Compare commits
13 commits
6f16d8ec34
...
300d1faec4
Author | SHA1 | Date | |
---|---|---|---|
Serĉanto de Scio | 300d1faec4 | ||
Serĉanto de Scio | c22947904b | ||
Serĉanto de Scio | 4ec35cd3bb | ||
Serĉanto de Scio | 4e59145aed | ||
Serĉanto de Scio | b4113339bf | ||
Serĉanto de Scio | 46d257c88f | ||
Serĉanto de Scio | 251995a0d1 | ||
Serĉanto de Scio | a221cd55d8 | ||
Serĉanto de Scio | 92f4dc765e | ||
Serĉanto de Scio | 82768c9c00 | ||
Serĉanto de Scio | 0a4dd89312 | ||
Serĉanto de Scio | 6591292e47 | ||
Serĉanto de Scio | b339590cef |
|
@ -19,7 +19,7 @@
|
|||
"sd_mod" # SCSI disk support
|
||||
];
|
||||
};
|
||||
kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd
|
||||
kernelModules = ["hid_multitouch" "kvm-intel" "psmouse"]; # Enable kvm for libvirtd
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
|
|
|
@ -26,10 +26,11 @@
|
|||
allowDiscards = true;
|
||||
preLVM = true;
|
||||
};
|
||||
#"cryptswap" = {
|
||||
# device = "/dev/disk/by-label/cryptswap";
|
||||
# # keyFile = "/root/swap.key"; # enable encrypted hibernation & sleep
|
||||
#};
|
||||
"cryptmirror" = {
|
||||
device = "/dev/disk/by-label/cryptmirror";
|
||||
allowDiscards = true;
|
||||
preLVM = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -45,6 +46,10 @@
|
|||
device = "/dev/disk/by-label/EFI";
|
||||
fsType = "vfat";
|
||||
};
|
||||
"/var/lib/backup" = {
|
||||
device = "/dev/disk/by-label/backup";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
|
|
74
hardware/system76_thelioMira.nix
Normal file
74
hardware/system76_thelioMira.nix
Normal file
|
@ -0,0 +1,74 @@
|
|||
# Hardware configuration file for the System76 Thelio Mira
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}: {
|
||||
imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
"ahci"
|
||||
"nvme" # NVMe drives (really fast SSDs)
|
||||
"sd_mod" # SCSI disk support
|
||||
"usb_storage" # USB Mass Storage support
|
||||
"usbhid"
|
||||
"xhci_pci" # USB 3.0 (eXtensible Host Controller Interface)
|
||||
];
|
||||
kernelModules = ["dm-snapshot"];
|
||||
luks = {
|
||||
devices = {
|
||||
"cryptroot" = {
|
||||
device = "/dev/disk/by-label/cryptroot";
|
||||
allowDiscards = true;
|
||||
preLVM = true;
|
||||
};
|
||||
"cryptstore" = {
|
||||
device = "/dev/disk/by-label/cryptstore";
|
||||
allowDiscards = true;
|
||||
preLVM = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext4";
|
||||
};
|
||||
"/nix" = {
|
||||
device = "/dev/disk/by-label/nixStore";
|
||||
fsType = "ext4";
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-uuid/677E-FD28";
|
||||
fsType = "vfat";
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{
|
||||
device = "/dev/disk/by-label/swap";
|
||||
discardPolicy = "both";
|
||||
}
|
||||
];
|
||||
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
|
||||
nix.settings.max-jobs = lib.mkDefault 12;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware = {
|
||||
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
system76 = {
|
||||
enableAll = true; # all recommended configuration for system76 systems
|
||||
power-daemon.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -15,7 +15,7 @@
|
|||
../profiles/ipv6.nix
|
||||
../profiles/mastodon.nix
|
||||
../profiles/matrix.nix
|
||||
#../profiles/mcwhirter.io.nix
|
||||
../profiles/mcwhirter.io.nix
|
||||
../profiles/minecraftServer.nix
|
||||
../profiles/nextcloud.nix
|
||||
../profiles/nixpkgs-dev.nix
|
||||
|
@ -41,6 +41,11 @@
|
|||
sshHostname = "tmate.mcwhirter.io";
|
||||
};
|
||||
nginx = {
|
||||
virtualHosts."git.mcwhirter.io" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
globalRedirect = "reciproka.dev"; # Redirect permanently to the host
|
||||
};
|
||||
virtualHosts."source.mcwhirter.io" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
@ -51,6 +56,7 @@
|
|||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
certs = {"git.mcwhirter.io" = {email = "craige@mcwhirter.io";};};
|
||||
certs = {"source.mcwhirter.io" = {email = "craige@mcwhirter.io";};};
|
||||
};
|
||||
|
||||
|
|
126
hosts/sanganto.nix
Normal file
126
hosts/sanganto.nix
Normal file
|
@ -0,0 +1,126 @@
|
|||
# NixOS configuration for ŝanĝanto
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
../hardware/system76_thelioMira.nix # Include results of the hardware scan.
|
||||
../profiles/cron-craige.nix # Provide Craige's cron jobs
|
||||
../profiles/desktopCraige.nix # Craige's desktop tools and apps
|
||||
../profiles/haskell-dev.nix # Haskell dev environment
|
||||
../profiles/host_common.nix # Common host configuration options
|
||||
../profiles/iog.nix # IOHK environment
|
||||
../profiles/keyboard.nix
|
||||
../profiles/neomutt.nix # Neomutt email
|
||||
../profiles/nix-community.nix # Nix community aarch64 tooling
|
||||
../profiles/nixpkgs-dev.nix # Nix pkgs dev tools
|
||||
../profiles/openssh.nix # Enable and configure openssh
|
||||
../profiles/pantheon.nix # Enable and configure the pantheon desktop
|
||||
../profiles/pipewire.nix # Enable and pipewire audio system
|
||||
../profiles/xmonad.nix # Xmonad desktop environment
|
||||
../profiles/yubikey.nix # Yubikey tooling
|
||||
../secrets/craige.nix # Ssshhhhh!
|
||||
../secrets/root.nix # Ssshhhhh!
|
||||
];
|
||||
|
||||
deployment.targetHost = "10.42.0.11";
|
||||
|
||||
nixpkgs = {
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
permittedInsecurePackages = [
|
||||
"openssl-1.0.2u"
|
||||
];
|
||||
};
|
||||
overlays = [(import ../overlays/ncmpcpp.nix)];
|
||||
};
|
||||
|
||||
boot = {
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
kernel.sysctl."net.ipv4.ip_forward" = "1";
|
||||
extraModprobeConfig = "options kvm_intel nested=1";
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "sanganto"; # Define your hostname.
|
||||
networkmanager.enable = true; # Enables network support via NetworkManager.
|
||||
};
|
||||
|
||||
fonts.packages = with pkgs; [
|
||||
anonymousPro
|
||||
dejavu_fonts # A typeface family based on the Bitstream Vera fonts
|
||||
fira-code # Monospace font with programming ligaturess
|
||||
font-awesome
|
||||
hack-font # A typeface designed for source code
|
||||
jetbrains-mono
|
||||
nerdfonts # Iconic font aggregator, collection, & patcher
|
||||
open-sans # Used in in my polybar configuration
|
||||
xkcd-font # Font based handwriting in xkcd comics
|
||||
];
|
||||
|
||||
# List packages installed in system profile. To search, run:
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
services = {
|
||||
acpid.enable = true;
|
||||
blueman.enable = true;
|
||||
gvfs.enable = true; # required by pcmanfm
|
||||
kbfs.enable = true;
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
checkReversePath = false; # Needed for libvirtd
|
||||
allowedTCPPorts = [15000];
|
||||
};
|
||||
|
||||
# Virtualisation configuration:
|
||||
virtualisation = {
|
||||
libvirtd = {
|
||||
enable = true; # Enable libvirtd
|
||||
qemu = {
|
||||
#package = pkgs.qemu_kvm; # Enable guest only for the same arch
|
||||
package = pkgs.qemu; # Enable full emulation
|
||||
verbatimConfig = ''
|
||||
user = "craige"
|
||||
group = "libvirtd"
|
||||
'';
|
||||
};
|
||||
onShutdown = "shutdown"; # Set gust VMs to shutdown on host shutdown
|
||||
extraConfig = ''
|
||||
disk_bus = "virtio"
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# Enable sound.
|
||||
sound.enable = true;
|
||||
hardware = {
|
||||
bluetooth = {
|
||||
enable = true;
|
||||
settings = {Policy = {AutoEnable = "true";};};
|
||||
};
|
||||
opengl.enable = true;
|
||||
};
|
||||
|
||||
# The below pair are set to overcome flakey connections / busy servers that
|
||||
# fail to respond to ssh keep alive requests, sometimes triggering:
|
||||
# client_loop: send disconnect: Broken pipe
|
||||
programs.ssh.extraConfig = ''
|
||||
ServerAliveInterval 20
|
||||
TCPKeepAlive no
|
||||
'';
|
||||
|
||||
users.groups = {lp.members = ["messagebus"];};
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
}
|
|
@ -27,7 +27,7 @@
|
|||
#../secrets/wireless.nix # Hey look! A squirrel!
|
||||
];
|
||||
|
||||
deployment.targetHost = "10.42.0.126";
|
||||
deployment.targetHost = "10.42.0.180";
|
||||
|
||||
nixpkgs = {
|
||||
config = {
|
||||
|
|
|
@ -86,10 +86,10 @@
|
|||
"homepage": "https://github.com/NixOS/nixpkgs",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a8695cbd09a7ecf3376bd62c798b9864d20f86ee",
|
||||
"sha256": "0qwypwz0gabw6nzrgl1pb74zlqpmfwwiilc0043gfvij6j1kpwcb",
|
||||
"rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e",
|
||||
"sha256": "0bkrjx4x6sy4g9kmcddhlwrl4cpm4yvj7cljd7b8crf7kxpvaaf6",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/a8695cbd09a7ecf3376bd62c798b9864d20f86ee.tar.gz",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/9d29cd266cebf80234c98dd0b87256b6be0af44e.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"nixpkgsUnstable": {
|
||||
|
|
|
@ -27,6 +27,7 @@
|
|||
eamhair = import hosts/eamhair.nix;
|
||||
ceitidh = import hosts/ceitidh.nix;
|
||||
paidh-uachdar = import hosts/paidh-uachdar.nix;
|
||||
sanganto = import hosts/sanganto.nix;
|
||||
sercanto = import hosts/sercanto.nix;
|
||||
sithlainnir = import hosts/sithlainnir.nix;
|
||||
teintidh = import hosts/teintidh.nix;
|
||||
|
|
|
@ -27,6 +27,7 @@
|
|||
nvme-cli # NVM-Express user space tooling for Linux
|
||||
pandoc # Conversion between documentation formats
|
||||
pwgen # Password generator
|
||||
siji # An iconic bitmap font based on Stlarch with additional glyphs
|
||||
shared-mime-info # A database of common MIME types
|
||||
shotwell # Photo organizer
|
||||
signal-desktop # Private, simple, and secure messenger
|
||||
|
|
|
@ -68,7 +68,13 @@
|
|||
gdm.enable = false; # Enable the GNOME display manager
|
||||
lightdm.greeters.pantheon.enable = true;
|
||||
};
|
||||
libinput.enable = true; # Enable touchpad support.
|
||||
libinput = {
|
||||
enable = true; # Enable touchpad support.
|
||||
touchpad = {
|
||||
tapping = true;
|
||||
tappingButtonMap = "lrm"; # Set the touchpad button mappeing
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
pipewire = {
|
||||
|
|
|
@ -31,6 +31,8 @@
|
|||
# Required to redirect requests to the mastodon service
|
||||
"mcwhirter.io" = {
|
||||
locations."/.well-known/host-meta".extraConfig = "return 301 $scheme://social.mcwhirter.io$request_uri;";
|
||||
enableACME = true; # Use ACME certs
|
||||
forceSSL = true; # Force SSL
|
||||
};
|
||||
"social.mcwhirter.io" = {
|
||||
enableACME = true; # Use ACME certs
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
# Use the Nix community aarch64 server as a build server
|
||||
# https://github.com/nix-community/aarch64-build-box
|
||||
{
|
||||
programs.ssh.knownHosts."aarch64.nixos.community" = {
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUTz5i9u5H2FHNAmZJyoJfIGyUm/HfGhfwnc142L3ds";
|
||||
};
|
||||
|
||||
nix = {
|
||||
distributedBuilds = true;
|
||||
buildMachines = [
|
||||
|
|
24
profiles/pantheon.nix
Normal file
24
profiles/pantheon.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
# Configuration for my pantheon desktop requirements
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
services = {
|
||||
pantheon = {
|
||||
apps.enable = true;
|
||||
contractor.enable = true;
|
||||
};
|
||||
xserver = {
|
||||
enable = true; # Enable the X11 windowing system.
|
||||
desktopManager = {
|
||||
pantheon.enable = true;
|
||||
};
|
||||
libinput.enable = true; # Enable touchpad support.
|
||||
};
|
||||
};
|
||||
programs = {
|
||||
dconf.enable = true;
|
||||
pantheon-tweaks.enable = true; # additional system settings
|
||||
};
|
||||
}
|
|
@ -15,6 +15,12 @@
|
|||
logind = {
|
||||
lidSwitch = "suspend-then-hibernate";
|
||||
lidSwitchDocked = "ignore";
|
||||
# powerKey = "suspend-then-hibernate"; # Enable in 23.11
|
||||
extraConfig = ''
|
||||
HandlePowerKey=suspend-then-hibernate
|
||||
IdleAction=suspend-then-hibernate
|
||||
IdleActionSec=10m
|
||||
'';
|
||||
};
|
||||
thermald.enable = true;
|
||||
auto-cpufreq = {
|
||||
|
@ -37,4 +43,14 @@
|
|||
criticalPowerAction = "Hibernate";
|
||||
};
|
||||
};
|
||||
|
||||
programs.xss-lock = {
|
||||
enable = true;
|
||||
lockerCommand = "${pkgs.xscreensaver}/bin/screensaver-command -lock";
|
||||
extraOptions = [
|
||||
"-n ${pkgs.libnotify}/bin/notify-send \"Locking screen now\""
|
||||
"IdleAction=lock"
|
||||
"IdleActionSec=5m"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue