From 08297376a85a1719518507e54fca9de954d2376a Mon Sep 17 00:00:00 2001 From: Petri Hienonen Date: Thu, 23 May 2024 13:56:00 +0300 Subject: Agenix configuration --- hosts/saarni/default.nix | 316 +++++++++++--------------------- hosts/saarni/hardware-configuration.nix | 81 +++++--- 2 files changed, 165 insertions(+), 232 deletions(-) (limited to 'hosts/saarni') diff --git a/hosts/saarni/default.nix b/hosts/saarni/default.nix index 010a8eb..5252e6f 100644 --- a/hosts/saarni/default.nix +++ b/hosts/saarni/default.nix @@ -2,249 +2,147 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ inputs, outputs, lib, config, pkgs, vars, ... }: +{ + inputs, + outputs, + lib, + config, + pkgs, + vars, + ... +}: { - imports = [ - ./hardware-configuration.nix - inputs.home-manager.nixosModules.home-manager - ]; + imports = [ ./hardware-configuration.nix ]; - nix = { - nixPath = [ "/etc/nix/path" ]; - gc = { - automatic = true; - }; - settings = { - auto-optimise-store = true; - experimental-features = "nix-command flakes"; + hardware = { + graphics = { + extraPackages = with pkgs; [ + libvpl + libvdpau-va-gl + sof-firmware + vpl-gpu-rt + ]; }; - registry = (lib.mapAttrs (_: flake: { inherit flake; })) - ((lib.filterAttrs (_: lib.isType "flake")) inputs); - }; - nixpkgs.config.allowUnfree = true; - security.rtkit.enable = true; - - home-manager = { - extraSpecialArgs = { inherit inputs outputs vars; }; - users = { ${vars.user} = import ../../home; }; - }; - - powerManagement = { - enable = true; - powertop.enable = true; - }; - # Bootloader. - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - kernelPackages = pkgs.linuxPackages_latest; - plymouth.enable = true; - kernelParams = [ "quiet" "splash" ]; + bluetooth.settings.General.Name = "saarni"; }; networking = { - nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ]; hostName = "saarni"; - useNetworkd = true; - wireless.iwd.enable = true; }; systemd = { - watchdog = { - device = "/dev/watchdog"; - runtimeTime = "30s"; + services."enable-wifi-on-boot" = { + description = "Enable wifi on boot"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.util-linux}/bin/rfkill unblock all"; + Type = "oneshot"; + }; }; - sleep.extraConfig = "HibernateDelaysSec=90m"; network = { enable = true; wait-online.enable = false; + config = { + networkConfig = { + SpeedMeter = true; + }; + }; networks = { "10-lan" = { - matchConfig.Name = "enp0s20f0u9"; - networkConfig.DHCP = "yes"; + matchConfig = { + Name = "enps0"; + }; + linkConfig = { + Multicast = true; + }; + networkConfig = { + DHCP = true; + IPv6AcceptRA = true; + MulticastDNS = true; + LinkLocalAddressing = "ipv6"; + DNSSEC = true; + UseDomains = true; + }; + dhcpV4Config = { + RouteMetric = 20; + UseDNS = true; + UseMTU = true; + }; + ipv6AcceptRAConfig = { + UseMTU = true; + }; }; - "11-lan" = { - matchConfig.Name = "wlan0"; - networkConfig.DHCP = "yes"; + "11-wlan" = { + matchConfig = { + MACAddress = "64:d6:9a:9e:06:60"; + }; + linkConfig = { + Multicast = true; + }; + networkConfig = { + DHCP = true; + IPv6AcceptRA = true; + MulticastDNS = true; + LinkLocalAddressing = "ipv6"; + DNSSEC = true; + UseDomains = true; + }; + dhcpV4Config = { + RouteMetric = 100; + UseDNS = true; + UseMTU = true; + SendHostname = true; + }; + dhcpV6Config = { + WithoutRA = "solicit"; + }; + ipv6AcceptRAConfig = { + UseMTU = true; + }; }; }; }; }; - system.autoUpgrade = { - enable = true; - }; - - sound.enable = true; - - hardware = { - opengl = { - enable = true; - driSupport = true; - extraPackages = with pkgs; [ - intel-media-driver - libvdpau-va-gl - ]; - }; - bluetooth = { - enable = true; - powerOnBoot = true; - }; - }; - - # Set your time zone. - time.timeZone = "Europe/Helsinki"; - - # Select internationalisation properties. - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "fi_FI.UTF-8"; - LC_IDENTIFICATION = "fi_FI.UTF-8"; - LC_MEASUREMENT = "fi_FI.UTF-8"; - LC_MONETARY = "fi_FI.UTF-8"; - LC_NAME = "fi_FI.UTF-8"; - LC_NUMERIC = "fi_FI.UTF-8"; - LC_PAPER = "fi_FI.UTF-8"; - LC_TELEPHONE = "fi_FI.UTF-8"; - LC_TIME = "fi_FI.UTF-8"; - }; - }; - - console.keyMap = "fi"; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.${vars.user} = { - isNormalUser = true; - description = "${vars.name}"; - extraGroups = [ "input" "network" "wheel" ]; - packages = with pkgs; [ ]; - ignoreShellProgramCheck = true; - shell = pkgs.${vars.shell}; - }; - - programs = { - firefox.enable = true; - hyprland.enable = true; - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - mtr.enable = true; - }; - environment = { - sessionVariables = { - LIBVA_DRIVER_NAME = "iHD"; - }; - systemPackages = with pkgs; [ - fastfetch - vulkan-tools - libva-utils - wget - curl - git - gzip - btop - glxinfo - sqlite - openssh - gnupg - helix - nixfmt - ]; - etc = lib.mapAttrs' (name: value: { - name = "nix/path/${name}"; - value.source = value.flake; - }) config.nix.registry; - }; - - fonts = { - enableDefaultPackages = true; - packages = with pkgs; [ noto-fonts fira-code fira-code-symbols ]; - fontconfig = { - defaultFonts = { - serif = [ "Noto Serif" ]; - sansSerif = [ "Noto Sans" ]; - monospace = [ "Fira Code" ]; - }; - }; + sessionVariables = { }; }; - # List services that you want to enable: services = { - getty.autologinUser = "petri"; - resolved = { - enable = true; - dnsovertls = "true"; - }; - xserver = { - layout = "fi"; - xkbVariant = "normal"; - }; - pipewire = { + godns = { enable = true; - alsa.enable = true; - pulse.enable = true; - }; - openssh.enable = true; - printing.enable = true; - kmscon = { - enable = true; - hwRender = true; - extraOptions = "--xkb-layout=fi"; - }; - blueman.enable = true; - upower.enable = true; - upower.criticalPowerAction = "Hibernate"; - fstrim.enable = false; - thermald.enable = true; - auto-cpufreq.enable = true; - greetd = { - enable = true; - settings = rec { - initial_session = { - command = "${pkgs.hyprland}/bin/Hyprland"; - user = "petri"; - }; - default_session = initial_session; + settings = { + domains = [ + { + domain_name = "www.duckdns.org"; + sub_domains = [ "saarni" ]; + } + ]; + ip_interface = "wlan0"; + interval = 300; + ip_type = "IPv6"; + login_token_file = config.age.secrets.duckdns.path; + provider = "DuckDNS"; }; }; - }; - - xdg.portal = { - enable = true; - xdgOpenUsePortal = true; - extraPortals = [ - pkgs.xdg-desktop-portal-hyprland - pkgs.xdg-desktop-portal-gtk - ]; - wlr = { + tlp = { enable = true; settings = { - screencast = { - chooser_type = "simple"; - chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -ro"; - }; + CPU_PERF_POLICY_ON_AC = "performance"; + CPU_PERF_POLICY_ON_BAT = "power"; + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + START_CHARGE_THRESH_BAT0 = 40; + STOP_CHARGE_TRESH_BAT0 = 20; }; }; + upower = { + enable = true; + criticalPowerAction = "Hibernate"; + }; + thermald.enable = true; }; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? + system.stateVersion = "24.05"; } diff --git a/hosts/saarni/hardware-configuration.nix b/hosts/saarni/hardware-configuration.nix index 6aef572..798aa7b 100644 --- a/hosts/saarni/hardware-configuration.nix +++ b/hosts/saarni/hardware-configuration.nix @@ -1,37 +1,72 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") ]; + config, + lib, + pkgs, + modulesPath, + ... +}: - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/3968a07a-5e37-4bdb-9e3a-6c74950fd03d"; - fsType = "ext4"; + boot = { + kernelPackages = pkgs.linuxPackages_zen; + initrd = { + availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "usb_storage" + "sd_mod" + "i915" + "cdc_acm" + ]; }; + kernelModules = [ + "kvm-intel" + "iwlwifi" + "iwldvm" + "snd_hda_intel" + "snd_soc_avs" + "snd_sof_pci_intel_tgl" + "tcp_bbr" + ]; + extraModulePackages = [ ]; + kernelParams = [ + "default_hugepagesz=2M" + "i915.enable_guc=3" + "i915.fastboot=1" + "mitigations=off" + "nospectre_v2" + "snd-intel-dspcfg.dsp_driver=3" + "transparent_hugepage=always" + "usbcore.blinkenlights=1" + ]; + extraModprobeConfig = '' + options snd_hda_intel enable=0,1 + ''; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/9B7E-3D1B"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/3968a07a-5e37-4bdb-9e3a-6c74950fd03d"; + fsType = "ext4"; + }; - swapDevices = [ ]; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/9B7E-3D1B"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - # networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + hardware.firmware = [ pkgs.sof-firmware ]; + swapDevices = [ ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } -- cgit v1.2.3-70-g09d2