From 716ebec2bc5c408cb00fc4e3b152aab13df91e3c Mon Sep 17 00:00:00 2001 From: fortuneteller2k Date: Sat, 26 Feb 2022 02:39:29 +0800 Subject: [PATCH] flake: upload 2nd machine --- flake.nix | 4 + hosts/starcruiser/configuration.nix | 352 +++++++++++++++++++ hosts/starcruiser/default.nix | 26 ++ hosts/starcruiser/hardware-configuration.nix | 39 ++ hosts/starcruiser/services/rtkit-daemon.nix | 8 + secrets/github-token.age | Bin 526 -> 639 bytes secrets/secrets.nix | 5 +- users/fortuneteller2k/home.nix | 2 +- users/fortuneteller2k/scripts/pls.nix | 2 +- 9 files changed, 434 insertions(+), 4 deletions(-) create mode 100644 hosts/starcruiser/configuration.nix create mode 100644 hosts/starcruiser/default.nix create mode 100644 hosts/starcruiser/hardware-configuration.nix create mode 100644 hosts/starcruiser/services/rtkit-daemon.nix diff --git a/flake.nix b/flake.nix index 7c782c45..b000d354 100644 --- a/flake.nix +++ b/flake.nix @@ -88,6 +88,10 @@ inherit config nixpkgs agenix overlays inputs; }; + nixosConfigurations.starcruiser = import ./hosts/starcruiser { + inherit config nixpkgs agenix overlays inputs; + }; + homeConfigurations.fortuneteller2k = import ./users/fortuneteller2k { inherit config nixpkgs home discocss nix-colors overlays inputs; }; diff --git a/hosts/starcruiser/configuration.nix b/hosts/starcruiser/configuration.nix new file mode 100644 index 00000000..cb0a20cc --- /dev/null +++ b/hosts/starcruiser/configuration.nix @@ -0,0 +1,352 @@ +{ config, lib, pkgs, options, inputs, system, ... }: + +/* + NixOS configuration + + Useful links: + - Package Search: https://search.nixos.org/packages?channel=unstable + - Options Search: https://search.nixos.org/options?channel=unstable +*/ +{ + boot = { + /* + NOTE: replace this with your desired kernel, see: https://nixos.wiki/wiki/Linux_kernel for reference. + + If you're not me or a XanMod kernel maintainer in Nixpkgs, use pkgs.linuxKernel.packages.linux_xanmod instead to avoid compilation. + */ + kernelPackages = pkgs.master.linuxKernel.packages.linux_xanmod; + + kernelParams = [ + "mitigations=off" + ]; + + kernel.sysctl = { + "fs.file-max" = 2097152; + "kernel.printk" = "3 3 3 3"; + "kernel.sched_migration_cost_ns" = 5000000; + "kernel.sched_nr_fork_threshold" = 3; + "kernel.sched_fake_interactive_win_time_ms" = 1000; + "kernel.unprivileged_userns_clone" = 1; + "net.core.default_qdisc" = "fq_pie"; + "vm.dirty_ratio" = 60; + "vm.dirty_background_ratio" = 2; + "vm.swappiness" = 10; + "vm.vfs_cache_pressure" = 75; + "net.core.netdev_max_backlog" = 16384; + "net.core.somaxconn" = 8192; + "net.core.rmem_default" = 1048576; + "net.core.rmem_max" = 16777216; + "net.core.wmem_default" = 1048576; + "net.core.wmem_max" = 16777216; + "net.core.optmem_max" = 65536; + "net.ipv4.tcp_rmem" = "4096 1048576 2097152"; + "net.ipv4.tcp_wmem" = "4096 65536 16777216"; + "net.ipv4.udp_rmem_min" = 8192; + "net.ipv4.udp_wmem_min" = 8192; + "net.ipv4.tcp_fastopen" = 3; + "net.ipv4.tcp_keepalive_time" = 60; + "net.ipv4.tcp_keepalive_intvl" = 10; + "net.ipv4.tcp_keepalive_probes" = 6; + "net.ipv4.conf.default.log_martians" = 1; + "net.ipv4.conf.all.log_martians" = 1; + "net.ipv4.tcp_mtu_probing" = 1; + "net.ipv4.tcp_syncookies" = 1; + "net.ipv4.tcp_congestion_control" = "bbr2"; + }; + + loader = { + efi.canTouchEfiVariables = true; + + systemd-boot = { + enable = true; + configurationLimit = 3; + consoleMode = "max"; + editor = false; + }; + }; + }; + + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + + colors = + let colorscheme = inputs.nix-colors.colorSchemes.material-darker; + in + with colorscheme.colors; [ + base01 + base08 + base0B + base0A + base0D + base0E + base0C + base06 + base02 + base08 + base0B + base0A + base0D + base0E + base0C + base07 + ]; + }; + + documentation.man = + let + activeManOutputs = [ "man" ] ++ lib.optionals config.documentation.dev.enable [ "devman" ]; + in + { + generateCaches = true; + + man-db.manualPages = (pkgs.buildEnv { + name = "man-paths"; + paths = config.environment.systemPackages; + pathsToLink = [ "/share/man" ]; + extraOutputsToInstall = activeManOutputs; + ignoreCollisions = true; + }).overrideAttrs (_: { __contentAddressed = true; }); + }; + + hardware = { + cpu.amd.updateMicrocode = true; + + /* + hardware-configuration.nix enables this by default because of this line: + + > imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + See https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/installer/scan/not-detected.nix + */ + enableRedistributableFirmware = true; + + nvidia = { + package = config.boot.kernelPackages.nvidiaPackages.beta; + }; + + opengl = { + enable = true; + driSupport = true; + extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; + }; + }; + + imports = [ + ./hardware-configuration.nix + # Append your custom NixOS modules in this list + ../../modules/nixos/programs/river.nix + ]; + + i18n = { + defaultLocale = "en_US.UTF-8"; + supportedLocales = [ "en_US.UTF-8/UTF-8" ]; + }; + + environment = { + /* + NOTE: This isn't found in https://search.nixos.org/options. + + Here's the warning that came with it: + + "Please note that NixOS assumes all over the place that shell to be Bash, + so override the default setting only if you know exactly what you're doing." + */ + binsh = "${pkgs.zsh}/bin/zsh"; + pathsToLink = [ "/share/zsh" ]; + shells = with pkgs; [ zsh ]; + + # Font packages should go in fonts.fonts a few lines below this. + systemPackages = lib.attrValues { + inherit (pkgs) + brightnessctl + coreutils + curl + dash + fd + file + home-manager + man-pages + man-pages-posix + ntfs3g + pavucontrol + pulseaudio + ripgrep + util-linux + unrar + unzip + wget + xarchiver + zip; + + inherit (pkgs.qt5) qtwayland; + inherit (pkgs.gnome3) nautilus; + + git = pkgs.git.overrideAttrs (_: { __contentAddressed = true; }); + subversion = pkgs.subversion.overrideAttrs (_: { __contentAddressed = true; }); + }; + }; + + fonts = { + fonts = lib.attrValues { + inherit (pkgs) + emacs-all-the-icons-fonts + fantasque-sans-mono + # NOTE: use only when current is outdated + # iosevka-ft + # iosevka-ft-qp + sarasa-gothic + symbola + terminus_font + twemoji-color-font; + + inherit (inputs.nixpkgs-f2k.packages.${system}) + iosevka-ft-bin + iosevka-ft-qp-bin; + + nerdfonts = pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" "Iosevka" ]; }; + }; + + fontconfig = { + enable = true; + + defaultFonts = { + serif = [ + "Sarasa Gothic C" + "Sarasa Gothic J" + "Sarasa Gothic K" + ]; + + sansSerif = [ + "Sarasa Gothic C" + "Sarasa Gothic J" + "Sarasa Gothic K" + ]; + + monospace = [ + "Iosevka FT" + "Iosevka Nerd Font" + "Sarasa Mono C" + "Sarasa Mono J" + "Sarasa Mono K" + ]; + + emoji = [ "Twitter Color Emoji" ]; + }; + }; + }; + + networking = { + hostName = "starcruiser"; + + # Replace with your interface names. + interfaces.enp5s0.useDHCP = true; + nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.8.4.4" ]; + }; + + powerManagement.cpuFreqGovernor = "performance"; + + programs = { + bash.interactiveShellInit = ''export HISTFILE=$HOME/.config/.bash_history''; + command-not-found.enable = false; + dconf.enable = true; + qt5ct.enable = true; + }; + + security.sudo.wheelNeedsPassword = false; + + services = { + chrony = { + enable = true; + + servers = [ + "ntp.pagasa.dost.gov.ph" + "0.nixos.pool.ntp.org" + "1.nixos.pool.ntp.org" + "2.nixos.pool.ntp.org" + "3.nixos.pool.ntp.org" + ]; + }; + + greetd = { + enable = true; + + settings = { + default_session.command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd 'sway --unsupported-gpu'"; + + initial_session = { + command = "sway"; + user = "fortuneteller2k"; + }; + }; + }; + + journald.extraConfig = lib.mkForce ""; + + openssh = { + enable = true; + gatewayPorts = "yes"; + permitRootLogin = "yes"; + }; + + pipewire = { + enable = true; + socketActivation = false; + + alsa = { + enable = true; + support32Bit = true; + }; + + jack.enable = true; + pulse.enable = true; + }; + + usbmuxd.enable = true; + }; + + system = { + + /* + NOTE: DO NOT CHANGE THIS IF YOU DON'T KNOW WHAT YOU'RE DOING. + + Only change this if you are ABSOLUTELY 100% SURE that you don't have stateful data. + */ + stateVersion = "22.05"; + }; + + systemd = { + services.rtkit-daemon = import ./services/rtkit-daemon.nix { inherit pkgs; }; + + user.services = { + pipewire.wantedBy = [ "default.target" ]; + pipewire-pulse.wantedBy = [ "default.target" ]; + }; + }; + + time.timeZone = "Asia/Manila"; + + users.users.fortuneteller2k = { + isNormalUser = true; + home = "/home/fortuneteller2k"; + shell = pkgs.zsh; + + extraGroups = [ + "wheel" + "video" + "audio" + "realtime" + ]; + }; + + xdg.portal = { + enable = true; + gtkUsePortal = true; + wlr.enable = true; + }; + + zramSwap = { + enable = true; + memoryPercent = 40; + }; +} diff --git a/hosts/starcruiser/default.nix b/hosts/starcruiser/default.nix new file mode 100644 index 00000000..b02cfeb9 --- /dev/null +++ b/hosts/starcruiser/default.nix @@ -0,0 +1,26 @@ +{ config, nixpkgs, agenix, overlays, inputs }: + +# See https://github.com/NixOS/nixpkgs/blob/master/flake.nix#L24 for reference. +nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + + modules = [ + agenix.nixosModules.age + + { + # NOTE: you should either change this or disable it completely by commenting it out + age.secrets.github-token = { + file = ../../secrets/github-token.age; + owner = "fortuneteller2k"; + mode = "0444"; + }; + + nix = import ../../nix-settings.nix { inherit inputs system nixpkgs; }; + nixpkgs = { inherit config overlays; }; + } + + ./configuration.nix + ]; + + specialArgs = { inherit inputs system; }; +} diff --git a/hosts/starcruiser/hardware-configuration.nix b/hosts/starcruiser/hardware-configuration.nix new file mode 100644 index 00000000..04d73b75 --- /dev/null +++ b/hosts/starcruiser/hardware-configuration.nix @@ -0,0 +1,39 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/15983e6b-888f-49eb-80ce-6516a57a795e"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/0036-2178"; + fsType = "vfat"; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/94810a3f-ac8f-483b-8098-c7b259b9726e"; }]; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = lib.mkDefault false; + networking.interfaces.enp5s0.useDHCP = lib.mkDefault true; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/starcruiser/services/rtkit-daemon.nix b/hosts/starcruiser/services/rtkit-daemon.nix new file mode 100644 index 00000000..c33e5c65 --- /dev/null +++ b/hosts/starcruiser/services/rtkit-daemon.nix @@ -0,0 +1,8 @@ +{ pkgs }: + +{ + serviceConfig.ExecStart = [ + "" + "${pkgs.rtkit}/libexec/rtkit-daemon --our-realtime-priority=95 --max-realtime-priority=90" + ]; +} diff --git a/secrets/github-token.age b/secrets/github-token.age index 7a99c2c53c8249f4f3b4205a705cc26142ab98d2..32369fe29109527958127c5be055745ad9432386 100644 GIT binary patch literal 639 zcmZ9|&1=(O0D$q6mz+He5s4@$l$fMVlhnhoYuYqv(=|=nCb>w~e7wo>(Y#5Uwg;Jr zo)ttzM0B7q#!dsh>ct^~H)SdayLl3XF%WieUiS|?KX^>n#_VVW=i|(aqiZpA@hOR5 z%V?Sc%(jZ{Qv41M;L1ks02r{@0c<7usfOqZex^b6rC_DWZltZwZDc zxtVXSK&BV0W?h2hyCqgFr!?fv(2ph8Qvfh?HUPfSPcp)nM-`kM!oH7iU|pnUfffaf zD&`e)n&nBaIq0Xc&=djmMhYYG2IR`aPNfscCpmgNS6V89VHhgb^OB|35@yy)acGqD znPBmNE3io_yDck~G=~mBj@#=oveWpvyyMvZ_b)8pS89&kIwBqUi$vz^QVum_785{zp{68 S>&_wn>-D#%4?irvzWWD#c;blw delta 499 zcmV<^JAaP=PPHZ!2N;OzwIY?GlOL=H|Q$=3N1b$b8~1dWn?lnH8D9LIAm@)H)kMgWmh&uFF8tPPJeG?IdFMLH8FQ#Y)45> zWjS^*RAx+MZg*#NGkI?{bV6qeF*bT`Id5uaR%>Z*cxy#4b2oNuD?(3lLQ+~aO+`6* zMOI;SFjjanS#Ng=Ej}Pec`G+dK_NdaXL4m>b7deuJS9_c3TZQTGB8h2WoKntHC1q8 zaYc7TP;zWGZGTgCXhvptP-b^fR%S0*Mnz^~OleqTbWCYDHbx39EiE8KPGwnRZ!&2} zWkXFgM?!Hk*A7 zp{$KRqKc*T9Ei^1ATBQ0{3BPyBPgi0s>=fn;%M&6z-+DxD0nD$kjUCAX(K3bv$WxX zgEHk8-gG)=)^%u7(dq=k(2Hl#w>H=1rrBQd9aey<2yx;%; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 23398b9c..085f1f27 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,9 +1,10 @@ let - fortuneteller2k = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHIw6Il9E+VR6oGwyb+f+/kA7vYciZaV4f1sWTBciAaj"; + fortuneteller2k = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcycVYoYUln0bNU1OeV/tW/Zp/wFCIPNqa3Rc5o0vFD"; + starcruiser = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINabLwLnnn6HD7CVw3F23WSTmIhtdXWOjzOfIBM707pS"; superfluous = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICtfV+2+0M7U6KCnPMiJ63jHp05ucIF1jGvuMNFg6UlT"; users = [ fortuneteller2k ]; - hosts = [ superfluous ]; + hosts = [ starcruiser superfluous ]; in { "github-token.age".publicKeys = users ++ hosts; diff --git a/users/fortuneteller2k/home.nix b/users/fortuneteller2k/home.nix index 47ec8830..4653c4be 100644 --- a/users/fortuneteller2k/home.nix +++ b/users/fortuneteller2k/home.nix @@ -360,7 +360,7 @@ systemd.user.startServices = "sd-switch"; wayland.windowManager.river = { - enable = true; + enable = false; extraSessionVariables = { XDG_SESSION_DESKTOP = "sway"; diff --git a/users/fortuneteller2k/scripts/pls.nix b/users/fortuneteller2k/scripts/pls.nix index ce55c596..a8a9cd75 100644 --- a/users/fortuneteller2k/scripts/pls.nix +++ b/users/fortuneteller2k/scripts/pls.nix @@ -14,7 +14,7 @@ def switch_nixos(): try: - process = run("sudo -n nixos-rebuild switch --flake ~/.config/nix-config#superfluous", shell=True) + process = run("sudo -n nixos-rebuild switch --flake ~/.config/nix-config#starcruiser", shell=True) if process.returncode == 0: return run("fd . /nix/var/nix/profiles -d 1 | tail -2 | xargs nvd diff", shell=True).returncode