about summary refs log tree commit diff
path: root/nixos/alpha
diff options
context:
space:
mode:
authorsefidel <contact@sefidel.net>2022-01-18 17:38:31 +0900
committersefidel <contact@sefidel.net>2022-01-18 17:38:31 +0900
commit7a372ed81256ce5d6aa608be9bebe173ab4e042e (patch)
tree29c7ee0a316ae0dc21ce3fe22342ec2c36ee0f4c /nixos/alpha
parent2bdc141bebd35cc38396271c42b23b6f89d032a0 (diff)
downloadnixrc-7a372ed81256ce5d6aa608be9bebe173ab4e042e.tar.gz
nixrc-7a372ed81256ce5d6aa608be9bebe173ab4e042e.zip
project: rewrite
Diffstat (limited to 'nixos/alpha')
-rw-r--r--nixos/alpha/configuration.nix148
-rw-r--r--nixos/alpha/hardware-configuration.nix49
-rw-r--r--nixos/alpha/secrets/secrets.yaml52
3 files changed, 249 insertions, 0 deletions
diff --git a/nixos/alpha/configuration.nix b/nixos/alpha/configuration.nix
new file mode 100644
index 0000000..54ec24f
--- /dev/null
+++ b/nixos/alpha/configuration.nix
@@ -0,0 +1,148 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports = [ ];
+
+  security = {
+    protectKernelImage = true;
+    rtkit.enable = true;
+    sudo.wheelNeedsPassword = false;
+  };
+
+  boot.kernelPackages = pkgs.linuxPackages_xanmod;
+  boot.kernelParams = [
+    "nmi_watchdog=0"
+    "systemd.watchdog-device/dev/watchdog"
+  ];
+
+  # GRUB bootloader
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.grub = {
+    enable = true;
+    version = 2;
+
+    efiSupport = true;
+    configurationLimit = 10;
+    devices = [ "nodev" ];
+    useOSProber = true;
+    # device = "/dev/disk/by-uuid/7905-2E41";
+    extraEntries = ''
+      menuentry "Reboot" {
+        reboot
+      }
+      menuentry "Shutdown" {
+        halt
+      }
+    '';
+  };
+
+  networking.hostName = "alpha";
+  networking.networkmanager.enable = true;
+  networking.useDHCP = false;
+  networking.firewall.enable = true;
+
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  console.font = "Lat2-Terminus16";
+  console.keyMap = "us";
+
+  time.timeZone = "Asia/Seoul";
+
+  environment.systemPackages = with pkgs; [ gcc ];
+
+  services.openssh.enable = true;
+  services.openssh.passwordAuthentication = false;
+
+  sound.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+
+  hardware.bluetooth.enable = true;
+
+  services.greetd = {
+    enable = true;
+
+    settings.default_session.command = "${pkgs.greetd.tuigreet}/bin/tuigreet -t -c sway";
+  };
+
+  # https://github.com/apognu/tuigreet/issues/17
+  systemd.services.greetd.unitConfig.After = lib.mkOverride 0 [ "multi-user.target" ];
+
+  services.journald.extraConfig = lib.mkForce "";
+
+  # HACK: fix treesitter
+  systemd.tmpfiles.rules = [
+    "L+ /lib/libstdc++.so.6 - - - - ${pkgs.stdenv.cc.cc.lib}/lib/libstdc++.so.6"
+  ];
+
+  systemd.extraConfig = "RebootWatchdogSec=5";
+
+  programs = {
+    sway = {
+      enable = true;
+      wrapperFeatures.gtk = true;
+
+      extraPackages = with pkgs; [
+        autotiling
+        alacritty
+        swaylock
+        swayidle
+        swaybg
+        wayland-utils
+        wl-clipboard
+        grim
+        slurp
+        sway-contrib.grimshot
+        waybar
+        bemenu
+        qt5.qtwayland
+        xdg_utils
+      ];
+    };
+
+    zsh.enable = true;
+    zsh.enableCompletion = false;
+  };
+
+  hardware.opengl.enable = true;
+  hardware.opengl.driSupport32Bit = true;
+  hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ];
+
+  xdg.portal = {
+    enable = true;
+    gtkUsePortal = true;
+    extraPortals = with pkgs; [
+      xdg-desktop-portal-gtk
+      xdg-desktop-portal-wlr
+    ];
+  };
+
+  virtualisation.libvirtd.enable = true;
+
+  sops.defaultSopsFile = ./secrets/secrets.yaml;
+  sops.secrets.spotify-password.owner = "boopy";
+
+  users.users = {
+    boopy = {
+      isNormalUser = true;
+      shell = pkgs.zsh;
+
+      extraGroups = [
+        "wheel"
+        "audio"
+        "networkmanager"
+        "libvirtd"
+      ];
+    };
+  };
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "22.05"; # Did you read the comment?
+}
diff --git a/nixos/alpha/hardware-configuration.nix b/nixos/alpha/hardware-configuration.nix
new file mode 100644
index 0000000..3e99ea9
--- /dev/null
+++ b/nixos/alpha/hardware-configuration.nix
@@ -0,0 +1,49 @@
+{ config, lib, pkgs, ... }:
+
+let
+  espDev = "/dev/disk/by-uuid/7905-2E41";
+  btrfsDev = "/dev/disk/by-uuid/dc47a0a6-3c73-45c1-951c-40032e762180";
+  swapDev = "/dev/disk/by-uuid/4a74b247-99e9-42c7-9a86-75aea964bb85";
+  dataDev = "/dev/disk/by-uuid/fe7a00a8-0a3c-48de-9d7a-ed7cf172f501";
+
+  subvolume = name: {
+    device = btrfsDev;
+    fsType = "btrfs";
+    options = [ "subvol=${name}" "compress=zstd" "noatime" ];
+  };
+in
+{
+  boot.initrd.availableKernelModules = [ "xhci-pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" "tcp_bbr" ];
+  boot.extraModulePackages = [ ];
+
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.enableRedistributableFirmware = true;
+
+  fileSystems."/" = subvolume "root";
+  fileSystems."/home" = subvolume "home";
+  fileSystems."/nix" = subvolume "nix";
+  fileSystems."/persist" = subvolume "persist";
+  fileSystems."/var/log" = {
+    device = btrfsDev;
+    fsType = "btrfs";
+    options = [ "subvol=log" "compress=zstd" "noatime" ];
+    neededForBoot = true;
+  };
+
+  fileSystems."/boot" = {
+    device = espDev;
+    fsType = "vfat";
+  };
+
+  fileSystems."/data" = {
+    device = dataDev;
+    fsType = "ext4";
+  };
+
+  swapDevices = [{ device = swapDev; }];
+
+  nix.maxJobs = lib.mkDefault 4;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "schedutil";
+}
diff --git a/nixos/alpha/secrets/secrets.yaml b/nixos/alpha/secrets/secrets.yaml
new file mode 100644
index 0000000..f1abf24
--- /dev/null
+++ b/nixos/alpha/secrets/secrets.yaml
@@ -0,0 +1,52 @@
+spotify-password: ENC[AES256_GCM,data:tmzSh7Cf9fmL4PIdrV1dMz0=,iv:tLnKsQ2qEEZbGmuavMqiAXczlsZh21JU4tWWhhZP3OY=,tag:egoGT/V8AxIfcaVV0/ddtg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2022-01-15T16:15:09Z"
+    mac: ENC[AES256_GCM,data:1uhM/dHYwkdWoF90gbqdX+y1LgCkY0xFrC/tGQtm6tk0/X9Q9yq7se646IUVwhyZDP4+PRA1DhmjJTOwFxRWpXLPtRbPgcAGjNoMjP/n8HhDiDr5dUJWLsuHg4vB9MGA8UnEewUdYjZiR+7+x6iULcnRojR06Uzy1D47f6tQqZ8=,iv:yTY9blxNtbvYjOVidtLeTzuDfWpN+AgLtkAC/D+VV+Q=,tag:fIR+NVF9YkghhMJTOpGrPw==,type:str]
+    pgp:
+        - created_at: "2022-01-15T16:14:51Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA0MrV1e36x+kAQ/+N5pvwngEyucZTGlNZV1yachrUEkylK84bfJPwCn5JMWY
+            mBhdhgBZ5DEmseA2pny6mDyid6EQjKB/akIDnW2ZTaBposdDlJUw4S7wqO+vtuLM
+            9L1jFg+y9xn9H2HzIyaglBN0cLQIPqZtu72yriV3bAu7wPLd3J+5fq/ohPV4GrsL
+            CVs0h8t/n/BkJ6q0s7gTBe2+tvB78fsLZwSpSwc5fzXdaZTRBCopEqT+3DO/shX3
+            qOsP3zvbUIKvdIXsfGhwtfpuPD3qg42HoyI+CmedjoG1DkPX0jLiu44K+EJJr9n1
+            jQ9Ms/jc4But5DW+EyWm9rkMGinMY+cEENKcJ/8LVuUzud/KFsJhJnEAi23U705+
+            om7Gte+UOLE+Z5LDaLNKNJ51mHcl/JS+ze74mafkcyrbQsCXgicyS47VxPltVtnX
+            P6u/NQmrvWlnWGw1QLHVjOzN5FEedAWvUaS4kQABG/LFobMx6M9dPucKUBAkOhXy
+            ZvcJDUN4XbIIxnfM8bQ9ijYAC5+axhonY95UX9OCwiErXC7rawa1J8mJTdGmxFIK
+            MVV2yfBoqGyhQduq/j7ScPfGkY/pC7NtFtphwjocQkVDO6SO/o1zYEAzgqpOKYzP
+            1piFC7Z0MUnOYu0omhXXt2UGIxmxl4DbPSq3hZVfTzjjVlPp3wr6EmI6eUO2o6nS
+            WAG60D7zdhWEJF7LrNqg0abwbsqUUMGOzdSUA89AfoQIK3mZ0hDl4fzklPMxpqio
+            K5gNpvazqLGDLQXXjByoPXg8sFZXm3Isoq1WbrdkRonmjYJCIhGzdt4=
+            =ntAB
+            -----END PGP MESSAGE-----
+          fp: e1965a67a09b4b20fcea3b57432b5757b7eb1fa4
+        - created_at: "2022-01-15T16:14:51Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAzBHloZFtyD7AQ//YazK3vEkUC9A8gtjn7mst91PL57bBEFOsgp0MXYR4U9m
+            +Ro9qA98vF6PIcBLA9yfixpbiT+JVUTJPHrS8j0aegocVgUTNlrh7qPMU0w220oF
+            e+6P9XmEh4w1rSy03F5Ch7AVZ/o9aUEFKSMud7Zl5oPk2v7JqgqtHy7SHdlDa6JL
+            PQftiu9rozzOM+7UmRWA1pzi2JX03Md6qLGaPpMyM0AhdZuf/bLV8zpcKRIBWmkF
+            n5LE0blIYv/9yvowXgZQaDj2eejWzKWm0Zpd9Cw3MsuJHG1TLOgyjhpdV9raMg+k
+            BE8kBN+EwUy4CTKzeBeyGenY5mn7ll+x/vGo3aa2Shywalkr6mSmnH5B8FuO2c2U
+            S1hwrpoTJjsTiQzCnxVEm+Jv1uRAfoOQwJMt2Br0MM3iVCrm+/mGNv5K4GC96MqN
+            FPfGt1tsUViZ0xbbVbJ2ULAZUpBHzK7XTFcobnuHMRSjQ16QO8mIAN0ROEzTl/ng
+            7gVRxV2X9f+9aChQ14bmoovjPqVbxl09B3cYPrvXvd0x7V0FGUTHWexXZBOg9OOc
+            zG9VTDBiEy26G9a7XOMGNAIwNPxULCa7uKRql2UvtrDZf4CZx3H7dnJKAKXmTbx2
+            WjxQ2N0au8oVEkMK6TFUdOBuPGJq/skNXOU0S9kCBhcrA81pwF3Q6I42gml2GiHS
+            XgEgxy2EntotByYJ88UmB6y6WSROfTVGJGykJ0QnU6bAJErss3BmE45yYo6ymI9X
+            kRLyz6YManX2UMUfDrlumeqRFFYkdx+7kdqvgc8vLcGjrCIGsPoEpMltj0A2+M4=
+            =dGjP
+            -----END PGP MESSAGE-----
+          fp: EE731799CAE9F76B048BDF71F05C1C600B728A18
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1