First flake

2022-04-06 09:44:31 +02:00 · 2022-04-06 09:44:31 +02:00 · becab7b6f3
commit becab7b6f3
parent c3b30c56ef
4 changed files with 341 additions and 0 deletions
--- a/thor/configuration.nix
+++ b/thor/configuration.nix
@ -0,0 +1,198 @@
+{ config, pkgs, lib, ... }:
+{
+  imports = [
+    # <nixos-hardware/common/cpu/amd>
+    # <nixos-hardware/common/pc/ssd>
+    ./hardware-configuration.nix
+    # ./pro_audio.nix
+  ];
+
+  boot = {
+    binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ];
+    extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+    initrd = {
+      checkJournalingFS = true;
+      luks.devices = {
+        root = {
+          device = "/dev/nvme0n1p2";
+          preLVM = true;
+          allowDiscards = true;
+        };
+      };
+    };
+  };
+
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  environment = {
+    pathsToLink = [ "/share/zsh" ];
+    systemPackages = with pkgs; [
+      kakoune
+      tmux
+      vim
+    ];
+  };
+
+  hardware = {
+    bluetooth.enable = true;
+    enableRedistributableFirmware = true;
+    pulseaudio.enable = false;
+    # nvidia.modesetting.enable = true;
+  };
+
+  i18n.defaultLocale = "it_IT.UTF-8";
+
+  programs = {
+    dconf.enable = true;
+    flashrom.enable = true;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+    steam = {
+      enable = true;
+    };
+    zsh = {
+      enable = true;
+      syntaxHighlighting.enable = true;
+    };
+  };
+
+  networking = {
+    hostName = "thor"; # Define your hostname.
+    interfaces = {
+      eno1.useDHCP = true;
+      wlp5s0.useDHCP = true;
+    };
+    networkmanager.enable = true;
+    useDHCP = false;
+    hosts = {
+      "*.engine.sesar.int" = [ "172.20.28.210" ];
+      "vcenter.sesar.int" = [ "172.20.28.20" ];
+    };
+  };
+
+  time.timeZone = "Europe/Rome";
+
+  services = {
+    avahi = {
+      enable = true;
+      openFirewall = true;
+      nssmdns = true;
+      publish = {
+        enable = true;
+        addresses = true;
+        domain = true;
+        userServices = true;
+        workstation = true;
+      };
+      extraServiceFiles = {
+        ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
+      };
+    };
+    clamav = { daemon.enable = true; updater.enable = true; };
+    dbus.packages = with pkgs; [ gnome.dconf ];
+    gnome.gnome-keyring.enable = true;
+    gvfs = { enable = true; package = pkgs.gnome3.gvfs; };
+    fwupd.enable = true;
+    openssh = { enable = true; openFirewall = true; permitRootLogin = "no"; passwordAuthentication = false; forwardX11 = true; };
+    pipewire = {
+      enable = true;
+      pulse.enable = true;
+      jack.enable = true;
+      alsa = {
+        enable = true;
+        support32Bit = true;
+      };
+      media-session.enable = true;
+    };
+    power-profiles-daemon.enable = true;
+    smartd = { enable = true; notifications.x11.enable = true; };
+    snapper = {
+      configs =
+        let
+          common = {
+            extraConfig = ''
+              ALLOW_USERS="bertof"
+              TIMELINE_CREATE=yes
+              TIMELINE_CLEANUP=yes
+            '';
+          };
+        in
+        {
+          bertof_home = common // { subvolume = "/home/bertof"; };
+        };
+    };
+    thermald.enable = true;
+    xserver = {
+      enable = true;
+      desktopManager = {
+        # gnome.enable = true;
+        # cinnamon.enable = true;
+        plasma5 = {
+          enable = true;
+          runUsingSystemd = true;
+          useQtScaling = true;
+        };
+      };
+      # displayManager.gdm = { enable = true; nvidiaWayland = true; };
+      displayManager.sddm.enable = true;
+      layout = "us";
+      videoDrivers = [ "nvidia" ];
+      xkbOptions = "eurosign:e";
+    };
+    # gnome.gnome-remote-desktop.enable = true;
+    zerotierone = { enable = true; joinNetworks = [ "8056c2e21cf9c753" ]; };
+  };
+
+  services.teamviewer.enable = true;
+
+  security = {
+    rtkit.enable = true;
+    sudo.extraConfig = ''
+      Defaults pwfeedback
+    '';
+  };
+
+  sound.enable = false;
+
+  users.users.bertof = {
+    isNormalUser = true;
+    extraGroups = [ "audio" "input" "docker" "flashrom" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ];
+    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ];
+    shell = pkgs.zsh;
+    useDefaultShell = false;
+  };
+
+  virtualisation = {
+    docker.enable = true;
+    kvmgt.enable = true;
+    libvirtd.enable = true;
+    podman.enable = true;
+    virtualbox.host.enable = true;
+  };
+
+  nixpkgs.config = {
+    allowUnfree = true;
+    packageOverrides = pkgs: {
+      steam = pkgs.steam.override {
+        extraPkgs = pkgs: with pkgs; [ icu ];
+      };
+    };
+    # cudaSupport = true;
+  };
+  nix = {
+    package = pkgs.nixFlakes;
+    extraOptions = "experimental-features = nix-command flakes";
+    gc.automatic = true;
+  };
+
+  system.stateVersion = "21.05"; # Did you read the comment?
+}
--- a/thor/flake.lock
+++ b/thor/flake.lock
@ -0,0 +1,65 @@
+{
+  "nodes": {
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1648834319,
+        "narHash": "sha256-i5Aj4Aw64D/A0X6XW5LxSS4XBnYj7gMz+kN4dpsbdk8=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "0bdbdea2e26c984b096f4f7d10e3c88536a980b0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-21.11",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1648141026,
+        "narHash": "sha256-h8e3+5EZFbYHTMb0DN2ACuQTJBNHpqigvmEV1w2WIuE=",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "feceb4d24f582817d8f6e737cd40af9e162dee05",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1649024309,
+        "narHash": "sha256-AWbvj/NHZXVwAnHaVOFlxg7tcNerEKrKBmgGfztSHWM=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "af0a9bc0e5341855518e9c1734d7ef913e5138b9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-21.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "nixos-hardware": "nixos-hardware",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/thor/flake.nix
+++ b/thor/flake.nix
@ -0,0 +1,35 @@
+{
+  description = "Thor system configuration";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+    home-manager.url = "github:nix-community/home-manager/release-21.11";
+    nixos-hardware.url = "github:NixOS/nixos-hardware";
+    # nixos-hardware.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  outputs = { self, nixpkgs, home-manager, nixos-hardware }:
+    let
+      system = "x86_64-linux";
+      pkgs = import nixpkgs {
+        inherit system;
+        config = { allowUnfree = true; };
+      };
+      lib = nixpkgs.lib;
+    in
+    {
+      nixosConfigurations = {
+        thor = lib.nixosSystem {
+          inherit system;
+
+          modules = [
+            nixos-hardware.nixosModules.common-cpu-amd
+            nixos-hardware.nixosModules.common-pc-ssd
+            ./configuration.nix
+          ];
+        };
+      };
+    };
+
+}
--- a/thor/hardware-configuration.nix
+++ b/thor/hardware-configuration.nix
@ -0,0 +1,43 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/6c06428e-c296-4ef1-8429-62bafb860126";
+      fsType = "btrfs";
+      options = [ "subvol=@root" "x-gvfs-hide" "space_cache=v2" "discard" "compress-force=zstd:1" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/B9D2-255C";
+      fsType = "vfat";
+    };
+
+  fileSystems."/home/bertof" =
+    { device = "/dev/disk/by-uuid/6c06428e-c296-4ef1-8429-62bafb860126";
+      fsType = "btrfs";
+      options = [ "subvol=@home_bertof" "x-gvfs-hide" "space_cache=v2" "discard" "compress-force=zstd:1" ];
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/6c06428e-c296-4ef1-8429-62bafb860126";
+      fsType = "btrfs";
+      options = [ "subvol=@nix" "x-gvfs-hide" "space_cache=v2" "discard" "compress-force=zstd:1" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/dee188e4-4ff8-417c-9419-b7f00ecb9989"; }
+    ];
+
+}