secranto: initial commit

hardware/system76_lemurPro.nix

@@ -0,0 +1,69 @@
+# Hardware configuration file for the System76 Lemur Pro v12 (lemp12)
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "thunderbolt" # USB4 and Thunderbolt 3 support
+        "sdhci_pci" # Secure Digital Host Controller Interface (SD cards)
+        "nvme" # NVMe drives (really fast SSDs)
+        "sd_mod" # SCSI disk support
+        "usb_storage" # USB Mass Storage support
+        "xhci_pci" # USB 3.0 (eXtensible Host Controller Interface)
+      ];
+      kernelModules = ["dm-snapshot"];
+      luks = {
+        devices = {
+          "cryptroot" = {
+            device = "/dev/disk/by-label/cryptroot";
+            allowDiscards = true;
+            preLVM = true;
+          };
+          #"cryptswap" = {
+          #  device = "/dev/disk/by-label/cryptswap";
+          #  #  keyFile = "/root/swap.key"; # enable encrypted hibernation & sleep
+          #};
+        };
+      };
+    };
+    kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/nixos";
+      fsType = "ext4";
+    };
+    "/boot" = {
+      device = "/dev/disk/by-label/EFI";
+      fsType = "vfat";
+    };
+  };
+
+  swapDevices = [
+    {
+      device = "/dev/disk/by-label/swap";
+      discardPolicy = "both";
+    }
+  ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nix.settings.max-jobs = lib.mkDefault 4;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware = {
+    cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+    system76 = {
+      enableAll = true; # all recommended configuration for system76 systems
+      power-daemon.enable = true;
+    };
+  };
+}

hosts/sercanto.nix

@@ -0,0 +1,130 @@
+# NixOS configuration for serĉanto
+{
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../hardware/system76_lemurPro.nix # Include results of the hardware scan.
+    ../profiles/cron-craige.nix # Provide Craige's cron jobs
+    ../profiles/desktopCraige.nix # Craige's desktop tools and apps
+    ../profiles/haskell-dev.nix # Haskell dev environment
+    ../profiles/host_common.nix # Common host configuration options
+    ../profiles/iog.nix # IOHK environment
+    ../profiles/keyboard.nix
+    ../profiles/neomutt.nix # Neomutt email
+    ../profiles/nix-community.nix # Nix community aarch64 tooling
+    ../profiles/nix-mio-ops.nix # mio-ops Nix tooling
+    ../profiles/nixpkgs-dev.nix # Nix pkgs dev tools
+    ../profiles/openssh.nix # Enable and configure openssh
+    ../profiles/pantheon.nix # Enable and configure the pantheon desktop
+    ../profiles/pipewire.nix # Enable and pipewire audio system
+    ../profiles/powerManagement.nix # Power management for laptops
+    ../profiles/xmonad.nix # Xmonad desktop environment
+    ../profiles/yubikey.nix # Yubikey tooling
+    ../secrets/craige.nix # Ssshhhhh!
+    ../secrets/root.nix # Ssshhhhh!
+    #../secrets/wireless.nix # Hey look! A squirrel!
+  ];
+
+  #deployment.targetHost = "10.42.0.180";
+  deployment.targetHost = "10.42.0.115";
+
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      permittedInsecurePackages = [
+        "openssl-1.0.2u"
+      ];
+    };
+    overlays = [(import ../overlays/ncmpcpp.nix)];
+  };
+
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+    kernel.sysctl."net.ipv4.ip_forward" = "1";
+    extraModprobeConfig = "options kvm_intel nested=1";
+  };
+
+  networking = {
+    hostName = "sercanto"; # Define your hostname.
+    networkmanager.enable = true; # Enables network support via NetworkManager.
+  };
+
+  fonts.fonts = with pkgs; [
+    anonymousPro
+    dejavu_fonts # A typeface family based on the Bitstream Vera fonts
+    fira-code # Monospace font with programming ligaturess
+    font-awesome
+    hack-font # A typeface designed for source code
+    jetbrains-mono
+    nerdfonts # Iconic font aggregator, collection, & patcher
+    open-sans # Used in in my polybar configuration
+    xkcd-font # Font based handwriting in xkcd comics
+  ];
+
+  # List packages installed in system profile. To search, run:
+  environment.systemPackages = with pkgs; [
+  ];
+
+  services = {
+    acpid.enable = true;
+    blueman.enable = true;
+    gvfs.enable = true; # required by pcmanfm
+    kbfs.enable = true;
+  };
+
+  networking.firewall = {
+    enable = true;
+    checkReversePath = false; # Needed for libvirtd
+    allowedTCPPorts = [15000];
+  };
+
+  # Virtualisation configuration:
+  virtualisation = {
+    libvirtd = {
+      enable = true; # Enable libvirtd
+      qemu = {
+        #package = pkgs.qemu_kvm;   # Enable guest only for the same arch
+        package = pkgs.qemu; # Enable full emulation
+        verbatimConfig = ''
+          user = "craige"
+          group = "libvirtd"
+        '';
+      };
+      onShutdown = "shutdown"; # Set gust VMs to shutdown on host shutdown
+      extraConfig = ''
+        disk_bus = "virtio"
+      '';
+    };
+  };
+
+  # Enable sound.
+  sound.enable = true;
+  hardware = {
+    bluetooth = {
+      enable = true;
+      settings = {Policy = {AutoEnable = "true";};};
+    };
+    opengl.enable = true;
+  };
+
+  # The below pair are set to overcome flakey connections / busy servers that
+  # fail to respond to ssh keep alive requests, sometimes triggering:
+  # client_loop: send disconnect: Broken pipe
+  programs.ssh.extraConfig = ''
+    ServerAliveInterval 20
+    TCPKeepAlive no
+  '';
+
+  users.groups = {lp.members = ["messagebus"];};
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "23.05"; # Did you read the comment?
+}

nixops.nix

@@ -28,6 +28,7 @@
   buaidheach = import hosts/buaidheach.nix;
   ceitidh = import hosts/ceitidh.nix;
   paidh-uachdar = import hosts/paidh-uachdar.nix;
+  sercanto = import hosts/sercanto.nix;
   sithlainnir = import hosts/sithlainnir.nix;
   teintidh = import hosts/teintidh.nix;
 }

profiles/desktopCraige.nix

@@ -1,4 +1,4 @@
-# Craige's desktop requirements
+# Craige's NixOS desktop requirements
 {
   config,
   pkgs,
@@ -14,12 +14,19 @@
   environment.systemPackages = with pkgs; [
     byobu # text-based window manager and terminal multiplexer.
     caprine-bin # an elegant Facebook Messenger desktop app
+    element-desktop # A feature-rich client for Matrix.org
+    enlightenment.terminology # Powerful terminal emulator based on EFL
     firefox # A web browser built from Firefox source tree
     gopass # password file manager
+    nvme-cli # NVM-Express user space tooling for Linux
+    pandoc # Conversion between documentation formats
     shared-mime-info # A database of common MIME types
+    signal-desktop # Private, simple, and secure messenger
     sweethome3d.application # design and visualise homes
+    taskwarrior # Highly flexible command-line tool to manage TODO lists
     termonad # Terminal emulator configurable in Haskell
     tor-browser-bundle-bin # Tor Browser Bundle built by torproject.org
+    vcsh # Version Control System for $HOME
     whalebird # Mastodon client
     yt-dlp # Command-line tool to download videos
   ];

profiles/powerManagement.nix

@@ -13,10 +13,23 @@
 
   services = {
     logind = {
-      lidSwitch = "hibernate";
+      lidSwitch = "suspend-then-hibernate";
       lidSwitchDocked = "ignore";
     };
-    tlp.enable = false;
+    thermald.enable = true;
+    auto-cpufreq = {
+      enable = true;
+      settings = {
+        battery = {
+          governor = "powersave";
+          turbo = "never";
+        };
+        charger = {
+          governor = "performance";
+          turbo = "auto";
+        };
+      };
+    };
     upower = {
       enable = true; # Enable application power managemetn support
       percentageCritical = 15;