Add some comments, fix vetus and celerrime

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
This commit is contained in:
Ivan Bushchik 2023-08-23 09:38:48 +03:00
parent 4afe642684
commit 86b8eed465
No known key found for this signature in database
GPG key ID: 9F6DDABE11A2674D
23 changed files with 209 additions and 73 deletions

12
common/default.nix Normal file
View file

@ -0,0 +1,12 @@
{
imports = [
./base.nix
./laptop.nix
./locale.nix
./networking.nix
./remote-access.nix
./security.nix
./stateless.nix
./user.nix
];
}

View file

@ -9,7 +9,6 @@ in {
config = lib.mkIf (cfg.enable) {
environment.systemPackages = with pkgs; [
powertop
lm_sensors
];

View file

@ -4,6 +4,7 @@
time.timeZone = "Europe/Moscow";
i18n.defaultLocale = "ru_RU.UTF-8";
console = {
font = "${pkgs.terminus_font}/share/consolefonts/ter-u24b.psf.gz";
keyMap = "us";

View file

@ -4,10 +4,12 @@
networking.wireless.iwd.enable = true;
networking.wireless.iwd.settings = {
General = {
# Enable DHCP in IWD, TODO: don't do it
EnableNetworkConfiguration = true;
};
};
# TODO: setup DoH or DoT
networking.nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ];
networking.enableIPv6 = true;
@ -28,6 +30,8 @@
services.timesyncd.enable = true;
networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ];
# Useful tools
boot.kernelModules = [ "af_packet" ];
environment.systemPackages = with pkgs; [ mtr tcpdump traceroute ];
}

View file

@ -4,6 +4,8 @@
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
# Cute banner, right?
banner = ''
Authorized access only!
@ -12,5 +14,7 @@ If you are not authorized to access or use this system, disconnect now!
'';
};
# TODO: I don't use it
programs.mosh.enable = true;
}

View file

@ -6,8 +6,8 @@
security = {
lockKernelModules = true;
protectKernelImage = true;
allowSimultaneousMultithreading = true;
forcePageTableIsolation = false;
allowSimultaneousMultithreading = false;
forcePageTableIsolation = true;
virtualisation.flushL1DataCache = "always";
apparmor = {
enable = true;

8
common/stateless.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, lib, ... }:
{
boot.kernel.sysctl = {
"vm.panic_on_oom" = true;
"kernel.panic" = 3;
};
}

View file

@ -7,6 +7,7 @@ in rec {
users.users.ivabus = {
isNormalUser = true;
# Figure out groups I need
extraGroups = [ "wheel" "input" "video" "audio" "disk" "libvirtd" "qemu-libvirtd"];
uid = 1000;
packages = with pkgs; [

11
default.nix Normal file
View file

@ -0,0 +1,11 @@
rec {
common = import ./common;
roles = import ./roles;
modules = { pkgs, ... }: rec {
imports = [
common
roles
];
};
}

View file

@ -27,21 +27,7 @@
system = "x86_64-linux";
modules = [
home-manager.nixosModules.home-manager
./common/base.nix
./common/laptop.nix
./common/locale.nix
./common/networking.nix
./common/remote-access.nix
./common/security.nix
./common/user.nix
./roles/graphical.nix
./roles/latex.nix
./roles/gaming.nix
./roles/devel.nix
./roles/virtualisation.nix
./roles/yggdrasil-client.nix
./machines/vetus/configuration.nix
./machines/vetus/hardware.nix
./machines/vetus
];
};
@ -51,19 +37,7 @@
modules = [
home-manager.nixosModules.home-manager
apple-silicon-support.nixosModules.apple-silicon-support
./common/base.nix
./common/user.nix
./common/laptop.nix
./common/networking.nix
./common/locale.nix
./common/remote-access.nix
./roles/graphical.nix
./roles/latex.nix
#./roles/gaming.nix
./roles/devel.nix
./roles/yggdrasil-client.nix
./machines/celerrime/configuration.nix
./machines/celerrime/hardware.nix
./machines/celerrime
];
};
@ -73,11 +47,9 @@
nixosConfigurations."effundam" = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
./common/base.nix
./common/user.nix
./roles/laptop.nix
./machines/effundam/configuration.nix
./machines/effundam/hardware.nix
home-manager.nixosModules.home-manager
apple-silicon-support.nixosModules.apple-silicon-support
./machines/effundam
];
};
*/

View file

@ -1,16 +0,0 @@
{ config, pkgs, ... }:
{
imports = [ ];
networking.hostName = "celerrime";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
boot.kernelParams = [ "apple_dcp.show_notch=1" ];
hardware.asahi.peripheralFirmwareDirectory = ../../asahi/firmware;
hardware.asahi.addEdgeKernelConfig = true;
hardware.asahi.useExperimentalGPUDriver = true;
system.stateVersion = "23.05";
}

View file

@ -0,0 +1,35 @@
{ config, pkgs, ... }:
let
my = import ../..;
in {
imports = [
./hardware.nix
my.modules
];
networking.hostName = "celerrime";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
# Enable screen space near notch
boot.kernelParams = [ "apple_dcp.show_notch=1" ];
my.laptop.enable = true;
my.roles = {
design.enable = true;
devel.enable = true;
gaming.enable = false;
graphical.enable = true;
latex.enable = true;
virtualisation.enable = false;
yggdrasil-client.enable = true;
};
# Setup asahi-specific things. NOTE: you must copy firmware from ESP to /etc/nixos/asahi/firmware
hardware.asahi.peripheralFirmwareDirectory = ../../asahi/firmware;
hardware.asahi.addEdgeKernelConfig = true;
hardware.asahi.useExperimentalGPUDriver = true;
system.stateVersion = "23.05";
}

View file

@ -0,0 +1,32 @@
{ config, pkgs, lib, ... }:
let
my = import ../..;
in {
imports = [
./hardware.nix # Use nixos-generate-config --show-hardware-config > /etc/nixos/machines/MACHINE/hardware.nix
my.modules
];
# Bootloader configuration
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "MACHINE";
# All "my" options
my.laptop.enable = true;
my.roles = {
design.enable = true;
devel.enable = true;
gaming.enable = true;
graphical.enable = true;
latex.enable = true;
virtualisation.enable = true;
yggdrasil-client.enable = true;
};
system.stateVersion = "23.05";
}

View file

@ -0,0 +1,38 @@
{ config, pkgs, lib, ... }:
let
my = import ../..;
in {
imports = [
./hardware.nix
my.modules
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "stella";
my.laptop.enable = true;
my.roles = {
design.enable = true;
devel.enable = true;
gaming.enable = true;
graphical.enable = true;
latex.enable = true;
virtualisation.enable = true;
yggdrasil-client.enable = true;
};
services.xserver.videoDrivers=["amdgpu"];
boot.initrd.kernelModules=["amdgpu"];
powerManagement = {
enable = true;
cpuFreqGovernor = "ondemand";
};
system.stateVersion = "23.05";
}

View file

@ -1,14 +0,0 @@
{ config, pkgs, ... }:
{
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "vetus";
system.stateVersion = "23.05";
}

View file

@ -0,0 +1,33 @@
{ config, pkgs, ... }:
let
my = import ../..;
in {
imports = [
./hardware.nix
my.modules
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "vetus";
my.laptop.enable = false;
my.roles = {
design.enable = true;
devel.enable = true;
gaming.enable = true;
graphical.enable = true;
latex.enable = true;
virtualisation.enable = true;
yggdrasil-client.enable = true;
};
services.xserver.videoDrivers=["amdgpu"];
boot.initrd.kernelModules=["amdgpu"];
system.stateVersion = "23.05";
}

View file

@ -7,7 +7,7 @@
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = ["amdgpu"];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];

11
roles/default.nix Normal file
View file

@ -0,0 +1,11 @@
{
imports = [
./design.nix
./devel.nix
./gaming.nix
./graphical.nix
./latex.nix
./virtualisation.nix
./yggdrasil-client.nix
];
}

View file

@ -26,11 +26,13 @@ in {
(lib.mkIf (!pkgs.stdenv.isAarch64) {boot.binfmt.emulatedSystems = [ "aarch64-linux" ];})
(lib.mkIf (!pkgs.stdenv.isx86_64) {boot.binfmt.emulatedSystems = [ "x86_64-linux" "i686-linux" ];})
# Remove CLion from builds while I'm semi-online
# Install CLion only if we are on x86_64
/*(lib.mkIf (pkgs.stdenv.isx86_64) {
environment.systemPackages = with pkgs; [
jetbrains.clion
];
})*/
# Install vscode only if we are on x86_64 or aarch64 or aarch32
(lib.mkIf (pkgs.stdenv.isx86_64 || pkgs.stdenv.isAarch64 || pkgs.stdenv.isAarch32) {
environment.systemPackages = with pkgs; [
vscode

View file

@ -4,13 +4,11 @@ let
cfg = config.my.roles.gaming;
in {
options.my.roles.gaming.enable = lib.mkEnableOption "Enable wine & steam";
config = lib.mkIf (cfg.enable) {
config = lib.mkIf (cfg.enable) (lib.mkMerge {
nixpkgs.config.allowUnfree = true;
hardware.opengl.driSupport32Bit = true;
services.pipewire.alsa.support32Bit = true;
programs.steam.enable = true;
environment.systemPackages = with pkgs; [
steam
wineWowPackages.stable
wine
(wine.override { wineBuild = "wine64"; })
@ -18,5 +16,7 @@ in {
winetricks
wineWowPackages.waylandFull
];
};
}
# Enable steam only on x86_64 (since we have hosts with ARM, but I don't think I will enable my.roles.gaming on ARM system soon)
(lib.mkIf(pkgs.stdenv.isx86_64) {programs.steam.enable = true;}))
}

View file

@ -15,7 +15,6 @@ in {
ffmpeg
cinnamon.nemo
usbmuxd
telegram-desktop
keepassxc
];
@ -29,6 +28,7 @@ in {
};
};
};
programs.sway = {
enable = true;
extraPackages = with pkgs; [

View file

@ -5,7 +5,9 @@ let
in {
options.my.roles.latex.enable = lib.mkEnableOption "Enable latex stuff";
config = lib.mkIf (cfg.enable){
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs;
# Maybe I don't need to use -full variant of texlive
# I should find distribution I actually need
texlive.combined.scheme-full
];
};

View file

@ -10,6 +10,7 @@ in {
persistentKeys = true;
settings = {
Peers = [
# Maybe add more peers, not only mine
"tls://ygg.iva.bz:50002"
];
};