From d1df706826284b774c4c71a01fad3607f7c915f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20B=C3=B6hme?= Date: Wed, 31 Aug 2022 12:11:44 +0200 Subject: [PATCH] :rocket: add work host and profile --- flake.nix | 6 ++ hosts/nixos-work/default.nix | 105 ++++++++++++++++++++ hosts/nixos-work/hardware-configuration.nix | 96 ++++++++++++++++++ modules/profiles/work.nix | 75 ++++++++++++++ 4 files changed, 282 insertions(+) create mode 100644 hosts/nixos-work/default.nix create mode 100644 hosts/nixos-work/hardware-configuration.nix create mode 100644 modules/profiles/work.nix diff --git a/flake.nix b/flake.nix index b833ccf..e2f1fad 100644 --- a/flake.nix +++ b/flake.nix @@ -97,6 +97,7 @@ ./modules/profiles/base.nix ./modules/profiles/gaming.nix ./modules/profiles/desktop.nix + ./modules/profiles/work.nix ]; hostDefaults.modules = [ ./modules/default.nix @@ -123,6 +124,11 @@ self.nixosModules.gaming ]; + hosts.nixos-work.modules = [ + ./hosts/nixos-work + self.nixosModules.work + ]; + ############### ### Outputs ### ############### diff --git a/hosts/nixos-work/default.nix b/hosts/nixos-work/default.nix new file mode 100644 index 0000000..7757f13 --- /dev/null +++ b/hosts/nixos-work/default.nix @@ -0,0 +1,105 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot = { + supportedFilesystems = [ "btrfs" ]; + loader = { + grub = { + enable = true; + version = 2; + device = "nodev"; + efiSupport = true; + useOSProber = true; + }; + efi.canTouchEfiVariables = true; + }; + }; + + networking.hostName = "nixos-work"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "de"; + }; + + # Configure keymap in X11 + services.xserver.layout = "de"; + services.xserver.xkbOptions = "caps:escape"; # map caps to escape. + + # Enable touchpad support (enabled default in most desktopManager). + services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.moritz = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + firefox + thunderbird + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.05"; # Did you read the comment? + +} + diff --git a/hosts/nixos-work/hardware-configuration.nix b/hosts/nixos-work/hardware-configuration.nix new file mode 100644 index 0000000..e6f12bb --- /dev/null +++ b/hosts/nixos-work/hardware-configuration.nix @@ -0,0 +1,96 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/23782fe8-86f7-4aa1-afc1-6586443d0d3e"; + fsType = "btrfs"; + options = [ "subvol=@" "compress=zstd" "noatime" ]; + }; + + boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/1958da8c-d506-49a6-b983-dc8477d25b7c"; + + fileSystems."/home" = + { + device = "/dev/disk/by-uuid/23782fe8-86f7-4aa1-afc1-6586443d0d3e"; + fsType = "btrfs"; + options = [ "subvol=@home" "compress=zstd" "noatime" ]; + }; + + fileSystems."/swap" = + { + device = "/dev/disk/by-uuid/23782fe8-86f7-4aa1-afc1-6586443d0d3e"; + fsType = "btrfs"; + options = [ "subvol=@swap" "compress=zstd" "noatime" ]; + }; + + fileSystems."/nix" = + { + device = "/dev/disk/by-uuid/23782fe8-86f7-4aa1-afc1-6586443d0d3e"; + fsType = "btrfs"; + options = [ "subvol=@nix" "compress=zstd" "noatime" ]; + }; + + fileSystems."/var/log" = + { + device = "/dev/disk/by-uuid/23782fe8-86f7-4aa1-afc1-6586443d0d3e"; + fsType = "btrfs"; + options = [ "subvol=@log" "compress=zstd" "noatime" ]; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/8EFC-70D8"; + fsType = "vfat"; + }; + + swapDevices = [{ + device = "/swap/swapfile"; + size = (1024 * 16) + (1024 * 2); # RAM size + 2GB + }]; + + boot.kernelParams = [ "resume_offset=19579486208" ]; + boot.resumeDevice = "/dev/disk/by-uuid/23782fe8-86f7-4aa1-afc1-6586443d0d3e"; + + systemd.services = { + create-swapfile = { + serviceConfig.Type = "oneshot"; + wantedBy = [ "swap-swapfile.swap" ]; + script = '' + swapfile="/swap/swapfile" + if [[ -f "$swapfile" ]]; then + echo "Swap file $swapfile already exists, taking no action." + else + echo "Setting up swap file $swapfile..." + ${pkgs.coreutils}/bin/truncate -s 0 /swap/swapfile + ${pkgs.e2fsprogs}/bin/chattr +C /swap/swapfile + echo "Done." + fi + ''; + }; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s13f0u2u4.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/profiles/work.nix b/modules/profiles/work.nix new file mode 100644 index 0000000..42c1669 --- /dev/null +++ b/modules/profiles/work.nix @@ -0,0 +1,75 @@ +{ config +, lib +, pkgs +, ... +}: +with lib; { + my = { + # config + yubikey.enable = true; + + virtualisation = { + podman.enable = true; + libvirtd.enable = true; + }; + + programs = { + gnome.enable = true; + code.enable = true; + emacs.enable = true; + firefox.enable = true; + kitty.enable = true; + rofi.enable = true; + spotify.enable = true; + thunar.enable = true; + zathura.enable = true; + git.identity.email = "moritz.boehme@l.de"; + }; + + services = { + kdeconnect.enable = true; + printing.enable = true; + redshift.enable = true; + }; + }; + + environment.systemPackages = with pkgs; [ + jetbrains.pycharm-professional + keepassxc + libreoffice + logseq + pavucontrol + python310-dev + python38-dev + slack + vlc + fprintd + ]; + + networking.networkmanager.enableStrongSwan = true; + + home-manager.users.moritz = { + services.unclutter.enable = true; + services.nextcloud-client = { + enable = true; + startInBackground = true; + }; + }; + services = { + gnome.gnome-keyring.enable = true; + pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + }; + # Remap capslock to esc and shift + capslock to capslock + xserver.xkbOptions = "terminate:ctrl_alt_bksp,caps:escape_shifted_capslock"; + fprintd = { + enable = true; + tod = { + enable = true; + driver = pkgs.libfprint-2-tod1-vfs0090; + }; + }; + }; +}