xin/hosts/europa/default.nix

280 lines
6.0 KiB
Nix
Raw Normal View History

2022-11-16 21:19:35 -07:00
{ config, pkgs, lib, modulesPath, inputs, ... }:
let
2022-09-11 09:44:34 -06:00
myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
peerixUser = if builtins.hasAttr "peerix" config.users.users then
config.users.users.peerix.name
else
"root";
2023-01-12 09:18:59 -07:00
gitSync = "${pkgs.git-sync}/bin/git-sync";
mkCronScript = name: src: ''
. /etc/profile;
set -x
# autogenreated ${name}
${src}
'';
jobs = [
{
name = "brain";
2023-01-12 09:18:59 -07:00
script = "cd ~/Brain && ${gitSync}";
startAt = "*:0/2";
}
{
name = "org";
2023-01-12 09:18:59 -07:00
script = "(cd ~/org && ${gitSync})";
startAt = "*:0/5";
}
{
name = "taskobs";
2023-01-12 09:18:59 -07:00
script = "${pkgs.taskobs}/bin/taskobs";
startAt = "*:0/30";
}
];
jobToService = job: {
name = "${job.name}";
value = {
2023-01-12 09:18:59 -07:00
script = mkCronScript "${job.name}_script" job.script;
inherit (job) startAt;
};
};
2022-08-25 12:21:35 -06:00
in {
_module.args.isUnstable = true;
imports =
[ ./hardware-configuration.nix ../../pkgs ../../configs/neomutt.nix ];
2022-08-25 12:21:35 -06:00
sops.secrets = {
fastmail = {
sopsFile = config.xin-secrets.europa.qbit;
owner = "qbit";
group = "wheel";
mode = "400";
};
fastmail_user = {
sopsFile = config.xin-secrets.europa.qbit;
owner = "qbit";
group = "wheel";
mode = "400";
};
nix_review = {
sopsFile = config.xin-secrets.europa.qbit;
owner = "qbit";
group = "wheel";
mode = "400";
};
netrc = {
sopsFile = config.xin-secrets.europa.qbit;
owner = "qbit";
group = "wheel";
mode = "400";
};
2022-08-30 15:56:37 -06:00
peerix_private_key = {
sopsFile = config.xin-secrets.europa.peerix;
owner = "${peerixUser}";
2022-08-30 15:56:37 -06:00
group = "wheel";
mode = "400";
};
2023-01-04 18:42:14 -07:00
restic_password_file = {
sopsFile = config.xin-secrets.europa.services;
owner = "root";
mode = "400";
};
restic_env_file = {
sopsFile = config.xin-secrets.europa.services;
owner = "root";
mode = "400";
};
2022-08-25 12:21:35 -06:00
};
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
nixpkgs.config.allowUnsupportedSystem = true;
boot = {
2022-11-16 20:25:14 -07:00
initrd.systemd.enable = true;
2022-08-25 12:21:35 -06:00
loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
2022-08-25 12:21:35 -06:00
};
2022-09-08 06:26:54 -06:00
kernelParams = [ "boot.shell_on_fail" "mem_sleep_default=deep" ];
2023-01-04 18:42:30 -07:00
kernelPackages = pkgs.linuxPackages_latest;
2022-08-25 12:21:35 -06:00
};
sshFidoAgent.enable = true;
nixManager = {
enable = true;
user = "qbit";
};
kde.enable = true;
jetbrains.enable = true;
virtualisation.libvirtd.enable = true;
networking = {
hostName = "europa";
hostId = "87703c3e";
wireless.userControlled.enable = true;
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
checkReversePath = "strict";
2022-08-25 12:21:35 -06:00
};
};
2022-08-30 15:56:37 -06:00
tsPeerix = {
2022-09-01 12:14:46 -06:00
enable = false;
2022-08-30 15:56:37 -06:00
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
2022-09-01 08:09:01 -06:00
interfaces = [ "wlp170s0" "ztksevmpn3" ];
2022-08-30 15:56:37 -06:00
};
2022-12-18 06:15:19 -07:00
programs = {
steam.enable = true;
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [ "qbit" ];
};
dconf.enable = true;
zsh = {
shellInit = ''
export OP_PLUGIN_ALIASES_SOURCED=1
'';
shellAliases = {
"gh" = "op plugin run -- gh";
2022-12-28 14:42:00 -07:00
"godeps" =
"go list -m -f '{{if not (or .Indirect .Main)}}{{.Path}}{{end}}' all";
"mutt" = "neomutt -F /etc/neomuttrc";
2022-12-25 06:06:55 -07:00
"neomutt" = "neomutt -F /etc/neomuttrc";
};
2022-12-18 06:15:19 -07:00
};
};
2022-08-25 12:21:35 -06:00
services = {
2023-01-04 18:42:14 -07:00
restic = {
backups = {
local = {
initialize = true;
repository = "/run/media/qbit/backup/${config.networking.hostName}";
environmentFile = "${config.sops.secrets.restic_env_file.path}";
passwordFile = "${config.sops.secrets.restic_password_file.path}";
2023-01-07 06:36:44 -07:00
paths = [ "/home/qbit" "/var/lib/libvirt" ];
2023-01-04 18:42:14 -07:00
2023-01-05 06:45:49 -07:00
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 5" ];
2023-01-04 18:42:14 -07:00
};
};
};
2022-12-27 07:40:02 -07:00
pcscd.enable = true;
2022-11-16 21:18:36 -07:00
vnstat.enable = true;
2022-09-21 16:35:46 -06:00
clamav.updater.enable = true;
2022-09-11 09:44:34 -06:00
emacs = {
enable = true;
package = myEmacs;
install = true;
};
2022-08-25 12:21:35 -06:00
tor = {
enable = true;
client.enable = true;
};
fwupd = {
enable = true;
enableTestRemote = true;
};
udev.extraRules = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5bf0", GROUP="users", TAG+="uaccess"
'';
};
systemd.user.services = lib.listToAttrs (builtins.map jobToService jobs);
2022-12-15 08:27:16 -07:00
virtualisation.docker.enable = true;
users.users.qbit.extraGroups = [ "dialout" "libvirtd" "docker" ];
2022-08-25 12:21:35 -06:00
nixpkgs.config.allowUnfree = true;
2022-12-04 06:22:35 -07:00
environment.sessionVariables = {
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_DATA_HOME = "\${HOME}/.local/share";
2022-12-05 15:35:22 -07:00
STEAM_EXTRA_COMPAT_TOOLS_PATHS =
"\${HOME}/.steam/root/compatibilitytools.d";
2022-12-04 06:22:35 -07:00
PATH = [ "\${XDG_BIN_HOME}" ];
MUHOME = "\${HOME}/.config/mu";
2022-12-04 06:22:35 -07:00
};
2022-08-25 12:21:35 -06:00
environment.systemPackages = with pkgs; [
2022-12-19 06:10:04 -07:00
aerc
2022-12-15 08:27:29 -07:00
git-credential-1password
2022-08-25 12:21:35 -06:00
arcanPackages.all-wrapped
barrier
rex
2022-09-06 13:37:44 -06:00
calibre
2022-08-25 12:21:35 -06:00
cider
2022-12-04 06:22:35 -07:00
cinny-desktop
2022-10-14 07:31:38 -06:00
clementine
2022-08-25 12:21:35 -06:00
drawterm
element-desktop
exercism
2022-09-08 18:16:56 -06:00
fido2luks
2022-12-22 09:16:52 -07:00
gh
2022-08-25 12:21:35 -06:00
isync
klavaro
linphone
logseq
2022-10-14 07:32:14 -06:00
minicom
2022-08-25 12:21:35 -06:00
mu
2022-09-12 07:18:48 -06:00
nheko
2022-08-25 12:21:35 -06:00
nix-index
nixpkgs-review
2022-08-25 12:21:35 -06:00
nix-top
2022-08-30 15:57:40 -06:00
nmap
2022-09-14 14:21:30 -06:00
obsidian
pharo
pharo-launcher
2022-12-04 06:22:35 -07:00
proton-caller
protonup-ng
2022-08-25 12:21:35 -06:00
rofi
signal-desktop
taskobs
2023-01-10 10:46:43 -07:00
tea
2022-08-30 15:57:40 -06:00
tcpdump
2022-08-25 12:21:35 -06:00
tidal-hifi
tigervnc
2022-08-30 15:57:40 -06:00
unzip
2022-09-11 19:17:13 -06:00
virt-manager
2022-08-25 12:21:35 -06:00
yt-dlp
2022-08-30 20:53:03 -06:00
zig
2022-12-15 08:26:49 -07:00
talon
2022-11-16 21:28:02 -07:00
(callPackage ../../pkgs/zutty.nix { })
2022-08-25 12:21:35 -06:00
];
# for Pharo
security.pam.loginLimits = [
{
domain = "qbit";
type = "hard";
item = "rtprio";
value = "2";
}
{
domain = "qbit";
type = "soft";
item = "rtprio";
value = "2";
}
];
2022-11-08 14:54:41 -07:00
system.autoUpgrade.allowReboot = false;
2022-08-25 12:21:35 -06:00
system.stateVersion = "21.11";
}