feat(ops/nixos): Initial NixOS configuration for frog
This is mostly based on the nugget configuration, because frog replaces nugget.
This commit is contained in:
parent
3407baa756
commit
eda1616242
3 changed files with 240 additions and 0 deletions
|
@ -15,5 +15,6 @@ hostname.
|
|||
|
||||
## Configured hosts:
|
||||
|
||||
* `frog` - weapon of mass computation at home
|
||||
* `nugget` - desktop computer at home
|
||||
* ~~`urdhva` - T470s~~ (currently with edef)
|
||||
|
|
|
@ -25,6 +25,10 @@ let
|
|||
echo "Rebuilding NixOS for //ops/nixos/camden"
|
||||
system=$(nix-build -E '(import <depot> {}).ops.nixos.camdenSystem' --no-out-link)
|
||||
;;
|
||||
frog)
|
||||
echo "Rebuilding NixOS for //ops/nixos/frog"
|
||||
system=$(nix-build -E '(import <depot> {}).ops.nixos.frogSystem' --no-out-link)
|
||||
;;
|
||||
*)
|
||||
echo "$HOSTNAME is not a known NixOS host!" >&2
|
||||
exit 1
|
||||
|
@ -39,4 +43,5 @@ in {
|
|||
|
||||
nuggetSystem = systemFor [ depot.ops.nixos.nugget ];
|
||||
camdenSystem = systemFor [ depot.ops.nixos.camden ];
|
||||
frogSystem = systemFor [ depot.ops.nixos.frog ];
|
||||
}
|
||||
|
|
234
ops/nixos/frog/default.nix
Normal file
234
ops/nixos/frog/default.nix
Normal file
|
@ -0,0 +1,234 @@
|
|||
{ depot, lib, ... }:
|
||||
|
||||
config: let
|
||||
nixpkgs = import depot.third_party.stableNixpkgsSrc {
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
|
||||
unstable = import depot.third_party.nixpkgsSrc {};
|
||||
lieer = (depot.third_party.lieer {});
|
||||
|
||||
# add google-c-style here because other machines get it from, eh,
|
||||
# elsewhere.
|
||||
frogEmacs = (depot.tools.emacs.overrideEmacs(epkgs: epkgs ++ [
|
||||
depot.third_party.emacsPackages.google-c-style
|
||||
]));
|
||||
in depot.lib.fix(self: {
|
||||
# TODO(tazjin): v4l2loopback
|
||||
|
||||
boot = {
|
||||
tmpOnTmpfs = true;
|
||||
kernelModules = [ "kvm-amd" ];
|
||||
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
|
||||
initrd = {
|
||||
luks.devices.frog-crypt.device = "/dev/disk-by-label/frog-crypt";
|
||||
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
|
||||
kernelModules = [ "dm-snapshot" ];
|
||||
};
|
||||
|
||||
kernel.sysctl = {
|
||||
"kernel.perf_event_paranoid" = 1;
|
||||
};
|
||||
};
|
||||
|
||||
hardware = {
|
||||
pulseaudio.enable = true;
|
||||
u2f.enable = true;
|
||||
};
|
||||
|
||||
nix = {
|
||||
maxJobs = 48;
|
||||
nixPath = [
|
||||
"depot=/depot"
|
||||
"nixpkgs=${depot.third_party.nixpkgsSrc}"
|
||||
];
|
||||
};
|
||||
|
||||
nixpkgs.pkgs = nixpkgs;
|
||||
|
||||
networking = {
|
||||
hostName = "frog";
|
||||
useDHCP = false;
|
||||
interfaces.enp67s0.useDHCP = true;
|
||||
|
||||
# Don't use ISP's DNS servers:
|
||||
nameservers = [
|
||||
"8.8.8.8"
|
||||
"8.8.4.4"
|
||||
];
|
||||
|
||||
firewall.enable = false;
|
||||
};
|
||||
|
||||
# Generate an immutable /etc/resolv.conf from the nameserver settings
|
||||
# above (otherwise DHCP overwrites it):
|
||||
environment.etc."resolv.conf" = with lib; {
|
||||
source = depot.third_party.writeText "resolv.conf" ''
|
||||
${concatStringsSep "\n" (map (ns: "nameserver ${ns}") self.networking.nameservers)}
|
||||
options edns0
|
||||
'';
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/London";
|
||||
|
||||
fileSystems = {
|
||||
"/".device = "/dev/disk/by-label/frog-root";
|
||||
"/boot".device = "/dev/disk/by-label/BOOT";
|
||||
"/home".device = "/dev/disk/by-label/frog-home";
|
||||
};
|
||||
|
||||
# Configure user account
|
||||
users.extraUsers.tazjin = {
|
||||
extraGroups = [ "wheel" "audio" ];
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
shell = nixpkgs.fish;
|
||||
};
|
||||
|
||||
security.sudo = {
|
||||
enable = true;
|
||||
extraConfig = "wheel ALL=(ALL:ALL) SETENV: ALL";
|
||||
};
|
||||
|
||||
fonts = {
|
||||
fonts = with nixpkgs; [
|
||||
corefonts
|
||||
dejavu_fonts
|
||||
jetbrains-mono
|
||||
noto-fonts-cjk
|
||||
noto-fonts-emoji
|
||||
];
|
||||
|
||||
fontconfig = {
|
||||
hinting.enable = true;
|
||||
subpixel.lcdfilter = "light";
|
||||
|
||||
defaultFonts = {
|
||||
monospace = [ "JetBrains Mono" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Configure location (Vauxhall, London) for services that need it.
|
||||
location = {
|
||||
latitude = 51.4819109;
|
||||
longitude = -0.1252998;
|
||||
};
|
||||
|
||||
programs.fish.enable = true;
|
||||
programs.ssh.startAgent = true;
|
||||
|
||||
services.redshift.enable = true;
|
||||
services.openssh.enable = true;
|
||||
services.fstrim.enable = true;
|
||||
|
||||
# Required for Yubikey usage as smartcard
|
||||
services.pcscd.enable = true;
|
||||
services.udev.packages = [
|
||||
nixpkgs.yubikey-personalization
|
||||
];
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
layout = "us";
|
||||
xkbOptions = "caps:super";
|
||||
exportConfiguration = true;
|
||||
videoDrivers = [ "amdgpu" "amdgpu-pro" ];
|
||||
|
||||
displayManager = {
|
||||
# Give EXWM permission to control the session.
|
||||
sessionCommands = "${nixpkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER";
|
||||
|
||||
lightdm.enable = true;
|
||||
lightdm.greeters.gtk.clock-format = "%H·%M"; # TODO(tazjin): TZ?
|
||||
};
|
||||
|
||||
windowManager.session = lib.singleton {
|
||||
name = "exwm";
|
||||
start = "${frogEmacs}/bin/tazjins-emacs";
|
||||
};
|
||||
};
|
||||
|
||||
# Do not restart the display manager automatically
|
||||
systemd.services.display-manager.restartIfChanged = lib.mkForce false;
|
||||
|
||||
# clangd needs more than ~2GB in the runtime directory to start up
|
||||
services.logind.extraConfig = ''
|
||||
RuntimeDirectorySize=16G
|
||||
'';
|
||||
|
||||
environment.systemPackages =
|
||||
# programs from the depot
|
||||
(with depot; [
|
||||
fun.idual.script
|
||||
lieer
|
||||
frogEmacs
|
||||
ops.kontemplate
|
||||
third_party.ffmpeg
|
||||
third_party.git
|
||||
]) ++
|
||||
|
||||
# programs from nixpkgs
|
||||
(with nixpkgs; [
|
||||
age
|
||||
bat
|
||||
chromium
|
||||
clang-manpages
|
||||
clang-tools
|
||||
clang_10
|
||||
curl
|
||||
direnv
|
||||
dnsutils
|
||||
emacs26 # mostly for emacsclient
|
||||
exa
|
||||
fd
|
||||
gnupg
|
||||
go
|
||||
google-chrome
|
||||
google-cloud-sdk
|
||||
htop
|
||||
hyperfine
|
||||
i3lock
|
||||
imagemagick
|
||||
jq
|
||||
kubectl
|
||||
linuxPackages.perf
|
||||
miller
|
||||
msmtp
|
||||
nix-prefetch-github
|
||||
notmuch
|
||||
openssh
|
||||
openssl
|
||||
pass
|
||||
pavucontrol
|
||||
pinentry
|
||||
pinentry-emacs
|
||||
pwgen
|
||||
ripgrep
|
||||
rr
|
||||
rustup
|
||||
scrot
|
||||
spotify
|
||||
steam
|
||||
tokei
|
||||
tree
|
||||
unzip
|
||||
vlc
|
||||
xclip
|
||||
yubico-piv-tool
|
||||
yubikey-personalization
|
||||
]) ++
|
||||
|
||||
# programs from unstable nixpkgs
|
||||
(with unstable; [
|
||||
zoxide
|
||||
]);
|
||||
|
||||
# ... and other nonsense.
|
||||
system.stateVersion = "20.03";
|
||||
})
|
Loading…
Reference in a new issue