2022-04-13 04:08:31 +02:00
|
|
|
{ depot, pkgs, lib, ... }:
|
|
|
|
|
{ ... }:
|
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
inherit (depot.users) wpcarro;
|
|
|
|
|
|
|
|
|
|
wpcarrosEmacs = wpcarro.emacs.nixos {
|
|
|
|
|
load = [ ./ava.el ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
quasselClient = pkgs.quassel.override {
|
|
|
|
|
client = true;
|
|
|
|
|
enableDaemon = false;
|
|
|
|
|
monolithic = false;
|
|
|
|
|
};
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
imports = [ ./hardware.nix ];
|
|
|
|
|
|
|
|
|
|
# Use the TVL binary cache
|
|
|
|
|
tvl.cache.enable = true;
|
|
|
|
|
|
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
|
|
2022-05-09 17:04:40 +02:00
|
|
|
# Support IP forwarding to use this device as a Tailscale exit node.
|
|
|
|
|
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
|
|
|
|
|
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true;
|
2022-05-16 21:23:16 +02:00
|
|
|
# Additionall exit node settings that Tailscale recommends.
|
|
|
|
|
networking.firewall.checkReversePath = "loose";
|
2022-05-09 17:04:40 +02:00
|
|
|
|
2022-04-15 19:37:35 +02:00
|
|
|
time.timeZone = "America/Los_Angeles";
|
|
|
|
|
|
2022-04-13 04:08:31 +02:00
|
|
|
networking = {
|
|
|
|
|
# The global useDHCP flag is deprecated, therefore explicitly set to false
|
|
|
|
|
# here. Per-interface useDHCP will be mandatory in the future, so this
|
|
|
|
|
# generated config replicates the default behaviour.
|
|
|
|
|
useDHCP = false;
|
|
|
|
|
hostName = "ava";
|
|
|
|
|
networkmanager.enable = true;
|
|
|
|
|
interfaces.enp1s0.useDHCP = true;
|
|
|
|
|
interfaces.enp3s0.useDHCP = true;
|
|
|
|
|
interfaces.wlp2s0.useDHCP = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services = wpcarro.common.services // {
|
feat(wpcarro/ava): Support earlyoom
Strange start to my Monday where I spent ~2h debugging my hanging
NixOS. Strangely I'm not sure I made any changes to my configuration to trigger
this, and I was finding this hard to reproduce:
- graphical X sessions hung (once when opening Chrome)
- TTYs hung (during `nix-build` and `rebuild-system`)
Per kn's recommendations whenever a system is hanging, see if it's reachable
over the network (e.g. SSH). Since I didn't have my laptop, I downloaded Termius
on my iPhone, which I used to mosh into ava, which is a surprisingly nice UX.
I suspect my machine (with only 8GB of RAM) was OOMing, but I'm not
certain. Thanks to grfn I installed `earlyoom`. For more commentary, check-out
Profpatsch's blog post about this: https://profpatsch.de/notes/preventing-oom
What went well:
- Thankfully I installed a Matrix client on my iPhone last week, which allowed
me to troubleshoot with the #tvl folks
AIs:
- I'd like some instrumentation like Prometheus, Loki (`journald`, `dmesg`), so
that I can accumulate troubleshooting information that isn't destroyed when I
reboot my machine (which I did 1/2-dozen times today).
- Consider adding `git` metadata to `system.nixos.label` to get more useful
information in a GRUB/EFI context.
More unknowns:
- Why can't I switch back to EFI (from GRUB) for my bootloader?
Change-Id: Ie2a5a15f5c0ead346d50e331fa2937f8f3453960
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5625
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
2022-05-16 21:05:19 +02:00
|
|
|
# Check the amount of available memory and free swap a few times per second
|
|
|
|
|
# and kill the largest process if both are below 10%.
|
|
|
|
|
earlyoom.enable = true;
|
|
|
|
|
|
2022-05-09 17:09:47 +02:00
|
|
|
tailscale.enable = true;
|
|
|
|
|
|
2022-04-15 19:36:50 +02:00
|
|
|
openssh.enable = true;
|
|
|
|
|
|
2022-04-13 04:08:31 +02:00
|
|
|
xserver = {
|
|
|
|
|
enable = true;
|
|
|
|
|
layout = "us";
|
|
|
|
|
xkbOptions = "caps:escape";
|
|
|
|
|
displayManager = {
|
|
|
|
|
# Give EXWM permission to control the session (from tazjin's setup).
|
|
|
|
|
sessionCommands = "${pkgs.xorg.xhost}/bin/xhost +SI:localhost:$USER";
|
|
|
|
|
lightdm.enable = true;
|
|
|
|
|
};
|
|
|
|
|
windowManager.session = lib.singleton {
|
|
|
|
|
name = "exwm";
|
|
|
|
|
start = "${wpcarrosEmacs}/bin/wpcarros-emacs";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Enable sound.
|
|
|
|
|
sound.enable = true;
|
|
|
|
|
hardware.pulseaudio.enable = true;
|
|
|
|
|
|
|
|
|
|
users.mutableUsers = true;
|
2022-04-15 19:36:50 +02:00
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
|
|
|
wpcarro.keys.nathan
|
2022-05-23 05:19:27 +02:00
|
|
|
wpcarro.keys.tarasco
|
2022-04-15 19:36:50 +02:00
|
|
|
];
|
2022-04-13 04:08:31 +02:00
|
|
|
users.users.wpcarro = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
extraGroups = [
|
|
|
|
|
"networkmanager"
|
|
|
|
|
"wheel"
|
2022-04-15 19:36:09 +02:00
|
|
|
"docker"
|
2022-04-13 04:08:31 +02:00
|
|
|
];
|
|
|
|
|
shell = pkgs.fish;
|
2022-04-15 19:36:50 +02:00
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
wpcarro.keys.nathan
|
2022-05-23 05:19:27 +02:00
|
|
|
wpcarro.keys.tarasco
|
2022-04-15 19:36:50 +02:00
|
|
|
];
|
2022-04-13 04:08:31 +02:00
|
|
|
};
|
2022-05-09 17:12:12 +02:00
|
|
|
users.extraGroups.vboxusers.members = [ "wpcarro" ];
|
2022-04-13 04:08:31 +02:00
|
|
|
|
|
|
|
|
security.sudo.wheelNeedsPassword = false;
|
|
|
|
|
|
|
|
|
|
fonts = {
|
|
|
|
|
fonts = with pkgs; [
|
|
|
|
|
jetbrains-mono
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
fontconfig = {
|
|
|
|
|
defaultFonts = {
|
|
|
|
|
monospace = [ "JetBrains Mono" ];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2022-05-09 17:12:55 +02:00
|
|
|
programs = wpcarro.common.programs // {
|
|
|
|
|
mosh.enable = true;
|
|
|
|
|
};
|
2022-04-13 04:08:31 +02:00
|
|
|
|
2022-04-15 19:36:09 +02:00
|
|
|
virtualisation.docker.enable = true;
|
2022-05-09 17:12:12 +02:00
|
|
|
virtualisation.virtualbox.host.enable = true;
|
2022-04-15 19:36:09 +02:00
|
|
|
|
2022-04-13 04:08:31 +02:00
|
|
|
environment.variables = {
|
|
|
|
|
EDITOR = "emacsclient";
|
|
|
|
|
ALTERNATE_EDITOR = "emacs -q -nw";
|
|
|
|
|
VISUAL = "emacsclient";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
environment.systemPackages =
|
|
|
|
|
wpcarro.common.shell-utils ++
|
|
|
|
|
(with pkgs; [
|
|
|
|
|
alacritty
|
2022-05-16 21:22:31 +02:00
|
|
|
ec2-api-tools
|
2022-04-13 04:08:31 +02:00
|
|
|
firefox
|
|
|
|
|
google-chrome
|
2022-05-09 17:11:11 +02:00
|
|
|
httpie
|
2022-04-13 04:08:31 +02:00
|
|
|
pavucontrol
|
|
|
|
|
quasselClient
|
2022-05-09 17:10:12 +02:00
|
|
|
remmina
|
2022-04-13 04:08:31 +02:00
|
|
|
tdesktop
|
|
|
|
|
wpcarrosEmacs
|
|
|
|
|
xsecurelock
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
system.stateVersion = "21.11";
|
|
|
|
|
}
|