xin/hosts/europa/default.nix

430 lines
11 KiB
Nix
Raw Normal View History

2023-09-12 08:44:05 -06:00
{ inputs
, config
, pkgs
, lib
, xinlib
2023-09-12 08:44:05 -06:00
, ...
}:
let
inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp beets quodlibet-full;
inherit (xinlib) jobToUserService prIsOpen;
2024-07-08 18:42:57 -06:00
thunderbird = import ../../configs/thunderbird.nix { inherit pkgs; };
jobs = [
{
name = "brain";
2023-01-13 07:05:08 -07:00
script = "cd ~/Brain && git sync";
startAt = "*:0/2";
2023-09-12 08:44:05 -06:00
path = [ pkgs.git pkgs.git-sync ];
}
{
name = "org";
2023-01-13 07:05:08 -07:00
script = "(cd ~/org && git sync)";
startAt = "*:0/5";
2023-09-12 08:44:05 -06:00
path = [ pkgs.git pkgs.git-sync ];
}
2024-09-08 08:01:30 -06:00
{
name = "org-roam";
script = "(cd ~/org-roam && git sync)";
startAt = "*:0/5";
path = [ pkgs.git pkgs.git-sync ];
}
];
2023-09-12 08:44:05 -06:00
in
{
2022-08-25 12:21:35 -06:00
_module.args.isUnstable = true;
2023-12-19 11:46:02 -07:00
imports = [ ./hardware-configuration.nix ../../pkgs ];
2022-08-25 12:21:35 -06:00
sops.secrets = {
2024-02-28 09:48:35 -07:00
rkvm_cert = {
sopsFile = config.xin-secrets.europa.secrets.qbit;
2024-02-28 09:48:35 -07:00
owner = "root";
group = "wheel";
mode = "400";
};
rkvm_key = {
sopsFile = config.xin-secrets.europa.secrets.qbit;
2024-02-28 09:48:35 -07:00
owner = "root";
group = "wheel";
mode = "400";
};
2022-08-25 12:21:35 -06:00
fastmail = {
sopsFile = config.xin-secrets.europa.secrets.qbit;
2022-08-25 12:21:35 -06:00
owner = "qbit";
group = "wheel";
mode = "400";
};
fastmail_user = {
sopsFile = config.xin-secrets.europa.secrets.qbit;
2022-08-25 12:21:35 -06:00
owner = "qbit";
group = "wheel";
mode = "400";
};
nix_review = {
sopsFile = config.xin-secrets.europa.secrets.qbit;
2022-08-25 12:21:35 -06:00
owner = "qbit";
group = "wheel";
mode = "400";
};
netrc = {
sopsFile = config.xin-secrets.europa.secrets.qbit;
owner = "qbit";
group = "wheel";
mode = "400";
};
2023-01-04 18:42:14 -07:00
restic_password_file = {
sopsFile = config.xin-secrets.europa.secrets.services;
2023-01-04 18:42:14 -07:00
owner = "root";
mode = "400";
};
restic_env_file = {
sopsFile = config.xin-secrets.europa.secrets.services;
2023-01-04 18:42:14 -07:00
owner = "root";
mode = "400";
};
2023-09-27 20:06:24 -06:00
restic_remote_password_file = {
sopsFile = config.xin-secrets.europa.secrets.services;
2023-09-27 20:06:24 -06:00
owner = "root";
mode = "400";
};
restic_remote_env_file = {
sopsFile = config.xin-secrets.europa.secrets.services;
2023-09-27 20:06:24 -06:00
owner = "root";
mode = "400";
};
restic_remote_repo_file = {
sopsFile = config.xin-secrets.europa.secrets.services;
2023-09-27 20:06:24 -06:00
owner = "root";
mode = "400";
};
2022-08-25 12:21:35 -06:00
};
nixpkgs.config = {
allowUnfree = true;
allowUnsupportedSystem = true;
};
2022-08-25 12:21:35 -06:00
boot = {
2023-09-12 08:44:05 -06:00
binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
2022-11-16 20:25:14 -07:00
initrd.systemd.enable = true;
2024-04-21 13:45:42 -06:00
initrd.luks.devices."luks-4d7bf115-cdfd-486b-a2fd-ee620d81060c".device = "/dev/disk/by-uuid/4d7bf115-cdfd-486b-a2fd-ee620d81060c";
2022-08-25 12:21:35 -06:00
loader = {
2024-04-20 18:26:13 -06:00
systemd-boot = {
enable = true;
memtest86.enable = true;
};
efi = {
canTouchEfiVariables = true;
};
2022-08-25 12:21:35 -06:00
};
2023-12-14 05:17:07 -07:00
kernelParams = [
"boot.shell_on_fail"
2024-06-20 17:23:22 -06:00
# https://gitlab.freedesktop.org/upower/power-profiles-daemon#panel-power-savings
"amdgpu.abmlevel=0"
2023-12-14 05:17:07 -07:00
];
kernelPackages = pkgs.linuxPackages_latest;
2022-08-25 12:21:35 -06:00
};
nixManager = {
2023-07-05 05:53:26 -06:00
enable = lib.mkDefault true;
2022-08-25 12:21:35 -06:00
user = "qbit";
};
2023-07-05 05:53:26 -06:00
kde.enable = lib.mkDefault true;
kdeConnect.enable = true;
2022-08-25 12:21:35 -06:00
2024-08-09 10:35:24 -06:00
virtualisation = {
libvirtd.enable = lib.mkDefault true;
podman.enable = true;
};
2022-08-25 12:21:35 -06:00
networking = {
hostName = "europa";
hostId = "87703c3e";
2023-07-09 07:13:33 -06:00
hosts = {
2023-09-12 08:44:05 -06:00
"192.168.122.6" = [ "chubs" ];
2023-07-09 07:13:33 -06:00
};
2022-08-25 12:21:35 -06:00
wireless.userControlled.enable = true;
networkmanager.enable = true;
firewall = {
enable = true;
2023-09-12 08:44:05 -06:00
allowedTCPPorts = [ 22 ];
2022-08-25 12:21:35 -06:00
};
};
2022-12-18 06:15:19 -07:00
programs = {
nix-ld.enable = lib.mkIf config.programs.ladybird.enable true;
2022-12-18 06:15:19 -07:00
steam.enable = true;
_1password.enable = true;
_1password-gui = {
enable = true;
2023-09-12 08:44:05 -06:00
polkitPolicyOwners = [ "qbit" ];
2022-12-18 06:15:19 -07:00
};
dconf.enable = true;
zsh = {
shellInit = ''
export OP_PLUGIN_ALIASES_SOURCED=1
'';
shellAliases = {
"gh" = "op plugin run -- gh";
"nixpkgs-review" = "env GITHUB_TOKEN=$(op item get nixpkgs-review --field token --reveal) nixpkgs-review";
2023-07-11 09:12:50 -06:00
"godeps" = "go list -m -f '{{if not (or .Indirect .Main)}}{{.Path}}{{end}}' all";
2024-04-01 09:03:16 -06:00
"sync-music" = "rsync -av --progress --delete ~/Music/ suah.dev:/var/lib/music/";
"load-agent" = ''op item get signer --field 'private key' --reveal | sed '/"/d; s/\r//' | ssh-add -'';
};
2022-12-18 06:15:19 -07:00
};
2024-07-08 18:42:57 -06:00
} // thunderbird.programs;
2023-09-12 08:44:05 -06:00
services.xinCA = { enable = false; };
2022-08-25 12:21:35 -06:00
services = {
ollama = {
2024-05-20 12:11:35 -06:00
enable = false;
acceleration = prIsOpen.str 306375 "rocm";
};
2024-02-28 11:08:31 -07:00
rkvm.server = {
enable = true;
settings = {
listen = "127.0.0.1:24800";
switch-keys = [
"caps-lock"
"left-alt"
];
certificate = "${config.sops.secrets.rkvm_cert.path}";
key = "${config.sops.secrets.rkvm_key.path}";
password = "fake";
};
};
logind = {
lidSwitch = "suspend-then-hibernate";
lidSwitchExternalPower = "lock";
extraConfig = ''
HandlePowerKey=suspend-then-hibernate
HandlePowerKeyLongPress=poweroff
IdleAction=suspend-then-hibernate
IdleActionSec=300
'';
};
fprintd = {
2024-03-27 07:20:54 -06:00
enable = true;
};
2023-08-15 21:20:35 -06:00
avahi = {
enable = true;
openFirewall = true;
};
printing.enable = true;
backups =
let
paths = [ "/home/qbit" "/etc" ];
pruneOpts = [ "--keep-hourly 12" "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 4" ];
timerConfig = { OnCalendar = "*-*-* 00:30:00"; };
in
{
remote = {
enable = true;
passwordFile = "${config.sops.secrets.restic_remote_password_file.path}";
repositoryFile = "${config.sops.secrets.restic_remote_repo_file.path}";
2023-09-27 20:06:24 -06:00
# Don't send libvirt over the air-wire
inherit paths pruneOpts timerConfig;
};
local = {
enable = true;
repository = "/run/media/qbit/backup/${config.networking.hostName}";
environmentFile = "${config.sops.secrets.restic_env_file.path}";
passwordFile = "${config.sops.secrets.restic_password_file.path}";
2023-01-04 18:42:14 -07:00
paths = paths ++ [ "/var/lib/libvirt" ];
2024-07-31 17:31:53 -06:00
inherit pruneOpts;
timerConfig = { OnCalendar = "hourly"; };
2023-01-04 18:42:14 -07:00
};
};
2022-12-27 07:40:02 -07:00
pcscd.enable = true;
2022-11-16 21:18:36 -07:00
vnstat.enable = true;
# clamav.updater.enable = true;
2022-08-25 12:21:35 -06:00
tor = {
enable = true;
client.enable = true;
};
fwupd = {
enable = true;
};
udev.extraRules = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5bf0", GROUP="users", TAG+="uaccess"
'';
};
2023-07-11 09:12:50 -06:00
security.pki.certificates = [
''
-----BEGIN CERTIFICATE-----
MIIDPTCCAiWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQDExdPYnNp
ZGlhbiBMb2NhbCBSRVNUIEFQSTAeFw0yMzAyMDcwMTQ3NDVaFw0yNDAyMDcwMTQ3
NDVaMCIxIDAeBgNVBAMTF09ic2lkaWFuIExvY2FsIFJFU1QgQVBJMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRr4708X1QMmQMG3+M7UoefV+9gq+jNR
bM5HCOlBuB16LrhRiR/6ROaDnB3OJBP4NToCVY6+tJvWOqJe9FVyzviWzGaFkZGF
eBF32QvYLZRbPTIVWADl+KabXm1TXtLos1GpPKnIjU9m+5Jt1ob8i4eTKjjarpSG
u4kvKBQiQYxxYXA+miuqxPWD/mkIySvx50EVzrO5X8u/M4MQqPlpMvL6W6AxMXQ+
WU5KWUkP3kU/CMB377GjqTfdwRMVqCFhKq0jzFueKrqY0qXnbLoTePFBV2HsPAhv
Xup15Yx7G5pLROYkvmxvxzgP6mycB3SOiPDwj9UsFk41+KZV9cm6pQIDAQABo34w
fDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DA7BgNVHSUENDAyBggrBgEFBQcD
AQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgwEQYJYIZI
AYb4QgEBBAQDAgD3MA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQELBQADggEB
AHfjsIJpQlQcSP1Gy0gcrnBt9PhcA5TAqKlafKXVs0z60gVFDd/8d9PU3QxuTa4m
uQGLtFiMSudaoZoGhyEZ4kk5upqjfANppJj4R5UgPmfhp24AUvPjf2bVXczdIbvY
MNrXMtOq4+zD8QdZ25aPXT17LDIGx3TSM4HQzpu9YQdVt6fGgqPKFo3U9HGsBCja
lXsQ+lw4Hfi50HqLFRmLA50AP5m+EGdgIkVktAm7v8x0H8wHjd2Ysy8oRRAYtf2i
tynaHjsc6x3jDd5HiGuShRNHV9r3Q+IG1+SikALFk0nhKfB4DpYTz/fSQsw9hEj5
5wYD1VN/zBzPsHUUwCujYOs=
-----END CERTIFICATE-----
''
];
2023-02-06 19:03:49 -07:00
2023-09-12 08:44:05 -06:00
systemd = {
user.services =
2023-12-30 08:31:59 -07:00
lib.listToAttrs (builtins.map jobToUserService jobs);
services = {
ollama = {
environment = {
OLLAMA_ORIGINS = "*";
};
};
"whytailscalewhy" = {
description = "Tailscale restart on resume";
wantedBy = [ "post-resume.target" ];
after = [ "post-resume.target" ];
script = ''
. /etc/profile;
${pkgs.systemd}/bin/systemctl restart tailscaled.service
'';
serviceConfig.Type = "oneshot";
};
2023-09-12 08:44:05 -06:00
};
};
2023-03-12 09:19:39 -06:00
users.users.qbit.extraGroups = [
"dialout"
"libvirtd"
2023-07-20 13:30:17 -06:00
"plugdev"
2024-06-11 08:40:54 -06:00
"cdrom"
2023-03-12 09:19:39 -06:00
];
2022-08-25 12:21:35 -06:00
environment = {
sessionVariables = {
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_DATA_HOME = "\${HOME}/.local/share";
2022-12-04 06:22:35 -07:00
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
PATH = [ "\${XDG_BIN_HOME}" ];
MUHOME = "\${HOME}/.config/mu";
};
2022-12-04 06:22:35 -07:00
systemPackages = with pkgs; [
#deltachat-desktop
2023-12-12 05:47:53 -07:00
arduino
beets # stable
calibre
chirp # stable
deadbeef-with-plugins
2024-03-09 20:54:03 -07:00
deluge
direwolf
element-desktop
element-desktop-wayland
elmPackages.elm
elmPackages.elm-format
elmPackages.elm-language-server
elmPackages.elm-live
elmPackages.elm-test
entr
2024-07-02 15:18:01 -06:00
ferdium
2023-12-21 08:05:16 -07:00
fossil
gh
gimp
2024-03-14 06:08:39 -06:00
git-annex
gqrx
hackrf
2024-03-18 13:35:11 -06:00
inkscape
2024-08-09 07:59:44 -06:00
intiface-central
isync
2024-03-22 08:26:09 -06:00
jan
2024-03-18 13:35:11 -06:00
jujutsu
klavaro
2024-03-26 08:12:45 -06:00
koreader
2024-06-17 09:29:13 -06:00
linphone
2024-07-09 20:43:09 -06:00
ltunify
minicom
mu
nix-index
2023-11-14 07:08:36 -07:00
nixpkgs-review
nmap
obsidian
ollama
2024-03-07 08:02:40 -07:00
openscad
picocom
proton-caller
protonup-ng
prusa-slicer
2024-01-11 20:05:57 -07:00
python3Packages.nomadnet
2024-01-12 17:07:08 -07:00
python3Packages.rns
qdmr
# Don't do it, don't switch to another music player. They all suck!
# this one works the least sucky!
quodlibet-full #stable
# Don't do it! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
#
rex
2023-11-29 08:10:15 -07:00
rsibreak
rtl-sdr
sdrpp
signal-desktop
2024-01-12 07:30:57 -07:00
signal-desktop-beta
tcpdump
tea
tigervnc
2024-01-30 12:47:55 -07:00
tncattach
unzip
veilid
virt-manager
w3m
2024-05-15 09:37:11 -06:00
workrave
yt-dlp
zig
(callPackage ../../pkgs/ttfs.nix { })
2024-11-02 10:07:11 -06:00
(python3Packages.callPackage ../../pkgs/kobuddy.nix { })
(callPackage ../../pkgs/gokrazy.nix { })
(callPackage ../../pkgs/mvoice.nix { })
(callPackage ../../pkgs/zutty.nix { })
(python3Packages.callPackage ../../pkgs/watchmap.nix { })
2024-07-24 08:19:37 -06:00
(python3Packages.callPackage ../../pkgs/ble-serial.nix { })
restic
];
};
2022-08-25 12:21:35 -06:00
# for Pharo
security.pam.loginLimits = [
{
domain = "qbit";
type = "hard";
item = "rtprio";
value = "2";
}
{
domain = "qbit";
type = "soft";
item = "rtprio";
value = "2";
}
];
2023-09-12 08:44:05 -06:00
system = {
autoUpgrade.allowReboot = false;
stateVersion = "21.11";
};
2022-08-25 12:21:35 -06:00
}