From 09513b5c4e4babfaefdd06c592ef34c0908dc572 Mon Sep 17 00:00:00 2001 From: sadbeast Date: Thu, 30 May 2024 00:47:47 +0000 Subject: oh god what have i done --- hosts/work/default.nix | 62 +++++++++++++++++++++++++++++++++ hosts/work/hardware-configuration.nix | 64 +++++++++++++++++++++++++++++++++++ 2 files changed, 126 insertions(+) create mode 100644 hosts/work/default.nix create mode 100644 hosts/work/hardware-configuration.nix (limited to 'hosts/work') diff --git a/hosts/work/default.nix b/hosts/work/default.nix new file mode 100644 index 0000000..c419fd9 --- /dev/null +++ b/hosts/work/default.nix @@ -0,0 +1,62 @@ +{config, ...}: { + imports = [ + ./hardware-configuration.nix + + ../common/global + ../common/optional/wireless.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "work"; + + # Slows down write operations considerably + nix.settings.auto-optimise-store = false; + + services = { + logind.extraConfig = '' + HandleLidSwitchExternalPower=ignore + ''; + }; + + virtualisation.docker = { + enable = true; + + daemon.settings = { + userland-proxy = false; + experimental = true; + metrics-addr = "0.0.0.0:9323"; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + }; + # rootless = { + # enable = true; + # setSocketVariable = true; + # }; + storageDriver = "btrfs"; + }; + + users.users.sadbeast = { + hashedPasswordFile = config.sops.secrets.sadbeast-password.path; + + extraGroups = ["docker"]; + + subUidRanges = [ + { + startUid = 100000; + count = 65536; + } + ]; + subGidRanges = [ + { + startGid = 100000; + count = 65536; + } + ]; + }; + + # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion + system.stateVersion = "24.05"; +} diff --git a/hosts/work/hardware-configuration.nix b/hosts/work/hardware-configuration.nix new file mode 100644 index 0000000..f174382 --- /dev/null +++ b/hosts/work/hardware-configuration.nix @@ -0,0 +1,64 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_usb_sdmmc"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/0ac2bd64-7a06-4972-af6e-beffa6567ba7"; + fsType = "btrfs"; + options = ["subvol=root"]; + }; + + boot.initrd.luks.devices."work".device = "/dev/disk/by-uuid/7ce450be-7739-476e-9a8d-e25e57d8707f"; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/0ac2bd64-7a06-4972-af6e-beffa6567ba7"; + fsType = "btrfs"; + options = ["subvol=nix"]; + }; + + fileSystems."/persistent" = { + device = "/dev/disk/by-uuid/0ac2bd64-7a06-4972-af6e-beffa6567ba7"; + fsType = "btrfs"; + options = ["subvol=persistent"]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/A468-9833"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + + swapDevices = [ + {device = "/dev/disk/by-label/swap";} + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking = { + useDHCP = lib.mkDefault true; + wireless = { + enable = true; + userControlled.enable = true; + }; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware = { + cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + graphics.enable = true; + }; +} -- cgit v1.2.3