xin/hosts/europa/default.nix

259 lines
5.5 KiB
Nix
Raw Normal View History

2022-08-25 12:21:35 -06:00
{ config, pkgs, lib, modulesPath, ... }:
let
2022-09-11 09:44:34 -06:00
myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
peerixUser = if builtins.hasAttr "peerix" config.users.users then
config.users.users.peerix.name
else
"root";
2022-08-25 12:21:35 -06:00
in {
_module.args.isUnstable = true;
imports = [
./hardware-configuration.nix
../../pkgs
../../configs/neomutt.nix
../../overlays/default.nix
];
sops.secrets = {
fastmail = {
sopsFile = config.xin-secrets.europa.qbit;
owner = "qbit";
group = "wheel";
mode = "400";
};
fastmail_user = {
sopsFile = config.xin-secrets.europa.qbit;
owner = "qbit";
group = "wheel";
mode = "400";
};
nix_review = {
sopsFile = config.xin-secrets.europa.qbit;
owner = "qbit";
group = "wheel";
mode = "400";
};
2022-08-30 15:56:37 -06:00
peerix_private_key = {
sopsFile = config.xin-secrets.europa.peerix;
owner = "${peerixUser}";
2022-08-30 15:56:37 -06:00
group = "wheel";
mode = "400";
};
2022-08-25 12:21:35 -06:00
};
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
nixpkgs.config.allowUnsupportedSystem = true;
boot = {
initrd.availableKernelModules =
[ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
initrd.kernelModules = [ ];
extraModulePackages = [ ];
loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
2022-08-25 12:21:35 -06:00
};
kernelPackages = pkgs.linuxPackages;
2022-09-08 06:26:54 -06:00
kernelParams = [ "boot.shell_on_fail" "mem_sleep_default=deep" ];
2022-08-25 12:21:35 -06:00
kernelModules = [ "kvm-intel" ];
};
programs.zsh.shellAliases = {
2022-09-26 10:51:05 -06:00
"nixpkgs-review" =
"GITHUB_TOKEN=$(cat /run/secrets/nix_review) nixpkgs-review";
2022-08-25 12:21:35 -06:00
"neomutt" = "neomutt -F /etc/neomuttrc";
"mutt" = "neomutt -F /etc/neomuttrc";
};
sshFidoAgent.enable = true;
configManager = {
enable = true;
router = {
enable = true;
hostName = "10.6.0.1";
pfAllowUnifi = false;
interfaces = {
em0 = {
text = ''
inet autoconf
inet6 autoconf
'';
};
em1 = {
text = ''
inet 10.99.99.1 255.255.255.0 10.99.99.255
description "Trunk"
up
'';
};
vlan2 = {
text = ''
inet 10.3.0.1 255.255.255.0 10.3.0.255 vnetid 2 parent em1 description "Lab" up'';
};
vlan10 = {
text = ''
inet 10.10.0.1 255.255.255.0 10.10.0.255 vnetid 10 parent em1 description "Untrusted WiFi" up'';
};
vlan11 = {
text = ''
inet 10.12.0.1 255.255.255.0 10.12.0.255 vnetid 11 parent em1 description "Trusted WiFi" up'';
};
};
};
};
nixManager = {
enable = true;
user = "qbit";
};
kde.enable = true;
jetbrains.enable = true;
virtualisation.libvirtd.enable = true;
programs.dconf.enable = true;
networking.hosts."100.120.151.126" = [ "graph.tapenet.org" ];
networking = {
hostName = "europa";
hostId = "87703c3e";
wireless.userControlled.enable = true;
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
checkReversePath = "loose";
};
};
2022-08-30 15:56:37 -06:00
tsPeerix = {
2022-09-01 12:14:46 -06:00
enable = false;
2022-08-30 15:56:37 -06:00
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
2022-09-01 08:09:01 -06:00
interfaces = [ "wlp170s0" "ztksevmpn3" ];
2022-08-30 15:56:37 -06:00
};
2022-08-25 12:21:35 -06:00
programs.steam.enable = true;
systemd.sleep.extraConfig = "HibernateDelaySec=2h";
2022-08-25 12:21:35 -06:00
services = {
2022-09-21 16:35:46 -06:00
clamav.updater.enable = true;
2022-09-11 09:44:34 -06:00
emacs = {
enable = true;
package = myEmacs;
install = true;
};
2022-08-25 12:21:35 -06:00
tor = {
enable = true;
client.enable = true;
};
cron = {
enable = true;
systemCronJobs = [
2022-09-16 20:38:12 -06:00
"*/2 * * * * qbit . /etc/profile; (cd ~/Brain && git sync) >/dev/null 2>&1"
2022-08-25 12:21:35 -06:00
"*/5 * * * * qbit . /etc/profile; (cd ~/org && git sync) >/dev/null 2>&1"
];
};
2022-09-08 06:26:54 -06:00
2022-08-25 12:21:35 -06:00
fprintd.enable = true;
2022-09-08 06:26:54 -06:00
logind = {
lidSwitch = "suspend-then-hibernate";
lidSwitchExternalPower = "lock";
2022-09-08 06:26:54 -06:00
extraConfig = ''
HandlePowerKey=suspend-then-hibernate
IdleAction=suspend-then-hibernate
IdleActionSec=2m
'';
2022-08-25 12:21:35 -06:00
};
2022-09-08 06:26:54 -06:00
fstrim.enable = true;
2022-09-08 06:26:54 -06:00
tlp = {
enable = false;
settings = {
CPU_BOOST_ON_BAT = 0;
CPU_SCALING_GOVERNOR_ON_BATTERY = "powersave";
START_CHARGE_THRESH_BAT0 = 90;
STOP_CHARGE_THRESH_BAT0 = 97;
RUNTIME_PM_ON_BAT = "auto";
};
};
2022-08-25 12:21:35 -06:00
fwupd = {
enable = true;
enableTestRemote = true;
};
udev.extraRules = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5bf0", GROUP="users", TAG+="uaccess"
'';
};
users.users.qbit.extraGroups = [ "libvirtd" ];
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
arcanPackages.all-wrapped
barrier
2022-09-06 13:37:44 -06:00
calibre
2022-08-25 12:21:35 -06:00
cider
drawterm
element-desktop
exercism
2022-09-08 18:16:56 -06:00
fido2luks
2022-08-25 12:21:35 -06:00
isync
klavaro
libfprint-2-tod1-goodix
linphone
logseq
mu
2022-09-12 07:18:48 -06:00
nheko
2022-08-25 12:21:35 -06:00
nix-index
nixpkgs-review
2022-08-25 12:21:35 -06:00
nix-top
2022-08-30 15:57:40 -06:00
nmap
2022-09-14 14:21:30 -06:00
obsidian
pharo
pharo-launcher
2022-08-25 12:21:35 -06:00
rofi
signal-desktop
2022-08-30 15:57:40 -06:00
tcpdump
2022-08-25 12:21:35 -06:00
tidal-hifi
tigervnc
2022-08-30 15:57:40 -06:00
unzip
2022-09-11 19:17:13 -06:00
virt-manager
2022-08-25 12:21:35 -06:00
yt-dlp
2022-08-30 20:53:03 -06:00
zig
(callPackage ../../pkgs/zutty.nix { })
2022-08-25 12:21:35 -06:00
];
# for Pharo
security.pam.loginLimits = [
{
domain = "qbit";
type = "hard";
item = "rtprio";
value = "2";
}
{
domain = "qbit";
type = "soft";
item = "rtprio";
value = "2";
}
];
2022-08-25 12:21:35 -06:00
system.stateVersion = "21.11";
}