Please read b/108 to make sense of this. This gets rid of the explicit list of exposed packages from nixpkgs, and instead makes the entire package set available at `third_party.nixpkgs`. To accommodate this, a LOT of things have to be very slightly shuffled around. Some of this was done in already submitted CLs, but this change is unfortunately still quite noisy. Pay extra attention to: * overlay-like functionality that was partially moved to actual overlays (partially as in, the minimum required to get a green build) * modified uses of the package set path, esp. in NixOS systems Special notes: * xanthous has been disabled in CI because of issues with the Haskell overlay * //third_party/nix has been disabled because of other unclear dependency issues Both of these will be tackled in a followup CL. Change-Id: I2f9c60a4d275fdb5209264be0addfd7e06c53118 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2910 Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
		
			
				
	
	
		
			297 lines
		
	
	
	
		
			6 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			297 lines
		
	
	
	
		
			6 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| { depot, lib, pkgs, ... }:
 | |
| 
 | |
| config: let
 | |
|   inherit (depot.third_party) lieer;
 | |
| 
 | |
|   # add google-c-style here because other machines get it from, eh,
 | |
|   # elsewhere.
 | |
|   frogEmacs = (depot.users.tazjin.emacs.overrideEmacs(epkgs: epkgs ++ [
 | |
|     pkgs.emacsPackages.google-c-style
 | |
|   ]));
 | |
| 
 | |
|   quasselClient = pkgs.quassel.override {
 | |
|     client = true;
 | |
|     enableDaemon = false;
 | |
|     monolithic = false;
 | |
|   };
 | |
| in lib.fix(self: {
 | |
|   imports = [
 | |
|     "${depot.depotPath}/ops/nixos/v4l2loopback.nix"
 | |
|   ];
 | |
| 
 | |
|   boot = {
 | |
|     tmpOnTmpfs = true;
 | |
|     kernelModules = [ "kvm-amd" ];
 | |
| 
 | |
|     loader = {
 | |
|       systemd-boot.enable = true;
 | |
|       efi.canTouchEfiVariables = true;
 | |
|     };
 | |
| 
 | |
|     initrd = {
 | |
|       luks.devices.frog-crypt.device = "/dev/disk/by-label/frog-crypt";
 | |
|       availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
 | |
|       kernelModules = [ "dm-snapshot" ];
 | |
|     };
 | |
| 
 | |
|     kernelPackages = pkgs.linuxPackages_latest;
 | |
|     kernel.sysctl = {
 | |
|       "kernel.perf_event_paranoid" = -1;
 | |
|     };
 | |
| 
 | |
|     kernelPatches = [
 | |
|       depot.third_party.kernelPatches.trx40_usb_audio
 | |
|     ];
 | |
|   };
 | |
| 
 | |
|   hardware = {
 | |
|     cpu.amd.updateMicrocode = true;
 | |
|     enableRedistributableFirmware = true;
 | |
|     opengl = {
 | |
|       enable = true;
 | |
|       driSupport = true;
 | |
|       driSupport32Bit = true;
 | |
|     };
 | |
| 
 | |
|     pulseaudio = {
 | |
|       enable = true;
 | |
|       package = pkgs.pulseaudioFull;
 | |
|     };
 | |
| 
 | |
|     bluetooth = {
 | |
|       enable = true;
 | |
|     };
 | |
|   };
 | |
| 
 | |
|   nix = {
 | |
|     maxJobs = 48;
 | |
|     nixPath = [
 | |
|       "depot=/depot"
 | |
|       "nixpkgs=${pkgs.path}"
 | |
|     ];
 | |
| 
 | |
|     binaryCaches = ["ssh://nix-ssh@whitby.tvl.fyi"];
 | |
|     binaryCachePublicKeys = ["cache.tvl.fyi:fd+9d1ceCPvDX/xVhcfv8nAa6njEhAGAEe+oGJDEeoc="];
 | |
|   };
 | |
| 
 | |
|   nixpkgs.pkgs = pkgs;
 | |
| 
 | |
|   networking = {
 | |
|     hostName = "frog";
 | |
|     useDHCP = true;
 | |
| 
 | |
|     # Don't use ISP's DNS servers:
 | |
|     nameservers = [
 | |
|       "8.8.8.8"
 | |
|       "8.8.4.4"
 | |
|     ];
 | |
| 
 | |
|     firewall.enable = false;
 | |
|   };
 | |
| 
 | |
|   # Generate an immutable /etc/resolv.conf from the nameserver settings
 | |
|   # above (otherwise DHCP overwrites it):
 | |
|   environment.etc."resolv.conf" = with lib; {
 | |
|     source = pkgs.writeText "resolv.conf" ''
 | |
|       ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") self.networking.nameservers)}
 | |
|       options edns0
 | |
|     '';
 | |
|   };
 | |
| 
 | |
|   time.timeZone = "Europe/London";
 | |
| 
 | |
|   fileSystems = {
 | |
|     "/".device = "/dev/disk/by-label/frog-root";
 | |
|     "/boot".device = "/dev/disk/by-label/BOOT";
 | |
|     "/home".device = "/dev/disk/by-label/frog-home";
 | |
|   };
 | |
| 
 | |
|   # Configure user account
 | |
|   users.extraUsers.tazjin = {
 | |
|     extraGroups = [ "wheel" "audio" "docker" ];
 | |
|     isNormalUser = true;
 | |
|     uid = 1000;
 | |
|     shell = pkgs.fish;
 | |
|   };
 | |
| 
 | |
|   security.sudo = {
 | |
|     enable = true;
 | |
|     extraConfig = "wheel ALL=(ALL:ALL) SETENV: ALL";
 | |
|   };
 | |
| 
 | |
|   fonts = {
 | |
|     fonts = with pkgs; [
 | |
|       corefonts
 | |
|       dejavu_fonts
 | |
|       jetbrains-mono
 | |
|       noto-fonts-cjk
 | |
|       noto-fonts-emoji
 | |
|     ];
 | |
| 
 | |
|     fontconfig = {
 | |
|       hinting.enable = true;
 | |
|       subpixel.lcdfilter = "light";
 | |
| 
 | |
|       defaultFonts = {
 | |
|         monospace = [ "JetBrains Mono" ];
 | |
|       };
 | |
|     };
 | |
|   };
 | |
| 
 | |
|   # Configure location (Vauxhall, London) for services that need it.
 | |
|   location = {
 | |
|     latitude = 51.4819109;
 | |
|     longitude = -0.1252998;
 | |
|   };
 | |
| 
 | |
|   programs.fish.enable = true;
 | |
|   programs.ssh.startAgent = true;
 | |
| 
 | |
|   services.redshift.enable = true;
 | |
|   services.openssh.enable = true;
 | |
|   services.fstrim.enable = true;
 | |
|   services.blueman.enable = true;
 | |
| 
 | |
|   # Required for Yubikey usage as smartcard
 | |
|   services.pcscd.enable = true;
 | |
|   services.udev.packages = [
 | |
|     pkgs.yubikey-personalization
 | |
|   ];
 | |
| 
 | |
|   # Enable Docker for Nixery testing
 | |
|   virtualisation.docker = {
 | |
|     enable = true;
 | |
|     autoPrune.enable = true;
 | |
|   };
 | |
| 
 | |
|   services.xserver = {
 | |
|     enable = true;
 | |
|     layout = "us";
 | |
|     xkbOptions = "caps:super";
 | |
|     exportConfiguration = true;
 | |
|     videoDrivers = [ "amdgpu" ];
 | |
|     displayManager = {
 | |
|       # Give EXWM permission to control the session.
 | |
|       sessionCommands = "${pkgs.xorg.xhost}/bin/xhost +SI:localuser:$USER";
 | |
| 
 | |
|       lightdm.enable = true;
 | |
|       lightdm.greeters.gtk.clock-format = "%H·%M"; # TODO(tazjin): TZ?
 | |
|     };
 | |
| 
 | |
|     windowManager.session = lib.singleton {
 | |
|       name = "exwm";
 | |
|       start = "${frogEmacs}/bin/tazjins-emacs";
 | |
|     };
 | |
|   };
 | |
| 
 | |
|   # Do not restart the display manager automatically
 | |
|   systemd.services.display-manager.restartIfChanged = lib.mkForce false;
 | |
| 
 | |
|   # clangd needs more than ~2GB in the runtime directory to start up
 | |
|   services.logind.extraConfig = ''
 | |
|     RuntimeDirectorySize=16G
 | |
|   '';
 | |
| 
 | |
|   # Configure email setup
 | |
|   systemd.user.services.lieer-tazjin = {
 | |
|     description = "Synchronise mail@tazj.in via lieer";
 | |
|     script = "${lieer}/bin/gmi sync";
 | |
| 
 | |
|     serviceConfig = {
 | |
|       WorkingDirectory = "%h/mail/account.tazjin";
 | |
|       Type = "oneshot";
 | |
|     };
 | |
|   };
 | |
| 
 | |
|   systemd.user.timers.lieer-tazjin = {
 | |
|     wantedBy = [ "timers.target" ];
 | |
| 
 | |
|     timerConfig = {
 | |
|       OnActiveSec = "1";
 | |
|       OnUnitActiveSec = "180";
 | |
|     };
 | |
|   };
 | |
| 
 | |
|   environment.systemPackages =
 | |
|     # programs from the depot
 | |
|     (with depot; [
 | |
|       frogEmacs
 | |
|       fun.idual.script
 | |
|       fun.uggc
 | |
|       lieer
 | |
|       ops.kontemplate
 | |
|       quasselClient
 | |
|       third_party.git
 | |
|       tools.nsfv-setup
 | |
|     ]) ++
 | |
| 
 | |
|     # programs from nixpkgs
 | |
|     (with pkgs; [
 | |
|       age
 | |
|       bat
 | |
|       chromium
 | |
|       clang-manpages
 | |
|       clang-tools
 | |
|       clang_11
 | |
|       curl
 | |
|       direnv
 | |
|       dnsutils
 | |
|       emacs27 # mostly for emacsclient
 | |
|       exa
 | |
|       fd
 | |
|       ffmpeg-full
 | |
|       file
 | |
|       gdb
 | |
|       gnupg
 | |
|       go
 | |
|       google-chrome
 | |
|       google-cloud-sdk
 | |
|       htop
 | |
|       hyperfine
 | |
|       i3lock
 | |
|       iftop
 | |
|       imagemagick
 | |
|       jq
 | |
|       kubectl
 | |
|       linuxPackages.perf
 | |
|       # lutris
 | |
|       manpages
 | |
|       miller
 | |
|       msmtp
 | |
|       nix-prefetch-github
 | |
|       notmuch
 | |
|       obs-studio
 | |
|       obs-v4l2sink
 | |
|       openssh
 | |
|       openssl
 | |
|       pass
 | |
|       pavucontrol
 | |
|       pciutils
 | |
|       pinentry
 | |
|       pinentry-emacs
 | |
|       pmutils
 | |
|       pwgen
 | |
|       ripgrep
 | |
|       rr
 | |
|       rustup
 | |
|       screen
 | |
|       scrot
 | |
|       spotify
 | |
|       steam
 | |
|       tokei
 | |
|       transmission
 | |
|       tree
 | |
|       unzip
 | |
|       usbutils
 | |
|       v4l-utils
 | |
|       vlc
 | |
|       xclip
 | |
|       xsecurelock
 | |
|       yubico-piv-tool
 | |
|       yubikey-personalization
 | |
|       zoxide
 | |
|     ]);
 | |
| 
 | |
|   # ... and other nonsense.
 | |
|   system.stateVersion = "20.03";
 | |
| })
 |