repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add radish configuration

Browse Source
This commit is contained in:
Joakim Repomaa
2024-11-04 12:43:09 +02:00
parent 89d7e656f9
commit 3558aeecda
26 changed files with 657 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
flake.nix
View File

@@ -1,6 +1,7 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
nextcloud = {
url = "github:onny/nixos-nextcloud-testumgebung";
inputs.nixpkgs.follows = "nixpkgs";
@@ -9,18 +10,37 @@
url = "github:gtrackmap/gtrackmap";
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote.url = "github:nix-community/lanzaboote";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
ksoloti-pr.url = "github:repomaa/nixpkgs/pkg/ksoloti";
auto-cpufreq = {
url = "github:AdnanHodzic/auto-cpufreq";
inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, gtrackmap, ... }@attrs: {
};
outputs = { nixpkgs, nixpkgs-small, gtrackmap, ksoloti-pr, lanzaboote, nixos-hardware, auto-cpufreq, ... }@attrs: {
nixosConfigurations.freun-dev = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = attrs;
modules = [
./hardware-configuration.nix
./configuration.nix
./services.nix
./freun.dev
gtrackmap.nixosModules.x86_64-linux.default
];
};
nixosConfigurations.radish = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
pkgs-small = import nixpkgs-small { inherit system; };
ksoloti-pr = import ksoloti-pr { inherit system; };
inherit attrs system;
};
modules = [
./radish
lanzaboote.nixosModules.lanzaboote
nixos-hardware.nixosModules.framework-13-7040-amd
auto-cpufreq.nixosModules.default
];
};
};
}

0
configuration.nix → freun.dev/configuration.nix
View File

7
freun.dev/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{ ... }: {
imports = [
./hardware-configuration.nix
./configuration.nix
./services.nix
];
}

0
grafana.nix → freun.dev/grafana.nix
View File

0
gtrackmap.nix → freun.dev/gtrackmap.nix
View File

0
hardware-configuration.nix → freun.dev/hardware-configuration.nix
View File

0
hydra.nix → freun.dev/hydra.nix
View File

0
immich.nix → freun.dev/immich.nix
View File

0
invidious.nix → freun.dev/invidious.nix
View File

0
owncast.nix → freun.dev/owncast.nix
View File

0
services.nix → freun.dev/services.nix
View File

0
syncthing.nix → freun.dev/syncthing.nix
View File

0
tailscale.nix → freun.dev/tailscale.nix
View File

0
vaultwarden.nix → freun.dev/vaultwarden.nix
View File

0
workout-tracker.nix → freun.dev/workout-tracker.nix
View File

31
radish/boot.nix Normal file
View File

@@ -0,0 +1,31 @@
{ lib, pkgs, ... }:
{
boot = {
loader.systemd-boot.enable = lib.mkForce false;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
configurationLimit = 10;
settings = {
editor = false;
};
};
loader.efi.canTouchEfiVariables = true;
bootspec.enable = true;
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
"amdgpu.sg_display=0"
"resume_offset=533760"
];
resumeDevice = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
tmp.useTmpfs = true;
kernel.sysctl = {
"vm.max_map_count" = 262144;
};
};
environment.systemPackages = with pkgs; [
efibootmgr
];
}

39
radish/configuration.nix Normal file
View File

@@ -0,0 +1,39 @@
{ ... }:
{
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
};
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
};
networking.extraHosts = ''
10.10.0.1 warden.apu.repomaa.com
'';
networking.nftables.enable = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

8
radish/containers.nix Normal file
View File

@@ -0,0 +1,8 @@
{ ... }:
{
virtualisation.docker.storageDriver = "btrfs";
virtualisation.docker.rootless = {
enable = true;
setSocketVariable = true;
};
}

13
radish/default.nix Normal file
View File

@@ -0,0 +1,13 @@
{ ... }: {
imports = [
./hardware-configuration.nix
./configuration.nix
./host.nix
./boot.nix
./hardware.nix
./packages.nix
./containers.nix
./desktop.nix
./users.nix
];
}

25
radish/desktop.nix Normal file
View File

@@ -0,0 +1,25 @@
{ ... }:
{
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
services.printing.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
hardware.pulseaudio.enable = false;
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
}

277
radish/flake.lock generated Normal file
View File

@@ -0,0 +1,277 @@
{
"nodes": {
"auto-cpufreq": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1726162350,
"narHash": "sha256-SI2pDWGKqRJh48wGLovsVT4xPXTZZjM2zaOP3HpUPTE=",
"owner": "AdnanHodzic",
"repo": "auto-cpufreq",
"rev": "7b03630a5e094fc2ef58492d6be35bf64c387815",
"type": "github"
},
"original": {
"owner": "AdnanHodzic",
"repo": "auto-cpufreq",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1730060262,
"narHash": "sha256-RMgSVkZ9H03sxC+Vh4jxtLTCzSjPq18UWpiM0gq6shQ=",
"owner": "ipetkov",
"repo": "crane",
"rev": "498d9f122c413ee1154e8131ace5a35a80d8fa76",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1727826117,
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"ksoloti-pr": {
"locked": {
"lastModified": 1718526298,
"narHash": "sha256-Ew3ebuFbMVOkHsGNTwD7g4Bm/ODRtJCRUWYd1Ub4J7k=",
"owner": "repomaa",
"repo": "nixpkgs",
"rev": "2ee854727a514069c8369bce5d3dbd7ca1f32d99",
"type": "github"
},
"original": {
"owner": "repomaa",
"ref": "pkg/ksoloti",
"repo": "nixpkgs",
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1730107060,
"narHash": "sha256-EnVVq1oNcimZmQYl6UlLYs0jhC6aLah0bsFMy2syEak=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "0ad4ce46649b390da8bebcc229917f9863c98fe2",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "lanzaboote",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1730368399,
"narHash": "sha256-F8vJtG389i9fp3k2/UDYHMed3PLCJYfxCqwiVP7b9ig=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "da14839ac5f38ee6adbdb4e6db09b5eef6d6ccdc",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1730025694,
"narHash": "sha256-Isj+5RY86+N+JrotqpaXqi6hUAABcF6pIOlIWy2leC8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "23664a7358c599dd4f975f16cea0865bf423e83d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-small": {
"locked": {
"lastModified": 1730403368,
"narHash": "sha256-b+whD5HBiD4niTz67HtOv8lMg3fnYdAxHgi52rsAGFA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "20499cc102964a175b595bd459f447d25abd6130",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1720386169,
"narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1730200266,
"narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1729104314,
"narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"auto-cpufreq": "auto-cpufreq",
"ksoloti-pr": "ksoloti-pr",
"lanzaboote": "lanzaboote",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nixpkgs-small": "nixpkgs-small"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729996302,
"narHash": "sha256-QEU1NQq1+7s1na69Chig9K0iDDTKN0O4Zreo9A9rccA=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "a1b337569f334ff0a01b57627f17b201d746d24c",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

64
radish/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,64 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."cryptroot" = {
device = "/dev/disk/by-uuid/43895585-8899-4e94-a413-889127c214f8";
allowDiscards = true;
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@var_log" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/01E6-6258";
fsType = "vfat";
};
fileSystems."/swap" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
swapDevices = [ {
device = "/swap/swapfile";
size = 64*1024;
} ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

87
radish/hardware.nix Normal file
View File

@@ -0,0 +1,87 @@
{ pkgs, ksoloti-pr, lib, config, ... }:
{
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
services.pcscd = {
enable = true;
plugins = [
pkgs.ccid
];
};
services.udev.packages = [
pkgs.zsa-udev-rules
pkgs.yubikey-personalization
ksoloti-pr.ksoloti
];
services.usbmuxd = {
enable = true;
package = pkgs.usbmuxd;
};
services.fwupd = {
enable = true;
};
services.fprintd.enable = true;
services.fstrim.enable = true;
security.pam.services.login.fprintAuth = false;
# similarly to how other distributions handle the fingerprinting login
security.pam.services.gdm-fingerprint = lib.mkIf (config.services.fprintd.enable) {
text = ''
auth required pam_shells.so
auth requisite pam_nologin.so
auth requisite pam_faillock.so preauth
auth required ${pkgs.fprintd}/lib/security/pam_fprintd.so
auth optional pam_permit.so
auth required pam_env.so
auth [success=ok default=1] ${pkgs.gdm}/lib/security/pam_gdm.so
auth optional ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so
account include login
password required pam_deny.so
session include login
session optional ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
'';
};
hardware.keyboard.zsa.enable = true;
services.logind = {
lidSwitch = "suspend";
powerKey = "suspend";
extraConfig = ''
IdleAction=suspend
'';
};
powerManagement = {
enable = true;
powerDownCommands = "${pkgs.networkmanager}/bin/nmcli radio wifi off";
powerUpCommands = "${pkgs.networkmanager}/bin/nmcli radio wifi on";
};
services.power-profiles-daemon.enable = false;
services.tlp = {
enable = true;
settings = {
CPU_BOOST_ON_BAT = 0;
CPU_SCALING_GOVERNOR_ON_BATTERY = "powersave";
START_CHARGE_THRESH_BATx = 85;
STOP_CHARGE_THRES_BATx = 90;
RUNTIME_PM_ON_BAT = "auto";
};
};
programs.auto-cpufreq.enable = true;
hardware.amdgpu.opencl.enable = true;
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [ rocmPackages.clr.icd ];
};
networking.networkmanager.wifi.backend = "iwd";
security.tpm2.enable = true;
}

10
radish/host.nix Normal file
View File

@@ -0,0 +1,10 @@
{ lib, ... }:
{
networking.hostName = "radish";
time.timeZone = lib.mkForce null; # allow TZ to be set by desktop user
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
}

54
radish/packages.nix Normal file
View File

@@ -0,0 +1,54 @@
{ pkgs, ... }:
{
nixpkgs.config.allowUnfree = true;
environment = {
systemPackages = with pkgs; [
vim
wget
curl
htop
tmux
libimobiledevice
ripgrep
fd
(pkgs.buildGoModule {
name = "meilindex";
src = pkgs.fetchFromGitHub {
owner = "tryffel";
repo = "meilindex";
rev = "v0.2.0";
sha256 = "sha256-Lecni3cqkWOQjSjjJZLyWKz2eFR5MS8gNPVXRTwrciA=";
};
vendorHash = "sha256-eBIfyffQK5gYYPBuAvpZKnjRbpmY3GKS47QoMtbetS8=";
})
];
pathsToLink = [ "/share/zsh" ];
};
services = {
tailscale = {
enable = true;
useRoutingFeatures = "client";
};
ollama = {
enable = true;
acceleration = "rocm";
environmentVariables = {
HSA_OVERRIDE_GFX_VERSION = "11.0.3";
};
};
meilisearch.enable = true;
};
programs = {
zsh.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [ "moco" ];
};
_1password.enable = true;
};
}

17
radish/users.nix Normal file
View File

@@ -0,0 +1,17 @@
{ pkgs, ... }:
{
# Define a user account. Don't forget to set a password with passwd.
users.users.jokke = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.zsh;
};
users.users.moco = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.zsh;
subUidRanges = [{ startUid = 10000; count = 65536; }];
subGidRanges = [{ startGid = 10000; count = 65536; }];
};
}