reformat with alejandra

This commit is contained in:
Cyryl Płotnicki 2022-12-19 09:09:08 +00:00
parent 2c324ccaf7
commit 1c9bae290c
120 changed files with 2199 additions and 1759 deletions

352
flake.nix
View file

@ -1,187 +1,194 @@
{
description = "NixOS configuration with flakes";
outputs = { self, flake-utils, flake-compat, home-manager
, nixpkgs-nixos-unstable, nixpkgs-master, nixpkgs-stable, darwin
, nixos-hardware, nur, sops, nil, helix, alejandra }@inputs:
outputs = {
self,
flake-utils,
flake-compat,
home-manager,
nixpkgs-nixos-unstable,
nixpkgs-master,
nixpkgs-stable,
darwin,
nixos-hardware,
nur,
sops,
nil,
helix,
alejandra,
} @ inputs: let
mkServer = pkgs: system: hostname:
pkgs.lib.nixosSystem {
inherit system;
modules = [
(./. + "/nixos/boxes/${hostname}")
(import ./nixos/server-common.nix)
sops.nixosModules.sops
];
specialArgs = {inherit inputs;};
};
mkRaspi = pkgs: hostname:
pkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [(./. + "/nixos/boxes/${hostname}")];
specialArgs = {inherit inputs;};
};
mkKiosk = pkgs: system: hostname:
pkgs.lib.nixosSystem {
inherit system;
modules = [
(./. + "/nixos/boxes/${hostname}")
let
mkServer = pkgs: system: hostname:
pkgs.lib.nixosSystem {
inherit system;
modules = [
(./. + "/nixos/boxes/${hostname}")
(import ./nixos/server-common.nix)
sops.nixosModules.sops
];
specialArgs = { inherit inputs; };
};
mkRaspi = pkgs: hostname:
pkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [ (./. + "/nixos/boxes/${hostname}") ];
specialArgs = { inherit inputs; };
};
mkKiosk = pkgs: system: hostname:
pkgs.lib.nixosSystem {
inherit system;
modules = [
(./. + "/nixos/boxes/${hostname}")
sops.nixosModules.sops
sops.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.cyryl = {
imports =
[ ./nixos/home-manager ./nixos/home-manager/linux.nix ];
_module.args.inputs = inputs;
_module.args.system = system;
};
}
];
specialArgs = { inherit inputs system; };
};
mkWorkstation = pkgs: system: hostname:
pkgs.lib.nixosSystem {
inherit system;
modules = [
(./. + "/nixos/boxes/${hostname}")
(import ./nixos/email-accounts.nix)
(import ./nixos/common.nix)
sops.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.cyryl = {
imports =
[ ./nixos/home-manager ./nixos/home-manager/linux.nix ];
_module.args.inputs = inputs;
_module.args.system = system;
};
}
];
specialArgs = {
inherit inputs system;
nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable {
inherit system;
config = { allowUnfree = true; };
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.cyryl = {
imports = [./nixos/home-manager ./nixos/home-manager/linux.nix];
_module.args.inputs = inputs;
_module.args.system = system;
};
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
inherit system;
config = { allowUnfree = true; };
}
];
specialArgs = {inherit inputs system;};
};
mkWorkstation = pkgs: system: hostname:
pkgs.lib.nixosSystem {
inherit system;
modules = [
(./. + "/nixos/boxes/${hostname}")
(import ./nixos/email-accounts.nix)
(import ./nixos/common.nix)
sops.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.cyryl = {
imports = [./nixos/home-manager ./nixos/home-manager/linux.nix];
_module.args.inputs = inputs;
_module.args.system = system;
};
}
];
specialArgs = {
inherit inputs system;
nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable {
inherit system;
config = {allowUnfree = true;};
};
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
inherit system;
config = {allowUnfree = true;};
};
};
mkShell = packageSet: system:
let pkgs = packageSet.legacyPackages.${system};
in pkgs.mkShell {
packages = with pkgs; [
cacert
git
git-lfs
nixpkgs-fmt
openssh
openssl
pkg-config
statix
];
};
in {
devShells = {
"x86_64-darwin".default = mkShell nixpkgs-stable "x86_64-darwin";
"x86_64-linux".default = mkShell nixpkgs-stable "x86_64-linux";
};
darwinConfigurations = {
"FORM3-CYRYLPLOTN" = darwin.lib.darwinSystem rec {
system = "x86_64-darwin";
modules = [
(./. + "/nixos/boxes/form3")
home-manager.darwinModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.cyryl = {
imports = [ ./nixos/home-manager ];
_module.args.inputs = inputs;
_module.args.system = system;
};
}
];
};
mkShell = packageSet: system: let
pkgs = packageSet.legacyPackages.${system};
in
pkgs.mkShell {
packages = with pkgs; [
cacert
git
git-lfs
nixpkgs-fmt
openssh
openssl
pkg-config
statix
];
};
nixosConfigurations = {
foureighty = mkWorkstation nixpkgs-stable "x86_64-linux" "foureighty";
skinnyv = mkWorkstation nixpkgs-stable "x86_64-linux" "skinnyv";
thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky";
bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty";
vpsfree1 = mkServer nixpkgs-stable "x86_64-linux" "vpsfree1";
yoga = mkKiosk nixpkgs-stable "x86_64-linux" "yoga";
homescreen = mkRaspi nixpkgs-stable "homescreen";
bootstrap = nixpkgs-stable.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [ (./. + "/nixos/boxes/bootstrap") sops.nixosModules.sops ];
specialArgs = {
inherit inputs system;
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
inherit system;
config = { allowUnfree = true; };
in {
devShells = {
"x86_64-darwin".default = mkShell nixpkgs-stable "x86_64-darwin";
"x86_64-linux".default = mkShell nixpkgs-stable "x86_64-linux";
};
darwinConfigurations = {
"FORM3-CYRYLPLOTN" = darwin.lib.darwinSystem rec {
system = "x86_64-darwin";
modules = [
(./. + "/nixos/boxes/form3")
home-manager.darwinModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.cyryl = {
imports = [./nixos/home-manager];
_module.args.inputs = inputs;
_module.args.system = system;
};
};
};
# nix build .#nixosConfigurations.raspiimage.config.system.build.sdImage
# sudo dd if=result/sd-image/nixos-sd-image-21.11.20211201.a640d83-aarch64-linux.img of=/dev/sda bs=4M conv=fsync status=progress
# make sure to update eeprom https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4#Board-specific_installation_notes
raspiimage = nixpkgs-stable.lib.nixosSystem {
system = "aarch64-linux";
modules = [
(import
"${inputs.nixpkgs-nixos-unstable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix")
{
environment.systemPackages =
with nixpkgs-nixos-unstable.legacyPackages."aarch64-linux"; [
neovim
htop
btop
atop
];
networking.networkmanager.enable = false;
hardware.enableRedistributableFirmware = true;
networking.wireless.enable = true;
services.openssh = {
enable = true;
permitRootLogin =
nixpkgs-stable.lib.mkForce "prohibit-password";
passwordAuthentication = false;
};
services.xserver = {
enable = true;
displayManager.lightdm.enable = true;
desktopManager.gnome.enable = true;
libinput.enable = true;
};
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty"
];
sdImage.compressImage = false;
console.earlySetup = true;
}
];
specialArgs = { inherit inputs; };
};
}
];
};
};
nixosConfigurations = {
foureighty = mkWorkstation nixpkgs-stable "x86_64-linux" "foureighty";
skinnyv = mkWorkstation nixpkgs-stable "x86_64-linux" "skinnyv";
thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky";
bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty";
vpsfree1 = mkServer nixpkgs-stable "x86_64-linux" "vpsfree1";
yoga = mkKiosk nixpkgs-stable "x86_64-linux" "yoga";
homescreen = mkRaspi nixpkgs-stable "homescreen";
bootstrap = nixpkgs-stable.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [(./. + "/nixos/boxes/bootstrap") sops.nixosModules.sops];
specialArgs = {
inherit inputs system;
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
inherit system;
config = {allowUnfree = true;};
};
};
};
# nix build .#nixosConfigurations.raspiimage.config.system.build.sdImage
# sudo dd if=result/sd-image/nixos-sd-image-21.11.20211201.a640d83-aarch64-linux.img of=/dev/sda bs=4M conv=fsync status=progress
# make sure to update eeprom https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4#Board-specific_installation_notes
raspiimage = nixpkgs-stable.lib.nixosSystem {
system = "aarch64-linux";
modules = [
(import
"${inputs.nixpkgs-nixos-unstable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix")
{
environment.systemPackages = with nixpkgs-nixos-unstable.legacyPackages."aarch64-linux"; [
neovim
htop
btop
atop
];
networking.networkmanager.enable = false;
hardware.enableRedistributableFirmware = true;
networking.wireless.enable = true;
services.openssh = {
enable = true;
permitRootLogin =
nixpkgs-stable.lib.mkForce "prohibit-password";
passwordAuthentication = false;
};
services.xserver = {
enable = true;
displayManager.lightdm.enable = true;
desktopManager.gnome.enable = true;
libinput.enable = true;
};
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty"
];
sdImage.compressImage = false;
console.earlySetup = true;
}
];
specialArgs = {inherit inputs;};
};
};
};
inputs = {
nixpkgs-master = {
type = "github";
@ -262,7 +269,7 @@
inputs.nixpkgs.follows = "nixpkgs-stable";
inputs.nixpkgs-stable.follows = "nixpkgs-stable";
};
alejandra = {
alejandra = {
type = "github";
owner = "kamadorueda";
repo = "alejandra";
@ -274,5 +281,4 @@ alejandra = {
flake = false;
};
};
}

View file

@ -1,5 +1,8 @@
{ config, pkgs, ... }:
let
{
config,
pkgs,
...
}: let
extraArgs = [
"--exclude='.cache'"
"--exclude='.rustup'"
@ -12,21 +15,20 @@ let
IOSchedulingClass = "idle";
};
in {
services = {
restic.backups.home-to-bolty = {
passwordFile = "/etc/nixos/secrets/restic-password-bolty";
paths = [ "/home" ];
paths = ["/home"];
repository = "rest:http://bolty:8000/";
timerConfig = { OnCalendar = "hourly"; };
timerConfig = {OnCalendar = "hourly";};
extraBackupArgs = extraArgs;
};
restic.backups.home-to-b2 = {
passwordFile = "/etc/nixos/secrets/restic-password-b2";
paths = [ "/home" ];
paths = ["/home"];
repository = "b2:cyplo-restic-${config.networking.hostName}:/";
timerConfig = { OnCalendar = "hourly"; };
timerConfig = {OnCalendar = "hourly";};
extraBackupArgs = extraArgs;
environmentFile = "/etc/nixos/secrets/b2-env";
};

View file

@ -1,5 +1,9 @@
{ config, pkgs, ... }: {
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
{
config,
pkgs,
...
}: {
fileSystems."/".options = ["noatime" "nodiratime" "discard"];
boot = {
kernel.sysctl = {
@ -10,6 +14,4 @@
"net.core.bpf_jit_harden" = true;
};
};
}

View file

@ -1,12 +1,14 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
boot = {
kernelPackages = pkgs.linuxPackages_latest;
initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" ];
initrd.kernelModules = [ "dm-snapshot" ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi"];
initrd.kernelModules = ["dm-snapshot"];
kernelModules = ["kvm-amd"];
extraModulePackages = [];
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = false;
};
@ -35,7 +37,7 @@
fsType = "vfat";
};
swapDevices = [ ];
swapDevices = [];
nix.settings = {
max-jobs = 8;

View file

@ -1,5 +1,10 @@
{ config, pkgs, inputs, lib, ... }:
let
{
config,
pkgs,
inputs,
lib,
...
}: let
physicalInterface = "enp4s0";
bridgeInterface = "br0";
in {
@ -13,7 +18,7 @@ in {
./print-server.nix
./restic-server.nix
];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot.binfmt.emulatedSystems = ["aarch64-linux"];
programs.ccache.enable = true;
networking = {
hostName = "bolty";
@ -22,22 +27,24 @@ in {
address = "10.0.0.1";
interface = "${bridgeInterface}";
};
nameservers = [ "91.239.100.100" "89.233.43.71" "1.1.1.1" ];
nameservers = ["91.239.100.100" "89.233.43.71" "1.1.1.1"];
interfaces = {
"${physicalInterface}" = {
useDHCP = false;
wakeOnLan.enable = true;
};
"${bridgeInterface}" = {
ipv4.addresses = [{
"address" = "10.0.0.8";
"prefixLength" = 24;
}];
ipv4.addresses = [
{
"address" = "10.0.0.8";
"prefixLength" = 24;
}
];
};
};
bridges = { "${bridgeInterface}".interfaces = [ "${physicalInterface}" ]; };
bridges = {"${bridgeInterface}".interfaces = ["${physicalInterface}"];};
};
boot.kernelModules = [ "kvm_amd" ];
boot.kernelModules = ["kvm_amd"];
virtualisation = {
libvirtd = {
enable = true;
@ -51,11 +58,10 @@ in {
virt-viewer
lm_sensors
];
networking.firewall.allowedTCPPorts = [ 5900 ];
networking.firewall.allowedTCPPorts = [5900];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
security.allowUserNamespaces = true;
time.timeZone = "Europe/London";
}

View file

@ -1,8 +1,13 @@
{ config, pkgs, inputs, lib, ... }:
let port = 8123;
{
config,
pkgs,
inputs,
lib,
...
}: let
port = 8123;
in {
imports = [ ];
networking.firewall.allowedTCPPorts = [ port ];
imports = [];
networking.firewall.allowedTCPPorts = [port];
}

View file

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
services.i2pd = {
enable = true;
bandwidth = 1024; # kb/s

View file

@ -1,4 +1,9 @@
{ config, pkgs, inputs, ... }: {
{
config,
pkgs,
inputs,
...
}: {
services.postgresql = {
enable = true;
initialScript = pkgs.writeText "synapse-init.sql" ''
@ -14,18 +19,22 @@
enable = true;
settings = {
server_name = "cyplo.dev";
listeners = [{
port = 8008;
bind_addresses = [ "bolty.cyplo.github.beta.tailscale.net" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [{
names = [ "client" "federation" ];
compress = false;
}];
}];
experimental_features = { spaces_enabled = true; };
listeners = [
{
port = 8008;
bind_addresses = ["bolty.cyplo.github.beta.tailscale.net"];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = ["client" "federation"];
compress = false;
}
];
}
];
experimental_features = {spaces_enabled = true;};
enable_registration = false;
suppress_key_server_warning = true;
};
@ -33,5 +42,5 @@
inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux".matrix-synapse;
};
networking.firewall.allowedTCPPorts = [ 8008 ];
networking.firewall.allowedTCPPorts = [8008];
}

View file

@ -1,10 +1,13 @@
{ config, pkgs, ... }: {
networking.firewall.allowedTCPPorts = [ 9000 9001 ];
{
config,
pkgs,
...
}: {
networking.firewall.allowedTCPPorts = [9000 9001];
services.minio = {
enable = true;
region = "home";
dataDir = [ "/var/lib/minio/data" ];
dataDir = ["/var/lib/minio/data"];
configDir = "/var/lib/minio/config";
listenAddress = ":9000";
consoleAddress = ":9001";

View file

@ -1,40 +1,45 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}: {
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 631 6566 ];
networking.firewall.allowedUDPPorts = [ 631 6566 ];
networking.firewall.allowedTCPPorts = [631 6566];
networking.firewall.allowedUDPPorts = [631 6566];
services.printing = {
enable = true;
drivers = with pkgs; [ epson-escpr ];
listenAddresses = [ "*:631" ];
drivers = with pkgs; [epson-escpr];
listenAddresses = ["*:631"];
defaultShared = true;
browsing = true;
allowFrom = [ "all" ];
allowFrom = ["all"];
extraConf = ''
ServerAlias *
DefaultEncryption Never
'';
};
hardware.printers.ensurePrinters = [{
description = "Epson XP-540";
location = "connected to bolty";
name = "epson_xp540";
deviceUri =
"usb://EPSON/XP-540%20Series?serial=583245393030303936&interface=1";
model = "raw";
ppdOptions = { PageSize = "A4"; };
}];
hardware.printers.ensurePrinters = [
{
description = "Epson XP-540";
location = "connected to bolty";
name = "epson_xp540";
deviceUri = "usb://EPSON/XP-540%20Series?serial=583245393030303936&interface=1";
model = "raw";
ppdOptions = {PageSize = "A4";};
}
];
hardware.sane = {
enable = true;
extraBackends = with pkgs; [ utsushi sane-airscan gawk ];
extraBackends = with pkgs; [utsushi sane-airscan gawk];
snapshot = true;
};
services.udev.packages = [ pkgs.utsushi ];
services.udev.packages = [pkgs.utsushi];
environment.systemPackages = with pkgs; [ gawk ];
environment.systemPackages = with pkgs; [gawk];
services.saned = {
enable = true;
extraConfig = ''
@ -45,5 +50,4 @@
hagath
'';
};
}

View file

@ -1,5 +1,10 @@
{ config, pkgs, lib, ... }: {
networking.firewall.allowedTCPPorts = [ 9100 ];
{
config,
pkgs,
lib,
...
}: {
networking.firewall.allowedTCPPorts = [9100];
services.prometheus = {
enable = true;
exporters.node.enable = true;

View file

@ -1,8 +1,13 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}: {
hardware.enableRedistributableFirmware = true;
services.smartd.enable = true;
services.fstrim.enable = true;
environment.systemPackages = with pkgs; [ smartmontools ];
environment.systemPackages = with pkgs; [smartmontools];
services.fwupd.enable = true;
services.thermald.enable = true;
services.haveged.enable = true;

View file

@ -1,12 +1,15 @@
{ config, pkgs, ... }: {
environment.systemPackages = with pkgs; [ restic ];
networking.firewall.allowedTCPPorts = [ 8000 ];
{
config,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [restic];
networking.firewall.allowedTCPPorts = [8000];
services.restic.server = {
enable = true;
dataDir = "/data/restic";
appendOnly = true;
prometheus = true;
extraFlags = [ "--no-auth" ];
extraFlags = ["--no-auth"];
};
}

View file

@ -1,4 +1,10 @@
{ config, pkgs, inputs, nixpkgs-nixos-unstable-and-unfree, ... }: {
{
config,
pkgs,
inputs,
nixpkgs-nixos-unstable-and-unfree,
...
}: {
networking.hostName = "fixme";
imports = [

View file

@ -1,11 +1,16 @@
{ config, lib, pkgs, inputs, ... }: {
{
config,
lib,
pkgs,
inputs,
...
}: {
boot = {
kernelModules = [ "kvm-intel" ];
kernelModules = ["kvm-intel"];
initrd = {
kernelModules = [ "dm-snapshot" ];
availableKernelModules =
[ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = ["dm-snapshot"];
availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"];
};
loader.efi.canTouchEfiVariables = true;
@ -24,7 +29,7 @@
fsType = "vfat";
};
swapDevices = [ ];
swapDevices = [];
nix.settings = {
max-jobs = "auto";

View file

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [
atop
btop

View file

@ -1,14 +1,21 @@
{ config, pkgs, inputs, lib, nixpkgs-nixos-unstable-and-unfree, ... }:
let
{
config,
pkgs,
inputs,
lib,
nixpkgs-nixos-unstable-and-unfree,
...
}: let
system_cert_bundle_path = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
form3_cert_path = ./form3-palo-alto.pem;
form3_cert_bundle = builtins.toFile "form3-cert-bundle.crt"
form3_cert_bundle =
builtins.toFile "form3-cert-bundle.crt"
(builtins.readFile system_cert_bundle_path
+ builtins.readFile form3_cert_path);
in {
environment.systemPackages = with pkgs; [ vim nixfmt ];
environment.systemPackages = with pkgs; [vim nixfmt];
imports = [ ../../git ../../mercurial ];
imports = [../../git ../../mercurial];
services.nix-daemon.enable = true;
nix = {
useDaemon = true;
@ -21,15 +28,11 @@ in {
fonts.fontDir.enable = true;
fonts.fonts = with pkgs; [
(runCommand "berkeley-fonts" { } ''
(runCommand "berkeley-fonts" {} ''
mkdir -vp "$out/share/fonts/opentype"
mkdir -vp "$out/share/fonts/truetype"
${pkgs.unzip}/bin/unzip ${
../../fonts.zip
} \*.otf -d $out/share/fonts/opentype
${pkgs.unzip}/bin/unzip ${
../../fonts.zip
} \*.ttf -d $out/share/fonts/truetype
${pkgs.unzip}/bin/unzip ${../../fonts.zip} \*.otf -d $out/share/fonts/opentype
${pkgs.unzip}/bin/unzip ${../../fonts.zip} \*.ttf -d $out/share/fonts/truetype
'')
nerdfonts
@ -40,7 +43,7 @@ in {
source-code-pro
weather-icons
];
security.pki.certificateFiles = [ form3_cert_path system_cert_bundle_path ];
security.pki.certificateFiles = [form3_cert_path system_cert_bundle_path];
environment.variables = {
SSL_CERT_FILE = form3_cert_bundle;
NIX_SSL_CERT_FILE = form3_cert_bundle;
@ -51,15 +54,13 @@ in {
system.stateVersion = 4;
home-manager.users.cyryl = { ... }: {
imports = [ ];
home.packages = with pkgs; [ awscli kubectl cargo-update ];
home-manager.users.cyryl = {...}: {
imports = [];
home.packages = with pkgs; [awscli kubectl cargo-update];
programs.git.userEmail = lib.mkForce "cyryl.plotnicki@form3.tech";
programs.git.extraConfig.user.signingkey =
"6441B1BC81F8FB1561C9AFF5534222210FE423ED";
programs.git.extraConfig.user.signingkey = "6441B1BC81F8FB1561C9AFF5534222210FE423ED";
programs.git.extraConfig.commit.gpgsign = true;
programs.git.extraConfig."url \"git@github.com:\"".insteadOf =
"https://github.com/";
programs.git.extraConfig."url \"git@github.com:\"".insteadOf = "https://github.com/";
programs.gpg.enable = true;
programs.gpg.homedir = "/Users/cyryl/.gnupg";
programs.zsh.loginExtra = ''

View file

@ -1,93 +1,100 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
boot.kernelPackages = pkgs.linuxPackages_latest;
nixpkgs.overlays = [
(self: super: {
buildLinux = x:
super.buildLinux ({
ignoreConfigErrors = true;
enableParallelBuilding = true;
} // x);
ignoreConfigErrors = true;
enableParallelBuilding = true;
}
// x);
})
];
boot.kernelPatches = [{
name = "foureighty";
patch = null;
extraConfig = ''
ACPI_CUSTOM_METHOD n
ACPI_DPTF y
BUG y
CC_STACKPROTECTOR_STRONG y
CPU_IDLE_GOV_HALTPOLL y
CPU_IDLE_GOV_TEO y
DEBUG_CREDENTIALS y
DEBUG_NOTIFIERS y
DEBUG_PI_LIST y
DEBUG_PLIST y
DEBUG_RODATA y
DEBUG_SET_MODULE_RONX y
DEBUG_SG y
DEVMEM y
DPTF_PCH_FIVR m
DPTF_POWER m
ENERGY_MODEL y
FORTIFY_SOURCE y
GCC_PLUGINS y
GCC_PLUGIN_LATENT_ENTROPY y
GCC_PLUGIN_RANDSTRUCT y
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y
GCC_PLUGIN_STACKLEAK y
GCC_PLUGIN_STRUCTLEAK y
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y
HARDENED_USERCOPY y
HARDENED_USERCOPY_FALLBACK y
HARDLOCKUP_DETECTOR y
HZ_300 y
INET_DIAG n
INET_DIAG_DESTROY option no
INET_MPTCP_DIAG option no
INET_RAW_DIAG option no
INET_TCP_DIAG option no
INET_UDP_DIAG option no
INIT_ON_ALLOC_DEFAULT_ON y
INIT_ON_FREE_DEFAULT_ON y
INTEL_TXT y
KEXEC n
KFENCE y
LEGACY_VSYSCALL_NONE y
LOCKUP_DETECTOR y
MCORE2 y
NR_CPUS 16
NUMA_BALANCING y
NUMA_BALANCING_DEFAULT_ENABLED y
PAGE_POISONING y
PAGE_POISONING_NO_SANITY y
PAGE_POISONING_ZERO y
PANIC_TIMEOUT -1
PM_AUTOSLEEP y
POWER_EFFICIENT_DEFAULT y
PREEMPT y
PREEMPTION y
PREEMPT_COUNT y
PREEMPT_DYNAMIC y
PREEMPT_RCU y
PROC_KCORE n
RANDOMIZE_KSTACK_OFFSET_DEFAULT y
SCHED_CORE y
SCHED_STACK_END_CHECK y
SECURITY_SAFESETID y
SECURITY_SELINUX_DISABLE n
SECURITY_WRITABLE_HOOKS n
SHUFFLE_PAGE_ALLOCATOR y
SLAB_FREELIST_HARDENED y
SLAB_FREELIST_RANDOM y
SLUB_DEBUG y
STRICT_DEVMEM y
STRICT_KERNEL_RWX y
UNINLINE_SPIN_UNLOCK y
WATCH_QUEUE y
X86_INTEL_TSX_MODE_AUTO y
X86_SGX y
X86_SGX_KVM y
'';
}];
boot.kernelPatches = [
{
name = "foureighty";
patch = null;
extraConfig = ''
ACPI_CUSTOM_METHOD n
ACPI_DPTF y
BUG y
CC_STACKPROTECTOR_STRONG y
CPU_IDLE_GOV_HALTPOLL y
CPU_IDLE_GOV_TEO y
DEBUG_CREDENTIALS y
DEBUG_NOTIFIERS y
DEBUG_PI_LIST y
DEBUG_PLIST y
DEBUG_RODATA y
DEBUG_SET_MODULE_RONX y
DEBUG_SG y
DEVMEM y
DPTF_PCH_FIVR m
DPTF_POWER m
ENERGY_MODEL y
FORTIFY_SOURCE y
GCC_PLUGINS y
GCC_PLUGIN_LATENT_ENTROPY y
GCC_PLUGIN_RANDSTRUCT y
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y
GCC_PLUGIN_STACKLEAK y
GCC_PLUGIN_STRUCTLEAK y
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y
HARDENED_USERCOPY y
HARDENED_USERCOPY_FALLBACK y
HARDLOCKUP_DETECTOR y
HZ_300 y
INET_DIAG n
INET_DIAG_DESTROY option no
INET_MPTCP_DIAG option no
INET_RAW_DIAG option no
INET_TCP_DIAG option no
INET_UDP_DIAG option no
INIT_ON_ALLOC_DEFAULT_ON y
INIT_ON_FREE_DEFAULT_ON y
INTEL_TXT y
KEXEC n
KFENCE y
LEGACY_VSYSCALL_NONE y
LOCKUP_DETECTOR y
MCORE2 y
NR_CPUS 16
NUMA_BALANCING y
NUMA_BALANCING_DEFAULT_ENABLED y
PAGE_POISONING y
PAGE_POISONING_NO_SANITY y
PAGE_POISONING_ZERO y
PANIC_TIMEOUT -1
PM_AUTOSLEEP y
POWER_EFFICIENT_DEFAULT y
PREEMPT y
PREEMPTION y
PREEMPT_COUNT y
PREEMPT_DYNAMIC y
PREEMPT_RCU y
PROC_KCORE n
RANDOMIZE_KSTACK_OFFSET_DEFAULT y
SCHED_CORE y
SCHED_STACK_END_CHECK y
SECURITY_SAFESETID y
SECURITY_SELINUX_DISABLE n
SECURITY_WRITABLE_HOOKS n
SHUFFLE_PAGE_ALLOCATOR y
SLAB_FREELIST_HARDENED y
SLAB_FREELIST_RANDOM y
SLUB_DEBUG y
STRICT_DEVMEM y
STRICT_KERNEL_RWX y
UNINLINE_SPIN_UNLOCK y
WATCH_QUEUE y
X86_INTEL_TSX_MODE_AUTO y
X86_SGX y
X86_SGX_KVM y
'';
}
];
}

View file

@ -1,4 +1,11 @@
{ config, pkgs, inputs, lib, nixpkgs-nixos-unstable-and-unfree, ... }: {
{
config,
pkgs,
inputs,
lib,
nixpkgs-nixos-unstable-and-unfree,
...
}: {
networking.hostName = "foureighty";
imports = [
@ -16,9 +23,9 @@
../../mercurial
];
fileSystems."/" = { options = [ "compress=zstd" ]; };
fileSystems."/" = {options = ["compress=zstd"];};
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot.binfmt.emulatedSystems = ["aarch64-linux"];
boot.plymouth = {
enable = true;
logo = ./boot.png;
@ -55,13 +62,12 @@
buttonMapping = "1 0 3 4 5 6 7 8 9 10";
};
};
};
services.fprintd = { enable = true; };
services.fprintd = {enable = true;};
programs.ccache.enable = true;
home-manager.users.cyryl = { ... }: {
imports = [ ../../home-manager/programs/alacritty.nix ];
home-manager.users.cyryl = {...}: {
imports = [../../home-manager/programs/alacritty.nix];
home.packages = [
inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux".bisq-desktop
];

View file

@ -1,11 +1,16 @@
{ config, lib, pkgs, inputs, ... }: {
{
config,
lib,
pkgs,
inputs,
...
}: {
boot = {
kernelModules = [ "kvm-intel" ];
kernelModules = ["kvm-intel"];
initrd = {
kernelModules = [ "dm-snapshot" ];
availableKernelModules =
[ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = ["dm-snapshot"];
availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"];
};
loader.systemd-boot.enable = true;
@ -13,9 +18,8 @@
loader.efi.efiSysMountPoint = "/boot/efi";
};
boot.initrd.secrets = { "/crypto_keyfile.bin" = null; };
boot.initrd.luks.devices."luks-43a80125-4089-45be-9561-fab93f984916".device =
"/dev/disk/by-uuid/43a80125-4089-45be-9561-fab93f984916";
boot.initrd.secrets = {"/crypto_keyfile.bin" = null;};
boot.initrd.luks.devices."luks-43a80125-4089-45be-9561-fab93f984916".device = "/dev/disk/by-uuid/43a80125-4089-45be-9561-fab93f984916";
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/D6C0-1A9D";
@ -25,10 +29,10 @@
fileSystems."/" = {
device = "/dev/disk/by-uuid/98f3597c-183a-45fb-b2a4-b598c18d089a";
fsType = "btrfs";
options = [ "subvol=@" ];
options = ["subvol=@"];
};
swapDevices = [ ];
swapDevices = [];
nix.settings = {
max-jobs = 7;

View file

@ -1,5 +1,9 @@
{ config, pkgs, ... }: {
environment.systemPackages = with pkgs; [ libqmi ];
boot.extraModulePackages = with pkgs; [ libqmi ];
boot.kernelModules = [ "qmi_wwan" "qcserial" ];
{
config,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [libqmi];
boot.extraModulePackages = with pkgs; [libqmi];
boot.kernelModules = ["qmi_wwan" "qcserial"];
}

View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
@ -17,11 +15,11 @@ let
glxinfo | grep vendor; echo OK!;
'';
in {
environment.systemPackages = [ nvidia-offload whichgpu nvidiaon ];
environment.systemPackages = [nvidia-offload whichgpu nvidiaon];
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
services.xserver.videoDrivers = [ "nvidia" ];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [libva];
services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia.prime = {
offload.enable = true;
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA

View file

@ -1,46 +1,50 @@
{ config, pkgs, lib, ... }: {
{
config,
pkgs,
lib,
...
}: {
boot.extraModprobeConfig = "options thinkpad_acpi fan_control=1";
services.thinkfan = {
enable = true;
levels = [
[ 0 0 55 ]
[ 1 48 60 ]
[ 2 50 61 ]
[ 3 52 63 ]
[ 6 56 70 ]
[ 7 65 85 ]
[ "level full-speed" 80 32767 ]
[0 0 55]
[1 48 60]
[2 50 61]
[3 52 63]
[6 56 70]
[7 65 85]
["level full-speed" 80 32767]
];
sensors = [
{
type = "hwmon";