aboutsummaryrefslogtreecommitdiffstats
path: root/hosts/work
diff options
context:
space:
mode:
authorsadbeast <sadbeast@sadbeast.com>2024-05-30 00:47:47 +0000
committersadbeast <sadbeast@sadbeast.com>2024-10-05 16:44:14 -0700
commit09513b5c4e4babfaefdd06c592ef34c0908dc572 (patch)
tree5a9af6ef0407346c223334e295adc8012654f112 /hosts/work
downloadnix-config-main.tar.gz
nix-config-main.tar.bz2
oh god what have i doneHEADmain
Diffstat (limited to 'hosts/work')
-rw-r--r--hosts/work/default.nix62
-rw-r--r--hosts/work/hardware-configuration.nix64
2 files changed, 126 insertions, 0 deletions
diff --git a/hosts/work/default.nix b/hosts/work/default.nix
new file mode 100644
index 0000000..c419fd9
--- /dev/null
+++ b/hosts/work/default.nix
@@ -0,0 +1,62 @@
+{config, ...}: {
+ imports = [
+ ./hardware-configuration.nix
+
+ ../common/global
+ ../common/optional/wireless.nix
+ ];
+
+ # Use the systemd-boot EFI boot loader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ networking.hostName = "work";
+
+ # Slows down write operations considerably
+ nix.settings.auto-optimise-store = false;
+
+ services = {
+ logind.extraConfig = ''
+ HandleLidSwitchExternalPower=ignore
+ '';
+ };
+
+ virtualisation.docker = {
+ enable = true;
+
+ daemon.settings = {
+ userland-proxy = false;
+ experimental = true;
+ metrics-addr = "0.0.0.0:9323";
+ ipv6 = true;
+ fixed-cidr-v6 = "fd00::/80";
+ };
+ # rootless = {
+ # enable = true;
+ # setSocketVariable = true;
+ # };
+ storageDriver = "btrfs";
+ };
+
+ users.users.sadbeast = {
+ hashedPasswordFile = config.sops.secrets.sadbeast-password.path;
+
+ extraGroups = ["docker"];
+
+ subUidRanges = [
+ {
+ startUid = 100000;
+ count = 65536;
+ }
+ ];
+ subGidRanges = [
+ {
+ startGid = 100000;
+ count = 65536;
+ }
+ ];
+ };
+
+ # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+ system.stateVersion = "24.05";
+}
diff --git a/hosts/work/hardware-configuration.nix b/hosts/work/hardware-configuration.nix
new file mode 100644
index 0000000..f174382
--- /dev/null
+++ b/hosts/work/hardware-configuration.nix
@@ -0,0 +1,64 @@
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}: {
+ imports = [
+ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_usb_sdmmc"];
+ boot.initrd.kernelModules = [];
+ boot.kernelModules = ["kvm-intel"];
+ boot.extraModulePackages = [];
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/0ac2bd64-7a06-4972-af6e-beffa6567ba7";
+ fsType = "btrfs";
+ options = ["subvol=root"];
+ };
+
+ boot.initrd.luks.devices."work".device = "/dev/disk/by-uuid/7ce450be-7739-476e-9a8d-e25e57d8707f";
+
+ fileSystems."/nix" = {
+ device = "/dev/disk/by-uuid/0ac2bd64-7a06-4972-af6e-beffa6567ba7";
+ fsType = "btrfs";
+ options = ["subvol=nix"];
+ };
+
+ fileSystems."/persistent" = {
+ device = "/dev/disk/by-uuid/0ac2bd64-7a06-4972-af6e-beffa6567ba7";
+ fsType = "btrfs";
+ options = ["subvol=persistent"];
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/A468-9833";
+ fsType = "vfat";
+ options = ["fmask=0022" "dmask=0022"];
+ };
+
+ swapDevices = [
+ {device = "/dev/disk/by-label/swap";}
+ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking = {
+ useDHCP = lib.mkDefault true;
+ wireless = {
+ enable = true;
+ userControlled.enable = true;
+ };
+ };
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware = {
+ cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+ graphics.enable = true;
+ };
+}