feat(ops/nixos): Check in updated system configuration for 'nugget'

This is the rebrand of the desktop machine, now running a config straight out of the depot.
2020-01-04 22:32:41 +00:00 · 2020-01-04 22:32:41 +00:00 · 63dc41bcf3
commit 63dc41bcf3
parent 496648f237
3 changed files with 193 additions and 55 deletions
--- a/ops/nixos/README.md
+++ b/ops/nixos/README.md
@ -5,19 +5,15 @@ My NixOS configuration! It configures most of the packages I require
 on my systems, sets up Emacs the way I need and does a bunch of other
 interesting things.

-In contrast with earlier versions of this configuration, the Nix
-channel versions are now pinned in Nix (see the beginning of
-[packages.nix][]).
+System configuration lives in folders for each machine and a custom
+fixed point evaluation (similar to standard NixOS module
+configuration) is used to combine configuration together.

-Machine-local configuration is kept in files with the naming scheme
-`$hostname-configuration.nix` and **must** be symlinked to
-`local-configuration.nix` before the first configuration run.
+Building `ops.nixos.depot-switcher` yields a script that will
+automatically build and activate the newest configuration based on the
+current hostname.

-I'm publishing this repository (and my [emacs configuration][]) as a
-convenience for myself, but also as a resource that people looking for
-example Nix or Emacs configurations can browse through.
+## Configured hosts:

-Feel free to ping me with any questions you might have.
-
-[packages.nix]: packages.nix
-[emacs configuration]: https://github.com/tazjin/emacs.d
+* `nugget` - desktop computer at home
+* ~~`urdhva` - T470s~~ (currently with edef)
--- a/ops/nixos/default.nix
+++ b/ops/nixos/default.nix
@ -1,48 +1,15 @@
 { pkgs, ... }:

 let
-  inherit (pkgs) third_party lib;
-  configuration = rec {
-    boot.loader.systemd-boot.enable = true;
-    boot.loader.efi.canTouchEfiVariables = true;
-    boot.cleanTmpDir = true;
-    hardware.pulseaudio.enable = true;
-    hardware.cpu.intel.updateMicrocode = true;
-    time.timeZone = "Europe/London";
+  inherit (pkgs) lib;
+  inherit (builtins) foldl';

-    networking = {
-      # Don't use ISP's DNS servers:
-      nameservers = [
-        "8.8.8.8"
-        "8.8.4.4"
-      ];
-
-      # Open Chromecast-related ports & servedir
-      firewall.allowedTCPPorts = [ 3000 5556 5558 ];
-    };
-
-    # Generate an immutable /etc/resolv.conf from the nameserver settings
-    # above (otherwise DHCP overwrites it):
-    environment.etc."resolv.conf" = with lib; with pkgs; {
-      source = writeText "resolv.conf" ''
-        ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") networking.nameservers)}
-        options edns0
-      '';
-    };
-
-    nixpkgs.config.allowUnfree = true;
-  };
-
-  # Desktop at home
-  stallo = {
-    networking.hostName = "stallo";
-    services.xserver.videoDrivers = [ "nvidia" ];
-    boot.initrd.luks.devices.stallo-luks.device = "/dev/disk/by-uuid/b484cf1e-a27b-4785-8bd6-fa85a004b073";
-
-    fileSystems."/".device = "/dev/disk/by-label/stallo-root";
-  };
+  systemFor = configs: (pkgs.third_party.nixos {
+    configuration = lib.fix(config:
+      foldl' lib.recursiveUpdate {} (map (c: c config) configs)
+    );
+  }).system;
 in {
-  stallo = third_party.nixos {
-    configuration = lib.recursiveUpdate configuration stallo;
-  };
+  # TODO(tazjin): rename 'pkgs' -> 'depot'?
+  nuggetSystem = systemFor [ pkgs.ops.nixos.nugget ];
 }
--- a/ops/nixos/nugget/default.nix
+++ b/ops/nixos/nugget/default.nix
@ -0,0 +1,175 @@
+# This file contains the configuration for my home desktop.
+
+{ pkgs, ... }:
+
+config: let
+  inherit (pkgs) lib;
+
+  nixpkgs = import pkgs.third_party.nixpkgsSrc {
+    config.allowUnfree = true;
+  };
+in pkgs.lib.fix(self: {
+  hardware = {
+    pulseaudio.enable = true;
+    cpu.intel.updateMicrocode = true;
+  };
+
+  boot = {
+    cleanTmpDir = true;
+    kernelModules = [ "kvm-intel" ];
+
+    loader = {
+      timeout = 3;
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = false;
+    };
+
+    initrd = {
+      luks.devices.nugget-crypt.device = "/dev/disk/by-label/nugget-crypt";
+      availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+      kernelModules = [ "dm-snapshot" ];
+    };
+  };
+
+  nix = {
+    nixPath = [
+      "depot=/home/tazjin/depot"
+      "nixpkgs=${pkgs.third_party.nixpkgsSrc}"
+    ];
+  };
+
+  nixpkgs.pkgs = nixpkgs;
+
+  networking = {
+    hostName = "nugget";
+    useDHCP = false;
+    interfaces.eno1.useDHCP = true;
+    interfaces.wlp7s0.useDHCP = true;
+
+    # Don't use ISP's DNS servers:
+    nameservers = [
+      "8.8.8.8"
+      "8.8.4.4"
+    ];
+
+    # Open Chromecast-related ports & servedir
+    firewall.allowedTCPPorts = [ 4242 5556 5558 ];
+  };
+
+  # Generate an immutable /etc/resolv.conf from the nameserver settings
+  # above (otherwise DHCP overwrites it):
+  environment.etc."resolv.conf" = with lib; with pkgs; {
+    source = writeText "resolv.conf" ''
+      ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") self.networking.nameservers)}
+      options edns0
+    '';
+  };
+
+  time.timeZone = "Europe/London";
+
+  environment.systemPackages =
+    # programs from the depot
+    (with pkgs; [
+      (third_party.lieer {})
+      ops.kontemplate
+      third_party.git
+      tools.emacs
+    ]) ++
+
+    # programs from nixpkgs
+    (with nixpkgs; [
+      age
+      bat
+      chromium
+      curl
+      direnv
+      dnsutils
+      exa
+      fd
+      gnupg
+      go
+      htop
+      jq
+      notmuch
+      openssh
+      openssl
+      pass
+      pavucontrol
+      pinentry
+      pinentry-emacs
+      pwgen
+      ripgrep
+      rustup
+      spotify
+      tokei
+      tree
+      vlc
+      xclip
+    ]);
+
+    fileSystems = {
+      "/".device = "/dev/disk/by-label/nugget-root";
+      "/boot".device = "/dev/disk/by-label/EFI";
+      "/home".device = "/dev/disk/by-label/nugget-home";
+    };
+
+    # Configure user account
+    users.extraUsers.tazjin = {
+      extraGroups = [ "wheel" "audio" ];
+      isNormalUser = true;
+      uid = 1000;
+      shell = nixpkgs.fish;
+    };
+
+    security.sudo = {
+      enable = true;
+      extraConfig = "wheel ALL=(ALL:ALL) SETENV: ALL";
+    };
+
+    fonts = {
+      fonts = with nixpkgs; [
+        corefonts
+        input-fonts
+        noto-fonts-cjk
+        noto-fonts-emoji
+      ];
+    };
+
+    # Configure location (Vauxhall, London) for services that need it.
+    location = {
+      latitude = 51.4819109;
+      longitude = -0.1252998;
+    };
+
+    programs.fish.enable = true;
+
+    services.redshift.enable = true;
+    services.openssh.enable = true;
+
+    services.xserver = {
+      enable = true;
+      layout = "us";
+      xkbOptions = "caps:super";
+      exportConfiguration = true;
+      videoDrivers = [ "nvidia" ];
+
+      displayManager = {
+        # Give EXWM permission to control the session.
+        sessionCommands = "${nixpkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER";
+
+        lightdm.enable = true;
+        lightdm.greeters.gtk.clock-format = "%H·%M";
+      };
+
+      windowManager.session = pkgs.lib.singleton {
+        name = "exwm";
+        start = "${pkgs.tools.emacs}/bin/tazjins-emacs";
+      };
+    };
+
+    # Do not restart the display manager automatically
+    systemd.services.display-manager.restartIfChanged = lib.mkForce false;
+
+    # ... and other nonsense.
+    system.stateVersion = "19.09";
+})