mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(ops/nixos): Initial NixOS configuration for frog

Browse source 
This is mostly based on the nugget configuration, because frog
replaces nugget.
This commit is contained in:
Vincent Ambo 2020-06-11 12:21:00 +01:00
parent 3407baa756
commit eda1616242
3 changed files with 240 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ops/nixos/README.md
View file

@ -15,5 +15,6 @@ hostname.
## Configured hosts: ## Configured hosts:
* `frog` - weapon of mass computation at home
* `nugget` - desktop computer at home * `nugget` - desktop computer at home
* ~~`urdhva` - T470s~~ (currently with edef) * ~~`urdhva` - T470s~~ (currently with edef)

5
ops/nixos/default.nix
View file

@ -25,6 +25,10 @@ let
echo "Rebuilding NixOS for //ops/nixos/camden" echo "Rebuilding NixOS for //ops/nixos/camden"
system=$(nix-build -E '(import <depot> {}).ops.nixos.camdenSystem' --no-out-link) system=$(nix-build -E '(import <depot> {}).ops.nixos.camdenSystem' --no-out-link)
;; ;;
frog)
echo "Rebuilding NixOS for //ops/nixos/frog"
system=$(nix-build -E '(import <depot> {}).ops.nixos.frogSystem' --no-out-link)
;;
*) *)
echo "$HOSTNAME is not a known NixOS host!" >&2 echo "$HOSTNAME is not a known NixOS host!" >&2
exit 1 exit 1
@ -39,4 +43,5 @@ in {
nuggetSystem = systemFor [ depot.ops.nixos.nugget ]; nuggetSystem = systemFor [ depot.ops.nixos.nugget ];
camdenSystem = systemFor [ depot.ops.nixos.camden ]; camdenSystem = systemFor [ depot.ops.nixos.camden ];
frogSystem = systemFor [ depot.ops.nixos.frog ];
} }

234
ops/nixos/frog/default.nix Normal file
View file

@ -0,0 +1,234 @@
{ depot, lib, ... }:
config: let
nixpkgs = import depot.third_party.stableNixpkgsSrc {
config.allowUnfree = true;
};
unstable = import depot.third_party.nixpkgsSrc {};
lieer = (depot.third_party.lieer {});
# add google-c-style here because other machines get it from, eh,
# elsewhere.
frogEmacs = (depot.tools.emacs.overrideEmacs(epkgs: epkgs ++ [
depot.third_party.emacsPackages.google-c-style
]));
in depot.lib.fix(self: {
# TODO(tazjin): v4l2loopback
boot = {
tmpOnTmpfs = true;
kernelModules = [ "kvm-amd" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
luks.devices.frog-crypt.device = "/dev/disk-by-label/frog-crypt";
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
kernelModules = [ "dm-snapshot" ];
};
kernel.sysctl = {
"kernel.perf_event_paranoid" = 1;
};
};
hardware = {
pulseaudio.enable = true;
u2f.enable = true;
};
nix = {
maxJobs = 48;
nixPath = [
"depot=/depot"
"nixpkgs=${depot.third_party.nixpkgsSrc}"
];
};
nixpkgs.pkgs = nixpkgs;
networking = {
hostName = "frog";
useDHCP = false;
interfaces.enp67s0.useDHCP = true;
# Don't use ISP's DNS servers:
nameservers = [
"8.8.8.8"
"8.8.4.4"
];
firewall.enable = false;
};
# Generate an immutable /etc/resolv.conf from the nameserver settings
# above (otherwise DHCP overwrites it):
environment.etc."resolv.conf" = with lib; {
source = depot.third_party.writeText "resolv.conf" ''
${concatStringsSep "\n" (map (ns: "nameserver ${ns}") self.networking.nameservers)}
options edns0
'';
};
time.timeZone = "Europe/London";
fileSystems = {
"/".device = "/dev/disk/by-label/frog-root";
"/boot".device = "/dev/disk/by-label/BOOT";
"/home".device = "/dev/disk/by-label/frog-home";
};
# Configure user account
users.extraUsers.tazjin = {
extraGroups = [ "wheel" "audio" ];
isNormalUser = true;
uid = 1000;
shell = nixpkgs.fish;
};
security.sudo = {
enable = true;
extraConfig = "wheel ALL=(ALL:ALL) SETENV: ALL";
};
fonts = {
fonts = with nixpkgs; [
corefonts
dejavu_fonts
jetbrains-mono
noto-fonts-cjk
noto-fonts-emoji
];
fontconfig = {
hinting.enable = true;
subpixel.lcdfilter = "light";
defaultFonts = {
monospace = [ "JetBrains Mono" ];
};
};
};
# Configure location (Vauxhall, London) for services that need it.
location = {
latitude = 51.4819109;
longitude = -0.1252998;
};
programs.fish.enable = true;
programs.ssh.startAgent = true;
services.redshift.enable = true;
services.openssh.enable = true;
services.fstrim.enable = true;
# Required for Yubikey usage as smartcard
services.pcscd.enable = true;
services.udev.packages = [
nixpkgs.yubikey-personalization
];
services.xserver = {
enable = true;
layout = "us";
xkbOptions = "caps:super";
exportConfiguration = true;
videoDrivers = [ "amdgpu" "amdgpu-pro" ];
displayManager = {
# Give EXWM permission to control the session.
sessionCommands = "${nixpkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER";
lightdm.enable = true;
lightdm.greeters.gtk.clock-format = "%H·%M"; # TODO(tazjin): TZ?
};
windowManager.session = lib.singleton {
name = "exwm";
start = "${frogEmacs}/bin/tazjins-emacs";
};
};
# Do not restart the display manager automatically
systemd.services.display-manager.restartIfChanged = lib.mkForce false;
# clangd needs more than ~2GB in the runtime directory to start up
services.logind.extraConfig = ''
RuntimeDirectorySize=16G
'';
environment.systemPackages =
# programs from the depot
(with depot; [
fun.idual.script
lieer
frogEmacs
ops.kontemplate
third_party.ffmpeg
third_party.git
]) ++
# programs from nixpkgs
(with nixpkgs; [
age
bat
chromium
clang-manpages
clang-tools
clang_10
curl
direnv
dnsutils
emacs26 # mostly for emacsclient
exa
fd
gnupg
go
google-chrome
google-cloud-sdk
htop
hyperfine
i3lock
imagemagick
jq
kubectl
linuxPackages.perf
miller
msmtp
nix-prefetch-github
notmuch
openssh
openssl
pass
pavucontrol
pinentry
pinentry-emacs
pwgen
ripgrep
rr
rustup
scrot
spotify
steam
tokei
tree
unzip
vlc
xclip
yubico-piv-tool
yubikey-personalization
]) ++
# programs from unstable nixpkgs
(with unstable; [
zoxide
]);
# ... and other nonsense.
system.stateVersion = "20.03";
})