arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity
infra/nix/london/configuration.nix

280 lines
6.3 KiB
Nix
Raw Normal View History

Commit London system
2023-07-25 20:13:34 +01:00
{ config, pkgs, ... }:
Update syncthing to 1.24
2023-09-13 23:01:10 +01:00
Commit London system
2023-07-25 20:13:34 +01:00
{
imports =
[
./hardware-configuration.nix
];
# Bootloader
boot = {
Grimblast for London
2023-10-19 12:48:01 +01:00
# supportedFilesystems = [ "bcachefs" ];
Commit London system
2023-07-25 20:13:34 +01:00
loader = {
grub = {
enable = true;
device = "nodev";
useOSProber = true;
efiSupport = true;
enableCryptodisk = true;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
};
binfmt.emulatedSystems = [ "aarch64-linux" ];
Move london system configuration to flake
2023-09-05 21:37:06 +01:00
extraModulePackages = [
Commit London system
2023-07-25 20:13:34 +01:00
config.boot.kernelPackages.v4l2loopback
];
kernelPackages = pkgs.linuxPackages_zen;
kernelModules = [ "coretemp" "kvm-amd" "v4l2loopback" ];
initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
initrd.luks.devices."luks-63100442-37df-4579-a787-cb2f2c67b3d1" = {
device = "/dev/disk/by-uuid/63100442-37df-4579-a787-cb2f2c67b3d1";
keyFile = "/crypto_keyfile.bin";
};
};
hardware.cpu.amd.updateMicrocode = true;
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 15d";
};
};
nixpkgs.config.allowUnfree = true;
Add Wayland to London
2023-08-10 08:51:19 +01:00
systemd.services.NetworkManager-wait-online.enable = false;
Commit London system
2023-07-25 20:13:34 +01:00
networking = {
hostName = "LONDON";
networkmanager.enable = true;
firewall = {
Update firewall rules & enable
2023-08-06 00:04:21 +01:00
enable = true;
Commit London system
2023-07-25 20:13:34 +01:00
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
Nix updates open vulkan beta drivers for london, alertmanager, remove syncthing overrides, setup forgejo signing
2023-09-19 23:59:44 +01:00
allowedTCPPorts = [ 7000 7100 22000 8000 ];
Move syncthing to system service on NAS
2023-09-10 12:04:55 +01:00
allowedUDPPorts = [ 6000 6001 7011 41641 3478 22000 21027 ];
Commit London system
2023-07-25 20:13:34 +01:00
trustedInterfaces = [ "tailscale0" ];
checkReversePath = "loose";
};
nftables.enable = true;
};
time.timeZone = "Europe/London";
i18n.defaultLocale = "en_GB.utf8";
services = {
Enable Promtail
2023-10-08 22:55:20 +01:00
promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = {
filename = "/tmp/positions.yaml";
};
clients = [{
url = "http://monitoring:3030/loki/api/v1/push";
}];
scrape_configs = [{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = "london";
};
};
relabel_configs = [{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}];
}];
};
};
Enable fwupd on London
2023-09-25 10:49:37 +01:00
fwupd.enable = true;
Update syncthing to 1.24
2023-09-13 23:01:10 +01:00
syncthing = {
enable = true;
overrideDevices = false;
overrideFolders = false;
user = "gsimmer";
dataDir = "/home/gsimmer";
guiAddress = "100.95.77.62:8384";
};
usbmuxd.enable = true;
Move london system configuration to flake
2023-09-05 21:37:06 +01:00
prometheus.exporters.node = {
enable = true;
listenAddress = "100.95.77.62";
enabledCollectors = [
"systemd" "processes"
];
};
Add Wayland to London
2023-08-10 08:51:19 +01:00
dbus.enable = true;
Commit London system
2023-07-25 20:13:34 +01:00
yubikey-agent.enable = true;
Add Wayland to London
2023-08-10 08:51:19 +01:00
udev.packages = with pkgs; [ libu2f-host yubikey-personalization ];
tailscale.enable = true;
Commit London system
2023-07-25 20:13:34 +01:00
pcscd.enable = true;
mullvad-vpn.enable = true;
xserver = {
layout = "us";
xkbVariant = "";
videoDrivers = [ "nvidia" ];
enable = true;
displayManager = {
gdm.wayland = true;
sddm.enable = true;
};
desktopManager.plasma5.enable = true;
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
printing = {
enable = true;
drivers = [ pkgs.gutenprint pkgs.gutenprintBin ];
};
avahi = {
nssmdns = true;
enable = true;
publish = {
enable = true;
userServices = true;
domain = true;
};
};
};
hardware = {
Add Wayland to London
2023-08-10 08:51:19 +01:00
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
nvidia = {
modesetting.enable = true;
nvidiaSettings = true;
Nix updates open vulkan beta drivers for london, alertmanager, remove syncthing overrides, setup forgejo signing
2023-09-19 23:59:44 +01:00
open = true;
package = config.boot.kernelPackages.nvidiaPackages.vulkan_beta;
Add Wayland to London
2023-08-10 08:51:19 +01:00
};
Commit London system
2023-07-25 20:13:34 +01:00
sane.enable = true;
sane.extraBackends = [ pkgs.epkowa ];
pulseaudio.enable = false;
};
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
};
};
Enable Hyprland on London
2023-10-08 22:56:15 +01:00
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
};
Commit London system
2023-07-25 20:13:34 +01:00
programs = {
Enable Hyprland on London
2023-10-08 22:56:15 +01:00
hyprland = {
enable = true;
enableNvidiaPatches = true;
};
Move london system configuration to flake
2023-09-05 21:37:06 +01:00
gamemode.enable = true;
Commit London system
2023-07-25 20:13:34 +01:00
zsh.enable = true;
fish.enable = true;
nix-ld.enable = true;
dconf.enable = true;
steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
};
gnupg.agent = {
Move london system configuration to flake
2023-09-05 21:37:06 +01:00
enable = true;
pinentryFlavor = "gnome3";
enableSSHSupport = false;
};
Commit London system
2023-07-25 20:13:34 +01:00
};
# Define a user account. Don't forget to set a password with passwd.
users.users.gsimmer = {
Move london system configuration to flake
2023-09-05 21:37:06 +01:00
shell = pkgs.nushell;
Commit London system
2023-07-25 20:13:34 +01:00
isNormalUser = true;
description = "Gabriel Simmer";
Move london system configuration to flake
2023-09-05 21:37:06 +01:00
extraGroups = [ "networkmanager" "wheel" "libvirtd" "qemu-libvirtd" "docker" ];
Commit London system
2023-07-25 20:13:34 +01:00
packages = with pkgs; [
firefox-wayland
vim
lm_sensors
];
};
virtualisation = {
docker = {
enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
};
libvirtd.enable = true;
};
Enable Hyprland on London
2023-10-08 22:56:15 +01:00
fonts = {
packages = with pkgs; [
Commit London system
2023-07-25 20:13:34 +01:00
ibm-plex
jetbrains-mono
emojione
Enable Hyprland on London
2023-10-08 22:56:15 +01:00
font-awesome
];
enableDefaultPackages = true;
};
Commit London system
2023-07-25 20:13:34 +01:00
environment = {
shells = with pkgs; [ zsh fish ];
systemPackages = with pkgs; [
os-prober
tailscale
cifs-utils
pinentry-curses
noisetorch
nix-output-monitor
Move london system configuration to flake
2023-09-05 21:37:06 +01:00
pinentry-gnome
Add Wayland to London
2023-08-10 08:51:19 +01:00
xdg-utils
dracula-theme
yubikey-touch-detector
Move london system configuration to flake
2023-09-05 21:37:06 +01:00
docker-compose
home-manager tweaks
2023-09-07 19:11:04 +01:00
home-manager
Nix updates open vulkan beta drivers for london, alertmanager, remove syncthing overrides, setup forgejo signing
2023-09-19 23:59:44 +01:00
libimobiledevice
ifuse
Enable Hyprland on London
2023-10-08 22:56:15 +01:00
glxinfo
vulkan-tools
glmark2
waybar
waypipe
rofi-wayland
mako
libnotify
hyprpaper
Commit London system
2023-07-25 20:13:34 +01:00
];
};
Add missing security in london
2023-07-25 20:18:21 +01:00
security = {
polkit.enable = true;
rtkit.enable = true;
};
Commit London system
2023-07-25 20:13:34 +01:00
system.stateVersion = "23.05"; # Did you read the comment?
}
Copy permalink