mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tvl-depot/ops/nixos/nugget/default.nix
Vincent Ambo c5806a44a7 feat(ops/nixos/nugget): Add camden to /etc/hosts 
At the moment there is no other way for requests from nugget to camden
to resolve correctly, as the Hyperoptic router is eating this traffic
on the LAN.
2020-02-12 01:11:10 +00:00

259 lines
5.6 KiB
Nix
Raw Blame History

# This file configures nugget, my home desktop machine.
{ pkgs, lib, ... }:
config: let
nixpkgs = import pkgs.third_party.nixpkgsSrc {
config.allowUnfree = true;
};
lieer = (pkgs.third_party.lieer {});
in pkgs.lib.fix(self: {
imports = [
../modules/tailscale.nix
];
hardware = {
pulseaudio.enable = true;
cpu.intel.updateMicrocode = true;
u2f.enable = true;
};
boot = {
cleanTmpDir = true;
kernelModules = [ "kvm-intel" ];
loader = {
timeout = 3;
systemd-boot.enable = true;
efi.canTouchEfiVariables = false;
};
initrd = {
luks.devices.nugget-crypt.device = "/dev/disk/by-label/nugget-crypt";
availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
kernelModules = [ "dm-snapshot" ];
};
};
nix = {
nixPath = [
"depot=/home/tazjin/depot"
"nixpkgs=${pkgs.third_party.nixpkgsSrc}"
];
};
nixpkgs.pkgs = nixpkgs;
networking = {
hostName = "nugget";
useDHCP = false;
interfaces.eno1.useDHCP = true;
interfaces.wlp7s0.useDHCP = true;
# Don't use ISP's DNS servers:
nameservers = [
"8.8.8.8"
"8.8.4.4"
];
# Open Chromecast-related ports & servedir
firewall.enable = false;
firewall.allowedTCPPorts = [ 4242 5556 5558 ];
# Connect to the WiFi to let the Chromecast work.
wireless.enable = true;
wireless.networks = {
"How do I computer?" = {
psk = "washyourface";
};
};
# The current home router can't forward ports on the local
# network, but I'd like to test if camden is serving the correct
# certificates.
extraHosts = ''
192.168.1.205 camden camden.tazj.in git.camden.tazj.in
'';
};
# Generate an immutable /etc/resolv.conf from the nameserver settings
# above (otherwise DHCP overwrites it):
environment.etc."resolv.conf" = with lib; with pkgs; {
source = writeText "resolv.conf" ''
${concatStringsSep "\n" (map (ns: "nameserver ${ns}") self.networking.nameservers)}
options edns0
'';
};
time.timeZone = "Europe/London";
environment.systemPackages =
# programs from the depot
(with pkgs; [
lieer
ops.kontemplate
third_party.git
third_party.guile
third_party.tailscale
tools.emacs
]) ++
# programs from nixpkgs
(with nixpkgs; [
age
bat
cachix
chromium
curl
direnv
dnsutils
exa
fd
gnupg
go
google-chrome
google-cloud-sdk
htop
i3lock
imagemagick
jq
keybase-gui
kubectl
miller
msmtp
nix-prefetch-github
notmuch
openssh
openssl
pass
pavucontrol
pinentry
pinentry-emacs
pwgen
ripgrep
rustup
sbcl
scrot
spotify
tokei
tree
unzip
vlc
xclip
yubico-piv-tool
yubikey-personalization
]);
fileSystems = {
"/".device = "/dev/disk/by-label/nugget-root";
"/boot".device = "/dev/disk/by-label/EFI";
"/home".device = "/dev/disk/by-label/nugget-home";
};
# Configure user account
users.extraUsers.tazjin = {
extraGroups = [ "wheel" "audio" ];
isNormalUser = true;
uid = 1000;
shell = nixpkgs.fish;
};
security.sudo = {
enable = true;
extraConfig = "wheel ALL=(ALL:ALL) SETENV: ALL";
};
fonts = {
fonts = with nixpkgs; [
corefonts
dejavu_fonts
input-fonts
jetbrains-mono
noto-fonts-cjk
noto-fonts-emoji
];
fontconfig = {
hinting.enable = true;
subpixel.lcdfilter = "light";
defaultFonts = {
monospace = [ "JetBrains Mono" ];
};
};
};
# Configure location (Vauxhall, London) for services that need it.
location = {
latitude = 51.4819109;
longitude = -0.1252998;
};
programs.fish.enable = true;
services.redshift.enable = true;
services.openssh.enable = true;
services.keybase.enable = true;
# Required for Yubikey usage as smartcard
services.pcscd.enable = true;
services.udev.packages = [
nixpkgs.yubikey-personalization
];
services.xserver = {
enable = true;
layout = "us";
xkbOptions = "caps:super";
exportConfiguration = true;
videoDrivers = [ "nvidia" ];
displayManager = {
# Give EXWM permission to control the session.
sessionCommands = "${nixpkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER";
lightdm.enable = true;
lightdm.greeters.gtk.clock-format = "%H·%M";
};
windowManager.session = pkgs.lib.singleton {
name = "exwm";
start = "${pkgs.tools.emacs}/bin/tazjins-emacs";
};
};
# Do not restart the display manager automatically
systemd.services.display-manager.restartIfChanged = lib.mkForce false;
# Configure email setup
systemd.user.services.lieer-tazjin = {
description = "Synchronise mail@tazj.in via lieer";
script = "${lieer}/bin/gmi sync";
serviceConfig = {
WorkingDirectory = "%h/mail/account.tazjin";
Type = "oneshot";
};
};
systemd.user.timers.lieer-tazjin = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnActiveSec = "1";
OnUnitActiveSec = "180";
};
};
# Use Tailscale \o/
services.tailscale = {
enable = true;
relayConf = "/etc/tailscale/relay.conf";
aclFile = null; # allow all traffic for testing
package = pkgs.third_party.tailscale;
};
# ... and other nonsense.
system.stateVersion = "19.09";
})
Reference in a new issue View git blame Copy permalink