commit efe661cfda2676e272780c8ecc9a294fd485a67d
parent 1554e95e292ddedcc157d63d9707d1c55156f5d3
Author: Vincent Demeester <vincent@sbr.pm>
Date: Fri, 16 Oct 2020 14:10:59 +0200
systems: reinstall naruhodo on NixOS
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
2 files changed, 84 insertions(+), 69 deletions(-)
diff --git a/systems/hardware/thinkpad-t480s.nix b/systems/hardware/thinkpad-t480s.nix
@@ -0,0 +1,54 @@
+{ config, pkgs, ... }:
+let
+ sources = import ../../nix/sources.nix;
+in
+{
+ imports = [
+ (sources.nixos-hardware + "/lenovo/thinkpad/t480s")
+ (sources.nixos-hardware + "/common/pc/ssd")
+ ./thinkpad.nix
+ ];
+ boot = {
+ initrd.availableKernelModules = [ "nvme" "rtsx_pci_sdmmc" ];
+ };
+ hardware = {
+ enableAllFirmware = true;
+ bluetooth = {
+ enable = true;
+ powerOnBoot = true;
+ };
+ };
+ nix.maxJobs = 12;
+ services = {
+ tlp = {
+ extraConfig = ''
+ # CPU optimizations
+ CPU_SCALING_GOVERNOR_ON_AC=performance
+ CPU_SCALING_GOVERNOR_ON_BAT=powersave
+ CPU_MIN_PERF_ON_AC=0
+ CPU_MAX_PERF_ON_AC=100
+ CPU_MIN_PERF_ON_BAT=0
+ CPU_MAX_PERF_ON_BAT=50
+ # DEVICES (wifi, ..)
+ DEVICES_TO_DISABLE_ON_STARTUP=""
+ DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan"
+ DEVICES_TO_DISABLE_ON_BAT=""
+ # Network management
+ DEVICES_TO_DISABLE_ON_LAN_CONNECT=""
+ DEVICES_TO_DISABLE_ON_WIFI_CONNECT=""
+ DEVICES_TO_DISABLE_ON_WWAN_CONNECT=""
+ DEVICES_TO_ENABLE_ON_LAN_DISCONNECT=""
+ DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT=""
+ DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT=""
+ # Docking
+ DEVICES_TO_DISABLE_ON_DOCK="wifi"
+ DEVICES_TO_ENABLE_ON_UNDOCK="wifi"
+ # Make sure it uses the right hard drive
+ DISK_DEVICES="nvme0n1p3"
+ '';
+ };
+ xserver = {
+ dpi = 128;
+ };
+ };
+}
diff --git a/systems/naruhodo.nix b/systems/naruhodo.nix
@@ -2,7 +2,7 @@
with lib;
let
- hostname = "hokkaido";
+ hostname = "naruhodo";
secretPath = ../secrets/machines.nix;
secretCondition = (builtins.pathExists secretPath);
@@ -14,21 +14,34 @@ let
in
{
imports = [
- ./hardware/thinkpad-x220.nix
+ ./hardware/thinkpad-t480s.nix
./modules
(import ../users).vincent
(import ../users).root
];
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/884a3d57-f652-49b2-9c8b-f6eebd5edbeb";
- fsType = "ext4";
- };
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/C036-34B9";
- fsType = "vfat";
+ fileSystems."/" =
+ { device = "/dev/mapper/root";
+ fsType = "ext4";
+ options = ["noatime" "discard"];
+ };
+
+ boot.initrd.luks.devices = {
+ root = {
+ device = "/dev/disk/by-uuid/50d7faba-8923-4b30-88f7-40df26e02def";
+ preLVM = true;
+ allowDiscards = true;
+ };
};
- swapDevices = [{ device = "/dev/disk/by-uuid/e1833693-77ac-4d52-bcc7-54d082788639"; }];
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/0101-68DE";
+ fsType = "vfat";
+ };
+
+ swapDevices =
+ [ { device = "/dev/disk/by-uuid/aff86817-55ae-47ed-876a-e5a027b560ba"; }
+ ];
networking = {
hostName = hostname;
@@ -39,75 +52,22 @@ in
plymouth.enable = true;
};
- hardware.bluetooth.enable = true;
+ services.hardware.bolt.enable = true;
profiles = {
- syncthing.enable = true;
- home = true;
+ desktop.gnome.enable = true;
laptop.enable = true;
- desktop.enable = lib.mkForce false;
- avahi.enable = true;
- git.enable = true;
+ home = true;
ssh.enable = true;
dev.enable = true;
yubikey.enable = true;
virtualization = { enable = true; nested = true; };
+ docker.enable = true;
+ redhat.enable = true;
};
environment.systemPackages = with pkgs; [ virtmanager ];
- networking.networkmanager = {
- enable = true;
- unmanaged = [
- "interface-name:ve-*"
- "interface-name:veth*"
- "interface-name:wg0"
- "interface-name:docker0"
- "interface-name:virbr*"
- ];
- packages = with pkgs; [ networkmanager-openvpn ];
- };
-
- services.xserver.enable = true;
- services.xserver.layout = "fr";
- services.xserver.xkbVariant = "bepo";
- services.xserver.xkbOptions = "grp:menu_toggle,grp_led:caps,compose:caps";
- services.xserver.displayManager.gdm.enable = true;
- services.xserver.desktopManager.gnome3.enable = true;
- services.gnome3.chrome-gnome-shell.enable = true;
- services.gnome3.core-shell.enable = true;
- services.gnome3.core-os-services.enable = true;
- services.gnome3.core-utilities.enable = true;
-
- fonts = {
- enableFontDir = true;
- enableGhostscriptFonts = true;
- fonts = with pkgs; [
- corefonts
- dejavu_fonts
- emojione
- feh
- fira
- fira-code
- fira-code-symbols
- fira-mono
- hasklig
- inconsolata
- iosevka
- noto-fonts
- noto-fonts-cjk
- noto-fonts-emoji
- noto-fonts-extra
- overpass
- symbola
- source-code-pro
- twemoji-color-font
- ubuntu_font_family
- unifont
- ];
- };
-
services = {
- fprintd.enable = true;
- # FIXME re-generate hokkaido key
+ # FIXME re-generate naruhodo key
/*
wireguard = {
enable = true;
@@ -119,6 +79,7 @@ in
*/
};
+ virtualisation.podman.enable = true;
virtualisation.containers = {
enable = true;
registries = {