tvl-depot/users/tazjin/nixos/frog/default.nix
Vincent Ambo 3633d846f8 chore(3p/sources): bump channels & overlays (2024-03-17)
In hope that iwlwifi works again on this commit, and I don't actually
have to debug it.

Includes following changes:

* users/aspen: home-manager is shuffling around pinentry options again
* users/flokli: rebase ipu6-softisp patches to Linux 6.8
                make cl/11097 a separate patch
* ops/modules: remove unused (and now broken) v4l2loopback module

Co-Authored-By: Florian Klink <flokli@flokli.de>
Change-Id: I763f1f075778f2ed8db7803f87248c9dabde4213
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11174
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: aspen <root@gws.fyi>
Reviewed-by: flokli <flokli@flokli.de>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2024-03-18 16:28:40 +00:00

280 lines
5.7 KiB
Nix

{ depot, lib, pkgs, ... }:
config:
let
inherit (pkgs) lieer;
quasselClient = pkgs.quassel.override {
client = true;
enableDaemon = false;
monolithic = false;
};
in
lib.fix (self: {
boot = {
tmp.useTmpfs = true;
kernelModules = [ "kvm-amd" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
luks.devices.frog-crypt.device = "/dev/disk/by-label/frog-crypt";
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
kernelModules = [ "dm-snapshot" ];
};
kernelPackages = pkgs.linuxPackages_latest;
kernel.sysctl = {
"kernel.perf_event_paranoid" = -1;
};
# Enable this again if frog is put back into use ...
#
# kernelPatches = [
# depot.third_party.kernelPatches.trx40_usb_audio
# ];
};
hardware = {
cpu.amd.updateMicrocode = true;
enableRedistributableFirmware = true;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
};
bluetooth = {
enable = true;
};
};
nix.settings = {
max-jobs = 48;
substituters = [ "ssh://nix-ssh@whitby.tvl.fyi" ];
};
networking = {
hostName = "frog";
useDHCP = true;
# Don't use ISP's DNS servers:
nameservers = [
"8.8.8.8"
"8.8.4.4"
];
firewall.enable = false;
};
# Generate an immutable /etc/resolv.conf from the nameserver settings
# above (otherwise DHCP overwrites it):
environment.etc."resolv.conf" = with lib; {
source = pkgs.writeText "resolv.conf" ''
${concatStringsSep "\n" (map (ns: "nameserver ${ns}") self.networking.nameservers)}
options edns0
'';
};
time.timeZone = "Europe/London";
fileSystems = {
"/".device = "/dev/disk/by-label/frog-root";
"/boot".device = "/dev/disk/by-label/BOOT";
"/home".device = "/dev/disk/by-label/frog-home";
};
# Configure user account
users.extraUsers.tazjin = {
extraGroups = [ "wheel" "audio" "docker" ];
isNormalUser = true;
uid = 1000;
shell = pkgs.fish;
};
security.sudo = {
enable = true;
extraConfig = "wheel ALL=(ALL:ALL) SETENV: ALL";
};
fonts = {
packages = with pkgs; [
corefonts
dejavu_fonts
jetbrains-mono
noto-fonts-cjk
noto-fonts-emoji
];
fontconfig = {
hinting.enable = true;
subpixel.lcdfilter = "light";
defaultFonts = {
monospace = [ "JetBrains Mono" ];
};
};
};
# Configure location (Vauxhall, London) for services that need it.
location = {
latitude = 51.4819109;
longitude = -0.1252998;
};
programs.fish.enable = true;
programs.ssh.startAgent = true;
services.redshift.enable = true;
services.openssh.enable = true;
services.fstrim.enable = true;
services.blueman.enable = true;
# Required for Yubikey usage as smartcard
services.pcscd.enable = true;
services.udev.packages = [
pkgs.yubikey-personalization
];
# Enable Docker for Nixery testing
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
services.xserver = {
enable = true;
xkb.layout = "us";
xkb.options = "caps:super";
exportConfiguration = true;
videoDrivers = [ "amdgpu" ];
displayManager = {
# Give EXWM permission to control the session.
sessionCommands = "${pkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER";
lightdm.enable = true;
lightdm.greeters.gtk.clock-format = "%H·%M"; # TODO(tazjin): TZ?
};
windowManager.session = lib.singleton {
name = "exwm";
start = "${depot.users.tazjin.emacs}/bin/tazjins-emacs";
};
};
# Do not restart the display manager automatically
systemd.services.display-manager.restartIfChanged = lib.mkForce false;
# clangd needs more than ~2GB in the runtime directory to start up
services.logind.extraConfig = ''
RuntimeDirectorySize=16G
'';
# Configure email setup
systemd.user.services.lieer-tazjin = {
description = "Synchronise mail@tazj.in via lieer";
script = "${lieer}/bin/gmi sync";
serviceConfig = {
WorkingDirectory = "%h/mail/account.tazjin";
Type = "oneshot";
};
};
systemd.user.timers.lieer-tazjin = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnActiveSec = "1";
OnUnitActiveSec = "180";
};
};
environment.systemPackages =
# programs from the depot
(with depot; [
fun.idual.script
fun.uggc
lieer
ops.kontemplate
quasselClient
third_party.git
tools.nsfv-setup
users.tazjin.emacs
]) ++
# programs from nixpkgs
(with pkgs; [
age
bat
chromium
clang-manpages
clang-tools
clang
curl
direnv
dnsutils
emacs28 # mostly for emacsclient
fd
file
gdb
gnupg
go
google-chrome
google-cloud-sdk
htop
hyperfine
i3lock
iftop
imagemagick
jq
kubectl
linuxPackages.perf
man-pages
miller
msmtp
nix-prefetch-github
notmuch
obs-studio
openssh
openssl
pass
pavucontrol
pciutils
pinentry
pinentry-emacs
pmutils
pwgen
ripgrep
rustup
screen
spotify
tokei
transmission
tree
unzip
usbutils
v4l-utils
vlc
xclip
xsecurelock
yubico-piv-tool
yubikey-personalization
zoxide
# Commented out because of interim breakage:
# steam
# lutris
]);
# ... and other nonsense.
system.stateVersion = "20.03";
})