reformat with alejandra
This commit is contained in:
parent
2c324ccaf7
commit
1c9bae290c
120 changed files with 2199 additions and 1759 deletions
352
flake.nix
352
flake.nix
|
@ -1,187 +1,194 @@
|
|||
{
|
||||
description = "NixOS configuration with flakes";
|
||||
outputs = { self, flake-utils, flake-compat, home-manager
|
||||
, nixpkgs-nixos-unstable, nixpkgs-master, nixpkgs-stable, darwin
|
||||
, nixos-hardware, nur, sops, nil, helix, alejandra }@inputs:
|
||||
outputs = {
|
||||
self,
|
||||
flake-utils,
|
||||
flake-compat,
|
||||
home-manager,
|
||||
nixpkgs-nixos-unstable,
|
||||
nixpkgs-master,
|
||||
nixpkgs-stable,
|
||||
darwin,
|
||||
nixos-hardware,
|
||||
nur,
|
||||
sops,
|
||||
nil,
|
||||
helix,
|
||||
alejandra,
|
||||
} @ inputs: let
|
||||
mkServer = pkgs: system: hostname:
|
||||
pkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
modules = [
|
||||
(./. + "/nixos/boxes/${hostname}")
|
||||
(import ./nixos/server-common.nix)
|
||||
sops.nixosModules.sops
|
||||
];
|
||||
specialArgs = {inherit inputs;};
|
||||
};
|
||||
mkRaspi = pkgs: hostname:
|
||||
pkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [(./. + "/nixos/boxes/${hostname}")];
|
||||
specialArgs = {inherit inputs;};
|
||||
};
|
||||
mkKiosk = pkgs: system: hostname:
|
||||
pkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
modules = [
|
||||
(./. + "/nixos/boxes/${hostname}")
|
||||
|
||||
let
|
||||
mkServer = pkgs: system: hostname:
|
||||
pkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
modules = [
|
||||
(./. + "/nixos/boxes/${hostname}")
|
||||
(import ./nixos/server-common.nix)
|
||||
sops.nixosModules.sops
|
||||
];
|
||||
specialArgs = { inherit inputs; };
|
||||
};
|
||||
mkRaspi = pkgs: hostname:
|
||||
pkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [ (./. + "/nixos/boxes/${hostname}") ];
|
||||
specialArgs = { inherit inputs; };
|
||||
};
|
||||
mkKiosk = pkgs: system: hostname:
|
||||
pkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
modules = [
|
||||
(./. + "/nixos/boxes/${hostname}")
|
||||
sops.nixosModules.sops
|
||||
|
||||
sops.nixosModules.sops
|
||||
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.cyryl = {
|
||||
imports =
|
||||
[ ./nixos/home-manager ./nixos/home-manager/linux.nix ];
|
||||
_module.args.inputs = inputs;
|
||||
_module.args.system = system;
|
||||
};
|
||||
}
|
||||
|
||||
];
|
||||
specialArgs = { inherit inputs system; };
|
||||
};
|
||||
mkWorkstation = pkgs: system: hostname:
|
||||
pkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
modules = [
|
||||
(./. + "/nixos/boxes/${hostname}")
|
||||
(import ./nixos/email-accounts.nix)
|
||||
(import ./nixos/common.nix)
|
||||
sops.nixosModules.sops
|
||||
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.cyryl = {
|
||||
imports =
|
||||
[ ./nixos/home-manager ./nixos/home-manager/linux.nix ];
|
||||
_module.args.inputs = inputs;
|
||||
_module.args.system = system;
|
||||
};
|
||||
}
|
||||
|
||||
];
|
||||
specialArgs = {
|
||||
inherit inputs system;
|
||||
nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable {
|
||||
inherit system;
|
||||
config = { allowUnfree = true; };
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.cyryl = {
|
||||
imports = [./nixos/home-manager ./nixos/home-manager/linux.nix];
|
||||
_module.args.inputs = inputs;
|
||||
_module.args.system = system;
|
||||
};
|
||||
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
|
||||
inherit system;
|
||||
config = { allowUnfree = true; };
|
||||
}
|
||||
];
|
||||
specialArgs = {inherit inputs system;};
|
||||
};
|
||||
mkWorkstation = pkgs: system: hostname:
|
||||
pkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
modules = [
|
||||
(./. + "/nixos/boxes/${hostname}")
|
||||
(import ./nixos/email-accounts.nix)
|
||||
(import ./nixos/common.nix)
|
||||
sops.nixosModules.sops
|
||||
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.cyryl = {
|
||||
imports = [./nixos/home-manager ./nixos/home-manager/linux.nix];
|
||||
_module.args.inputs = inputs;
|
||||
_module.args.system = system;
|
||||
};
|
||||
}
|
||||
];
|
||||
specialArgs = {
|
||||
inherit inputs system;
|
||||
nixpkgs-nixos-stable-and-unfree = import nixpkgs-stable {
|
||||
inherit system;
|
||||
config = {allowUnfree = true;};
|
||||
};
|
||||
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
|
||||
inherit system;
|
||||
config = {allowUnfree = true;};
|
||||
};
|
||||
};
|
||||
mkShell = packageSet: system:
|
||||
let pkgs = packageSet.legacyPackages.${system};
|
||||
in pkgs.mkShell {
|
||||
packages = with pkgs; [
|
||||
cacert
|
||||
git
|
||||
git-lfs
|
||||
nixpkgs-fmt
|
||||
openssh
|
||||
openssl
|
||||
pkg-config
|
||||
statix
|
||||
];
|
||||
};
|
||||
in {
|
||||
devShells = {
|
||||
"x86_64-darwin".default = mkShell nixpkgs-stable "x86_64-darwin";
|
||||
"x86_64-linux".default = mkShell nixpkgs-stable "x86_64-linux";
|
||||
};
|
||||
darwinConfigurations = {
|
||||
"FORM3-CYRYLPLOTN" = darwin.lib.darwinSystem rec {
|
||||
system = "x86_64-darwin";
|
||||
modules = [
|
||||
(./. + "/nixos/boxes/form3")
|
||||
home-manager.darwinModules.home-manager
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.cyryl = {
|
||||
imports = [ ./nixos/home-manager ];
|
||||
_module.args.inputs = inputs;
|
||||
_module.args.system = system;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
mkShell = packageSet: system: let
|
||||
pkgs = packageSet.legacyPackages.${system};
|
||||
in
|
||||
pkgs.mkShell {
|
||||
packages = with pkgs; [
|
||||
cacert
|
||||
git
|
||||
git-lfs
|
||||
nixpkgs-fmt
|
||||
openssh
|
||||
openssl
|
||||
pkg-config
|
||||
statix
|
||||
];
|
||||
};
|
||||
|
||||
nixosConfigurations = {
|
||||
foureighty = mkWorkstation nixpkgs-stable "x86_64-linux" "foureighty";
|
||||
skinnyv = mkWorkstation nixpkgs-stable "x86_64-linux" "skinnyv";
|
||||
thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky";
|
||||
bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty";
|
||||
vpsfree1 = mkServer nixpkgs-stable "x86_64-linux" "vpsfree1";
|
||||
yoga = mkKiosk nixpkgs-stable "x86_64-linux" "yoga";
|
||||
homescreen = mkRaspi nixpkgs-stable "homescreen";
|
||||
|
||||
bootstrap = nixpkgs-stable.lib.nixosSystem rec {
|
||||
system = "x86_64-linux";
|
||||
modules = [ (./. + "/nixos/boxes/bootstrap") sops.nixosModules.sops ];
|
||||
specialArgs = {
|
||||
inherit inputs system;
|
||||
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
|
||||
inherit system;
|
||||
config = { allowUnfree = true; };
|
||||
in {
|
||||
devShells = {
|
||||
"x86_64-darwin".default = mkShell nixpkgs-stable "x86_64-darwin";
|
||||
"x86_64-linux".default = mkShell nixpkgs-stable "x86_64-linux";
|
||||
};
|
||||
darwinConfigurations = {
|
||||
"FORM3-CYRYLPLOTN" = darwin.lib.darwinSystem rec {
|
||||
system = "x86_64-darwin";
|
||||
modules = [
|
||||
(./. + "/nixos/boxes/form3")
|
||||
home-manager.darwinModules.home-manager
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.cyryl = {
|
||||
imports = [./nixos/home-manager];
|
||||
_module.args.inputs = inputs;
|
||||
_module.args.system = system;
|
||||
};
|
||||
};
|
||||
};
|
||||
# nix build .#nixosConfigurations.raspiimage.config.system.build.sdImage
|
||||
# sudo dd if=result/sd-image/nixos-sd-image-21.11.20211201.a640d83-aarch64-linux.img of=/dev/sda bs=4M conv=fsync status=progress
|
||||
# make sure to update eeprom https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4#Board-specific_installation_notes
|
||||
raspiimage = nixpkgs-stable.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
(import
|
||||
"${inputs.nixpkgs-nixos-unstable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix")
|
||||
{
|
||||
environment.systemPackages =
|
||||
with nixpkgs-nixos-unstable.legacyPackages."aarch64-linux"; [
|
||||
neovim
|
||||
htop
|
||||
btop
|
||||
atop
|
||||
];
|
||||
|
||||
networking.networkmanager.enable = false;
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
networking.wireless.enable = true;
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
permitRootLogin =
|
||||
nixpkgs-stable.lib.mkForce "prohibit-password";
|
||||
passwordAuthentication = false;
|
||||
};
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
displayManager.lightdm.enable = true;
|
||||
desktopManager.gnome.enable = true;
|
||||
libinput.enable = true;
|
||||
};
|
||||
|
||||
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty"
|
||||
];
|
||||
sdImage.compressImage = false;
|
||||
console.earlySetup = true;
|
||||
}
|
||||
];
|
||||
specialArgs = { inherit inputs; };
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nixosConfigurations = {
|
||||
foureighty = mkWorkstation nixpkgs-stable "x86_64-linux" "foureighty";
|
||||
skinnyv = mkWorkstation nixpkgs-stable "x86_64-linux" "skinnyv";
|
||||
thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky";
|
||||
bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty";
|
||||
vpsfree1 = mkServer nixpkgs-stable "x86_64-linux" "vpsfree1";
|
||||
yoga = mkKiosk nixpkgs-stable "x86_64-linux" "yoga";
|
||||
homescreen = mkRaspi nixpkgs-stable "homescreen";
|
||||
|
||||
bootstrap = nixpkgs-stable.lib.nixosSystem rec {
|
||||
system = "x86_64-linux";
|
||||
modules = [(./. + "/nixos/boxes/bootstrap") sops.nixosModules.sops];
|
||||
specialArgs = {
|
||||
inherit inputs system;
|
||||
nixpkgs-nixos-unstable-and-unfree = import nixpkgs-nixos-unstable {
|
||||
inherit system;
|
||||
config = {allowUnfree = true;};
|
||||
};
|
||||
};
|
||||
};
|
||||
# nix build .#nixosConfigurations.raspiimage.config.system.build.sdImage
|
||||
# sudo dd if=result/sd-image/nixos-sd-image-21.11.20211201.a640d83-aarch64-linux.img of=/dev/sda bs=4M conv=fsync status=progress
|
||||
# make sure to update eeprom https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4#Board-specific_installation_notes
|
||||
raspiimage = nixpkgs-stable.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
(import
|
||||
"${inputs.nixpkgs-nixos-unstable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix")
|
||||
{
|
||||
environment.systemPackages = with nixpkgs-nixos-unstable.legacyPackages."aarch64-linux"; [
|
||||
neovim
|
||||
htop
|
||||
btop
|
||||
atop
|
||||
];
|
||||
|
||||
networking.networkmanager.enable = false;
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
networking.wireless.enable = true;
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
permitRootLogin =
|
||||
nixpkgs-stable.lib.mkForce "prohibit-password";
|
||||
passwordAuthentication = false;
|
||||
};
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
displayManager.lightdm.enable = true;
|
||||
desktopManager.gnome.enable = true;
|
||||
libinput.enable = true;
|
||||
};
|
||||
|
||||
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty"
|
||||
];
|
||||
sdImage.compressImage = false;
|
||||
console.earlySetup = true;
|
||||
}
|
||||
];
|
||||
specialArgs = {inherit inputs;};
|
||||
};
|
||||
};
|
||||
};
|
||||
inputs = {
|
||||
nixpkgs-master = {
|
||||
type = "github";
|
||||
|
@ -262,7 +269,7 @@
|
|||
inputs.nixpkgs.follows = "nixpkgs-stable";
|
||||
inputs.nixpkgs-stable.follows = "nixpkgs-stable";
|
||||
};
|
||||
alejandra = {
|
||||
alejandra = {
|
||||
type = "github";
|
||||
owner = "kamadorueda";
|
||||
repo = "alejandra";
|
||||
|
@ -274,5 +281,4 @@ alejandra = {
|
|||
flake = false;
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
{ config, pkgs, ... }:
|
||||
let
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
extraArgs = [
|
||||
"--exclude='.cache'"
|
||||
"--exclude='.rustup'"
|
||||
|
@ -12,21 +15,20 @@ let
|
|||
IOSchedulingClass = "idle";
|
||||
};
|
||||
in {
|
||||
|
||||
services = {
|
||||
restic.backups.home-to-bolty = {
|
||||
passwordFile = "/etc/nixos/secrets/restic-password-bolty";
|
||||
paths = [ "/home" ];
|
||||
paths = ["/home"];
|
||||
repository = "rest:http://bolty:8000/";
|
||||
timerConfig = { OnCalendar = "hourly"; };
|
||||
timerConfig = {OnCalendar = "hourly";};
|
||||
extraBackupArgs = extraArgs;
|
||||
};
|
||||
|
||||
restic.backups.home-to-b2 = {
|
||||
passwordFile = "/etc/nixos/secrets/restic-password-b2";
|
||||
paths = [ "/home" ];
|
||||
paths = ["/home"];
|
||||
repository = "b2:cyplo-restic-${config.networking.hostName}:/";
|
||||
timerConfig = { OnCalendar = "hourly"; };
|
||||
timerConfig = {OnCalendar = "hourly";};
|
||||
extraBackupArgs = extraArgs;
|
||||
environmentFile = "/etc/nixos/secrets/b2-env";
|
||||
};
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
{ config, pkgs, ... }: {
|
||||
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
fileSystems."/".options = ["noatime" "nodiratime" "discard"];
|
||||
|
||||
boot = {
|
||||
kernel.sysctl = {
|
||||
|
@ -10,6 +14,4 @@
|
|||
"net.core.bpf_jit_harden" = true;
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
{ config, pkgs, ... }: {
|
||||
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
boot = {
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
initrd.availableKernelModules =
|
||||
[ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi" ];
|
||||
initrd.kernelModules = [ "dm-snapshot" ];
|
||||
kernelModules = [ "kvm-amd" ];
|
||||
extraModulePackages = [ ];
|
||||
initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi"];
|
||||
initrd.kernelModules = ["dm-snapshot"];
|
||||
kernelModules = ["kvm-amd"];
|
||||
extraModulePackages = [];
|
||||
loader.systemd-boot.enable = true;
|
||||
loader.efi.canTouchEfiVariables = false;
|
||||
};
|
||||
|
@ -35,7 +37,7 @@
|
|||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
swapDevices = [];
|
||||
|
||||
nix.settings = {
|
||||
max-jobs = 8;
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
{ config, pkgs, inputs, lib, ... }:
|
||||
let
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
physicalInterface = "enp4s0";
|
||||
bridgeInterface = "br0";
|
||||
in {
|
||||
|
@ -13,7 +18,7 @@ in {
|
|||
./print-server.nix
|
||||
./restic-server.nix
|
||||
];
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
boot.binfmt.emulatedSystems = ["aarch64-linux"];
|
||||
programs.ccache.enable = true;
|
||||
networking = {
|
||||
hostName = "bolty";
|
||||
|
@ -22,22 +27,24 @@ in {
|
|||
address = "10.0.0.1";
|
||||
interface = "${bridgeInterface}";
|
||||
};
|
||||
nameservers = [ "91.239.100.100" "89.233.43.71" "1.1.1.1" ];
|
||||
nameservers = ["91.239.100.100" "89.233.43.71" "1.1.1.1"];
|
||||
interfaces = {
|
||||
"${physicalInterface}" = {
|
||||
useDHCP = false;
|
||||
wakeOnLan.enable = true;
|
||||
};
|
||||
"${bridgeInterface}" = {
|
||||
ipv4.addresses = [{
|
||||
"address" = "10.0.0.8";
|
||||
"prefixLength" = 24;
|
||||
}];
|
||||
ipv4.addresses = [
|
||||
{
|
||||
"address" = "10.0.0.8";
|
||||
"prefixLength" = 24;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
bridges = { "${bridgeInterface}".interfaces = [ "${physicalInterface}" ]; };
|
||||
bridges = {"${bridgeInterface}".interfaces = ["${physicalInterface}"];};
|
||||
};
|
||||
boot.kernelModules = [ "kvm_amd" ];
|
||||
boot.kernelModules = ["kvm_amd"];
|
||||
virtualisation = {
|
||||
libvirtd = {
|
||||
enable = true;
|
||||
|
@ -51,11 +58,10 @@ in {
|
|||
virt-viewer
|
||||
lm_sensors
|
||||
];
|
||||
networking.firewall.allowedTCPPorts = [ 5900 ];
|
||||
networking.firewall.allowedTCPPorts = [5900];
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
|
||||
security.allowUserNamespaces = true;
|
||||
|
||||
time.timeZone = "Europe/London";
|
||||
|
||||
}
|
||||
|
|
|
@ -1,8 +1,13 @@
|
|||
{ config, pkgs, inputs, lib, ... }:
|
||||
let port = 8123;
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
port = 8123;
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ port ];
|
||||
imports = [];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [port];
|
||||
}
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
{ config, pkgs, ... }: {
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
services.i2pd = {
|
||||
enable = true;
|
||||
bandwidth = 1024; # kb/s
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, pkgs, inputs, ... }: {
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
initialScript = pkgs.writeText "synapse-init.sql" ''
|
||||
|
@ -14,18 +19,22 @@
|
|||
enable = true;
|
||||
settings = {
|
||||
server_name = "cyplo.dev";
|
||||
listeners = [{
|
||||
port = 8008;
|
||||
bind_addresses = [ "bolty.cyplo.github.beta.tailscale.net" ];
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [{
|
||||
names = [ "client" "federation" ];
|
||||
compress = false;
|
||||
}];
|
||||
}];
|
||||
experimental_features = { spaces_enabled = true; };
|
||||
listeners = [
|
||||
{
|
||||
port = 8008;
|
||||
bind_addresses = ["bolty.cyplo.github.beta.tailscale.net"];
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [
|
||||
{
|
||||
names = ["client" "federation"];
|
||||
compress = false;
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
experimental_features = {spaces_enabled = true;};
|
||||
enable_registration = false;
|
||||
suppress_key_server_warning = true;
|
||||
};
|
||||
|
@ -33,5 +42,5 @@
|
|||
inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux".matrix-synapse;
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8008 ];
|
||||
networking.firewall.allowedTCPPorts = [8008];
|
||||
}
|
||||
|
|
|
@ -1,10 +1,13 @@
|
|||
{ config, pkgs, ... }: {
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 9000 9001 ];
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
networking.firewall.allowedTCPPorts = [9000 9001];
|
||||
services.minio = {
|
||||
enable = true;
|
||||
region = "home";
|
||||
dataDir = [ "/var/lib/minio/data" ];
|
||||
dataDir = ["/var/lib/minio/data"];
|
||||
configDir = "/var/lib/minio/config";
|
||||
listenAddress = ":9000";
|
||||
consoleAddress = ":9001";
|
||||
|
|
|
@ -1,40 +1,45 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 631 6566 ];
|
||||
networking.firewall.allowedUDPPorts = [ 631 6566 ];
|
||||
networking.firewall.allowedTCPPorts = [631 6566];
|
||||
networking.firewall.allowedUDPPorts = [631 6566];
|
||||
services.printing = {
|
||||
enable = true;
|
||||
drivers = with pkgs; [ epson-escpr ];
|
||||
listenAddresses = [ "*:631" ];
|
||||
drivers = with pkgs; [epson-escpr];
|
||||
listenAddresses = ["*:631"];
|
||||
defaultShared = true;
|
||||
browsing = true;
|
||||
allowFrom = [ "all" ];
|
||||
allowFrom = ["all"];
|
||||
extraConf = ''
|
||||
ServerAlias *
|
||||
DefaultEncryption Never
|
||||
'';
|
||||
};
|
||||
|
||||
hardware.printers.ensurePrinters = [{
|
||||
description = "Epson XP-540";
|
||||
location = "connected to bolty";
|
||||
name = "epson_xp540";
|
||||
deviceUri =
|
||||
"usb://EPSON/XP-540%20Series?serial=583245393030303936&interface=1";
|
||||
model = "raw";
|
||||
ppdOptions = { PageSize = "A4"; };
|
||||
}];
|
||||
hardware.printers.ensurePrinters = [
|
||||
{
|
||||
description = "Epson XP-540";
|
||||
location = "connected to bolty";
|
||||
name = "epson_xp540";
|
||||
deviceUri = "usb://EPSON/XP-540%20Series?serial=583245393030303936&interface=1";
|
||||
model = "raw";
|
||||
ppdOptions = {PageSize = "A4";};
|
||||
}
|
||||
];
|
||||
|
||||
hardware.sane = {
|
||||
enable = true;
|
||||
extraBackends = with pkgs; [ utsushi sane-airscan gawk ];
|
||||
extraBackends = with pkgs; [utsushi sane-airscan gawk];
|
||||
snapshot = true;
|
||||
};
|
||||
|
||||
services.udev.packages = [ pkgs.utsushi ];
|
||||
services.udev.packages = [pkgs.utsushi];
|
||||
|
||||
environment.systemPackages = with pkgs; [ gawk ];
|
||||
environment.systemPackages = with pkgs; [gawk];
|
||||
services.saned = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
|
@ -45,5 +50,4 @@
|
|||
hagath
|
||||
'';
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
networking.firewall.allowedTCPPorts = [ 9100 ];
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
networking.firewall.allowedTCPPorts = [9100];
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
exporters.node.enable = true;
|
||||
|
|
|
@ -1,8 +1,13 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
services.smartd.enable = true;
|
||||
services.fstrim.enable = true;
|
||||
environment.systemPackages = with pkgs; [ smartmontools ];
|
||||
environment.systemPackages = with pkgs; [smartmontools];
|
||||
services.fwupd.enable = true;
|
||||
services.thermald.enable = true;
|
||||
services.haveged.enable = true;
|
||||
|
|
|
@ -1,12 +1,15 @@
|
|||
{ config, pkgs, ... }: {
|
||||
environment.systemPackages = with pkgs; [ restic ];
|
||||
networking.firewall.allowedTCPPorts = [ 8000 ];
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
environment.systemPackages = with pkgs; [restic];
|
||||
networking.firewall.allowedTCPPorts = [8000];
|
||||
services.restic.server = {
|
||||
enable = true;
|
||||
dataDir = "/data/restic";
|
||||
appendOnly = true;
|
||||
prometheus = true;
|
||||
extraFlags = [ "--no-auth" ];
|
||||
extraFlags = ["--no-auth"];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
{ config, pkgs, inputs, nixpkgs-nixos-unstable-and-unfree, ... }: {
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
nixpkgs-nixos-unstable-and-unfree,
|
||||
...
|
||||
}: {
|
||||
networking.hostName = "fixme";
|
||||
|
||||
imports = [
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
{ config, lib, pkgs, inputs, ... }: {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
boot = {
|
||||
kernelModules = [ "kvm-intel" ];
|
||||
kernelModules = ["kvm-intel"];
|
||||
|
||||
initrd = {
|
||||
kernelModules = [ "dm-snapshot" ];
|
||||
availableKernelModules =
|
||||
[ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
||||
kernelModules = ["dm-snapshot"];
|
||||
availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"];
|
||||
};
|
||||
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
|
@ -24,7 +29,7 @@
|
|||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
swapDevices = [];
|
||||
|
||||
nix.settings = {
|
||||
max-jobs = "auto";
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
{ config, pkgs, ... }: {
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
environment.systemPackages = with pkgs; [
|
||||
atop
|
||||
btop
|
||||
|
|
|
@ -1,14 +1,21 @@
|
|||
{ config, pkgs, inputs, lib, nixpkgs-nixos-unstable-and-unfree, ... }:
|
||||
let
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
lib,
|
||||
nixpkgs-nixos-unstable-and-unfree,
|
||||
...
|
||||
}: let
|
||||
system_cert_bundle_path = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
form3_cert_path = ./form3-palo-alto.pem;
|
||||
form3_cert_bundle = builtins.toFile "form3-cert-bundle.crt"
|
||||
form3_cert_bundle =
|
||||
builtins.toFile "form3-cert-bundle.crt"
|
||||
(builtins.readFile system_cert_bundle_path
|
||||
+ builtins.readFile form3_cert_path);
|
||||
in {
|
||||
environment.systemPackages = with pkgs; [ vim nixfmt ];
|
||||
environment.systemPackages = with pkgs; [vim nixfmt];
|
||||
|
||||
imports = [ ../../git ../../mercurial ];
|
||||
imports = [../../git ../../mercurial];
|
||||
services.nix-daemon.enable = true;
|
||||
nix = {
|
||||
useDaemon = true;
|
||||
|
@ -21,15 +28,11 @@ in {
|
|||
|
||||
fonts.fontDir.enable = true;
|
||||
fonts.fonts = with pkgs; [
|
||||
(runCommand "berkeley-fonts" { } ''
|
||||
(runCommand "berkeley-fonts" {} ''
|
||||
mkdir -vp "$out/share/fonts/opentype"
|
||||
mkdir -vp "$out/share/fonts/truetype"
|
||||
${pkgs.unzip}/bin/unzip ${
|
||||
../../fonts.zip
|
||||
} \*.otf -d $out/share/fonts/opentype
|
||||
${pkgs.unzip}/bin/unzip ${
|
||||
../../fonts.zip
|
||||
} \*.ttf -d $out/share/fonts/truetype
|
||||
${pkgs.unzip}/bin/unzip ${../../fonts.zip} \*.otf -d $out/share/fonts/opentype
|
||||
${pkgs.unzip}/bin/unzip ${../../fonts.zip} \*.ttf -d $out/share/fonts/truetype
|
||||
|
||||
'')
|
||||
nerdfonts
|
||||
|
@ -40,7 +43,7 @@ in {
|
|||
source-code-pro
|
||||
weather-icons
|
||||
];
|
||||
security.pki.certificateFiles = [ form3_cert_path system_cert_bundle_path ];
|
||||
security.pki.certificateFiles = [form3_cert_path system_cert_bundle_path];
|
||||
environment.variables = {
|
||||
SSL_CERT_FILE = form3_cert_bundle;
|
||||
NIX_SSL_CERT_FILE = form3_cert_bundle;
|
||||
|
@ -51,15 +54,13 @@ in {
|
|||
|
||||
system.stateVersion = 4;
|
||||
|
||||
home-manager.users.cyryl = { ... }: {
|
||||
imports = [ ];
|
||||
home.packages = with pkgs; [ awscli kubectl cargo-update ];
|
||||
home-manager.users.cyryl = {...}: {
|
||||
imports = [];
|
||||
home.packages = with pkgs; [awscli kubectl cargo-update];
|
||||
programs.git.userEmail = lib.mkForce "cyryl.plotnicki@form3.tech";
|
||||
programs.git.extraConfig.user.signingkey =
|
||||
"6441B1BC81F8FB1561C9AFF5534222210FE423ED";
|
||||
programs.git.extraConfig.user.signingkey = "6441B1BC81F8FB1561C9AFF5534222210FE423ED";
|
||||
programs.git.extraConfig.commit.gpgsign = true;
|
||||
programs.git.extraConfig."url \"git@github.com:\"".insteadOf =
|
||||
"https://github.com/";
|
||||
programs.git.extraConfig."url \"git@github.com:\"".insteadOf = "https://github.com/";
|
||||
programs.gpg.enable = true;
|
||||
programs.gpg.homedir = "/Users/cyryl/.gnupg";
|
||||
programs.zsh.loginExtra = ''
|
||||
|
|
|
@ -1,93 +1,100 @@
|
|||
{ config, pkgs, ... }: {
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
nixpkgs.overlays = [
|
||||
(self: super: {
|
||||
buildLinux = x:
|
||||
super.buildLinux ({
|
||||
ignoreConfigErrors = true;
|
||||
enableParallelBuilding = true;
|
||||
} // x);
|
||||
ignoreConfigErrors = true;
|
||||
enableParallelBuilding = true;
|
||||
}
|
||||
// x);
|
||||
})
|
||||
];
|
||||
boot.kernelPatches = [{
|
||||
name = "foureighty";
|
||||
patch = null;
|
||||
extraConfig = ''
|
||||
ACPI_CUSTOM_METHOD n
|
||||
ACPI_DPTF y
|
||||
BUG y
|
||||
CC_STACKPROTECTOR_STRONG y
|
||||
CPU_IDLE_GOV_HALTPOLL y
|
||||
CPU_IDLE_GOV_TEO y
|
||||
DEBUG_CREDENTIALS y
|
||||
DEBUG_NOTIFIERS y
|
||||
DEBUG_PI_LIST y
|
||||
DEBUG_PLIST y
|
||||
DEBUG_RODATA y
|
||||
DEBUG_SET_MODULE_RONX y
|
||||
DEBUG_SG y
|
||||
DEVMEM y
|
||||
DPTF_PCH_FIVR m
|
||||
DPTF_POWER m
|
||||
ENERGY_MODEL y
|
||||
FORTIFY_SOURCE y
|
||||
GCC_PLUGINS y
|
||||
GCC_PLUGIN_LATENT_ENTROPY y
|
||||
GCC_PLUGIN_RANDSTRUCT y
|
||||
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y
|
||||
GCC_PLUGIN_STACKLEAK y
|
||||
GCC_PLUGIN_STRUCTLEAK y
|
||||
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y
|
||||
HARDENED_USERCOPY y
|
||||
HARDENED_USERCOPY_FALLBACK y
|
||||
HARDLOCKUP_DETECTOR y
|
||||
HZ_300 y
|
||||
INET_DIAG n
|
||||
INET_DIAG_DESTROY option no
|
||||
INET_MPTCP_DIAG option no
|
||||
INET_RAW_DIAG option no
|
||||
INET_TCP_DIAG option no
|
||||
INET_UDP_DIAG option no
|
||||
INIT_ON_ALLOC_DEFAULT_ON y
|
||||
INIT_ON_FREE_DEFAULT_ON y
|
||||
INTEL_TXT y
|
||||
KEXEC n
|
||||
KFENCE y
|
||||
LEGACY_VSYSCALL_NONE y
|
||||
LOCKUP_DETECTOR y
|
||||
MCORE2 y
|
||||
NR_CPUS 16
|
||||
NUMA_BALANCING y
|
||||
NUMA_BALANCING_DEFAULT_ENABLED y
|
||||
PAGE_POISONING y
|
||||
PAGE_POISONING_NO_SANITY y
|
||||
PAGE_POISONING_ZERO y
|
||||
PANIC_TIMEOUT -1
|
||||
PM_AUTOSLEEP y
|
||||
POWER_EFFICIENT_DEFAULT y
|
||||
PREEMPT y
|
||||
PREEMPTION y
|
||||
PREEMPT_COUNT y
|
||||
PREEMPT_DYNAMIC y
|
||||
PREEMPT_RCU y
|
||||
PROC_KCORE n
|
||||
RANDOMIZE_KSTACK_OFFSET_DEFAULT y
|
||||
SCHED_CORE y
|
||||
SCHED_STACK_END_CHECK y
|
||||
SECURITY_SAFESETID y
|
||||
SECURITY_SELINUX_DISABLE n
|
||||
SECURITY_WRITABLE_HOOKS n
|
||||
SHUFFLE_PAGE_ALLOCATOR y
|
||||
SLAB_FREELIST_HARDENED y
|
||||
SLAB_FREELIST_RANDOM y
|
||||
SLUB_DEBUG y
|
||||
STRICT_DEVMEM y
|
||||
STRICT_KERNEL_RWX y
|
||||
UNINLINE_SPIN_UNLOCK y
|
||||
WATCH_QUEUE y
|
||||
X86_INTEL_TSX_MODE_AUTO y
|
||||
X86_SGX y
|
||||
X86_SGX_KVM y
|
||||
'';
|
||||
}];
|
||||
boot.kernelPatches = [
|
||||
{
|
||||
name = "foureighty";
|
||||
patch = null;
|
||||
extraConfig = ''
|
||||
ACPI_CUSTOM_METHOD n
|
||||
ACPI_DPTF y
|
||||
BUG y
|
||||
CC_STACKPROTECTOR_STRONG y
|
||||
CPU_IDLE_GOV_HALTPOLL y
|
||||
CPU_IDLE_GOV_TEO y
|
||||
DEBUG_CREDENTIALS y
|
||||
DEBUG_NOTIFIERS y
|
||||
DEBUG_PI_LIST y
|
||||
DEBUG_PLIST y
|
||||
DEBUG_RODATA y
|
||||
DEBUG_SET_MODULE_RONX y
|
||||
DEBUG_SG y
|
||||
DEVMEM y
|
||||
DPTF_PCH_FIVR m
|
||||
DPTF_POWER m
|
||||
ENERGY_MODEL y
|
||||
FORTIFY_SOURCE y
|
||||
GCC_PLUGINS y
|
||||
GCC_PLUGIN_LATENT_ENTROPY y
|
||||
GCC_PLUGIN_RANDSTRUCT y
|
||||
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y
|
||||
GCC_PLUGIN_STACKLEAK y
|
||||
GCC_PLUGIN_STRUCTLEAK y
|
||||
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y
|
||||
HARDENED_USERCOPY y
|
||||
HARDENED_USERCOPY_FALLBACK y
|
||||
HARDLOCKUP_DETECTOR y
|
||||
HZ_300 y
|
||||
INET_DIAG n
|
||||
INET_DIAG_DESTROY option no
|
||||
INET_MPTCP_DIAG option no
|
||||
INET_RAW_DIAG option no
|
||||
INET_TCP_DIAG option no
|
||||
INET_UDP_DIAG option no
|
||||
INIT_ON_ALLOC_DEFAULT_ON y
|
||||
INIT_ON_FREE_DEFAULT_ON y
|
||||
INTEL_TXT y
|
||||
KEXEC n
|
||||
KFENCE y
|
||||
LEGACY_VSYSCALL_NONE y
|
||||
LOCKUP_DETECTOR y
|
||||
MCORE2 y
|
||||
NR_CPUS 16
|
||||
NUMA_BALANCING y
|
||||
NUMA_BALANCING_DEFAULT_ENABLED y
|
||||
PAGE_POISONING y
|
||||
PAGE_POISONING_NO_SANITY y
|
||||
PAGE_POISONING_ZERO y
|
||||
PANIC_TIMEOUT -1
|
||||
PM_AUTOSLEEP y
|
||||
POWER_EFFICIENT_DEFAULT y
|
||||
PREEMPT y
|
||||
PREEMPTION y
|
||||
PREEMPT_COUNT y
|
||||
PREEMPT_DYNAMIC y
|
||||
PREEMPT_RCU y
|
||||
PROC_KCORE n
|
||||
RANDOMIZE_KSTACK_OFFSET_DEFAULT y
|
||||
SCHED_CORE y
|
||||
SCHED_STACK_END_CHECK y
|
||||
SECURITY_SAFESETID y
|
||||
SECURITY_SELINUX_DISABLE n
|
||||
SECURITY_WRITABLE_HOOKS n
|
||||
SHUFFLE_PAGE_ALLOCATOR y
|
||||
SLAB_FREELIST_HARDENED y
|
||||
SLAB_FREELIST_RANDOM y
|
||||
SLUB_DEBUG y
|
||||
STRICT_DEVMEM y
|
||||
STRICT_KERNEL_RWX y
|
||||
UNINLINE_SPIN_UNLOCK y
|
||||
WATCH_QUEUE y
|
||||
X86_INTEL_TSX_MODE_AUTO y
|
||||
X86_SGX y
|
||||
X86_SGX_KVM y
|
||||
'';
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,4 +1,11 @@
|
|||
{ config, pkgs, inputs, lib, nixpkgs-nixos-unstable-and-unfree, ... }: {
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
lib,
|
||||
nixpkgs-nixos-unstable-and-unfree,
|
||||
...
|
||||
}: {
|
||||
networking.hostName = "foureighty";
|
||||
|
||||
imports = [
|
||||
|
@ -16,9 +23,9 @@
|
|||
../../mercurial
|
||||
];
|
||||
|
||||
fileSystems."/" = { options = [ "compress=zstd" ]; };
|
||||
fileSystems."/" = {options = ["compress=zstd"];};
|
||||
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
boot.binfmt.emulatedSystems = ["aarch64-linux"];
|
||||
boot.plymouth = {
|
||||
enable = true;
|
||||
logo = ./boot.png;
|
||||
|
@ -55,13 +62,12 @@
|
|||
buttonMapping = "1 0 3 4 5 6 7 8 9 10";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
services.fprintd = { enable = true; };
|
||||
services.fprintd = {enable = true;};
|
||||
programs.ccache.enable = true;
|
||||
|
||||
home-manager.users.cyryl = { ... }: {
|
||||
imports = [ ../../home-manager/programs/alacritty.nix ];
|
||||
home-manager.users.cyryl = {...}: {
|
||||
imports = [../../home-manager/programs/alacritty.nix];
|
||||
home.packages = [
|
||||
inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux".bisq-desktop
|
||||
];
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
{ config, lib, pkgs, inputs, ... }: {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
boot = {
|
||||
kernelModules = [ "kvm-intel" ];
|
||||
kernelModules = ["kvm-intel"];
|
||||
|
||||
initrd = {
|
||||
kernelModules = [ "dm-snapshot" ];
|
||||
availableKernelModules =
|
||||
[ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
||||
kernelModules = ["dm-snapshot"];
|
||||
availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"];
|
||||
};
|
||||
|
||||
loader.systemd-boot.enable = true;
|
||||
|
@ -13,9 +18,8 @@
|
|||
loader.efi.efiSysMountPoint = "/boot/efi";
|
||||
};
|
||||
|
||||
boot.initrd.secrets = { "/crypto_keyfile.bin" = null; };
|
||||
boot.initrd.luks.devices."luks-43a80125-4089-45be-9561-fab93f984916".device =
|
||||
"/dev/disk/by-uuid/43a80125-4089-45be-9561-fab93f984916";
|
||||
boot.initrd.secrets = {"/crypto_keyfile.bin" = null;};
|
||||
boot.initrd.luks.devices."luks-43a80125-4089-45be-9561-fab93f984916".device = "/dev/disk/by-uuid/43a80125-4089-45be-9561-fab93f984916";
|
||||
|
||||
fileSystems."/boot/efi" = {
|
||||
device = "/dev/disk/by-uuid/D6C0-1A9D";
|
||||
|
@ -25,10 +29,10 @@
|
|||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/98f3597c-183a-45fb-b2a4-b598c18d089a";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@" ];
|
||||
options = ["subvol=@"];
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
swapDevices = [];
|
||||
|
||||
nix.settings = {
|
||||
max-jobs = 7;
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
{ config, pkgs, ... }: {
|
||||
environment.systemPackages = with pkgs; [ libqmi ];
|
||||
boot.extraModulePackages = with pkgs; [ libqmi ];
|
||||
boot.kernelModules = [ "qmi_wwan" "qcserial" ];
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
environment.systemPackages = with pkgs; [libqmi];
|
||||
boot.extraModulePackages = with pkgs; [libqmi];
|
||||
boot.kernelModules = ["qmi_wwan" "qcserial"];
|
||||
}
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
{pkgs, ...}: let
|
||||
nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
|
||||
export __NV_PRIME_RENDER_OFFLOAD=1
|
||||
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
|
||||
|
@ -17,11 +15,11 @@ let
|
|||
glxinfo | grep vendor; echo OK!;
|
||||
'';
|
||||
in {
|
||||
environment.systemPackages = [ nvidia-offload whichgpu nvidiaon ];
|
||||
environment.systemPackages = [nvidia-offload whichgpu nvidiaon];
|
||||
hardware.opengl.enable = true;
|
||||
hardware.opengl.driSupport32Bit = true;
|
||||
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
|
||||
services.xserver.videoDrivers = [ "nvidia" ];
|
||||
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [libva];
|
||||
services.xserver.videoDrivers = ["nvidia"];
|
||||
hardware.nvidia.prime = {
|
||||
offload.enable = true;
|
||||
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA
|
||||
|
|
|
@ -1,46 +1,50 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
boot.extraModprobeConfig = "options thinkpad_acpi fan_control=1";
|
||||
services.thinkfan = {
|
||||
enable = true;
|
||||
levels = [
|
||||
[ 0 0 55 ]
|
||||
[ 1 48 60 ]
|
||||
[ 2 50 61 ]
|
||||
[ 3 52 63 ]
|
||||
[ 6 56 70 ]
|
||||
[ 7 65 85 ]
|
||||
[ "level full-speed" 80 32767 ]
|
||||
[0 0 55]
|
||||
[1 48 60]
|
||||
[2 50 61]
|
||||
[3 52 63]
|
||||
[6 56 70]
|
||||
[7 65 85]
|
||||
["level full-speed" 80 32767]
|
||||
];
|
||||
sensors = [
|
||||
{
|
||||
type = "hwmon";
|
||||