arch/dotfiles
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
dotfiles/Systems.org
Gabriel Simmer feb0a180da Clean up system.org a bit.
2021-10-09 17:52:37 +01:00

7.8 KiB
Raw Blame History

Systems

I have opted to use NixOS for my systems moving forward. You can read a bit more about this move here. I haven't dabbled with custom configuration too much so this is pretty close to the default configuration.

London

London is my primary desktop.

{ config, pkgs, ... }:

{
  imports =
    [
      ./hardware-configuration.nix
    ];

  nixpkgs.config.allowUnfree = true;

  boot.kernelPackages = pkgs.linuxPackages_latest;

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "london";

  # i18n stuff.
  time.timeZone = "Europe/London";
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };

  # Networking stuff.
  networking.useDHCP = false;
  networking.interfaces.enp4s0.useDHCP = true;
  services.tailscale.enable = true;

  # Enable the X11 windowing system.
  services.xserver.enable = true;
  services.xserver.videoDrivers = [ "nvidia" ];

  hardware.opengl = {
    enable = true;
    extraPackages = with pkgs; [
      vaapiIntel
      vaapiVdpau
      libvdpau-va-gl
    ];
    setLdLibraryPath = true;
    driSupport32Bit = true;
  };
  # Required for Proton games to function.
  programs.steam.enable = true;

  # Enable the GNOME Desktop Environment.
  services.xserver.displayManager.gdm.enable = true;
  services.xserver.desktopManager.gnome.enable = true;

  # Configure keymap in X11
  services.xserver.layout = "us";

  # Disabled and replaced with Pipewire.
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    jack.enable = true;
  };

  programs.zsh.enable = true;
  users.users.gsimmer = {
    isNormalUser = true;
    shell = pkgs.zsh;
    extraGroups = [ "wheel" "networkmanager" ];
  };

  environment.systemPackages = with pkgs; [
    vim
    wget
    firefox
    emacs
    curl
    podman
    tailscale
  ];
  services.flatpak.enable = true;
  xdg.portal.enable = true;
  programs.mtr.enable = true;
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

  networking.firewall.enable = false;

  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
  
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. Its perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "21.05"; # Did you read the comment?

}

My goal here is to leverage the hardware configuration generated by the NixOS to seperate out the specific-to-my-current-hardware configuration.

{ config, lib, pkgs, modulesPath, ... }:

{
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];

  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];

  services.xserver = {
    libinput = {
      enable = true;
      mouse = { accelProfile = "flat"; };
    };
  };

  fileSystems."/" =
    { device = "/dev/disk/by-uuid/eb8699bd-a9e9-4166-8879-559b244caa20";
      fsType = "ext4";
      options = [ "noatime" "nodiratime" "discard" ];
    };

  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/D582-4408";
      fsType = "vfat";
      options = [ "noatime" "nodiratime" "discard" ];
    };

  fileSystems."/mnt/wd" =
    { device = "/dev/disk/by-partlabel/WD";
      fsType = "ext4";
      options = [ "noatime" "nodiratime" "discard" ];
    };

  fileSystems."/mnt/fhg" =
    { device = "/dev/disk/by-label/FHG";
      fsType = "ext4";
      options = [ "noatime" "nodiratime" "discard" ];
    };

  swapDevices =
    [ { device = "/dev/disk/by-uuid/8a0c74ad-a88f-4ecd-a6ac-d7985355bce6"; }
    ];

  # high-resolution display
  hardware.video.hidpi.enable = lib.mkDefault true;
}

Raspberry Pis

I have two Raspberry Pis - a 3B+ ("watcher"), and a 4 ("panda"). Watcher serves as a watchdog for my self hosted services, usually living on Panda.

The Installer Image

Very minimal changes required here, only really need to enabled the SSH daemon and add my key so I can push the actual configuration.

I might investigate bundling the "real" configurations into the live installer image, so I have to run fewer commands.

More info on the NixOS Wiki

{ ... }: {
  imports = [
    <nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>
  ];

  services.sshd.enable = true;
  services.ntp.enable = true;
  
  users.users.gsimmer = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
    password = "pass"; # This gets changed. Don't get any ideas.
    openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"];
  };
}

Watcher

Watcher is my Raspberry Pi 3B+ responsible for monitoring various services and devices on my network (and generally the wider web). It uses Platypus (my custom monitoring platform) for this, along with some cron jobs to curl the services themselves.

Actually declaractive install of Platypus is TODO, once I have the next release tagged.

{ config, pkgs, lib, ... }: {

  boot.loader.grub.enable = false;
  boot.loader.generic-extlinux-compatible.enable = true;
  boot.kernelPackages = pkgs.linuxPackages_latest;

    
  services.sshd.enable = true;
  services.ntp.enable = true;
  
  users.users.gsimmer = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
    password = "pass"; # This gets changed. Don't get any ideas.
    openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"];
  };
  
  environment.systemPackages = [ pkgs.git pkgs.curl ];

  systemd.user.services.ensure-curlscript = {
    script = ''
      # At some point this will pull down a more complete script.
      echo "Done!"
    '';
    wantedBy = [ "multi-user.target" ];
  };

  # Enable cron services
  services.cron = {
    enable = true;
    systemCronJobs = [
      "*/5 * * * *  gsimmer  curl -I -o /dev/null -w \"$(date)|\\%{http_code}\" https://pw.gmem.ca > /home/gsimmer/pw-status"
      "*/5 * * * *  gsimmer  curl -I -o /dev/null -w \"$(date)|\\%{http_code}\" https://hue.gmem.ca > /home/gsimmer/hue-status"
    ];
  };

  fileSystems = {
    "/" = {
      device = "/dev/disk/by-label/NIXOS_SD";
      fsType = "ext4";
    };
  };

  networking.firewall.enable = false;

}

Panda

Panda is a general-purpose Raspberry Pi 4, responsible for hosting some network shares and my password manager (using Vaultwarden).

Largely TODO, this currently runs Raspbian until I'm happy with my testbed.

{ ... }: {
  imports = [
    <nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>
  ];
  # put your own configuration here, for example ssh keys:
  users.extraUsers.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"
  ];
}