit
f489d191df
|
@ -64,6 +64,7 @@
|
|||
:init
|
||||
(setq lsp-keymap-prefix "C-c l")
|
||||
:hook ((rust-mode . lsp)
|
||||
(go-mode . lsip)
|
||||
(lsp-mode . lsp-enable-which-key-integration))
|
||||
:commands lsp)
|
||||
|
||||
|
@ -72,6 +73,17 @@
|
|||
(use-package lsp-treemacs :commands lsp-treemacs-errors-list)
|
||||
|
||||
(use-package rust-mode)
|
||||
(use-package go-mode)
|
||||
(add-hook 'go-mode-hook #'lsp-deferred)
|
||||
|
||||
;; Set up before-save hooks to format buffer and add/delete imports.
|
||||
;; Make sure you don't have other gofmt/goimports hooks enabled.
|
||||
(defun lsp-go-install-save-hooks ()
|
||||
(add-hook 'before-save-hook #'lsp-format-buffer t t)
|
||||
(add-hook 'before-save-hook #'lsp-organize-imports t t))
|
||||
(add-hook 'go-mode-hook #'lsp-go-install-save-hooks)
|
||||
|
||||
(use-package json-mode)
|
||||
|
||||
;; Can't have lisps without paredit!
|
||||
(use-package paredit
|
||||
|
@ -120,7 +132,7 @@
|
|||
;; Your init file should contain only one such instance.
|
||||
;; If there is more than one, they won't work right.
|
||||
'(package-selected-packages
|
||||
'(json-mode treemacs-projectile projectile paredit all-the-fonts doom-modeline rust-mode swipe spinner lsp-treemacs lsp-ivy lsp-ui lsp-mode counsel swiper ivy treemacs use-package monokai-pro-theme)))
|
||||
'(treemacs-projectile projectile paredit all-the-fonts doom-modeline rust-mode swipe spinner lsp-treemacs lsp-ivy lsp-ui lsp-mode counsel swiper ivy treemacs use-package monokai-pro-theme)))
|
||||
(custom-set-faces
|
||||
;; custom-set-faces was added by Custom.
|
||||
;; If you edit it by hand, you could mess it up, so be careful.
|
||||
|
|
11
Dots.org
11
Dots.org
|
@ -254,6 +254,7 @@ WantedBy=timers.target
|
|||
:init
|
||||
(setq lsp-keymap-prefix "C-c l")
|
||||
:hook ((rust-mode . lsp)
|
||||
(go-mode . lsip)
|
||||
(lsp-mode . lsp-enable-which-key-integration))
|
||||
:commands lsp)
|
||||
|
||||
|
@ -262,6 +263,16 @@ WantedBy=timers.target
|
|||
(use-package lsp-treemacs :commands lsp-treemacs-errors-list)
|
||||
|
||||
(use-package rust-mode)
|
||||
(use-package go-mode)
|
||||
(add-hook 'go-mode-hook #'lsp-deferred)
|
||||
|
||||
;; Set up before-save hooks to format buffer and add/delete imports.
|
||||
;; Make sure you don't have other gofmt/goimports hooks enabled.
|
||||
(defun lsp-go-install-save-hooks ()
|
||||
(add-hook 'before-save-hook #'lsp-format-buffer t t)
|
||||
(add-hook 'before-save-hook #'lsp-organize-imports t t))
|
||||
(add-hook 'go-mode-hook #'lsp-go-install-save-hooks)
|
||||
|
||||
(use-package json-mode)
|
||||
|
||||
;; Can't have lisps without paredit!
|
||||
|
|
129
Systems.org
129
Systems.org
|
@ -1,10 +1,16 @@
|
|||
#+PROPERTY: header-args :mkdirp yes
|
||||
|
||||
* Systems
|
||||
|
||||
I have opted to use NixOS for my systems moving forward. You can read a bit more
|
||||
about this move [[https://blog.gabrielsimmer.com/posts/from-guix-to-nixos][here]]. I haven't dabbled with custom configuration too much so
|
||||
this is pretty close to the default configuration.
|
||||
|
||||
#+begin_src nix :tangle configuration.nix
|
||||
** London
|
||||
|
||||
London is my primary desktop.
|
||||
|
||||
#+begin_src nix :tangle nix/configuration.nix
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
@ -43,10 +49,10 @@ this is pretty close to the default configuration.
|
|||
hardware.opengl = {
|
||||
enable = true;
|
||||
extraPackages = with pkgs; [
|
||||
vaapiIntel
|
||||
vaapiVdpau
|
||||
libvdpau-va-gl
|
||||
];
|
||||
vaapiIntel
|
||||
vaapiVdpau
|
||||
libvdpau-va-gl
|
||||
];
|
||||
setLdLibraryPath = true;
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
|
@ -56,15 +62,12 @@ this is pretty close to the default configuration.
|
|||
# Enable the GNOME Desktop Environment.
|
||||
services.xserver.displayManager.gdm.enable = true;
|
||||
services.xserver.desktopManager.gnome.enable = true;
|
||||
|
||||
|
||||
# Configure keymap in X11
|
||||
services.xserver.layout = "us";
|
||||
# services.xserver.xkbOptions = "eurosign:e";
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
# services.printing.enable = true;
|
||||
# Disabled and replaced with Pipewire.
|
||||
hardware.pulseaudio.enable = false;
|
||||
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
|
@ -91,7 +94,7 @@ this is pretty close to the default configuration.
|
|||
tailscale
|
||||
];
|
||||
services.flatpak.enable = true;
|
||||
|
||||
xdg.portal.enable = true;
|
||||
programs.mtr.enable = true;
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
|
@ -100,6 +103,8 @@ this is pretty close to the default configuration.
|
|||
|
||||
networking.firewall.enable = false;
|
||||
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
|
@ -114,7 +119,7 @@ this is pretty close to the default configuration.
|
|||
My goal here is to leverage the hardware configuration generated by
|
||||
the NixOS to seperate out the specific-to-my-current-hardware configuration.
|
||||
|
||||
#+begin_src nix :tangle hardware-configuration.nix
|
||||
#+begin_src nix :tangle nix/hardware-configuration.nix
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
|
@ -166,3 +171,103 @@ the NixOS to seperate out the specific-to-my-current-hardware configuration.
|
|||
hardware.video.hidpi.enable = lib.mkDefault true;
|
||||
}
|
||||
#+end_src
|
||||
|
||||
** Raspberry Pis
|
||||
|
||||
I have two Raspberry Pis - a 3B+ ("watcher"), and a 4 ("panda"). Watcher
|
||||
serves as a watchdog for my self hosted services, usually living on Panda.
|
||||
|
||||
#+begin_src nix :tangle nix/image-configuration.nix
|
||||
{ ... }: {
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>
|
||||
];
|
||||
|
||||
services.sshd.enable = true;
|
||||
services.ntp.enable = true;
|
||||
|
||||
users.users.gsimmer = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
password = "pass"; # This gets changed. Don't get any ideas.
|
||||
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"];
|
||||
};
|
||||
}
|
||||
|
||||
#+end_src
|
||||
|
||||
*** Watcher
|
||||
|
||||
Watcher is my Raspberry Pi 3B+ responsible for monitoring various
|
||||
services and devices on my network (and generally the wider web).
|
||||
It uses [[https://github.com/gmemstr/platypus][Platypus]] (my custom monitoring platform) for this, along
|
||||
with some cron jobs.
|
||||
|
||||
Watcher requires a few things; it monitors my various self-hosted
|
||||
services, and reports these to a self hosted Platypus instance.
|
||||
|
||||
#+begin_src nix :tangle nix/watcher-configuration.nix
|
||||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
|
||||
services.sshd.enable = true;
|
||||
services.ntp.enable = true;
|
||||
|
||||
users.users.gsimmer = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
password = "pass"; # This gets changed. Don't get any ideas.
|
||||
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"];
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.git pkgs.curl ];
|
||||
|
||||
systemd.user.services.ensure-curlscript = {
|
||||
script = ''
|
||||
# At some point this will pull down a more complete script.
|
||||
echo "Done!"
|
||||
'';
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
# Enable cron services
|
||||
services.cron = {
|
||||
enable = true;
|
||||
systemCronJobs = [
|
||||
"*/5 * * * * gsimmer curl -I -o /dev/null -w \"$(date)|\\%{http_code}\" https://pw.gmem.ca > /home/gsimmer/pw-status"
|
||||
"*/5 * * * * gsimmer curl -I -o /dev/null -w \"$(date)|\\%{http_code}\" https://hue.gmem.ca > /home/gsimmer/hue-status"
|
||||
];
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.enable = false;
|
||||
|
||||
}
|
||||
#+end_src
|
||||
|
||||
*** Panda
|
||||
|
||||
Panda is a general-purpose Raspberry Pi 4, responsible for hosting
|
||||
some network shares and my password manager (using [[https://github.com/dani-garcia/vaultwarden][Vaultwarden]]).
|
||||
|
||||
#+begin_src nix :tangle nix/panda-configuration.nix
|
||||
{ ... }: {
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>
|
||||
];
|
||||
# put your own configuration here, for example ssh keys:
|
||||
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"
|
||||
];
|
||||
}
|
||||
#+end_src
|
||||
|
|
103
nix/configuration.nix
Normal file
103
nix/configuration.nix
Normal file
|
@ -0,0 +1,103 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.hostName = "london";
|
||||
|
||||
# i18n stuff.
|
||||
time.timeZone = "Europe/London";
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
console = {
|
||||
font = "Lat2-Terminus16";
|
||||
keyMap = "us";
|
||||
};
|
||||
|
||||
# Networking stuff.
|
||||
networking.useDHCP = false;
|
||||
networking.interfaces.enp4s0.useDHCP = true;
|
||||
services.tailscale.enable = true;
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
services.xserver.enable = true;
|
||||
services.xserver.videoDrivers = [ "nvidia" ];
|
||||
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
extraPackages = with pkgs; [
|
||||
vaapiIntel
|
||||
vaapiVdpau
|
||||
libvdpau-va-gl
|
||||
];
|
||||
setLdLibraryPath = true;
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
# Required for Proton games to function.
|
||||
programs.steam.enable = true;
|
||||
|
||||
# Enable the GNOME Desktop Environment.
|
||||
services.xserver.displayManager.gdm.enable = true;
|
||||
services.xserver.desktopManager.gnome.enable = true;
|
||||
|
||||
# Configure keymap in X11
|
||||
services.xserver.layout = "us";
|
||||
|
||||
# Disabled and replaced with Pipewire.
|
||||
hardware.pulseaudio.enable = false;
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
};
|
||||
|
||||
programs.zsh.enable = true;
|
||||
users.users.gsimmer = {
|
||||
isNormalUser = true;
|
||||
shell = pkgs.zsh;
|
||||
extraGroups = [ "wheel" "networkmanager" ];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
wget
|
||||
firefox
|
||||
emacs
|
||||
curl
|
||||
podman
|
||||
tailscale
|
||||
];
|
||||
services.flatpak.enable = true;
|
||||
xdg.portal.enable = true;
|
||||
programs.mtr.enable = true;
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
|
||||
networking.firewall.enable = false;
|
||||
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "21.05"; # Did you read the comment?
|
||||
|
||||
}
|
50
nix/hardware-configuration.nix
Normal file
50
nix/hardware-configuration.nix
Normal file
|
@ -0,0 +1,50 @@
|
|||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
services.xserver = {
|
||||
libinput = {
|
||||
enable = true;
|
||||
mouse = { accelProfile = "flat"; };
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/eb8699bd-a9e9-4166-8879-559b244caa20";
|
||||
fsType = "ext4";
|
||||
options = [ "noatime" "nodiratime" "discard" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/D582-4408";
|
||||
fsType = "vfat";
|
||||
options = [ "noatime" "nodiratime" "discard" ];
|
||||
};
|
||||
|
||||
fileSystems."/mnt/wd" =
|
||||
{ device = "/dev/disk/by-partlabel/WD";
|
||||
fsType = "ext4";
|
||||
options = [ "noatime" "nodiratime" "discard" ];
|
||||
};
|
||||
|
||||
fileSystems."/mnt/fhg" =
|
||||
{ device = "/dev/disk/by-label/FHG";
|
||||
fsType = "ext4";
|
||||
options = [ "noatime" "nodiratime" "discard" ];
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/8a0c74ad-a88f-4ecd-a6ac-d7985355bce6"; }
|
||||
];
|
||||
|
||||
# high-resolution display
|
||||
hardware.video.hidpi.enable = lib.mkDefault true;
|
||||
}
|
15
nix/image-configuration.nix
Normal file
15
nix/image-configuration.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{ ... }: {
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>
|
||||
];
|
||||
|
||||
services.sshd.enable = true;
|
||||
services.ntp.enable = true;
|
||||
|
||||
users.users.gsimmer = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
password = "pass"; # This gets changed. Don't get any ideas.
|
||||
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"];
|
||||
};
|
||||
}
|
9
nix/panda-configuration.nix
Normal file
9
nix/panda-configuration.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
{ ... }: {
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>
|
||||
];
|
||||
# put your own configuration here, for example ssh keys:
|
||||
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"
|
||||
];
|
||||
}
|
46
nix/watcher-configuration.nix
Normal file
46
nix/watcher-configuration.nix
Normal file
|
@ -0,0 +1,46 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
|
||||
services.sshd.enable = true;
|
||||
services.ntp.enable = true;
|
||||
|
||||
users.users.gsimmer = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
password = "pass"; # This gets changed. Don't get any ideas.
|
||||
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"];
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.git pkgs.curl ];
|
||||
|
||||
systemd.user.services.ensure-curlscript = {
|
||||
script = ''
|
||||
# At some point this will pull down a more complete script.
|
||||
echo "Done!"
|
||||
'';
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
# Enable cron services
|
||||
services.cron = {
|
||||
enable = true;
|
||||
systemCronJobs = [
|
||||
"*/5 * * * * gsimmer curl -I -o /dev/null -w \"$(date)|\\%{http_code}\" https://pw.gmem.ca > /home/gsimmer/pw-status"
|
||||
"*/5 * * * * gsimmer curl -I -o /dev/null -w \"$(date)|\\%{http_code}\" https://hue.gmem.ca > /home/gsimmer/hue-status"
|
||||
];
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.enable = false;
|
||||
|
||||
}
|
Loading…
Reference in a new issue