diff options
Diffstat (limited to 'nixos/haruka')
-rw-r--r-- | nixos/haruka/configuration.nix | 292 | ||||
-rw-r--r-- | nixos/haruka/hardware-configuration.nix | 56 |
2 files changed, 348 insertions, 0 deletions
diff --git a/nixos/haruka/configuration.nix b/nixos/haruka/configuration.nix new file mode 100644 index 0000000..1dc71a8 --- /dev/null +++ b/nixos/haruka/configuration.nix @@ -0,0 +1,292 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ ]; + + security = { + rtkit.enable = true; + doas.enable = true; + doas.wheelNeedsPassword = false; + sudo.wheelNeedsPassword = false; + }; + + boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + boot.kernelParams = [ + "console=tty1" + ]; + + boot.initrd.supportedFilesystems = [ "zfs" ]; + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.enableUnstable = true; + boot.zfs.forceImportRoot = false; + boot.zfs.forceImportAll = false; + boot.zfs.allowHibernation = true; # NOTE: disable if using swap on ZFS + + # GRUB bootloader + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.grub = { + enable = true; + + efiSupport = true; + configurationLimit = 10; + device = "nodev"; + useOSProber = true; + copyKernels = true; + gfxmodeEfi = "1920x1200"; + fontSize = 32; + }; + + # Erase your darlings. + boot.initrd.postDeviceCommands = lib.mkAfter '' + zfs rollback -r rpool/local/root@blank + ''; + + # Enable microcode updates, etc + hardware.enableRedistributableFirmware = true; + + networking.hostName = "haruka"; + networking.hostId = "8425e349"; + + networking.networkmanager.enable = true; + networking.firewall.enable = true; + + i18n.defaultLocale = "en_US.UTF-8"; + + # HiDPI + console.earlySetup = lib.mkDefault true; + console.font = lib.mkForce "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz"; + services.xserver.dpi = 100; + environment.variables = { + GDK_SCALE = lib.mkDefault "2"; + GDK_DPI_SCALE = lib.mkDefault "0.5"; + }; + + console.keyMap = "us"; + console.colors = [ + "151515" + "cf6a4c" + "99ad6a" + "dfa358" + "8197bf" + "b3a3ff" + "8fbfdc" + "cbc0ab" + "333333" + "d98870" + "adbd88" + "e5b579" + "9aaccc" + "c2b5ff" + "a5cce3" + "d5cdbc" + ]; + + time.timeZone = "Asia/Tokyo"; + + environment.systemPackages = with pkgs; [ gcc git gnumake ]; + + services.zfs.trim.enable = true; + services.zfs.autoScrub.enable = true; + services.zfs.autoScrub.pools = [ "rpool" ]; + + # NOTE: `com.sun:auto-snapshot` property must be set to true on datasets you + # wish to snapshot + services.zfs.autoSnapshot.enable = true; + services.zfs.autoSnapshot.flags = "-k -p --utc"; + + services.openssh.enable = true; + services.openssh.settings.PasswordAuthentication = false; + services.openssh.hostKeys = [ + { + path = "/persist/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/persist/ssh/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + } + ]; + + #SOPSsops.secrets.borg-haruka-rolling-pass = { }; + #SOPSservices.borgbackup.jobs.haruka-rolling = { + #SOPSpaths = [ + #SOPS"/persist" + #SOPS"/home" + #SOPS]; + + #SOPSexclude = [ + #SOPS# Rust build files + #SOPS"**/target" + #SOPS]; + + #SOPSprune.keep = { + #SOPSwithin = "1d"; + #SOPSdaily = 7; + #SOPSweekly = 4; + #SOPSmonthly = 3; + #SOPS}; + + #SOPSrepo = "20963@hk-s020.rsync.net:rolling/haruka"; + #SOPSencryption.mode = "repokey-blake2"; + #SOPSencryption.passCommand = "cat ${config.sops.secrets.borg-haruka-rolling-pass}"; + + #SOPSenvironment.BORG_RSH = "ssh -i /persist/ssh/ssh_host_ed25519_key"; + #SOPS# use borg 1.0+ on rsync.net + #SOPSenvironment.BORG_REMOTE_PATH = "/usr/local/bin/borg1/borg1"; + #SOPSextraCreateArgs = "--verbose --stats --checkpoint-interval 600"; + #SOPScompression = "auto,zstd"; + #SOPSstartAt = "hourly"; + #SOPSpersistentTimer = true; + #SOPS}; + + #SOPSsystemd.services.borgbackup-job-haruka-rolling = { + #SOPSpreStart = lib.mkBefore '' + #SOPS# Wait until internet is reachable after resuming + #SOPSuntil /run/wrappers/bin/ping rsync.net -c1 -q >/dev/null; do :; done + #SOPS''; + #SOPS}; + + services.openssh.knownHosts."hk-s020.rsync.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcPl9x9JfRFwsn09NnDw/xBZbAN80ZQck+h6AqlVqPH"; + + sound.enable = true; + + services.pipewire = { + enable = true; + + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + hardware.bluetooth.enable = true; + hardware.opentabletdriver.enable = true; + + services.fwupd.enable = true; + + services.keyd-qol.enable = true; + + services.printing.enable = true; + services.avahi.enable = true; + services.avahi.nssmdns = true; + + environment.persistence."/persist".directories = [ + "/etc/cups" + ]; + + services.pcscd.enable = true; + + programs.dconf.enable = true; + services.gnome.gnome-keyring.enable = true; # TODO: replace this with pass-secret-service? + + services.greetd = { + enable = true; + vt = 2; + + settings.default_session.command = "${pkgs.greetd.tuigreet}/bin/tuigreet -t -c sway"; + }; + + systemd.extraConfig = "RebootWatchdogSec=5"; + + fonts = { + fontDir.enable = true; + + packages = with pkgs; [ + dina-font + nanum + sarasa-gothic + tamzen + siji + jetbrains-mono + twemoji-color-font + emacs-all-the-icons-fonts + (nerdfonts.override { fonts = [ "Iosevka" "JetBrainsMono" ]; }) + ]; + + fontconfig = { + enable = true; + + defaultFonts = { + serif = [ + "Sarasa Gothic C" + "Sarasa Gothic J" + "Sarasa Gothic K" + ]; + + sansSerif = [ + "Sarasa Gothic C" + "Sarasa Gothic J" + "Sarasa Gothic K" + ]; + + monospace = [ + "Dina" + "Terminus" + "Iosevka Nerd Font" + "JetBrainsMono Nerd Font" + ]; + + emoji = [ + "Siji" + "Twitter Color Emoji" + ]; + }; + }; + }; + + programs = { + sway.enable = true; + sway.extraPackages = lib.mkForce [ ]; + + zsh.enable = true; + zsh.enableCompletion = true; + }; + + hardware.opengl.enable = true; + hardware.opengl.driSupport = true; + hardware.opengl.driSupport32Bit = true; + hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; + + xdg.portal = { + enable = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-gtk + xdg-desktop-portal-wlr + ]; + }; + + #SOPSsops.defaultSopsFile = ./secrets/secrets.yaml; + #SOPSsops.secrets.root-password.neededForUsers = true; + #SOPSsops.secrets.sefidel-password.neededForUsers = true; + + users.mutableUsers = false; + + fileSystems."/persist".neededForBoot = true; + + users.users = { + #SOPSroot.passwordFile = config.sops.secrets.root-password.path; + root.password = "1111"; + sefidel = { + isNormalUser = true; + shell = pkgs.zsh; + #SOPSpasswordFile = config.sops.secrets.sefidel-password.path; + password = "1111"; + + extraGroups = [ + "wheel" + "audio" + "networkmanager" + ]; + }; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? + +} + diff --git a/nixos/haruka/hardware-configuration.nix b/nixos/haruka/hardware-configuration.nix new file mode 100644 index 0000000..d4b89d1 --- /dev/null +++ b/nixos/haruka/hardware-configuration.nix @@ -0,0 +1,56 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool/local/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/5382-69DE"; + fsType = "vfat"; + }; + + fileSystems."/nix" = + { device = "rpool/local/nix"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "rpool/safe/home"; + fsType = "zfs"; + }; + + fileSystems."/persist" = + { device = "rpool/safe/persist"; + fsType = "zfs"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/88f5f850-d91c-4eba-be16-944717e9d24d"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s13f0u3u3c2.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} |