From 3558aeecdae06567dc769f81930e63036d827ad5 Mon Sep 17 00:00:00 2001 From: Joakim Repomaa Date: Mon, 4 Nov 2024 12:43:09 +0200 Subject: [PATCH] add radish configuration --- flake.nix | 30 +- .../configuration.nix | 0 freun.dev/default.nix | 7 + grafana.nix => freun.dev/grafana.nix | 0 gtrackmap.nix => freun.dev/gtrackmap.nix | 0 .../hardware-configuration.nix | 0 hydra.nix => freun.dev/hydra.nix | 0 immich.nix => freun.dev/immich.nix | 0 invidious.nix => freun.dev/invidious.nix | 0 owncast.nix => freun.dev/owncast.nix | 0 services.nix => freun.dev/services.nix | 0 syncthing.nix => freun.dev/syncthing.nix | 0 tailscale.nix => freun.dev/tailscale.nix | 0 vaultwarden.nix => freun.dev/vaultwarden.nix | 0 .../workout-tracker.nix | 0 radish/boot.nix | 31 ++ radish/configuration.nix | 39 +++ radish/containers.nix | 8 + radish/default.nix | 13 + radish/desktop.nix | 25 ++ radish/flake.lock | 277 ++++++++++++++++++ radish/hardware-configuration.nix | 64 ++++ radish/hardware.nix | 87 ++++++ radish/host.nix | 10 + radish/packages.nix | 54 ++++ radish/users.nix | 17 ++ 26 files changed, 657 insertions(+), 5 deletions(-) rename configuration.nix => freun.dev/configuration.nix (100%) create mode 100644 freun.dev/default.nix rename grafana.nix => freun.dev/grafana.nix (100%) rename gtrackmap.nix => freun.dev/gtrackmap.nix (100%) rename hardware-configuration.nix => freun.dev/hardware-configuration.nix (100%) rename hydra.nix => freun.dev/hydra.nix (100%) rename immich.nix => freun.dev/immich.nix (100%) rename invidious.nix => freun.dev/invidious.nix (100%) rename owncast.nix => freun.dev/owncast.nix (100%) rename services.nix => freun.dev/services.nix (100%) rename syncthing.nix => freun.dev/syncthing.nix (100%) rename tailscale.nix => freun.dev/tailscale.nix (100%) rename vaultwarden.nix => freun.dev/vaultwarden.nix (100%) rename workout-tracker.nix => freun.dev/workout-tracker.nix (100%) create mode 100644 radish/boot.nix create mode 100644 radish/configuration.nix create mode 100644 radish/containers.nix create mode 100644 radish/default.nix create mode 100644 radish/desktop.nix create mode 100644 radish/flake.lock create mode 100644 radish/hardware-configuration.nix create mode 100644 radish/hardware.nix create mode 100644 radish/host.nix create mode 100644 radish/packages.nix create mode 100644 radish/users.nix diff --git a/flake.nix b/flake.nix index babbc7a..09b2843 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,7 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nextcloud = { url = "github:onny/nixos-nextcloud-testumgebung"; inputs.nixpkgs.follows = "nixpkgs"; @@ -9,18 +10,37 @@ url = "github:gtrackmap/gtrackmap"; inputs.nixpkgs.follows = "nixpkgs"; }; + lanzaboote.url = "github:nix-community/lanzaboote"; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + ksoloti-pr.url = "github:repomaa/nixpkgs/pkg/ksoloti"; + auto-cpufreq = { + url = "github:AdnanHodzic/auto-cpufreq"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; - outputs = { self, nixpkgs, gtrackmap, ... }@attrs: { + outputs = { nixpkgs, nixpkgs-small, gtrackmap, ksoloti-pr, lanzaboote, nixos-hardware, auto-cpufreq, ... }@attrs: { nixosConfigurations.freun-dev = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = attrs; modules = [ - ./hardware-configuration.nix - ./configuration.nix - ./services.nix + ./freun.dev gtrackmap.nixosModules.x86_64-linux.default ]; }; + + nixosConfigurations.radish = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + specialArgs = { + pkgs-small = import nixpkgs-small { inherit system; }; + ksoloti-pr = import ksoloti-pr { inherit system; }; + inherit attrs system; + }; + modules = [ + ./radish + lanzaboote.nixosModules.lanzaboote + nixos-hardware.nixosModules.framework-13-7040-amd + auto-cpufreq.nixosModules.default + ]; + }; }; } - diff --git a/configuration.nix b/freun.dev/configuration.nix similarity index 100% rename from configuration.nix rename to freun.dev/configuration.nix diff --git a/freun.dev/default.nix b/freun.dev/default.nix new file mode 100644 index 0000000..dee389b --- /dev/null +++ b/freun.dev/default.nix @@ -0,0 +1,7 @@ +{ ... }: { + imports = [ + ./hardware-configuration.nix + ./configuration.nix + ./services.nix + ]; +} diff --git a/grafana.nix b/freun.dev/grafana.nix similarity index 100% rename from grafana.nix rename to freun.dev/grafana.nix diff --git a/gtrackmap.nix b/freun.dev/gtrackmap.nix similarity index 100% rename from gtrackmap.nix rename to freun.dev/gtrackmap.nix diff --git a/hardware-configuration.nix b/freun.dev/hardware-configuration.nix similarity index 100% rename from hardware-configuration.nix rename to freun.dev/hardware-configuration.nix diff --git a/hydra.nix b/freun.dev/hydra.nix similarity index 100% rename from hydra.nix rename to freun.dev/hydra.nix diff --git a/immich.nix b/freun.dev/immich.nix similarity index 100% rename from immich.nix rename to freun.dev/immich.nix diff --git a/invidious.nix b/freun.dev/invidious.nix similarity index 100% rename from invidious.nix rename to freun.dev/invidious.nix diff --git a/owncast.nix b/freun.dev/owncast.nix similarity index 100% rename from owncast.nix rename to freun.dev/owncast.nix diff --git a/services.nix b/freun.dev/services.nix similarity index 100% rename from services.nix rename to freun.dev/services.nix diff --git a/syncthing.nix b/freun.dev/syncthing.nix similarity index 100% rename from syncthing.nix rename to freun.dev/syncthing.nix diff --git a/tailscale.nix b/freun.dev/tailscale.nix similarity index 100% rename from tailscale.nix rename to freun.dev/tailscale.nix diff --git a/vaultwarden.nix b/freun.dev/vaultwarden.nix similarity index 100% rename from vaultwarden.nix rename to freun.dev/vaultwarden.nix diff --git a/workout-tracker.nix b/freun.dev/workout-tracker.nix similarity index 100% rename from workout-tracker.nix rename to freun.dev/workout-tracker.nix diff --git a/radish/boot.nix b/radish/boot.nix new file mode 100644 index 0000000..7b627cb --- /dev/null +++ b/radish/boot.nix @@ -0,0 +1,31 @@ +{ lib, pkgs, ... }: +{ + boot = { + loader.systemd-boot.enable = lib.mkForce false; + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + configurationLimit = 10; + settings = { + editor = false; + }; + }; + loader.efi.canTouchEfiVariables = true; + bootspec.enable = true; + kernelPackages = pkgs.linuxPackages_latest; + kernelParams = [ + "amdgpu.sg_display=0" + "resume_offset=533760" + ]; + + resumeDevice = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689"; + tmp.useTmpfs = true; + kernel.sysctl = { + "vm.max_map_count" = 262144; + }; + }; + + environment.systemPackages = with pkgs; [ + efibootmgr + ]; +} diff --git a/radish/configuration.nix b/radish/configuration.nix new file mode 100644 index 0000000..49a8906 --- /dev/null +++ b/radish/configuration.nix @@ -0,0 +1,39 @@ +{ ... }: +{ + nix = { + settings = { + experimental-features = [ "nix-command" "flakes" ]; + auto-optimise-store = true; + }; + + gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 7d"; + }; + }; + + networking.extraHosts = '' + 10.10.0.1 warden.apu.repomaa.com + ''; + + networking.nftables.enable = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/radish/containers.nix b/radish/containers.nix new file mode 100644 index 0000000..cdc6d22 --- /dev/null +++ b/radish/containers.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + virtualisation.docker.storageDriver = "btrfs"; + virtualisation.docker.rootless = { + enable = true; + setSocketVariable = true; + }; +} diff --git a/radish/default.nix b/radish/default.nix new file mode 100644 index 0000000..672f69a --- /dev/null +++ b/radish/default.nix @@ -0,0 +1,13 @@ +{ ... }: { + imports = [ + ./hardware-configuration.nix + ./configuration.nix + ./host.nix + ./boot.nix + ./hardware.nix + ./packages.nix + ./containers.nix + ./desktop.nix + ./users.nix + ]; +} diff --git a/radish/desktop.nix b/radish/desktop.nix new file mode 100644 index 0000000..4ea0c45 --- /dev/null +++ b/radish/desktop.nix @@ -0,0 +1,25 @@ +{ ... }: +{ + services.xserver = { + enable = true; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + }; + + services.printing.enable = true; + + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + hardware.pulseaudio.enable = false; + + programs.steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + }; +} diff --git a/radish/flake.lock b/radish/flake.lock new file mode 100644 index 0000000..394bef8 --- /dev/null +++ b/radish/flake.lock @@ -0,0 +1,277 @@ +{ + "nodes": { + "auto-cpufreq": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726162350, + "narHash": "sha256-SI2pDWGKqRJh48wGLovsVT4xPXTZZjM2zaOP3HpUPTE=", + "owner": "AdnanHodzic", + "repo": "auto-cpufreq", + "rev": "7b03630a5e094fc2ef58492d6be35bf64c387815", + "type": "github" + }, + "original": { + "owner": "AdnanHodzic", + "repo": "auto-cpufreq", + "type": "github" + } + }, + "crane": { + "locked": { + "lastModified": 1730060262, + "narHash": "sha256-RMgSVkZ9H03sxC+Vh4jxtLTCzSjPq18UWpiM0gq6shQ=", + "owner": "ipetkov", + "repo": "crane", + "rev": "498d9f122c413ee1154e8131ace5a35a80d8fa76", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1727826117, + "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "ksoloti-pr": { + "locked": { + "lastModified": 1718526298, + "narHash": "sha256-Ew3ebuFbMVOkHsGNTwD7g4Bm/ODRtJCRUWYd1Ub4J7k=", + "owner": "repomaa", + "repo": "nixpkgs", + "rev": "2ee854727a514069c8369bce5d3dbd7ca1f32d99", + "type": "github" + }, + "original": { + "owner": "repomaa", + "ref": "pkg/ksoloti", + "repo": "nixpkgs", + "type": "github" + } + }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs", + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1730107060, + "narHash": "sha256-EnVVq1oNcimZmQYl6UlLYs0jhC6aLah0bsFMy2syEak=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "0ad4ce46649b390da8bebcc229917f9863c98fe2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lanzaboote", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1730368399, + "narHash": "sha256-F8vJtG389i9fp3k2/UDYHMed3PLCJYfxCqwiVP7b9ig=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "da14839ac5f38ee6adbdb4e6db09b5eef6d6ccdc", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1730025694, + "narHash": "sha256-Isj+5RY86+N+JrotqpaXqi6hUAABcF6pIOlIWy2leC8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "23664a7358c599dd4f975f16cea0865bf423e83d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-small": { + "locked": { + "lastModified": 1730403368, + "narHash": "sha256-b+whD5HBiD4niTz67HtOv8lMg3fnYdAxHgi52rsAGFA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "20499cc102964a175b595bd459f447d25abd6130", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1720386169, + "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1730200266, + "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1729104314, + "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "auto-cpufreq": "auto-cpufreq", + "ksoloti-pr": "ksoloti-pr", + "lanzaboote": "lanzaboote", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs_2", + "nixpkgs-small": "nixpkgs-small" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729996302, + "narHash": "sha256-QEU1NQq1+7s1na69Chig9K0iDDTKN0O4Zreo9A9rccA=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "a1b337569f334ff0a01b57627f17b201d746d24c", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/radish/hardware-configuration.nix b/radish/hardware-configuration.nix new file mode 100644 index 0000000..296710f --- /dev/null +++ b/radish/hardware-configuration.nix @@ -0,0 +1,64 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; + + boot.initrd.luks.devices."cryptroot" = { + device = "/dev/disk/by-uuid/43895585-8899-4e94-a413-889127c214f8"; + allowDiscards = true; + }; + + fileSystems."/var/log" = + { device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689"; + fsType = "btrfs"; + options = [ "subvol=@var_log" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689"; + fsType = "btrfs"; + options = [ "subvol=@home" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/01E6-6258"; + fsType = "vfat"; + }; + + fileSystems."/swap" = + { device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689"; + fsType = "btrfs"; + options = [ "subvol=@swap" ]; + }; + + swapDevices = [ { + device = "/swap/swapfile"; + size = 64*1024; + } ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/radish/hardware.nix b/radish/hardware.nix new file mode 100644 index 0000000..d7d85e1 --- /dev/null +++ b/radish/hardware.nix @@ -0,0 +1,87 @@ +{ pkgs, ksoloti-pr, lib, config, ... }: +{ + hardware.bluetooth.enable = true; + hardware.bluetooth.powerOnBoot = true; + + services.pcscd = { + enable = true; + plugins = [ + pkgs.ccid + ]; + }; + services.udev.packages = [ + pkgs.zsa-udev-rules + pkgs.yubikey-personalization + ksoloti-pr.ksoloti + ]; + services.usbmuxd = { + enable = true; + package = pkgs.usbmuxd; + }; + services.fwupd = { + enable = true; + }; + services.fprintd.enable = true; + services.fstrim.enable = true; + + security.pam.services.login.fprintAuth = false; + # similarly to how other distributions handle the fingerprinting login + security.pam.services.gdm-fingerprint = lib.mkIf (config.services.fprintd.enable) { + text = '' + auth required pam_shells.so + auth requisite pam_nologin.so + auth requisite pam_faillock.so preauth + auth required ${pkgs.fprintd}/lib/security/pam_fprintd.so + auth optional pam_permit.so + auth required pam_env.so + auth [success=ok default=1] ${pkgs.gdm}/lib/security/pam_gdm.so + auth optional ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so + + account include login + + password required pam_deny.so + + session include login + session optional ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start + ''; + }; + + hardware.keyboard.zsa.enable = true; + + services.logind = { + lidSwitch = "suspend"; + powerKey = "suspend"; + extraConfig = '' + IdleAction=suspend + ''; + }; + + powerManagement = { + enable = true; + powerDownCommands = "${pkgs.networkmanager}/bin/nmcli radio wifi off"; + powerUpCommands = "${pkgs.networkmanager}/bin/nmcli radio wifi on"; + }; + + services.power-profiles-daemon.enable = false; + + services.tlp = { + enable = true; + settings = { + CPU_BOOST_ON_BAT = 0; + CPU_SCALING_GOVERNOR_ON_BATTERY = "powersave"; + START_CHARGE_THRESH_BATx = 85; + STOP_CHARGE_THRES_BATx = 90; + RUNTIME_PM_ON_BAT = "auto"; + }; + }; + + programs.auto-cpufreq.enable = true; + + hardware.amdgpu.opencl.enable = true; + hardware.graphics = { + enable = true; + extraPackages = with pkgs; [ rocmPackages.clr.icd ]; + }; + networking.networkmanager.wifi.backend = "iwd"; + security.tpm2.enable = true; +} diff --git a/radish/host.nix b/radish/host.nix new file mode 100644 index 0000000..29f2b74 --- /dev/null +++ b/radish/host.nix @@ -0,0 +1,10 @@ +{ lib, ... }: +{ + networking.hostName = "radish"; + time.timeZone = lib.mkForce null; # allow TZ to be set by desktop user + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; +} diff --git a/radish/packages.nix b/radish/packages.nix new file mode 100644 index 0000000..a8eb748 --- /dev/null +++ b/radish/packages.nix @@ -0,0 +1,54 @@ +{ pkgs, ... }: +{ + nixpkgs.config.allowUnfree = true; + + environment = { + systemPackages = with pkgs; [ + vim + wget + curl + htop + tmux + libimobiledevice + ripgrep + fd + (pkgs.buildGoModule { + name = "meilindex"; + src = pkgs.fetchFromGitHub { + owner = "tryffel"; + repo = "meilindex"; + rev = "v0.2.0"; + sha256 = "sha256-Lecni3cqkWOQjSjjJZLyWKz2eFR5MS8gNPVXRTwrciA="; + }; + vendorHash = "sha256-eBIfyffQK5gYYPBuAvpZKnjRbpmY3GKS47QoMtbetS8="; + }) + ]; + + pathsToLink = [ "/share/zsh" ]; + }; + + services = { + tailscale = { + enable = true; + useRoutingFeatures = "client"; + }; + + ollama = { + enable = true; + acceleration = "rocm"; + environmentVariables = { + HSA_OVERRIDE_GFX_VERSION = "11.0.3"; + }; + }; + meilisearch.enable = true; + }; + + programs = { + zsh.enable = true; + _1password-gui = { + enable = true; + polkitPolicyOwners = [ "moco" ]; + }; + _1password.enable = true; + }; +} diff --git a/radish/users.nix b/radish/users.nix new file mode 100644 index 0000000..20102c4 --- /dev/null +++ b/radish/users.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: +{ + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.jokke = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + shell = pkgs.zsh; + }; + + users.users.moco = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + shell = pkgs.zsh; + subUidRanges = [{ startUid = 10000; count = 65536; }]; + subGidRanges = [{ startGid = 10000; count = 65536; }]; + }; +}