diff options
Diffstat (limited to 'hosts/work')
-rw-r--r-- | hosts/work/default.nix | 117 | ||||
-rw-r--r-- | hosts/work/hardware-configuration.nix | 64 |
2 files changed, 181 insertions, 0 deletions
diff --git a/hosts/work/default.nix b/hosts/work/default.nix new file mode 100644 index 0000000..7d68e85 --- /dev/null +++ b/hosts/work/default.nix @@ -0,0 +1,117 @@ +{ + config, + pkgs, + ... +}: { + imports = [ + ./hardware-configuration.nix + + ../common/global + ../common/optional/wireless.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "work"; + + # Slows down write operations considerably + nix.settings.auto-optimise-store = false; + + programs.nix-ld.enable = true; + programs.nix-ld.libraries = with pkgs; [ + # Add any missing dynamic libraries for unpackaged programs + # here, NOT in environment.systemPackages + ]; + + services = { + logind.extraConfig = '' + HandleLidSwitchExternalPower=ignore + ''; + tmate-ssh-server.enable = true; + + xserver = { + enable = true; + displayManager.startx.enable = true; + windowManager.awesome = { + enable = true; + luaModules = with pkgs.luaPackages; [ + luarocks # is the package manager for Lua modules + luadbi-mysql # Database abstraction layer + ]; + }; + }; + }; + + virtualisation = { + docker = { + enable = true; + + daemon.settings = { + userland-proxy = false; + experimental = true; + metrics-addr = "0.0.0.0:9323"; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + }; + # rootless = { + # enable = true; + # setSocketVariable = true; + # }; + storageDriver = "btrfs"; + }; + + libvirtd = { + enable = true; + qemu = { + package = pkgs.qemu_kvm; + runAsRoot = true; + swtpm.enable = true; + ovmf = { + enable = true; + packages = [ + (pkgs.OVMF.override { + secureBoot = true; + tpmSupport = true; + }) + .fd + ]; + }; + }; + }; + }; + + users.users.sadbeast = { + hashedPasswordFile = config.sops.secrets.sadbeast-password.path; + + extraGroups = ["docker" "libvirtd"]; + + subUidRanges = [ + { + startUid = 100000; + count = 65536; + } + ]; + subGidRanges = [ + { + startGid = 100000; + count = 65536; + } + ]; + }; + + environment = { + systemPackages = [ + (pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" '' + qemu-system-x86_64 \ + -bios ${pkgs.OVMF.fd}/FV/OVMF.fd \ + "$@" + '') + pkgs.qemu + ]; + }; + + # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion + system.stateVersion = "24.11"; +} diff --git a/hosts/work/hardware-configuration.nix b/hosts/work/hardware-configuration.nix new file mode 100644 index 0000000..f174382 --- /dev/null +++ b/hosts/work/hardware-configuration.nix @@ -0,0 +1,64 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_usb_sdmmc"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/0ac2bd64-7a06-4972-af6e-beffa6567ba7"; + fsType = "btrfs"; + options = ["subvol=root"]; + }; + + boot.initrd.luks.devices."work".device = "/dev/disk/by-uuid/7ce450be-7739-476e-9a8d-e25e57d8707f"; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/0ac2bd64-7a06-4972-af6e-beffa6567ba7"; + fsType = "btrfs"; + options = ["subvol=nix"]; + }; + + fileSystems."/persistent" = { + device = "/dev/disk/by-uuid/0ac2bd64-7a06-4972-af6e-beffa6567ba7"; + fsType = "btrfs"; + options = ["subvol=persistent"]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/A468-9833"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + + swapDevices = [ + {device = "/dev/disk/by-label/swap";} + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking = { + useDHCP = lib.mkDefault true; + wireless = { + enable = true; + userControlled.enable = true; + }; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware = { + cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + graphics.enable = true; + }; +} |