diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..8401e5d --- /dev/null +++ b/flake.lock @@ -0,0 +1,65 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1649711426, + "narHash": "sha256-tn5Hu9QkG6LhdgEOe+6cmULPeRCW0UY4o/GHU0viLu0=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "7049cf37a90e19ead7a379ce1c76dccea29450c4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-21.11", + "repo": "home-manager", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1649849514, + "narHash": "sha256-zQyTr2UebTKUh1KLyLtevhHsM8umPK1LfQLGUGjRjiQ=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "1a0ccdbf4583ed0fce37eea7955e8ef90f840a9f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1649760692, + "narHash": "sha256-b+5Uo3yA2eFjvaGGeeLN7I3IJCxHL+jIQpB0HmBlqK4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "838eefb4f93f2306d4614aafb9b2375f315d917f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-21.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..9e8a551 --- /dev/null +++ b/flake.nix @@ -0,0 +1,50 @@ +{ + description = "Thor system configuration"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + home-manager.url = "github:nix-community/home-manager/release-21.11"; + nixos-hardware.url = "github:NixOS/nixos-hardware"; + # nixos-hardware.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = { self, nixpkgs, home-manager, nixos-hardware }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { allowUnfree = true; }; + }; + lib = nixpkgs.lib; + in + { + nixosConfigurations = rec { + thor = lib.nixosSystem { + inherit system; + + modules = [ + ./thor/hardware-configuration.nix + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-pc-ssd + ./thor/configuration.nix + ]; + }; + odin = odin-intel; + odin-intel = lib.nixosSystem { + inherit system; + + modules = [ + ./odin/hardware-configuration.nix + nixos-hardware.nixosModules.common-cpu-intel + nixos-hardware.nixosModules.common-pc-laptop + nixos-hardware.nixosModules.common-pc-laptop-ssd + ./odin/base.nix + ./odin/odin-intel.nix + ./odin/pro_audio.nix + ]; + }; + }; + }; + +} diff --git a/odin/base.nix b/odin/base.nix new file mode 100644 index 0000000..26ba091 --- /dev/null +++ b/odin/base.nix @@ -0,0 +1,240 @@ +{ config, pkgs, lib, ... }: { + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.initrd.checkJournalingFS = true; + boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_16; + boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; + + # # Cross-build arm + boot.binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ]; + + # Use same ACPI identifier as Dell Ubuntu + boot.kernelParams = [ + "acpi_osi=Linux-Dell-Video" + ]; + + networking = { + hostName = "odin"; + networkmanager.enable = true; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + useDHCP = false; + interfaces = { enp60s0.useDHCP = true; wlp0s20f3.useDHCP = true; }; + + # Configure network proxy if necessary + # proxy.default = "http://user:password@proxy:port/"; + # proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Open ports in the firewall. + # firewall.allowedTCPPorts = [ ... ]; + # firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # firewall.enable = false; + hosts = { + "*.engine.sesar.int" = [ "172.20.28.210" ]; + "vcenter.sesar.int" = [ "159.149.147.137" ]; + }; + }; + + # Set your time zone. + time.timeZone = "Europe/Rome"; + + # Select internationalisation properties. + i18n.defaultLocale = "it_IT.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "it"; + }; + + + # X11 windowing system. + services.xserver = { + enable = true; + # Enable the GNOME 3 Desktop Environment. + # displayManager.gdm = { + # enable = true; + # wayland = true; + # nvidiaWayland = true; + # }; + desktopManager.gnome.enable = true; + # windowManager.bspwm.enable = true; + + # Configure keymap in X11 + layout = "it"; + extraLayouts = { + eng = { languages = [ "eng" ]; description = "English layout for external keyboard"; }; + }; + xkbOptions = "eurosign:e;"; + libinput.enable = true; + }; + + # Enable CUPS to print documents. + services.printing = { + enable = true; + drivers = with pkgs; [ gutenprint cups-kyocera ]; + }; + + services.fwupd.enable = true; + + # Enable sound. + # PULSE + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + # PIPEWIRE + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + pulse.enable = true; + jack.enable = true; + alsa = { enable = true; support32Bit = true; }; + # media-session.enable = true; + }; + environment.sessionVariables.LD_LIBRARY_PATH = lib.mkForce "${config.services.pipewire.package.jack}/lib"; # Temporary fix for WebKitGTK + + # # Tablet + # hardware.opentabletdriver = { + # enable = true; + # daemon.enable = true; + # }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.bertof = { + isNormalUser = true; + extraGroups = [ "audio" "input" "docker" "flashrom" "libvirtd" "network" "usb" "video" "wheel" ]; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ tmux firefox kakoune vim ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + programs.flashrom.enable = true; + programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + programs.steam.enable = true; + programs.dconf.enable = true; + programs.zsh = { enable = true; syntaxHighlighting.enable = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh = { enable = true; openFirewall = true; permitRootLogin = "no"; passwordAuthentication = false; }; + + # Cooling management + services.thermald.enable = true; + + services.snapper = { + configs = + let + bertofExtraConfig = '' + ALLOW_USERS="bertof" + TIMELINE_CREATE=yes + TIMELINE_CLEANUP=yes + ''; + common = { extraConfig = bertofExtraConfig; }; + in + { + bertof_home = common // { subvolume = "/home/bertof"; }; + bertof_music = common // { subvolume = "/home/bertof/Musica"; }; + bertof_downloads = common // { subvolume = "/home/bertof/Scaricati"; }; + bertof_images = common // { subvolume = "/home/bertof/Immagini"; }; + bertof_videos = common // { subvolume = "/home/bertof/Video"; }; + bertof_documents = common // { subvolume = "/home/bertof/Documenti"; }; + bertof_games_ssd = common // { subvolume = "/home/bertof/Giochi/SSD"; }; + # bertof_games_hdd = common // { subvolume = "/home/bertof/Giochi/HDD"; }; + bertof_git = common // { subvolume = "/home/bertof/Documenti/Git"; }; + }; + }; + + services.dbus.packages = with pkgs; [ gnome.dconf ]; + services.gnome.gnome-keyring.enable = true; + hardware.bluetooth.enable = true; + # services.blueman.enable = true; + services.zerotierone = { enable = true; joinNetworks = [ "8056c2e21cf9c753" ]; }; + services.gvfs = { enable = true; package = lib.mkForce pkgs.gnome3.gvfs; }; + # services.tlp.enable = false; + services.avahi = { + enable = true; + openFirewall = true; + nssmdns = true; + publish = { + enable = true; + addresses = true; + domain = true; + userServices = true; + workstation = true; + }; + extraServiceFiles = { + ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; + }; + }; + + # SMART + services.smartd = { enable = true; notifications.x11.enable = true; }; + + # FPRINTD + # services.fprintd = { + # enable = true; + # tod = { enable = true; driver = pkgs.libfprint-2-tod1-goodix; }; + # }; + security.pam.services.login.fprintAuth = true; + security.pam.services.xscreensaver.fprintAuth = true; + + # Clamav + services.clamav = { daemon.enable = true; updater.enable = true; }; + + # Power-profiles + services.power-profiles-daemon.enable = true; + + # services.teamviewer.enable = true; + + # Virtualisation + virtualisation = { + docker.enable = true; + kvmgt.enable = true; + libvirtd.enable = true; + podman.enable = true; + virtualbox.host.enable = true; + }; + + # Allow completion for system packages + environment.pathsToLink = [ "/share/zsh" ]; + + security.sudo.extraConfig = '' + Defaults pwfeedback + ''; + security.pam.services.sddm.enableGnomeKeyring = true; + + nixpkgs.config = { + allowUnfree = true; + packageOverrides = pkgs: { + steam = pkgs.steam.override { + extraPkgs = pkgs: with pkgs; [ icu ]; + }; + }; + }; + nix = { + package = pkgs.nixFlakes; + extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) + "experimental-features = nix-command flakes"; + gc.automatic = true; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.11"; # Did you read the comment? +} diff --git a/odin/hardware-configuration.nix b/odin/hardware-configuration.nix new file mode 100644 index 0000000..ac9276d --- /dev/null +++ b/odin/hardware-configuration.nix @@ -0,0 +1,87 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@root" "x-gvfs-hide" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@nix" "x-gvfs-hide" ]; + }; + + fileSystems."/home/bertof" = + { device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof" "x-gvfs-hide" ]; + }; + + fileSystems."/home/bertof/Giochi/SSD" = + { device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof_games" "x-gvfs-hide" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/82DB-3444"; + fsType = "vfat"; + }; + + fileSystems."/home/bertof/Musica" = + { device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof_music" "x-gvfs-hide" ]; + }; + + fileSystems."/home/bertof/Video" = + { device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof_videos" "x-gvfs-hide" ]; + }; + + fileSystems."/home/bertof/Immagini" = + { device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof_images" "x-gvfs-hide" ]; + }; + + fileSystems."/home/bertof/Scaricati" = + { device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof_downloads" "x-gvfs-hide" ]; + }; + + fileSystems."/home/bertof/Documenti" = + { device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof_documents" "x-gvfs-hide" ]; + }; + + fileSystems."/home/bertof/Documenti/Git" = + { device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof_git" "x-gvfs-hide" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/5f3cf424-2bd8-4352-a778-1bb067cb5700"; } + ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/odin/odin-intel.nix b/odin/odin-intel.nix new file mode 100644 index 0000000..240bdaf --- /dev/null +++ b/odin/odin-intel.nix @@ -0,0 +1,33 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + boot.initrd.kernelModules = [ "i915" ]; + + hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware; + + hardware.opengl.enable = true; + hardware.opengl.extraPackages = with pkgs; [ + intel-media-driver + vaapiIntel + vaapiVdpau + libvdpau-va-gl + ]; + + services.xserver = { + displayManager.gdm = { + enable = true; + wayland = true; + }; + }; + + # This runs only Intel and nvidia does not drain power. + ##### disable nvidia for a very nice battery life. + hardware.nvidiaOptimus.disable = true; + boot.blacklistedKernelModules = [ "nouveau" "nvidia" ]; + services.xserver.videoDrivers = [ "intel" ]; + hardware.opengl.driSupport32Bit = true; +} diff --git a/odin/odin-nvidia.nix b/odin/odin-nvidia.nix new file mode 100644 index 0000000..c21ef24 --- /dev/null +++ b/odin/odin-nvidia.nix @@ -0,0 +1,36 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ + + + ./base.nix + ]; + + boot.initrd.kernelModules = [ "i915" ]; + + hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware; + + services.xserver = { + videoDrivers = [ "nvidia" ]; + displayManager.sddm = { + enable = true; + autoNumlock = true; + }; + }; + + hardware.nvidia.prime = { + offload.enable = false; + sync.enable = true; + intelBusId = "PCI:0:2:0"; + nvidiaBusId = "PCI:1:0:0"; + }; + # hardware.nvidia.modesetting.enable = true; + # hardware.nvidia.package = pkgs.linuxPackages.nvidia_x11; + hardware.opengl.driSupport32Bit = true; +} diff --git a/odin/pro_audio.nix b/odin/pro_audio.nix new file mode 100644 index 0000000..fd2f706 --- /dev/null +++ b/odin/pro_audio.nix @@ -0,0 +1,61 @@ +{ pkgs, lib, ... }: { + boot = { + # kernelModules = [ "snd-seq" "snd-rawmidi" ]; + # kernel.sysctl = { "vm.swappiness" = 10; "fs.inotify.max_user_watches" = 524288; }; + # kernelParams = [ "threadirq" ]; + + # kernelPatches = lib.singleton { + # name = "pro_audio"; + # patch = null; + # extraConfig = '' + # PREEMPT_RT y + # PREEMPT y + # IOSCHED_DEADLINE y + # DEFAULT_DEADLINE y + # DEFAULT_IOSCHED "deadline" + # HPET_TIMER y + # CPU_FREQ n + # TREE_RCU_TRACE n + # ''; + # }; + + # postBootCommands = '' + # echo 2048 > /sys/class/rtc/rtc0/max_user_freq + # echo 2048 > /proc/sys/dev/hpet/max-user-freq + # # setpci -v -d *:* latency_timer=b0 + # # setpci -v -s $00:1b.0 latency_timer=ff + # ''; + # The SOUND_CARD_PCI_ID can be obtained like so: + # $ lspci ¦ grep -i audio + }; + + # powerManagement.cpuFreqGovernor = "performance"; + + # fileSystems."/" = { options = "noatime errors=remount-ro"; }; + + security.pam.loginLimits = [ + { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; } + { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; } + { domain = "@audio"; item = "nofile"; type = "soft"; value = "99999"; } + { domain = "@audio"; item = "nofile"; type = "hard"; value = "99999"; } + ]; + + # services = { + # udev = { + # packages = [ pkgs.ffado ]; # If you have a FireWire audio interface + # extraRules = '' + # KERNEL=="rtc0", GROUP="audio" + # KERNEL=="hpet", GROUP="audio" + # ''; + # }; + # cron.enable = false; + # }; + + environment.shellInit = '' + export VST_PATH=/nix/var/nix/profiles/default/lib/vst:/var/run/current-system/sw/lib/vst:~/.vst + export LXVST_PATH=/nix/var/nix/profiles/default/lib/lxvst:/var/run/current-system/sw/lib/lxvst:~/.lxvst + export LADSPA_PATH=/nix/var/nix/profiles/default/lib/ladspa:/var/run/current-system/sw/lib/ladspa:~/.ladspa + export LV2_PATH=/nix/var/nix/profiles/default/lib/lv2:/var/run/current-system/sw/lib/lv2:~/.lv2 + export DSSI_PATH=/nix/var/nix/profiles/default/lib/dssi:/var/run/current-system/sw/lib/dssi:~/.dssi + ''; +}