home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

naruhodo.nix (5912B)


      1 { sources ? import ../../nix
      2 , lib ? sources.lib
      3 , pkgs ? sources.pkgs { }
      4 , ...
      5 }:
      6 
      7 with lib;
      8 let
      9   hostname = "naruhodo";
     10   secretPath = ../../secrets/machines.nix;
     11   secretCondition = (builtins.pathExists secretPath);
     12 
     13   ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
     14   ips = lists.optionals secretCondition ([ "${ip}/24" ]);
     15   endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
     16   endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
     17   endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
     18 
     19   getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs;
     20 in
     21 {
     22   imports = [
     23     ../hardware/thinkpad-t480s.nix
     24     (import ../../nix).home-manager
     25     ../modules
     26     (import ../../users).vincent
     27     (import ../../users).root
     28   ];
     29 
     30   fileSystems."/" = {
     31     device = "/dev/mapper/root";
     32     fsType = "ext4";
     33     options = [ "noatime" "discard" ];
     34   };
     35 
     36   boot.initrd.luks.devices = {
     37     root = {
     38       device = "/dev/disk/by-uuid/50d7faba-8923-4b30-88f7-40df26e02def";
     39       preLVM = true;
     40       allowDiscards = true;
     41     };
     42   };
     43 
     44   fileSystems."/boot" = {
     45     device = "/dev/disk/by-uuid/0101-68DE";
     46     fsType = "vfat";
     47   };
     48 
     49   swapDevices = [{ device = "/dev/disk/by-uuid/aff86817-55ae-47ed-876a-e5a027b560ba"; }];
     50 
     51   networking = {
     52     hostName = hostname;
     53   };
     54 
     55   boot = {
     56     kernelPackages = pkgs.linuxPackages_latest;
     57     tmpOnTmpfs = true;
     58     plymouth = {
     59       enable = true;
     60       themePackages = [ pkgs.my.adi1090x-plymouth ];
     61       theme = "cuts";
     62       # hexagon, green_loader, deus_ex, cuts, sphere, spinner_alt
     63     };
     64     extraModulePackages = with pkgs.linuxPackages_latest; [
     65       v4l2loopback
     66     ];
     67     kernelModules = [ "v4l2loopback" ];
     68     extraModprobeConfig = ''
     69       options v4l2loopback exclusive_caps=1
     70     '';
     71     binfmt.registrations = {
     72       s390x-linux = {
     73         # interpreter = getEmulator "s390x-linux";
     74         interpreter = "${pkgs.qemu}/bin/qemu-s390x";
     75         magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16'';
     76         mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
     77       };
     78     };
     79     binfmt.emulatedSystems = [
     80       "armv6l-linux"
     81       "armv7l-linux"
     82       "aarch64-linux"
     83       # "s390x-linux"
     84       "powerpc64le-linux"
     85     ];
     86   };
     87 
     88   # FIXME Fix tmpOnTmpfs
     89   systemd.additionalUpstreamSystemUnits = [ "tmp.mount" ];
     90 
     91   # nix.distributedBuilds = true;
     92   nix.buildMachines = [
     93     {
     94       hostName = "192.168.1.77";
     95       maxJobs = 8;
     96       sshUser = "builder";
     97       sshKey = "/etc/nixos/secrets/builder";
     98       systems = [ "x86_64-linux" "aarch64-linux" "armv7l-linux" "armv6l-linux" "powerpc64le-linux" "s390x-linux" ];
     99       supportedFeatures = [
    100         "big-parallel"
    101         "kvm"
    102         "nixos-test"
    103       ];
    104     }
    105     # {
    106     #   hostName = "192.168.1.115";
    107     #   maxJobs = 8;
    108     #   sshUser = "builder";
    109     #   sshKey = "/etc/nixos/secrets/builder";
    110     #   systems = [ "x86_64-linux" "aarch64-linux" "armv7l-linux" "armv6l-linux" "powerpc64le-linux" "s390x-linux" ];
    111     #   supportedFeatures = [
    112     #     "big-parallel"
    113     #     "kvm"
    114     #     "nixos-test"
    115     #   ];
    116     # }
    117   ];
    118 
    119   programs.ssh.knownHosts = {
    120     "wakasu" = {
    121       hostNames = [ "wakasu.home" "192.168.1.77" ];
    122       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2GB030S1+iZMqwgYhkl5CuBOKBjZoujc0aVHII39/x";
    123     };
    124     "hokkaido" = {
    125       hostNames = [ "hokkaido.home" "192.168.1.115" ];
    126       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5hoyiE7fj+/vUzvvFD2r2Mm4p86p6uPDOp0ChzR5ZC";
    127     };
    128   };
    129 
    130   services.udev.extraRules = ''
    131     # Teensy rules for the Ergodox EZ
    132     ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1"
    133     ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1"
    134     SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", MODE:="0666"
    135     KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", MODE:="0666"
    136 
    137     # STM32 rules for the Moonlander and Planck EZ
    138     SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", \
    139         MODE:="0666", \
    140         SYMLINK+="stm32_dfu"
    141 
    142     # Suspend the system when battery level drops to 5% or lower
    143     SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="${pkgs.systemd}/bin/systemctl hibernate"
    144   '';
    145   services.hardware.bolt.enable = true;
    146   core.nix = {
    147     # temporary
    148     localCaches = [ ];
    149   };
    150 
    151   profiles = {
    152     desktop.i3.enable = true;
    153     laptop.enable = true;
    154     home = true;
    155     dev.enable = true;
    156     yubikey.enable = true;
    157     virtualization = { enable = true; nested = true; };
    158     redhat.enable = true;
    159     scanning.enable = true;
    160   };
    161   environment.systemPackages = with pkgs; [
    162     virtmanager
    163     # force xbacklight to work
    164     acpilight
    165   ];
    166 
    167   services = {
    168     wireguard = {
    169       enable = true;
    170       ips = ips;
    171       endpoint = endpointIP;
    172       endpointPort = endpointPort;
    173       endpointPublicKey = endpointPublicKey;
    174     };
    175     syncthing.guiAddress = "${ip}:8384";
    176   };
    177   systemd.services.buildkitd.wantedBy = lib.mkForce [ ];
    178   systemd.services.containerd.wantedBy = lib.mkForce [ ];
    179   systemd.services.docker.wantedBy = lib.mkForce [ ];
    180   systemd.services.docker.requires = [ "containerd.socket" ];
    181 
    182   virtualisation.podman.enable = true;
    183   virtualisation.containers = {
    184     enable = true;
    185     registries = {
    186       search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ];
    187     };
    188     policy = {
    189       default = [{ type = "insecureAcceptAnything"; }];
    190       transports = {
    191         docker-daemon = {
    192           "" = [{ type = "insecureAcceptAnything"; }];
    193         };
    194       };
    195     };
    196   };
    197 }