feat(ops/nixos): Initial NixOS configuration for frog
This is mostly based on the nugget configuration, because frog replaces nugget.
This commit is contained in:
		
							parent
							
								
									3407baa756
								
							
						
					
					
						commit
						eda1616242
					
				
					 3 changed files with 240 additions and 0 deletions
				
			
		|  | @ -15,5 +15,6 @@ hostname. | |||
| 
 | ||||
| ## Configured hosts: | ||||
| 
 | ||||
| * `frog` - weapon of mass computation at home | ||||
| * `nugget` - desktop computer at home | ||||
| * ~~`urdhva` - T470s~~ (currently with edef) | ||||
|  |  | |||
|  | @ -25,6 +25,10 @@ let | |||
|       echo "Rebuilding NixOS for //ops/nixos/camden" | ||||
|       system=$(nix-build -E '(import <depot> {}).ops.nixos.camdenSystem' --no-out-link) | ||||
|       ;; | ||||
|     frog) | ||||
|       echo "Rebuilding NixOS for //ops/nixos/frog" | ||||
|       system=$(nix-build -E '(import <depot> {}).ops.nixos.frogSystem' --no-out-link) | ||||
|       ;; | ||||
|     *) | ||||
|       echo "$HOSTNAME is not a known NixOS host!" >&2 | ||||
|       exit 1 | ||||
|  | @ -39,4 +43,5 @@ in { | |||
| 
 | ||||
|   nuggetSystem = systemFor [ depot.ops.nixos.nugget ]; | ||||
|   camdenSystem = systemFor [ depot.ops.nixos.camden ]; | ||||
|   frogSystem = systemFor [ depot.ops.nixos.frog ]; | ||||
| } | ||||
|  |  | |||
							
								
								
									
										234
									
								
								ops/nixos/frog/default.nix
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										234
									
								
								ops/nixos/frog/default.nix
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,234 @@ | |||
| { depot, lib, ... }: | ||||
| 
 | ||||
| config: let | ||||
|   nixpkgs = import depot.third_party.stableNixpkgsSrc { | ||||
|     config.allowUnfree = true; | ||||
|   }; | ||||
| 
 | ||||
|   unstable = import depot.third_party.nixpkgsSrc {}; | ||||
|   lieer = (depot.third_party.lieer {}); | ||||
| 
 | ||||
|   # add google-c-style here because other machines get it from, eh, | ||||
|   # elsewhere. | ||||
|   frogEmacs = (depot.tools.emacs.overrideEmacs(epkgs: epkgs ++ [ | ||||
|     depot.third_party.emacsPackages.google-c-style | ||||
|   ])); | ||||
| in depot.lib.fix(self: { | ||||
|   # TODO(tazjin): v4l2loopback | ||||
| 
 | ||||
|   boot = { | ||||
|     tmpOnTmpfs = true; | ||||
|     kernelModules = [ "kvm-amd" ]; | ||||
| 
 | ||||
|     loader = { | ||||
|       systemd-boot.enable = true; | ||||
|       efi.canTouchEfiVariables = true; | ||||
|     }; | ||||
| 
 | ||||
|     initrd = { | ||||
|       luks.devices.frog-crypt.device = "/dev/disk-by-label/frog-crypt"; | ||||
|       availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; | ||||
|       kernelModules = [ "dm-snapshot" ]; | ||||
|     }; | ||||
| 
 | ||||
|     kernel.sysctl = { | ||||
|       "kernel.perf_event_paranoid" = 1; | ||||
|     }; | ||||
|   }; | ||||
| 
 | ||||
|   hardware = { | ||||
|     pulseaudio.enable = true; | ||||
|     u2f.enable = true; | ||||
|   }; | ||||
| 
 | ||||
|   nix = { | ||||
|     maxJobs = 48; | ||||
|     nixPath = [ | ||||
|       "depot=/depot" | ||||
|       "nixpkgs=${depot.third_party.nixpkgsSrc}" | ||||
|     ]; | ||||
|   }; | ||||
| 
 | ||||
|   nixpkgs.pkgs = nixpkgs; | ||||
| 
 | ||||
|   networking = { | ||||
|     hostName = "frog"; | ||||
|     useDHCP = false; | ||||
|     interfaces.enp67s0.useDHCP = true; | ||||
| 
 | ||||
|     # Don't use ISP's DNS servers: | ||||
|     nameservers = [ | ||||
|       "8.8.8.8" | ||||
|       "8.8.4.4" | ||||
|     ]; | ||||
| 
 | ||||
|     firewall.enable = false; | ||||
|   }; | ||||
| 
 | ||||
|   # Generate an immutable /etc/resolv.conf from the nameserver settings | ||||
|   # above (otherwise DHCP overwrites it): | ||||
|   environment.etc."resolv.conf" = with lib; { | ||||
|     source = depot.third_party.writeText "resolv.conf" '' | ||||
|       ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") self.networking.nameservers)} | ||||
|       options edns0 | ||||
|     ''; | ||||
|   }; | ||||
| 
 | ||||
|   time.timeZone = "Europe/London"; | ||||
| 
 | ||||
|   fileSystems = { | ||||
|     "/".device = "/dev/disk/by-label/frog-root"; | ||||
|     "/boot".device = "/dev/disk/by-label/BOOT"; | ||||
|     "/home".device = "/dev/disk/by-label/frog-home"; | ||||
|   }; | ||||
| 
 | ||||
|   # Configure user account | ||||
|   users.extraUsers.tazjin = { | ||||
|     extraGroups = [ "wheel" "audio" ]; | ||||
|     isNormalUser = true; | ||||
|     uid = 1000; | ||||
|     shell = nixpkgs.fish; | ||||
|   }; | ||||
| 
 | ||||
|   security.sudo = { | ||||
|     enable = true; | ||||
|     extraConfig = "wheel ALL=(ALL:ALL) SETENV: ALL"; | ||||
|   }; | ||||
| 
 | ||||
|   fonts = { | ||||
|     fonts = with nixpkgs; [ | ||||
|       corefonts | ||||
|       dejavu_fonts | ||||
|       jetbrains-mono | ||||
|       noto-fonts-cjk | ||||
|       noto-fonts-emoji | ||||
|     ]; | ||||
| 
 | ||||
|     fontconfig = { | ||||
|       hinting.enable = true; | ||||
|       subpixel.lcdfilter = "light"; | ||||
| 
 | ||||
|       defaultFonts = { | ||||
|         monospace = [ "JetBrains Mono" ]; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| 
 | ||||
|   # Configure location (Vauxhall, London) for services that need it. | ||||
|   location = { | ||||
|     latitude = 51.4819109; | ||||
|     longitude = -0.1252998; | ||||
|   }; | ||||
| 
 | ||||
|   programs.fish.enable = true; | ||||
|   programs.ssh.startAgent = true; | ||||
| 
 | ||||
|   services.redshift.enable = true; | ||||
|   services.openssh.enable = true; | ||||
|   services.fstrim.enable = true; | ||||
| 
 | ||||
|   # Required for Yubikey usage as smartcard | ||||
|   services.pcscd.enable = true; | ||||
|   services.udev.packages = [ | ||||
|     nixpkgs.yubikey-personalization | ||||
|   ]; | ||||
| 
 | ||||
|   services.xserver = { | ||||
|     enable = true; | ||||
|     layout = "us"; | ||||
|     xkbOptions = "caps:super"; | ||||
|     exportConfiguration = true; | ||||
|     videoDrivers = [ "amdgpu" "amdgpu-pro" ]; | ||||
| 
 | ||||
|     displayManager = { | ||||
|       # Give EXWM permission to control the session. | ||||
|       sessionCommands = "${nixpkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER"; | ||||
| 
 | ||||
|       lightdm.enable = true; | ||||
|       lightdm.greeters.gtk.clock-format = "%H·%M"; # TODO(tazjin): TZ? | ||||
|     }; | ||||
| 
 | ||||
|     windowManager.session = lib.singleton { | ||||
|       name = "exwm"; | ||||
|       start = "${frogEmacs}/bin/tazjins-emacs"; | ||||
|     }; | ||||
|   }; | ||||
| 
 | ||||
|   # Do not restart the display manager automatically | ||||
|   systemd.services.display-manager.restartIfChanged = lib.mkForce false; | ||||
| 
 | ||||
|   # clangd needs more than ~2GB in the runtime directory to start up | ||||
|   services.logind.extraConfig = '' | ||||
|     RuntimeDirectorySize=16G | ||||
|   ''; | ||||
| 
 | ||||
|   environment.systemPackages = | ||||
|     # programs from the depot | ||||
|     (with depot; [ | ||||
|       fun.idual.script | ||||
|       lieer | ||||
|       frogEmacs | ||||
|       ops.kontemplate | ||||
|       third_party.ffmpeg | ||||
|       third_party.git | ||||
|     ]) ++ | ||||
| 
 | ||||
|     # programs from nixpkgs | ||||
|     (with nixpkgs; [ | ||||
|       age | ||||
|       bat | ||||
|       chromium | ||||
|       clang-manpages | ||||
|       clang-tools | ||||
|       clang_10 | ||||
|       curl | ||||
|       direnv | ||||
|       dnsutils | ||||
|       emacs26 # mostly for emacsclient | ||||
|       exa | ||||
|       fd | ||||
|       gnupg | ||||
|       go | ||||
|       google-chrome | ||||
|       google-cloud-sdk | ||||
|       htop | ||||
|       hyperfine | ||||
|       i3lock | ||||
|       imagemagick | ||||
|       jq | ||||
|       kubectl | ||||
|       linuxPackages.perf | ||||
|       miller | ||||
|       msmtp | ||||
|       nix-prefetch-github | ||||
|       notmuch | ||||
|       openssh | ||||
|       openssl | ||||
|       pass | ||||
|       pavucontrol | ||||
|       pinentry | ||||
|       pinentry-emacs | ||||
|       pwgen | ||||
|       ripgrep | ||||
|       rr | ||||
|       rustup | ||||
|       scrot | ||||
|       spotify | ||||
|       steam | ||||
|       tokei | ||||
|       tree | ||||
|       unzip | ||||
|       vlc | ||||
|       xclip | ||||
|       yubico-piv-tool | ||||
|       yubikey-personalization | ||||
|     ]) ++ | ||||
| 
 | ||||
|     # programs from unstable nixpkgs | ||||
|     (with unstable; [ | ||||
|       zoxide | ||||
|     ]); | ||||
| 
 | ||||
|   # ... and other nonsense. | ||||
|   system.stateVersion = "20.03"; | ||||
| }) | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue