hosts/okina: init

Signed-off-by: Amneesh Singh <natto@weirdnatto.in>

hosts/README.org

@@ -1,4 +1,5 @@
-+ satori is my home laptop
++ okina is my home desktop
++ satori is my almost trashed laptop
 + marisa is my Raspberry Pi 4 (B)
 + remilia is my cloud VM
 + hina is another cloud VM I use for ZNC

hosts/default.nix

@@ -17,6 +17,16 @@ let
 in
 {
   flake.nixosConfigurations = {
+    # Desktop
+    okina = nixpkgs.lib.nixosSystem rec {
+      system = "x86_64-linux";
+      modules = [
+        ./okina
+      ]
+      ++ desktopModules
+      ++ commonModules;
+    };
+
     #Home laptop
     satori = nixpkgs.lib.nixosSystem rec {
       system = "x86_64-linux";

hosts/okina/boot.nix

@@ -0,0 +1,33 @@
+{ lib, config, pkgs, ... }:
+
+{
+  boot = {
+    kernelPackages = pkgs.linuxPackages;
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+      kernelModules = [ ];
+    };
+    kernelParams = [ "i915.force_probe=56a1" "resume_offset=11287312" ];
+
+    #   kernelModules = [ "kvm-intel" "i2c-dev" "ddcci_backlight" ];
+    kernelModules = [ "kvm-intel" "i2c-dev" ];
+    #   extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback r8125 ddcci-driver ];
+    extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback r8125 ];
+    blacklistedKernelModules = [ "r8169" ];
+
+    resumeDevice = "/dev/disk/by-uuid/5679b901-3a70-4422-81f5-af91f287500b";
+
+    loader = {
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot/efi";
+      };
+      grub = {
+        enable = true;
+        efiSupport = true;
+        device = "nodev";
+        splashMode = "stretch";
+      };
+    };
+  };
+}

hosts/okina/default.nix

@@ -0,0 +1,12 @@
+{ lib, config, ... }:
+{
+  imports =
+    [
+      ./hardware.nix
+      ./stuff.nix
+      ./networking.nix
+      ./boot.nix
+      ./services.nix
+    ];
+  system.stateVersion = "23.05";
+}

hosts/okina/hardware.nix

@@ -0,0 +1,67 @@
+{ config, lib, modulesPath, pkgs, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/5679b901-3a70-4422-81f5-af91f287500b";
+      fsType = "btrfs";
+      options = [ "compress-force=zstd:3" ];
+    };
+
+  fileSystems."/boot/efi" =
+    {
+      device = "/dev/disk/by-uuid/A2E5-006F";
+      fsType = "vfat";
+    };
+
+  fileSystems."/media/omghi" =
+    {
+      device = "/dev/disk/by-uuid/0e862bdb-168a-42cc-8a28-0ae9e9a0753c";
+      fsType = "ext4";
+    };
+
+  fileSystems."/media/real" =
+    {
+      device = "/dev/disk/by-uuid/8086be20-c770-46be-bd8f-5bd2d7735c7d";
+      fsType = "btrfs";
+      options = [ "compress-force=zstd:3" ];
+    };
+
+  /* fileSystems."/media/ntfs" =
+    {
+      device = "/dev/disk/by-uuid/54034ca6-d3cd-11ee-9e0c-f020ff87c985";
+      fsType = "ntfs";
+    };*/
+
+  zramSwap = {
+    enable = true;
+    algorithm = "lz4";
+    memoryPercent = 20;
+    priority = -1;
+  };
+
+  swapDevices = [
+    { device = "/var/swap"; size = 32768; }
+  ];
+
+  powerManagement = {
+    enable = true;
+    cpuFreqGovernor = "powersave";
+  };
+
+  hardware = {
+    bluetooth.enable = true;
+    cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+    opengl = {
+      driSupport32Bit = true;
+      enable = true;
+      package = pkgs.mesa.drivers;
+      package32 = pkgs.pkgsi686Linux.mesa.drivers;
+    };
+  };
+}

hosts/okina/networking.nix

@@ -0,0 +1,30 @@
+{ config, pkgs, lib', lib, ... }:
+
+{
+  networking = {
+    hostName = "okina";
+    hostId = "fa6f8f15";
+
+    networkmanager = {
+      enable = true;
+    };
+
+    firewall = {
+      allowedTCPPorts = [ 22 18172 6600 8001 7590 25565 9092 8096 ];
+      allowedUDPPorts = [ 22 17840 18172 ];
+      trustedInterfaces = [ "docker0" ];
+    };
+
+    interfaces = {
+      enp7s0 = {
+        ipv4.addresses = [{
+          prefixLength = 24;
+          address = "192.168.1.106";
+        }];
+      };
+    };
+
+    defaultGateway = "192.168.1.1";
+    nameservers = [ "1.1.1.1" "8.8.8.8" ];
+  };
+}

hosts/okina/services.nix

@@ -0,0 +1,34 @@
+{ lib, config, pkgs, ... }:
+{
+  services = {
+    openssh = {
+      enable = true;
+      settings.PermitRootLogin = "yes";
+    };
+    ratbagd.enable = true;
+    btrfs.autoScrub.enable = true;
+    gvfs.enable = true;
+    logind.extraConfig = "RuntimeDirectorySize=30%";
+    printing = {
+      enable = true;
+      drivers = [ pkgs.hplip ];
+    };
+  };
+
+  systemd.services = {
+    libvirtd.wantedBy = lib.mkForce [ ];
+  };
+
+  security.pki.certificateFiles = [ ../../cert.pem ];
+  virtualisation = {
+    docker = {
+      enable = true;
+    };
+    libvirtd = {
+      enable = true;
+      onBoot = "ignore";
+      onShutdown = "shutdown";
+      qemu.runAsRoot = true;
+    };
+  };
+}

hosts/okina/stuff.nix

@@ -0,0 +1,49 @@
+{ lib, config, pkgs, ... }:
+{
+  time.timeZone = "Asia/Kolkata";
+
+  environment.localBinInPath = true;
+
+  security = {
+    rtkit.enable = true;
+    polkit.enable = true;
+    sudo.enable = true;
+    doas = {
+      enable = true;
+      extraRules = [
+        {
+          users = [ "natto" ];
+          keepEnv = true;
+          persist = true;
+          setEnv = [ "SSH_AUTH_SOCK" "PATH" "SHELL" ];
+        }
+      ];
+    };
+  };
+  console.useXkbConfig = true;
+
+  users.users.natto = {
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    home = "/home/natto";
+    extraGroups = [ "wheel" "adbusers" "video" "libvirtd" "docker" "networkmanager" "dialout" ];
+  };
+
+  virtualisation = {
+    waydroid.enable = true;
+    podman = {
+      enable = true;
+    };
+  };
+
+  gtk.iconCache.enable = true;
+
+  security.wrappers = {
+    intel_gpu_top = {
+      owner = "root";
+      group = "root";
+      capabilities = "cap_perfmon=+ep";
+      source = "${pkgs.intel-gpu-tools}/bin/intel_gpu_top";
+    };
+  };
+}