home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit efe661cfda2676e272780c8ecc9a294fd485a67d
parent 1554e95e292ddedcc157d63d9707d1c55156f5d3
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Fri, 16 Oct 2020 14:10:59 +0200

systems: reinstall naruhodo on NixOS

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Asystems/hardware/thinkpad-t480s.nix | 54++++++++++++++++++++++++++++++++++++++++++++++++++++++
Msystems/naruhodo.nix | 99++++++++++++++++++++++++-------------------------------------------------------
2 files changed, 84 insertions(+), 69 deletions(-)

diff --git a/systems/hardware/thinkpad-t480s.nix b/systems/hardware/thinkpad-t480s.nix @@ -0,0 +1,54 @@ +{ config, pkgs, ... }: +let + sources = import ../../nix/sources.nix; +in +{ + imports = [ + (sources.nixos-hardware + "/lenovo/thinkpad/t480s") + (sources.nixos-hardware + "/common/pc/ssd") + ./thinkpad.nix + ]; + boot = { + initrd.availableKernelModules = [ "nvme" "rtsx_pci_sdmmc" ]; + }; + hardware = { + enableAllFirmware = true; + bluetooth = { + enable = true; + powerOnBoot = true; + }; + }; + nix.maxJobs = 12; + services = { + tlp = { + extraConfig = '' + # CPU optimizations + CPU_SCALING_GOVERNOR_ON_AC=performance + CPU_SCALING_GOVERNOR_ON_BAT=powersave + CPU_MIN_PERF_ON_AC=0 + CPU_MAX_PERF_ON_AC=100 + CPU_MIN_PERF_ON_BAT=0 + CPU_MAX_PERF_ON_BAT=50 + # DEVICES (wifi, ..) + DEVICES_TO_DISABLE_ON_STARTUP="" + DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" + DEVICES_TO_DISABLE_ON_BAT="" + # Network management + DEVICES_TO_DISABLE_ON_LAN_CONNECT="" + DEVICES_TO_DISABLE_ON_WIFI_CONNECT="" + DEVICES_TO_DISABLE_ON_WWAN_CONNECT="" + DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="" + DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" + DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" + # Docking + DEVICES_TO_DISABLE_ON_DOCK="wifi" + DEVICES_TO_ENABLE_ON_UNDOCK="wifi" + # Make sure it uses the right hard drive + DISK_DEVICES="nvme0n1p3" + ''; + }; + xserver = { + dpi = 128; + }; + }; +} diff --git a/systems/naruhodo.nix b/systems/naruhodo.nix @@ -2,7 +2,7 @@ with lib; let - hostname = "hokkaido"; + hostname = "naruhodo"; secretPath = ../secrets/machines.nix; secretCondition = (builtins.pathExists secretPath); @@ -14,21 +14,34 @@ let in { imports = [ - ./hardware/thinkpad-x220.nix + ./hardware/thinkpad-t480s.nix ./modules (import ../users).vincent (import ../users).root ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/884a3d57-f652-49b2-9c8b-f6eebd5edbeb"; - fsType = "ext4"; - }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/C036-34B9"; - fsType = "vfat"; + fileSystems."/" = + { device = "/dev/mapper/root"; + fsType = "ext4"; + options = ["noatime" "discard"]; + }; + + boot.initrd.luks.devices = { + root = { + device = "/dev/disk/by-uuid/50d7faba-8923-4b30-88f7-40df26e02def"; + preLVM = true; + allowDiscards = true; + }; }; - swapDevices = [{ device = "/dev/disk/by-uuid/e1833693-77ac-4d52-bcc7-54d082788639"; }]; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/0101-68DE"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/aff86817-55ae-47ed-876a-e5a027b560ba"; } + ]; networking = { hostName = hostname; @@ -39,75 +52,22 @@ in plymouth.enable = true; }; - hardware.bluetooth.enable = true; + services.hardware.bolt.enable = true; profiles = { - syncthing.enable = true; - home = true; + desktop.gnome.enable = true; laptop.enable = true; - desktop.enable = lib.mkForce false; - avahi.enable = true; - git.enable = true; + home = true; ssh.enable = true; dev.enable = true; yubikey.enable = true; virtualization = { enable = true; nested = true; }; + docker.enable = true; + redhat.enable = true; }; environment.systemPackages = with pkgs; [ virtmanager ]; - networking.networkmanager = { - enable = true; - unmanaged = [ - "interface-name:ve-*" - "interface-name:veth*" - "interface-name:wg0" - "interface-name:docker0" - "interface-name:virbr*" - ]; - packages = with pkgs; [ networkmanager-openvpn ]; - }; - - services.xserver.enable = true; - services.xserver.layout = "fr"; - services.xserver.xkbVariant = "bepo"; - services.xserver.xkbOptions = "grp:menu_toggle,grp_led:caps,compose:caps"; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome3.enable = true; - services.gnome3.chrome-gnome-shell.enable = true; - services.gnome3.core-shell.enable = true; - services.gnome3.core-os-services.enable = true; - services.gnome3.core-utilities.enable = true; - - fonts = { - enableFontDir = true; - enableGhostscriptFonts = true; - fonts = with pkgs; [ - corefonts - dejavu_fonts - emojione - feh - fira - fira-code - fira-code-symbols - fira-mono - hasklig - inconsolata - iosevka - noto-fonts - noto-fonts-cjk - noto-fonts-emoji - noto-fonts-extra - overpass - symbola - source-code-pro - twemoji-color-font - ubuntu_font_family - unifont - ]; - }; - services = { - fprintd.enable = true; - # FIXME re-generate hokkaido key + # FIXME re-generate naruhodo key /* wireguard = { enable = true; @@ -119,6 +79,7 @@ in */ }; + virtualisation.podman.enable = true; virtualisation.containers = { enable = true; registries = {