diff --git a/hosts/README.org b/hosts/README.org index 1ca8ea7..0588dc0 100644 --- a/hosts/README.org +++ b/hosts/README.org @@ -1,4 +1,5 @@ -+ satori is my home laptop ++ okina is my home desktop ++ satori is my almost trashed laptop + marisa is my Raspberry Pi 4 (B) + remilia is my cloud VM + hina is another cloud VM I use for ZNC diff --git a/hosts/default.nix b/hosts/default.nix index df1afe4..324f4a9 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -17,6 +17,16 @@ let in { flake.nixosConfigurations = { + # Desktop + okina = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = [ + ./okina + ] + ++ desktopModules + ++ commonModules; + }; + #Home laptop satori = nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; diff --git a/hosts/okina/boot.nix b/hosts/okina/boot.nix new file mode 100644 index 0000000..5624c2e --- /dev/null +++ b/hosts/okina/boot.nix @@ -0,0 +1,33 @@ +{ lib, config, pkgs, ... }: + +{ + boot = { + kernelPackages = pkgs.linuxPackages; + initrd = { + availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelParams = [ "i915.force_probe=56a1" "resume_offset=11287312" ]; + + # kernelModules = [ "kvm-intel" "i2c-dev" "ddcci_backlight" ]; + kernelModules = [ "kvm-intel" "i2c-dev" ]; + # extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback r8125 ddcci-driver ]; + extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback r8125 ]; + blacklistedKernelModules = [ "r8169" ]; + + resumeDevice = "/dev/disk/by-uuid/5679b901-3a70-4422-81f5-af91f287500b"; + + loader = { + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot/efi"; + }; + grub = { + enable = true; + efiSupport = true; + device = "nodev"; + splashMode = "stretch"; + }; + }; + }; +} diff --git a/hosts/okina/default.nix b/hosts/okina/default.nix new file mode 100644 index 0000000..3c44bf8 --- /dev/null +++ b/hosts/okina/default.nix @@ -0,0 +1,12 @@ +{ lib, config, ... }: +{ + imports = + [ + ./hardware.nix + ./stuff.nix + ./networking.nix + ./boot.nix + ./services.nix + ]; + system.stateVersion = "23.05"; +} diff --git a/hosts/okina/hardware.nix b/hosts/okina/hardware.nix new file mode 100644 index 0000000..3b9d5dc --- /dev/null +++ b/hosts/okina/hardware.nix @@ -0,0 +1,67 @@ +{ config, lib, modulesPath, pkgs, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/5679b901-3a70-4422-81f5-af91f287500b"; + fsType = "btrfs"; + options = [ "compress-force=zstd:3" ]; + }; + + fileSystems."/boot/efi" = + { + device = "/dev/disk/by-uuid/A2E5-006F"; + fsType = "vfat"; + }; + + fileSystems."/media/omghi" = + { + device = "/dev/disk/by-uuid/0e862bdb-168a-42cc-8a28-0ae9e9a0753c"; + fsType = "ext4"; + }; + + fileSystems."/media/real" = + { + device = "/dev/disk/by-uuid/8086be20-c770-46be-bd8f-5bd2d7735c7d"; + fsType = "btrfs"; + options = [ "compress-force=zstd:3" ]; + }; + + /* fileSystems."/media/ntfs" = + { + device = "/dev/disk/by-uuid/54034ca6-d3cd-11ee-9e0c-f020ff87c985"; + fsType = "ntfs"; + };*/ + + zramSwap = { + enable = true; + algorithm = "lz4"; + memoryPercent = 20; + priority = -1; + }; + + swapDevices = [ + { device = "/var/swap"; size = 32768; } + ]; + + powerManagement = { + enable = true; + cpuFreqGovernor = "powersave"; + }; + + hardware = { + bluetooth.enable = true; + cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + opengl = { + driSupport32Bit = true; + enable = true; + package = pkgs.mesa.drivers; + package32 = pkgs.pkgsi686Linux.mesa.drivers; + }; + }; +} diff --git a/hosts/okina/networking.nix b/hosts/okina/networking.nix new file mode 100644 index 0000000..8744a8d --- /dev/null +++ b/hosts/okina/networking.nix @@ -0,0 +1,30 @@ +{ config, pkgs, lib', lib, ... }: + +{ + networking = { + hostName = "okina"; + hostId = "fa6f8f15"; + + networkmanager = { + enable = true; + }; + + firewall = { + allowedTCPPorts = [ 22 18172 6600 8001 7590 25565 9092 8096 ]; + allowedUDPPorts = [ 22 17840 18172 ]; + trustedInterfaces = [ "docker0" ]; + }; + + interfaces = { + enp7s0 = { + ipv4.addresses = [{ + prefixLength = 24; + address = "192.168.1.106"; + }]; + }; + }; + + defaultGateway = "192.168.1.1"; + nameservers = [ "1.1.1.1" "8.8.8.8" ]; + }; +} diff --git a/hosts/okina/services.nix b/hosts/okina/services.nix new file mode 100644 index 0000000..a63b84b --- /dev/null +++ b/hosts/okina/services.nix @@ -0,0 +1,34 @@ +{ lib, config, pkgs, ... }: +{ + services = { + openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + }; + ratbagd.enable = true; + btrfs.autoScrub.enable = true; + gvfs.enable = true; + logind.extraConfig = "RuntimeDirectorySize=30%"; + printing = { + enable = true; + drivers = [ pkgs.hplip ]; + }; + }; + + systemd.services = { + libvirtd.wantedBy = lib.mkForce [ ]; + }; + + security.pki.certificateFiles = [ ../../cert.pem ]; + virtualisation = { + docker = { + enable = true; + }; + libvirtd = { + enable = true; + onBoot = "ignore"; + onShutdown = "shutdown"; + qemu.runAsRoot = true; + }; + }; +} diff --git a/hosts/okina/stuff.nix b/hosts/okina/stuff.nix new file mode 100644 index 0000000..0033b1f --- /dev/null +++ b/hosts/okina/stuff.nix @@ -0,0 +1,49 @@ +{ lib, config, pkgs, ... }: +{ + time.timeZone = "Asia/Kolkata"; + + environment.localBinInPath = true; + + security = { + rtkit.enable = true; + polkit.enable = true; + sudo.enable = true; + doas = { + enable = true; + extraRules = [ + { + users = [ "natto" ]; + keepEnv = true; + persist = true; + setEnv = [ "SSH_AUTH_SOCK" "PATH" "SHELL" ]; + } + ]; + }; + }; + console.useXkbConfig = true; + + users.users.natto = { + isNormalUser = true; + shell = pkgs.zsh; + home = "/home/natto"; + extraGroups = [ "wheel" "adbusers" "video" "libvirtd" "docker" "networkmanager" "dialout" ]; + }; + + virtualisation = { + waydroid.enable = true; + podman = { + enable = true; + }; + }; + + gtk.iconCache.enable = true; + + security.wrappers = { + intel_gpu_top = { + owner = "root"; + group = "root"; + capabilities = "cap_perfmon=+ep"; + source = "${pkgs.intel-gpu-tools}/bin/intel_gpu_top"; + }; + }; +}