tvl-depot/users/wpcarro/nixos/ava/default.nix

143 lines
3.3 KiB
Nix
Raw Normal View History

{ depot, pkgs, lib, ... }:
{ ... }:
let
inherit (depot.users) wpcarro;
inherit (depot.users.wpcarro.lib) usermod;
wpcarrosEmacs = wpcarro.emacs.nixos {
load = [ ./ava.el ];
};
quasselClient = pkgs.quassel.override {
client = true;
enableDaemon = false;
monolithic = false;
};
in
{
imports = [
(usermod "hardware/nopn.nix")
];
# Use the TVL binary cache
tvl.cache.enable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Support IP forwarding to use this device as a Tailscale exit node.
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true;
# Additionall exit node settings that Tailscale recommends.
networking.firewall.checkReversePath = "loose";
time.timeZone = "America/Los_Angeles";
networking = {
# The global useDHCP flag is deprecated, therefore explicitly set to false
# here. Per-interface useDHCP will be mandatory in the future, so this
# generated config replicates the default behaviour.
useDHCP = false;
hostName = "ava";
networkmanager.enable = true;
interfaces.enp1s0.useDHCP = true;
interfaces.enp3s0.useDHCP = true;
interfaces.wlp2s0.useDHCP = true;
};
services = wpcarro.common.services // {
feat(wpcarro/ava): Support earlyoom Strange start to my Monday where I spent ~2h debugging my hanging NixOS. Strangely I'm not sure I made any changes to my configuration to trigger this, and I was finding this hard to reproduce: - graphical X sessions hung (once when opening Chrome) - TTYs hung (during `nix-build` and `rebuild-system`) Per kn's recommendations whenever a system is hanging, see if it's reachable over the network (e.g. SSH). Since I didn't have my laptop, I downloaded Termius on my iPhone, which I used to mosh into ava, which is a surprisingly nice UX. I suspect my machine (with only 8GB of RAM) was OOMing, but I'm not certain. Thanks to grfn I installed `earlyoom`. For more commentary, check-out Profpatsch's blog post about this: https://profpatsch.de/notes/preventing-oom What went well: - Thankfully I installed a Matrix client on my iPhone last week, which allowed me to troubleshoot with the #tvl folks AIs: - I'd like some instrumentation like Prometheus, Loki (`journald`, `dmesg`), so that I can accumulate troubleshooting information that isn't destroyed when I reboot my machine (which I did 1/2-dozen times today). - Consider adding `git` metadata to `system.nixos.label` to get more useful information in a GRUB/EFI context. More unknowns: - Why can't I switch back to EFI (from GRUB) for my bootloader? Change-Id: Ie2a5a15f5c0ead346d50e331fa2937f8f3453960 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5625 Tested-by: BuildkiteCI Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com>
2022-05-16 21:05:19 +02:00
# Check the amount of available memory and free swap a few times per second
# and kill the largest process if both are below 10%.
earlyoom.enable = true;
tailscale.enable = true;
openssh.enable = true;
xserver = {
enable = true;
layout = "us";
xkbOptions = "caps:escape";
displayManager = {
# Give EXWM permission to control the session (from tazjin's setup).
sessionCommands = "${pkgs.xorg.xhost}/bin/xhost +SI:localhost:$USER";
lightdm.enable = true;
};
windowManager.session = lib.singleton {
name = "exwm";
start = "${wpcarrosEmacs}/bin/wpcarros-emacs";
};
};
};
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
users.mutableUsers = true;
users.users.root.openssh.authorizedKeys.keys = [
wpcarro.keys.nathan
wpcarro.keys.tarasco
];
users.users.wpcarro = {
isNormalUser = true;
extraGroups = [
"networkmanager"
"wheel"
"docker"
];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
wpcarro.keys.nathan
wpcarro.keys.tarasco
];
};
users.extraGroups.vboxusers.members = [ "wpcarro" ];
security.sudo.wheelNeedsPassword = false;
fonts = {
fonts = with pkgs; [
jetbrains-mono
];
fontconfig = {
defaultFonts = {
monospace = [ "JetBrains Mono" ];
};
};
};
programs = wpcarro.common.programs // {
mosh.enable = true;
};
virtualisation.docker.enable = true;
virtualisation.virtualbox.host.enable = true;
environment.variables = {
EDITOR = "emacsclient";
ALTERNATE_EDITOR = "emacs -q -nw";
VISUAL = "emacsclient";
};
environment.systemPackages =
wpcarro.common.shell-utils ++
(with pkgs; [
alacritty
ec2-api-tools
firefox
google-chrome
httpie
pavucontrol
quasselClient
remmina
tdesktop
wpcarrosEmacs
xsecurelock
]);
system.stateVersion = "21.11";
}