repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor file structure

Browse Source
This commit is contained in:
Joakim Repomaa
2025-02-02 20:24:07 +02:00
parent 908b26449d
commit a201aa2de0
29 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
hosts/radish/boot.nix Normal file
View File

@@ -0,0 +1,31 @@
{ lib, pkgs, ... }:
{
boot = {
loader.systemd-boot.enable = lib.mkForce false;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
configurationLimit = 10;
settings = {
editor = false;
};
};
loader.efi.canTouchEfiVariables = true;
bootspec.enable = true;
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
"amdgpu.sg_display=0"
"resume_offset=533760"
];
resumeDevice = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
tmp.useTmpfs = true;
kernel.sysctl = {
"vm.max_map_count" = 262144;
};
};
environment.systemPackages = with pkgs; [
efibootmgr
];
}

39
hosts/radish/configuration.nix Normal file
View File

@@ -0,0 +1,39 @@
{ ... }:
{
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
};
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
};
networking.extraHosts = ''
10.10.0.1 warden.apu.repomaa.com
'';
networking.nftables.enable = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

8
hosts/radish/containers.nix Normal file
View File

@@ -0,0 +1,8 @@
{ ... }:
{
virtualisation.docker.storageDriver = "btrfs";
virtualisation.docker.rootless = {
enable = true;
setSocketVariable = true;
};
}

22
hosts/radish/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{ inputs, ... }:
let
inherit (inputs) lanzaboote nixos-hardware auto-cpufreq home-manager;
in
{
imports = [
./hardware-configuration.nix
./configuration.nix
./host.nix
./boot.nix
./hardware.nix
./packages.nix
./containers.nix
./desktop.nix
./users.nix
lanzaboote.nixosModules.lanzaboote
nixos-hardware.nixosModules.framework-13-7040-amd
auto-cpufreq.nixosModules.default
home-manager.nixosModules.home-manager
../../home
];
}

26
hosts/radish/desktop.nix Normal file
View File

@@ -0,0 +1,26 @@
{ ... }:
{
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
services.printing.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
hardware.pulseaudio.enable = false;
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
}

64
hosts/radish/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,64 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."cryptroot" = {
device = "/dev/disk/by-uuid/43895585-8899-4e94-a413-889127c214f8";
allowDiscards = true;
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@var_log" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/01E6-6258";
fsType = "vfat";
};
fileSystems."/swap" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
swapDevices = [ {
device = "/swap/swapfile";
size = 64*1024;
} ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

87
hosts/radish/hardware.nix Normal file
View File

@@ -0,0 +1,87 @@
{ pkgs, inputs, lib, config, ... }:
{
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
services.pcscd = {
enable = true;
plugins = [
pkgs.ccid
];
};
services.udev.packages = [
pkgs.zsa-udev-rules
pkgs.yubikey-personalization
inputs.ksoloti-pr.legacyPackages.${pkgs.system}.ksoloti
];
services.usbmuxd = {
enable = true;
package = pkgs.usbmuxd;
};
services.fwupd = {
enable = true;
};
services.fprintd.enable = true;
services.fstrim.enable = true;
security.pam.services.login.fprintAuth = false;
# similarly to how other distributions handle the fingerprinting login
security.pam.services.gdm-fingerprint = lib.mkIf (config.services.fprintd.enable) {
text = ''
auth required pam_shells.so
auth requisite pam_nologin.so
auth requisite pam_faillock.so preauth
auth required ${pkgs.fprintd}/lib/security/pam_fprintd.so
auth optional pam_permit.so
auth required pam_env.so
auth [success=ok default=1] ${pkgs.gdm}/lib/security/pam_gdm.so
auth optional ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so
account include login
password required pam_deny.so
session include login
session optional ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
'';
};
hardware.keyboard.zsa.enable = true;
services.logind = {
lidSwitch = "suspend";
powerKey = "suspend";
extraConfig = ''
IdleAction=suspend
'';
};
powerManagement = {
enable = true;
powerDownCommands = "${pkgs.networkmanager}/bin/nmcli radio wifi off";
powerUpCommands = "${pkgs.networkmanager}/bin/nmcli radio wifi on";
};
services.power-profiles-daemon.enable = false;
services.tlp = {
enable = true;
settings = {
CPU_BOOST_ON_BAT = 0;
CPU_SCALING_GOVERNOR_ON_BATTERY = "powersave";
START_CHARGE_THRESH_BATx = 85;
STOP_CHARGE_THRES_BATx = 90;
RUNTIME_PM_ON_BAT = "auto";
};
};
programs.auto-cpufreq.enable = true;
hardware.amdgpu.opencl.enable = true;
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [ rocmPackages.clr.icd ];
};
networking.networkmanager.wifi.backend = "iwd";
security.tpm2.enable = true;
}

12
hosts/radish/host.nix Normal file
View File

@@ -0,0 +1,12 @@
{ lib, ... }:
{
networking.hostName = "radish";
time.timeZone = lib.mkForce null; # allow TZ to be set by desktop user
i18n.defaultLocale = "de_DE.UTF-8";
i18n.supportedLocales = map (locale: "${locale}.UTF-8/UTF-8") [ "C" "en_US" "de_DE" "fi_FI" ];
i18n.extraLocaleSettings.LANG = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
}

44
hosts/radish/packages.nix Normal file
View File

@@ -0,0 +1,44 @@
{ pkgs, lib, inputs, ... }:
{
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [ (import ../../custom-pkgs { inherit lib inputs; }) ];
environment = {
systemPackages = with pkgs; [
vim
wget
curl
htop
tmux
libimobiledevice
ripgrep
fd
];
pathsToLink = [ "/share/zsh" ];
};
services = {
tailscale = {
enable = true;
useRoutingFeatures = "client";
};
ollama = {
enable = false; # FIXME: https://github.com/NixOS/nixpkgs/issues/376930
acceleration = "rocm";
environmentVariables = {
HSA_OVERRIDE_GFX_VERSION = "11.0.3";
};
};
};
programs = {
zsh.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [ "moco" ];
};
_1password.enable = true;
};
}

17
hosts/radish/users.nix Normal file
View File

@@ -0,0 +1,17 @@
{ pkgs, ... }:
{
# Define a user account. Don't forget to set a password with passwd.
users.users.jokke = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.zsh;
};
users.users.moco = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.zsh;
subUidRanges = [{ startUid = 10000; count = 65536; }];
subGidRanges = [{ startGid = 10000; count = 65536; }];
};
}