arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity
infra/nix/london/configuration.nix
Gabriel Simmer baa2417bfe
All checks were successful
Lint / lint (push) Successful in 26s
Details
vfio fuckery 
based on https://astrid.tech/2022/09/22/0/nixos-gpu-vfio/
2023-11-11 17:11:44 +00:00

272 lines
6 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
./vfio.nix
];
vfio.enable = true;
# Bootloader
boot = {
loader = {
grub = {
enable = true;
device = "nodev";
useOSProber = true;
efiSupport = true;
enableCryptodisk = true;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
};
binfmt.emulatedSystems = [ "aarch64-linux" ];
extraModulePackages = [
config.boot.kernelPackages.v4l2loopback
];
kernelPackages = pkgs.linuxPackages_zen;
kernelModules = [ "coretemp" "kvm-amd" "v4l2loopback" ];
initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
initrd.luks.devices."luks-63100442-37df-4579-a787-cb2f2c67b3d1" = {
device = "/dev/disk/by-uuid/63100442-37df-4579-a787-cb2f2c67b3d1";
keyFile = "/crypto_keyfile.bin";
};
};
time.hardwareClockInLocalTime = true;
hardware.cpu.amd.updateMicrocode = true;
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 15d";
};
};
nixpkgs.config.allowUnfree = true;
systemd.services.NetworkManager-wait-online.enable = false;
networking = {
hostName = "LONDON";
networkmanager.enable = true;
firewall = {
enable = true;
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
allowedTCPPorts = [ 7000 7100 22000 8000 ];
allowedUDPPorts = [ 6000 6001 7011 41641 3478 22000 21027 ];
trustedInterfaces = [ "tailscale0" ];
checkReversePath = "loose";
};
nftables.enable = true;
};
time.timeZone = "Europe/London";
i18n.defaultLocale = "en_GB.utf8";
services = {
promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = {
filename = "/tmp/positions.yaml";
};
clients = [{
url = "http://monitoring:3030/loki/api/v1/push";
}];
scrape_configs = [{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = "london";
};
};
relabel_configs = [{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}];
}];
};
};
fwupd.enable = true;
syncthing = {
enable = true;
overrideDevices = false;
overrideFolders = false;
user = "gsimmer";
dataDir = "/home/gsimmer";
guiAddress = "100.93.188.51:8384";
};
usbmuxd.enable = true;
prometheus.exporters.node = {
enable = true;
listenAddress = "100.93.188.51";
enabledCollectors = [
"systemd" "processes"
];
};
dbus.enable = true;
yubikey-agent.enable = true;
udev.packages = with pkgs; [ libu2f-host yubikey-personalization ];
tailscale.enable = true;
pcscd.enable = true;
mullvad-vpn.enable = true;
xserver = {
layout = "us";
xkbVariant = "";
videoDrivers = [ "nvidia" ];
enable = true;
desktopManager.plasma5.enable = true;
displayManager.sddm.enable = true;
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
printing = {
enable = true;
drivers = [ pkgs.gutenprint pkgs.gutenprintBin ];
};
avahi = {
nssmdns = true;
enable = true;
publish = {
enable = true;
userServices = true;
domain = true;
};
};
};
hardware = {
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
nvidia = {
modesetting.enable = true;
nvidiaSettings = true;
open = true;
package = config.boot.kernelPackages.nvidiaPackages.vulkan_beta;
};
sane.enable = true;
sane.extraBackends = [ pkgs.epkowa ];
pulseaudio.enable = false;
};
xdg.portal.enable = true;
programs = {
gamemode.enable = true;
zsh.enable = true;
fish.enable = true;
nix-ld.enable = true;
dconf.enable = true;
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = false;
};
gnupg.agent = {
enable = true;
pinentryFlavor = "gnome3";
enableSSHSupport = false;
};
};
# Define a user account. Don't forget to set a password with passwd.
users.users.gsimmer = {
shell = pkgs.nushell;
isNormalUser = true;
description = "Gabriel Simmer";
extraGroups = [ "networkmanager" "wheel" "libvirtd" "qemu-libvirtd" "docker" ];
packages = with pkgs; [
firefox-wayland
vim
lm_sensors
];
};
virtualisation = {
docker = {
enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
};
libvirtd.enable = true;
};
fonts = {
packages = with pkgs; [
ibm-plex
jetbrains-mono
emojione
font-awesome
];
enableDefaultPackages = true;
};
environment = {
shells = with pkgs; [ zsh fish ];
systemPackages = with pkgs; [
os-prober
tailscale
cifs-utils
pinentry-curses
noisetorch
nix-output-monitor
pinentry-gnome
xdg-utils
dracula-theme
yubikey-touch-detector
docker-compose
home-manager
libimobiledevice
ifuse
glxinfo
vulkan-tools
glmark2
libnotify
emojione
];
};
environment.plasma5.excludePackages = with pkgs.libsForQt5; [
elisa
okular
oxygen
khelpcenter
konsole
plasma-browser-integration
print-manager
];
security = {
polkit.enable = true;
rtkit.enable = true;
};
system.stateVersion = "23.05"; # Did you read the comment?
}
View git blame Copy permalink