Compare commits
2 commits
3ab2dec4ae
...
4e9121898d
Author | SHA1 | Date | |
---|---|---|---|
Gabriel Simmer | 4e9121898d | ||
Gabriel Simmer | 56ae09681a |
13
krops/london/cachix.nix
Normal file
13
krops/london/cachix.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
|
||||
# WARN: this file will get overwritten by $ cachix use <name>
|
||||
{ pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
folder = ./cachix;
|
||||
toImport = name: value: folder + ("/" + name);
|
||||
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
|
||||
imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
|
||||
in {
|
||||
inherit imports;
|
||||
nix.settings.substituters = ["https://cache.nixos.org/"];
|
||||
}
|
194
krops/london/configuration.nix
Normal file
194
krops/london/configuration.nix
Normal file
|
@ -0,0 +1,194 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
./hardware-configuration.nix
|
||||
./cachix.nix
|
||||
];
|
||||
|
||||
# Bootloader
|
||||
boot = {
|
||||
loader = {
|
||||
grub = {
|
||||
enable = true;
|
||||
device = "nodev";
|
||||
useOSProber = true;
|
||||
efiSupport = true;
|
||||
enableCryptodisk = true;
|
||||
};
|
||||
efi = {
|
||||
canTouchEfiVariables = true;
|
||||
efiSysMountPoint = "/boot/efi";
|
||||
};
|
||||
};
|
||||
binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
extraModulePackages = with pkgs; [
|
||||
config.boot.kernelPackages.v4l2loopback
|
||||
];
|
||||
kernelPackages = pkgs.linuxPackages_zen;
|
||||
kernelModules = [ "coretemp" "kvm-amd" "v4l2loopback" ];
|
||||
|
||||
initrd.secrets = {
|
||||
"/crypto_keyfile.bin" = null;
|
||||
};
|
||||
initrd.luks.devices."luks-63100442-37df-4579-a787-cb2f2c67b3d1" = {
|
||||
device = "/dev/disk/by-uuid/63100442-37df-4579-a787-cb2f2c67b3d1";
|
||||
keyFile = "/crypto_keyfile.bin";
|
||||
};
|
||||
};
|
||||
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
|
||||
nix = {
|
||||
settings = {
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
auto-optimise-store = true;
|
||||
};
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 15d";
|
||||
};
|
||||
};
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
networking = {
|
||||
hostName = "LONDON";
|
||||
networkmanager.enable = true;
|
||||
firewall = {
|
||||
enable = false;
|
||||
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
||||
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
||||
trustedInterfaces = [ "tailscale0" ];
|
||||
checkReversePath = "loose";
|
||||
};
|
||||
nftables.enable = true;
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/London";
|
||||
i18n.defaultLocale = "en_GB.utf8";
|
||||
|
||||
services = {
|
||||
tailscale.enable = true;
|
||||
yubikey-agent.enable = true;
|
||||
pcscd.enable = true;
|
||||
mullvad-vpn.enable = true;
|
||||
xserver = {
|
||||
layout = "us";
|
||||
xkbVariant = "";
|
||||
videoDrivers = [ "nvidia" ];
|
||||
enable = true;
|
||||
displayManager = {
|
||||
gdm.wayland = true;
|
||||
sddm.enable = true;
|
||||
};
|
||||
desktopManager.plasma5.enable = true;
|
||||
};
|
||||
pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
|
||||
};
|
||||
printing = {
|
||||
enable = true;
|
||||
drivers = [ pkgs.gutenprint pkgs.gutenprintBin ];
|
||||
};
|
||||
avahi = {
|
||||
nssmdns = true;
|
||||
enable = true;
|
||||
publish = {
|
||||
enable = true;
|
||||
userServices = true;
|
||||
domain = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
hardware = {
|
||||
opengl.enable = true;
|
||||
nvidia.modesetting.enable = true;
|
||||
sane.enable = true;
|
||||
sane.extraBackends = [ pkgs.epkowa ];
|
||||
pulseaudio.enable = false;
|
||||
};
|
||||
|
||||
xdg = {
|
||||
portal = {
|
||||
enable = true;
|
||||
extraPortals = with pkgs; [
|
||||
xdg-desktop-portal-wlr
|
||||
xdg-desktop-portal-gtk
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
zsh.enable = true;
|
||||
fish.enable = true;
|
||||
nix-ld.enable = true;
|
||||
dconf.enable = true;
|
||||
steam = {
|
||||
enable = true;
|
||||
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
||||
dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
|
||||
};
|
||||
gnupg.agent = {
|
||||
enable = true;
|
||||
pinentryFlavor = "curses";
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
};
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
users.users.gsimmer = {
|
||||
shell = pkgs.fish;
|
||||
isNormalUser = true;
|
||||
description = "Gabriel Simmer";
|
||||
extraGroups = [ "networkmanager" "wheel" "libvirtd" "qemu-libvirtd" ];
|
||||
packages = with pkgs; [
|
||||
firefox-wayland
|
||||
vim
|
||||
lm_sensors
|
||||
];
|
||||
};
|
||||
|
||||
virtualisation = {
|
||||
docker = {
|
||||
enable = true;
|
||||
enableNvidia = true;
|
||||
rootless = {
|
||||
enable = true;
|
||||
setSocketVariable = true;
|
||||
};
|
||||
};
|
||||
libvirtd.enable = true;
|
||||
};
|
||||
|
||||
fonts.fonts = with pkgs; [
|
||||
ibm-plex
|
||||
jetbrains-mono
|
||||
emojione
|
||||
];
|
||||
|
||||
environment = {
|
||||
shells = with pkgs; [ zsh fish ];
|
||||
systemPackages = with pkgs; [
|
||||
os-prober
|
||||
tailscale
|
||||
cifs-utils
|
||||
pinentry-curses
|
||||
noisetorch
|
||||
nix-output-monitor
|
||||
];
|
||||
};
|
||||
|
||||
security = {
|
||||
polkit.enable = true;
|
||||
rtkit.enable = true;
|
||||
};
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
|
||||
}
|
47
krops/london/hardware-configuration.nix
Normal file
47
krops/london/hardware-configuration.nix
Normal file
|
@ -0,0 +1,47 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/cd6f3e34-65ce-4be5-b4d4-6818e70dcff3";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."luks-0cd5d85e-e232-4f75-a8b3-087737657fef".device = "/dev/disk/by-uuid/0cd5d85e-e232-4f75-a8b3-087737657fef";
|
||||
|
||||
fileSystems."/boot/efi" =
|
||||
{ device = "/dev/disk/by-uuid/AB23-FA19";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/home/gsimmer/FHG" = {
|
||||
device = "/dev/disk/by-label/FHG";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/c50f2d93-2f31-4afc-ad26-4730a8f4b7f0"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
# high-resolution display
|
||||
# hardware.video.hidpi.enable = lib.mkDefault true;
|
||||
}
|
Loading…
Reference in a new issue