From cf88840f0dbd1cc4f56532efc623fdcc161c01fb Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Thu, 21 Nov 2024 14:13:58 +0100 Subject: [PATCH] Sif: WIP --- flake.nix | 33 ++ instances/sif/configuration.nix | 365 +++++++++++++++++++++++ instances/sif/hardware-configuration.nix | 131 ++++++++ instances/sif/hm.nix | 152 ++++++++++ modules/hm/development/docker.nix | 17 +- 5 files changed, 690 insertions(+), 8 deletions(-) create mode 100644 instances/sif/configuration.nix create mode 100644 instances/sif/hardware-configuration.nix create mode 100644 instances/sif/hm.nix diff --git a/flake.nix b/flake.nix index 5b80b7f..b46dea5 100644 --- a/flake.nix +++ b/flake.nix @@ -277,6 +277,39 @@ }]; }; + sif = inputs.nixpkgs-u.lib.nixosSystem { + system = "x86_64-linux"; + modules = commonModules ++ [ + ./instances/sif/hardware-configuration.nix + inputs.nixos-hardware.nixosModules.common-cpu-intel + inputs.nixos-hardware.nixosModules.common-pc-ssd + ./instances/sif/configuration.nix + + # S3 cache write + ./modules/nixos/s3_cache_write.nix + { age.secrets.s3_sif = { file = ./secrets/s3_sif.age; owner = "bertof"; }; } + + ./modules/nixos/pro_audio.nix + ./modules/nixos/kdeconnect.nix + ./modules/nixos/steam.nix + ./modules/nixos/minio_local.nix + + ./modules/nixos/plymouth.nix + ./modules/nixos/hyprland.nix + { + home-manager.users.bertof.imports = [ + ./modules/hm/hyprland.nix + ./modules/hm/swayidle.nix + ]; + } + + ./modules/nixos/musa.nix + ] ++ homeManagerUModules ++ [{ + home-manager.users.bertof = import ./instances/sif/hm.nix; + }]; + }; + + odin-nvidia = inputs.nixpkgs-u.lib.nixosSystem { system = "x86_64-linux"; modules = commonModules ++ odinCommonModules ++ [ ./instances/odin/configuration-nvidia.nix ]; diff --git a/instances/sif/configuration.nix b/instances/sif/configuration.nix new file mode 100644 index 0000000..09a497b --- /dev/null +++ b/instances/sif/configuration.nix @@ -0,0 +1,365 @@ +{ config +, pkgs +, lib +, ... +}: +{ + age.secrets = { + ntfy-odin = { + file = ../../secrets/ntfy-odin.age; + owner = "bertof"; + }; + odin_wg_priv.file = ../../secrets/odin_wg_priv.age; + }; + + # Use the systemd-boot EFI boot loader. + boot = { + # kernelPackages = pkgs.linuxPackages_latest; + # kernelPackages = pkgs.linuxPackages_6_7_hardened; + # kernelPackages = pkgs.linuxPackages_6_8; + kernelParams = [ "acpi_osi=Linux-Dell-Video" ]; + initrd.checkJournalingFS = true; # Use same ACPI identifier as Dell Ubuntu + loader = { + systemd-boot = { + enable = true; + editor = false; + }; + efi.canTouchEfiVariables = true; + }; + extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; + + # Cross-build arm + binfmt.emulatedSystems = [ + "armv7l-linux" + "aarch64-linux" + ]; + }; + + hardware = { + enableRedistributableFirmware = true; + + graphics.enable = true; + + pulseaudio.enable = false; + + # Tablet + opentabletdriver = { + enable = true; + daemon.enable = true; + }; + }; + + networking = { + hostName = "odin"; + networkmanager.enable = true; + # networkmanager.wifi.backend = "iwd"; + + # Configure network proxy if necessary + # proxy.default = "http://user:password@proxy:port/"; + # proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Open ports in the firewall. + # firewall.allowedTCPPorts = [ ... ]; + # firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # firewall.enable = false; + + # wg-quick.interfaces = { + # wg0 = { + # autostart = false; + # address = [ "10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64" ]; + # dns = [ "10.0.0.1" "fdc9:281f:04d7:9ee9::1" ]; + # privateKeyFile = config.age.secrets.odin_wg_priv.path; + + # peers = [ + # { + # # baldur + # # allowedIPs = [ "10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128" ]; + # allowedIPs = [ "0.0.0.0/0" "::/0" ]; + # endpoint = "baldur.bertof.net:51820"; + # presharedKeyFile = config.age.secrets.wg_psk.path; + # publicKey = "K57ikgFSR1O0CXWBxfQEu7uxSOsp3ePj/NMRets5pVc="; + # } + # { + # # odin + # publicKey = "LDBhvzeYmHJ0z5ch+N559GWjT3It1gZvGR/9WtCfURw="; + # presharedKeyFile = config.age.secrets.wg_psk.path; + # allowedIPs = [ "10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/128" ]; + # } + # { + # # oppo + # publicKey = "OBk6bHKuIYLwD7cwjmAuMn57jXqbDwCL52jhQxiHnnA="; + # presharedKeyFile = config.age.secrets.wg_psk.path; + # allowedIPs = [ "10.0.0.3/24" "fdc9:281f:04d7:9ee9::3/128" ]; + # } + # { + # # thor + # publicKey = "rpwR6n4IE96VZAmQDBufsWE/a9G7d8fpkvY1OwsbOhk="; + # presharedKeyFile = config.age.secrets.wg_psk.path; + # allowedIPs = [ "10.0.0.4/24" "fdc9:281f:04d7:9ee9::4/128" ]; + # } + # ]; + # }; + # }; + }; + + services = { + # X11 windowing system. + xserver = { + enable = true; + # Enable the GNOME 3 Desktop Environment. + # desktopManager.gnome.enable = true; + # desktopManager.plasma5 = { + # enable = true; + # runUsingSystemd = true; + # }; + # windowManager.bspwm.enable = true; + + xkb = { + layout = "it,us"; + options = "eurosign:e,terminate:ctrl_alt_bksp,compose:rctrl,grp:menu_toggle"; + }; + + displayManager.gdm = { + enable = true; + autoSuspend = false; + }; + # displayManager.sddm = { + # enable = true; + # autoNumlock = true; + # theme = + # "${pkgs.sddm-theme-clairvoyance}/usr/share/sddm/themes/clairvoyance"; + # }; + }; + displayManager = { + enable = true; + defaultSession = "hyprland"; + }; + libinput.enable = true; + + keybase.enable = true; + + pipewire = { + enable = true; + pulse.enable = true; + jack.enable = true; + alsa = { + enable = true; + support32Bit = true; + }; + # media-session.enable = true; + }; + + # Enable CUPS to print documents. + printing = { + enable = true; + drivers = [ + pkgs.gutenprint + # pkgs.cups-kyocera + pkgs.cups-kyodialog + ]; + }; + + # Disable auto handling of power button + logind = { + powerKey = "ignore"; + lidSwitch = "hibernate"; + }; + }; + + # Set your time zone. + time.timeZone = "Europe/Rome"; + + # Select internationalisation properties. + i18n.defaultLocale = "it_IT.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "it"; + }; + + environment = { + pathsToLink = [ "/share/zsh" ]; + sessionVariables.LD_LIBRARY_PATH = lib.mkForce "${config.services.pipewire.package.jack}/lib"; # Temporary fix for WebKitGTK + systemPackages = builtins.attrValues { + inherit (pkgs) + tmux + helix + vim + git + ntfs3g + ; + }; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.bertof = { + isNormalUser = true; + extraGroups = [ + "audio" + "input" + "docker" + "flashrom" + "libvirtd" + "network" + "networkmanager" + "usb" + "video" + "wheel" + ]; + shell = pkgs.zsh; + }; + + programs = { + dconf.enable = true; + flashrom.enable = true; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + steam = { + enable = true; + package = pkgs.steam.override { + extraPkgs = pkgs: [ pkgs.icu ]; + extraProfile = '' + export GSETTINGS_SCHEMA_DIR="${pkgs.gsettings-desktop-schemas}/share/gsettings-schemas/${pkgs.gsettings-desktop-schemas.name}/glib-2.0/schemas/" + ''; + }; + remotePlay.openFirewall = true; + }; + zsh.enable = true; + }; + # services.joycond.enable = true; + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + openFirewall = true; + }; + + # Cooling management + services.thermald.enable = true; + + services.smartd.enable = true; + services.snapper = { + configs = + let + common = { + ALLOW_USERS = [ "bertof" ]; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + }; + in + { + bertof_home = lib.recursiveUpdate common { SUBVOLUME = "/home/bertof"; }; + bertof_music = lib.recursiveUpdate common { SUBVOLUME = "/home/bertof/Musica"; }; + bertof_downloads = lib.recursiveUpdate common { SUBVOLUME = "/home/bertof/Scaricati"; }; + bertof_images = lib.recursiveUpdate common { SUBVOLUME = "/home/bertof/Immagini"; }; + bertof_videos = lib.recursiveUpdate common { SUBVOLUME = "/home/bertof/Video"; }; + bertof_documents = lib.recursiveUpdate common { SUBVOLUME = "/home/bertof/Documenti"; }; + bertof_games_ssd = lib.recursiveUpdate common { SUBVOLUME = "/home/bertof/Giochi/SSD"; }; + # bertof_games_sata = lib.recursiveUpdate common { SUBVOLUME = "/home/bertof/Giochi/SATA"; }; + # bertof_games_hdd = lib.recursiveUpdate common { SUBVOLUME = "/home/bertof/Giochi/HDD"; }; + bertof_git = lib.recursiveUpdate common { SUBVOLUME = "/home/bertof/Documenti/Git"; }; + }; + }; + + hardware = { + steam-hardware.enable = true; + bluetooth = { + enable = true; + # package = pkgs.bluezFull; + }; + }; + + services = { + hardware = { + bolt.enable = true; + }; + dbus = { + packages = [ pkgs.dconf ]; + implementation = "broker"; + }; + gnome.gnome-keyring.enable = true; + blueman.enable = true; + gvfs = { + enable = true; + # package = lib.mkForce pkgs.gnome3.gvfs; + }; + tumbler.enable = true; + # tlp.enable = false; + avahi = { + enable = true; + openFirewall = true; + nssmdns4 = true; + publish = { + enable = true; + addresses = true; + domain = true; + userServices = true; + workstation = true; + }; + extraServiceFiles = { + ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; + }; + }; + # Power-profiles + power-profiles-daemon.enable = true; + fprintd = { + enable = true; + tod = { + enable = true; + driver = pkgs.libfprint-2-tod1-goodix; + }; + }; + }; + + # FPRINTD + security = { + rtkit.enable = true; + pam.services = { + xscreensaver.fprintAuth = true; + }; + }; + + # Clamav + # services.clamav = { + # daemon.enable = true; + # updater.enable = true; + # }; + + # services.teamviewer.enable = true; + + # Virtualisation + virtualisation = { + # vswitch.enable = true; + # docker.enable = true; + kvmgt.enable = true; + libvirtd = { + enable = true; + qemu.swtpm.enable = true; + }; + podman.enable = true; + # virtualbox.host.enable = true; + }; + + security.sudo.extraConfig = '' + Defaults pwfeedback + ''; + security.pam.services.sddm.enableGnomeKeyring = true; + security.pam.services.autoUnlockKwallet.enableKwallet = true; + + nixpkgs.config = { + allowUnfree = true; + packageOverrides = pkgs: { steam = pkgs.steam.override { extraPkgs = pkgs: [ pkgs.icu ]; }; }; + }; + + zramSwap.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/instances/sif/hardware-configuration.nix b/instances/sif/hardware-configuration.nix new file mode 100644 index 0000000..d292cc3 --- /dev/null +++ b/instances/sif/hardware-configuration.nix @@ -0,0 +1,131 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config +, lib +, modulesPath +, ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "sd_mod" + ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ + "subvol=@root" + "x-gvfs-hide" + ]; + }; + "/nix" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ + "subvol=@nix" + "x-gvfs-hide" + ]; + }; + "/home/bertof" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ + "subvol=@bertof/@home" + "x-gvfs-hide" + ]; + }; + "/home/bertof/Giochi/SSD" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ + "subvol=@bertof/@games" + "x-gvfs-hide" + ]; + }; + "/home/bertof/Video" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ + "subvol=@bertof/@videos" + "x-gvfs-hide" + ]; + }; + "/home/bertof/Musica" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ + "subvol=@bertof/@music" + "x-gvfs-hide" + ]; + }; + "/home/bertof/Immagini" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ + "subvol=@bertof/@images" + "x-gvfs-hide" + ]; + }; + "/home/bertof/Scaricati" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ + "subvol=@bertof/@downloads" + "x-gvfs-hide" + ]; + }; + "/home/bertof/Documenti" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ + "subvol=@bertof/@documents" + "x-gvfs-hide" + ]; + }; + "/home/bertof/Documenti/Git" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ + "subvol=@bertof/@git" + "x-gvfs-hide" + ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/82DB-3444"; + fsType = "vfat"; + }; + }; + + swapDevices = [{ device = "/dev/disk/by-uuid/5f3cf424-2bd8-4352-a778-1bb067cb5700"; }]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + # networking.useDHCP = lib.mkDefault true; + # networking.interfaces.docker0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp10s0u1u2.useDHCP = lib.mkDefault true; + # networking.interfaces.enp60s0.useDHCP = lib.mkDefault true; + # networking.interfaces.virbr0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + # networking.interfaces.ztmjfdwjkp.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/instances/sif/hm.nix b/instances/sif/hm.nix new file mode 100644 index 0000000..a04031d --- /dev/null +++ b/instances/sif/hm.nix @@ -0,0 +1,152 @@ +{ pkgs, ... }: +{ + home = { + language.base = "it_IT.UTF-8"; + keyboard = { + layout = "it,us,us"; + variant = ",,colemak"; + options = [ + "terminate:ctrl_alt_bksp" + "compose:rctrl" + "grp:menu_toggle" + ]; + }; + packages = builtins.attrValues { + inherit (pkgs) + # element-desktop # matrix client + # evolution + # freecad + # krita + # minecraft + # mycrypto + # pcmanfm + # pulseaudio + # retroarchFull + # shotwell + # signal-desktop + # slack + # wineFull + authenticator + brave + # discord + # droidcam + eog + evince + file-roller + gallery-dl + gnome-font-viewer + gnome-screenshot + gnome-system-monitor + gucharmap + inkscape + keyboard-switch + openvpn + p7zip + pavucontrol + procps + pulseaudio + # skypeforlinux + spotify + tdesktop + teams-for-linux + thunderbird + totem + # transmission_4 + # wireguard-tools + xournalpp + proton-pass; + }; + }; + + services = { + gnome-keyring.enable = true; + }; + + xsession = { + enable = true; + numlock.enable = true; + # initExtra = '' + # ## Touchpad + # ${pkgs.xorg.xinput}/bin/xinput set-prop 'DELL0824:00 06CB:7E92 Touchpad' 'libinput Natural Scrolling Enabled' 1 + # ${pkgs.xorg.xinput}/bin/xinput set-prop 'DELL0824:00 06CB:7E92 Touchpad' 'libinput Tapping Enabled' 1 + # ${pkgs.xorg.xinput}/bin/xinput set-prop 'DELL0824:00 06CB:7E92 Touchpad' 'libinput Disable While Typing Enabled' 1 + # ''; + }; + + imports = [ + ../../modules/hm/__basic.nix + + ../../modules/hm/development/cpp.nix + ../../modules/hm/development/data.nix + # ../../modules/hm/development/database.nix + ../../modules/hm/development/docker.nix + ../../modules/hm/development/go.nix + ../../modules/hm/development/javascript.nix + ../../modules/hm/development/kubernetes.nix + ../../modules/hm/development/latex.nix + ../../modules/hm/development/markdown.nix + ../../modules/hm/development/nix.nix + ../../modules/hm/development/python.nix + ../../modules/hm/development/rust.nix + ../../modules/hm/development/web.nix + + # ../../modules/hm/alacritty.nix + ../../modules/hm/autorandr.nix + ../../modules/hm/biblio.nix + # ../../modules/hm/bitwarden.nix + # ../../modules/hm/blender.nix + ../../modules/hm/carapace.nix + # ../../modules/hm/dwarf-fortress.nix + ../../modules/hm/easyeffects.nix + ../../modules/hm/firefox.nix + # ../../modules/hm/vivaldi.nix + # ../../modules/hm/fonts.nix + # ../../modules/hm/gnome_shell.nix + # ../../modules/hm/grobi.nix + ../../modules/hm/gtk_theme.nix + ../../modules/hm/heif.nix + ../../modules/hm/helix.nix + # ../../modules/hm/jellyfin-player.nix + # ../../modules/hm/joystickwake.nix + # ../../modules/hm/kakoune.nix + ../../modules/hm/kdeconnect.nix + # ../../modules/hm/keepassxc.nix + # ../../modules/hm/kicad.nix + ../../modules/hm/kitty.nix + ../../modules/hm/libinput-gestures.nix + # ../../modules/hm/lutris.nix + # ../../modules/hm/mangohud.nix + # ../../modules/hm/megasync.nix + ../../modules/hm/mpv.nix + # ../../modules/hm/nautilus.nix + ../../modules/hm/ncspot.nix + ../../modules/hm/nix-index.nix + ../../modules/hm/noti.nix + ../../modules/hm/nushell.nix + ../../modules/hm/obs-studio.nix + ../../modules/hm/office.nix + ../../modules/hm/pass.nix + ../../modules/hm/pro_audio.nix + # ../../modules/hm/pycharm.nix + ../../modules/hm/rclone-mount.nix + ../../modules/hm/research.nix + # ../../modules/hm/rofi.nix + # ../../modules/hm/screen_locker.nix + # ../../modules/hm/security.nix + # ../../modules/hm/spotifyd.nix + ../../modules/hm/syncthing.nix + # ../../modules/hm/thunar.nix + # ../../modules/hm/twmn.nix + # ../../modules/hm/update_background.nix + ../../modules/hm/vim.nix + ../../modules/hm/virtualization.nix + ../../modules/hm/vscode.nix + ../../modules/hm/webapp.nix + ../../modules/hm/xresources.nix + ../../modules/hm/yazi.nix + ../../modules/hm/zathura.nix + ../../modules/hm/zellij.nix + ]; + + home.stateVersion = "23.11"; +} diff --git a/modules/hm/development/docker.nix b/modules/hm/development/docker.nix index a1b4df2..31c5d34 100644 --- a/modules/hm/development/docker.nix +++ b/modules/hm/development/docker.nix @@ -5,14 +5,15 @@ }: { home.packages = - (builtins.attrValues { inherit (pkgs) docker-compose; }) - ++ lib.optionals config.programs.helix.enable ( + # (builtins.attrValues { inherit (pkgs) docker-compose; }) + # ++ + lib.optionals config.programs.helix.enable ( builtins.attrValues { inherit (pkgs.nodePackages) dockerfile-language-server-nodejs; } ); - home.shellAliases = { - "dkcd" = "docker-compose down"; - "dkc" = "docker-compose"; - "dkcu" = "docker-compose up"; - "dk" = "docker"; - }; + # home.shellAliases = { + # "dkcd" = "docker-compose down"; + # "dkc" = "docker-compose"; + # "dkcu" = "docker-compose up"; + # "dk" = "docker"; + # }; }