xin/hosts/europa/default.nix

368 lines
8.8 KiB
Nix
Raw Normal View History

2023-07-11 09:12:50 -06:00
{
2023-07-13 08:21:51 -06:00
inputs,
2023-07-11 09:12:50 -06:00
config,
pkgs,
lib,
xinlib,
...
}: let
2023-07-27 10:19:05 -06:00
inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp;
restic = pkgs.writeScriptBin "restic" (import ../../bins/restic.nix {
inherit pkgs;
inherit lib;
inherit config;
});
#myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
2023-07-11 09:12:50 -06:00
peerixUser =
if builtins.hasAttr "peerix" config.users.users
then config.users.users.peerix.name
else "root";
jobs = [
{
name = "brain";
2023-01-13 07:05:08 -07:00
script = "cd ~/Brain && git sync";
startAt = "*:0/2";
2023-07-11 09:12:50 -06:00
path = [pkgs.git pkgs.git-sync];
}
{
name = "org";
2023-01-13 07:05:08 -07:00
script = "(cd ~/org && git sync)";
startAt = "*:0/5";
2023-07-11 09:12:50 -06:00
path = [pkgs.git pkgs.git-sync];
}
{
name = "taskobs";
2023-01-13 07:05:08 -07:00
script = "taskobs";
startAt = "*:0/30";
2023-07-11 09:12:50 -06:00
path = [pkgs.taskobs] ++ pkgs.taskobs.buildInputs;
}
];
2022-08-25 12:21:35 -06:00
in {
_module.args.isUnstable = true;
2023-07-05 05:53:26 -06:00
specialisation = {
arcan = {
configuration = {
2023-07-11 09:12:50 -06:00
system.nixos.tags = ["arcan"];
2023-07-05 05:53:26 -06:00
kde.enable = false;
sshFidoAgent.enable = false;
2023-07-11 09:12:50 -06:00
nixManager = {enable = false;};
2023-07-05 05:53:26 -06:00
2023-07-11 09:12:50 -06:00
programs = {};
2023-07-05 05:53:26 -06:00
virtualisation.libvirtd.enable = false;
};
};
};
2023-07-11 09:12:50 -06:00
imports = [./hardware-configuration.nix ../../pkgs ../../configs/neomutt.nix];
2022-08-25 12:21:35 -06:00
sops.secrets = {
fastmail = {
sopsFile = config.xin-secrets.europa.qbit;
owner = "qbit";
group = "wheel";
mode = "400";
};
fastmail_user = {
sopsFile = config.xin-secrets.europa.qbit;
owner = "qbit";
group = "wheel";
mode = "400";
};
nix_review = {
sopsFile = config.xin-secrets.europa.qbit;
owner = "qbit";
group = "wheel";
mode = "400";
};
netrc = {
sopsFile = config.xin-secrets.europa.qbit;
owner = "qbit";
group = "wheel";
mode = "400";
};
2022-08-30 15:56:37 -06:00
peerix_private_key = {
sopsFile = config.xin-secrets.europa.peerix;
owner = "${peerixUser}";
2022-08-30 15:56:37 -06:00
group = "wheel";
mode = "400";
};
2023-01-04 18:42:14 -07:00
restic_password_file = {
sopsFile = config.xin-secrets.europa.services;
owner = "root";
mode = "400";
};
restic_env_file = {
sopsFile = config.xin-secrets.europa.services;
owner = "root";
mode = "400";
};
2022-08-25 12:21:35 -06:00
};
nixpkgs.config = {
allowUnfree = true;
allowUnsupportedSystem = true;
};
2022-08-25 12:21:35 -06:00
boot = {
2023-08-02 11:24:25 -06:00
binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
2022-11-16 20:25:14 -07:00
initrd.systemd.enable = true;
2022-08-25 12:21:35 -06:00
loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
2022-08-25 12:21:35 -06:00
};
2023-07-11 09:12:50 -06:00
kernelParams = ["boot.shell_on_fail" "mem_sleep_default=deep"];
2023-02-01 11:58:56 -07:00
kernelPackages = pkgs.linuxPackages_latest;
2022-08-25 12:21:35 -06:00
};
2023-07-05 05:53:26 -06:00
sshFidoAgent.enable = lib.mkDefault true;
2022-08-25 12:21:35 -06:00
nixManager = {
2023-07-05 05:53:26 -06:00
enable = lib.mkDefault true;
2022-08-25 12:21:35 -06:00
user = "qbit";
};
2023-07-05 05:53:26 -06:00
kde.enable = lib.mkDefault true;
2022-08-25 12:21:35 -06:00
2023-07-05 05:53:26 -06:00
virtualisation.libvirtd.enable = lib.mkDefault true;
2022-08-25 12:21:35 -06:00
networking = {
hostName = "europa";
hostId = "87703c3e";
2023-07-09 07:13:33 -06:00
hosts = {
2023-07-11 09:12:50 -06:00
"192.168.122.6" = ["chubs"];
2023-07-09 07:13:33 -06:00
};
2022-08-25 12:21:35 -06:00
wireless.userControlled.enable = true;
networkmanager.enable = true;
firewall = {
enable = true;
2023-07-11 09:12:50 -06:00
allowedTCPPorts = [22];
2022-08-25 12:21:35 -06:00
};
};
2022-08-30 15:56:37 -06:00
tsPeerix = {
2022-09-01 12:14:46 -06:00
enable = false;
2022-08-30 15:56:37 -06:00
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
2023-07-11 09:12:50 -06:00
interfaces = ["wlp170s0" "ztksevmpn3"];
2022-08-30 15:56:37 -06:00
};
2022-12-18 06:15:19 -07:00
programs = {
steam.enable = true;
_1password.enable = true;
_1password-gui = {
enable = true;
2023-07-11 09:12:50 -06:00
polkitPolicyOwners = ["qbit"];
2022-12-18 06:15:19 -07:00
};
dconf.enable = true;
zsh = {
shellInit = ''
export OP_PLUGIN_ALIASES_SOURCED=1
'';
shellAliases = {
"gh" = "op plugin run -- gh";
2023-07-11 09:12:50 -06:00
"nixpkgs-review" = "env GITHUB_TOKEN=$(op item get nixpkgs-review --field token) nixpkgs-review";
"clilol" = "env CLILOL_APIKEY=$(op item get omglol-cli --field credential) clilol";
"godeps" = "go list -m -f '{{if not (or .Indirect .Main)}}{{.Path}}{{end}}' all";
"mutt" = "neomutt -F /etc/neomuttrc";
2022-12-25 06:06:55 -07:00
"neomutt" = "neomutt -F /etc/neomuttrc";
};
2022-12-18 06:15:19 -07:00
};
};
2023-07-11 09:12:50 -06:00
services.xinCA = {enable = false;};
2022-08-25 12:21:35 -06:00
services = {
2023-01-04 18:42:14 -07:00
restic = {
backups = {
local = {
initialize = true;
repository = "/run/media/qbit/backup/${config.networking.hostName}";
environmentFile = "${config.sops.secrets.restic_env_file.path}";
passwordFile = "${config.sops.secrets.restic_password_file.path}";
2023-07-11 09:12:50 -06:00
paths = ["/home/qbit" "/var/lib/libvirt"];
2023-01-04 18:42:14 -07:00
2023-07-11 09:12:50 -06:00
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-yearly 5"];
2023-01-04 18:42:14 -07:00
};
};
};
2022-12-27 07:40:02 -07:00
pcscd.enable = true;
2022-11-16 21:18:36 -07:00
vnstat.enable = true;
2022-09-21 16:35:46 -06:00
clamav.updater.enable = true;
#emacs = {
# enable = true;
# package = myEmacs;
# install = true;
#};
2022-08-25 12:21:35 -06:00
tor = {
enable = true;
client.enable = true;
};
fwupd = {
enable = true;
enableTestRemote = true;
};
udev.extraRules = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5bf0", GROUP="users", TAG+="uaccess"
'';
};
2023-07-11 09:12:50 -06:00
security.pki.certificates = [
''
-----BEGIN CERTIFICATE-----
MIIDPTCCAiWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQDExdPYnNp
ZGlhbiBMb2NhbCBSRVNUIEFQSTAeFw0yMzAyMDcwMTQ3NDVaFw0yNDAyMDcwMTQ3
NDVaMCIxIDAeBgNVBAMTF09ic2lkaWFuIExvY2FsIFJFU1QgQVBJMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRr4708X1QMmQMG3+M7UoefV+9gq+jNR
bM5HCOlBuB16LrhRiR/6ROaDnB3OJBP4NToCVY6+tJvWOqJe9FVyzviWzGaFkZGF
eBF32QvYLZRbPTIVWADl+KabXm1TXtLos1GpPKnIjU9m+5Jt1ob8i4eTKjjarpSG
u4kvKBQiQYxxYXA+miuqxPWD/mkIySvx50EVzrO5X8u/M4MQqPlpMvL6W6AxMXQ+
WU5KWUkP3kU/CMB377GjqTfdwRMVqCFhKq0jzFueKrqY0qXnbLoTePFBV2HsPAhv
Xup15Yx7G5pLROYkvmxvxzgP6mycB3SOiPDwj9UsFk41+KZV9cm6pQIDAQABo34w
fDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DA7BgNVHSUENDAyBggrBgEFBQcD
AQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgwEQYJYIZI
AYb4QgEBBAQDAgD3MA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQELBQADggEB
AHfjsIJpQlQcSP1Gy0gcrnBt9PhcA5TAqKlafKXVs0z60gVFDd/8d9PU3QxuTa4m
uQGLtFiMSudaoZoGhyEZ4kk5upqjfANppJj4R5UgPmfhp24AUvPjf2bVXczdIbvY
MNrXMtOq4+zD8QdZ25aPXT17LDIGx3TSM4HQzpu9YQdVt6fGgqPKFo3U9HGsBCja
lXsQ+lw4Hfi50HqLFRmLA50AP5m+EGdgIkVktAm7v8x0H8wHjd2Ysy8oRRAYtf2i
tynaHjsc6x3jDd5HiGuShRNHV9r3Q+IG1+SikALFk0nhKfB4DpYTz/fSQsw9hEj5
5wYD1VN/zBzPsHUUwCujYOs=
-----END CERTIFICATE-----
''
];
2023-02-06 19:03:49 -07:00
systemd.user.services =
2023-03-03 07:06:30 -07:00
lib.listToAttrs (builtins.map xinlib.jobToUserService jobs);
systemd.services."whytailscalewhy" = {
description = "Tailscale restart on resume";
2023-07-11 09:12:50 -06:00
wantedBy = ["post-resume.target"];
after = ["post-resume.target"];
script = ''
. /etc/profile;
${pkgs.systemd}/bin/systemctl restart tailscaled.service
'';
serviceConfig.Type = "oneshot";
};
2023-03-12 09:19:39 -06:00
virtualisation.docker.enable = false;
users.users.qbit.extraGroups = [
"dialout"
"libvirtd"
2023-07-20 13:30:17 -06:00
"plugdev"
2023-03-12 09:19:39 -06:00
#"docker"
];
2022-08-25 12:21:35 -06:00
2022-12-04 06:22:35 -07:00
environment.sessionVariables = {
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_DATA_HOME = "\${HOME}/.local/share";
2023-07-11 09:12:50 -06:00
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
PATH = ["\${XDG_BIN_HOME}"];
MUHOME = "\${HOME}/.config/mu";
2022-12-04 06:22:35 -07:00
};
2022-08-25 12:21:35 -06:00
environment.systemPackages = with pkgs; [
barrier
2022-09-06 13:37:44 -06:00
calibre
2023-07-12 05:34:34 -06:00
chirp
2022-08-25 12:21:35 -06:00
cider
2022-10-14 07:31:38 -06:00
clementine
2023-07-12 05:34:34 -06:00
direwolf
2022-08-25 12:21:35 -06:00
element-desktop
2023-05-06 08:41:56 -06:00
elmPackages.elm
elmPackages.elm-format
elmPackages.elm-language-server
elmPackages.elm-live
2023-05-11 06:25:14 -06:00
elmPackages.elm-test
2023-05-06 08:41:56 -06:00
entr
2022-08-25 12:21:35 -06:00
exercism
2022-12-22 09:16:52 -07:00
gh
2023-05-06 08:41:56 -06:00
git-credential-1password
2023-07-12 05:34:34 -06:00
gqrx
hackrf
2022-08-25 12:21:35 -06:00
isync
klavaro
2022-10-14 07:32:14 -06:00
minicom
2022-08-25 12:21:35 -06:00
mu
2022-09-12 07:18:48 -06:00
nheko
2022-08-25 12:21:35 -06:00
nix-index
nixpkgs-review
2022-08-25 12:21:35 -06:00
nix-top
2022-08-30 15:57:40 -06:00
nmap
2023-04-18 11:04:21 -06:00
nushell
2022-09-14 14:21:30 -06:00
obsidian
pharo
pharo-launcher
2023-06-26 10:13:00 -06:00
picocom
2022-12-04 06:22:35 -07:00
proton-caller
protonup-ng
2023-07-06 08:37:04 -06:00
python3Packages.meshtastic
2023-07-12 05:34:34 -06:00
qdmr
2023-05-06 08:41:56 -06:00
rex
2022-08-25 12:21:35 -06:00
rofi
2023-07-20 14:02:46 -06:00
rtl-sdr
sdrpp
2022-08-25 12:21:35 -06:00
signal-desktop
taskobs
2022-08-30 15:57:40 -06:00
tcpdump
tea
thunderbird
2022-08-25 12:21:35 -06:00
tidal-hifi
tigervnc
2022-08-30 15:57:40 -06:00
unzip
2022-09-11 19:17:13 -06:00
virt-manager
2022-08-25 12:21:35 -06:00
yt-dlp
#yubioath-flutter
2022-08-30 20:53:03 -06:00
zig
2023-07-11 09:12:50 -06:00
(callPackage ../../pkgs/clilol.nix {})
(callPackage ../../pkgs/iamb.nix {})
2023-02-08 06:27:19 -07:00
(callPackage ../../pkgs/kobuddy.nix {
inherit pkgs;
2023-07-11 09:12:50 -06:00
inherit
(pkgs.python39Packages)
buildPythonPackage
fetchPypi
setuptools-scm
pytz
banal
sqlalchemy
alembic
;
2023-02-08 06:27:19 -07:00
})
2023-07-11 09:12:50 -06:00
(callPackage ../../pkgs/gokrazy.nix {})
(callPackage ../../pkgs/zutty.nix {})
restic
2022-08-25 12:21:35 -06:00
];
# for Pharo
security.pam.loginLimits = [
{
domain = "qbit";
type = "hard";
item = "rtprio";
value = "2";
}
{
domain = "qbit";
type = "soft";
item = "rtprio";
value = "2";
}
];
2022-11-08 14:54:41 -07:00
system.autoUpgrade.allowReboot = false;
system.autoUpgrade.enable = false;
2022-08-25 12:21:35 -06:00
system.stateVersion = "21.11";
}