schmittlauch/nixconfigs
2
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Compare commits

base: schmittlauch:c44dcb450fb3e0bff04611c2fd6c47b96763ae59
Branches Tags
schmittlauch:mainline
schmittlauch:darwin-patch-nodejs_20
schmittlauch:workmac
schmittlauch:amd-pmf-debugging
schmittlauch:modularise-config
schmittlauch:flake-conversion
..
compare: schmittlauch:0639633b0d46d08dfbf4b095b90490f1d1c827c6
Branches Tags
schmittlauch:mainline
schmittlauch:darwin-patch-nodejs_20
schmittlauch:workmac
schmittlauch:amd-pmf-debugging
schmittlauch:modularise-config
schmittlauch:flake-conversion

No commits in common. "c44dcb450fb3e0bff04611c2fd6c47b96763ae59" and "0639633b0d46d08dfbf4b095b90490f1d1c827c6" have entirely different histories.
c44dcb450f ... 0639633b0d

15 changed files with 190 additions and 398 deletions
Download patch file Download diff file Expand all files Collapse all files

100
flake.lock generated
View file

@ -74,22 +74,6 @@
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
}, },
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"path": "/nix/store/pgid9c9xfcrbqx2giry0an0bi0df7s5c-source",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "path"
},
"original": {
"id": "flake-utils",
"type": "indirect"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
@ -133,11 +117,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1705476964, "lastModified": 1703113038,
"narHash": "sha256-W5OK1fnj4qdn1HWOlxV2S3YiUvfaVjQM5ldWVpGV1fs=", "narHash": "sha256-oxkyzjpD+mNT7arzU/zHrkNHLuY9tKwmnD2MNaZiSDw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "85c3b600f660abd86e94cbcd1c46733943197a07", "rev": "0c2353d5d930c3d93724df6858aef064a31b3c00",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -152,7 +136,7 @@
"crane": "crane", "crane": "crane",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"pre-commit-hooks-nix": "pre-commit-hooks-nix", "pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
@ -206,11 +190,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1705312285, "lastModified": 1702453208,
"narHash": "sha256-rd+dY+v61Y8w3u9bukO/hB55Xl4wXv4/yC8rCGVnK5U=", "narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "bee2202bec57e521e3bd8acd526884b9767d7fa0", "rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -222,11 +206,11 @@
}, },
"nixos-unstable": { "nixos-unstable": {
"locked": { "locked": {
"lastModified": 1705496572, "lastModified": 1703013332,
"narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=", "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19", "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -270,11 +254,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1705458851, "lastModified": 1703068421,
"narHash": "sha256-uQvEhiv33Zj/Pv364dTvnpPwFSptRZgVedDzoM+HqVg=", "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8bf65f17d8070a0a490daf5f1c784b87ee73982c", "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -286,11 +270,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1705602701, "lastModified": 1703159048,
"narHash": "sha256-FkR40ElbG1pW3f/mpSzbRON9Tjx5pkT2IBWNtd3YKDQ=", "narHash": "sha256-TcW0kf7nd/OEZwwxPs1y07YU4oZe18ezolScRbXXWZA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "66c3aec51e9d40381a053798de41b5e477d4b665", "rev": "9ef37017837733a76fe18680264fcd815df1eea6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -332,7 +316,6 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"logseq-fix-nixpkgs": "logseq-fix-nixpkgs", "logseq-fix-nixpkgs": "logseq-fix-nixpkgs",
@ -340,8 +323,7 @@
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-unstable": "nixos-unstable", "nixos-unstable": "nixos-unstable",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nur": "nur", "nur": "nur"
"utils": "utils"
} }
}, },
"rust-overlay": { "rust-overlay": {
@ -383,54 +365,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

46
flake.nix
View file

@ -14,7 +14,6 @@
url = "github:nix-community/lanzaboote/v0.3.0"; url = "github:nix-community/lanzaboote/v0.3.0";
# deliberately do _not_ follow the nixpkgs input here, because paranoia and test coverage # deliberately do _not_ follow the nixpkgs input here, because paranoia and test coverage
}; };
utils.url = "github:numtide/flake-utils";
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
# TODO: possible make this a flake as well # TODO: possible make this a flake as well
@ -26,47 +25,42 @@
}; };
outputs = outputs =
{ self, nixpkgs, nur, lanzaboote, flake-utils, home-manager, ... }@inputs: { self, nixpkgs, nur, lanzaboote, ... }@inputs:
let let
# FIXME: allow different systems system = "x86_64-linux";
systems = flake-utils.lib.system; pkgs = nixpkgs.legacyPackages.${system};
# necessary to make the top-level inputs available to system configuration in
defaultModules = [ {
{ _module.args = { inherit inputs; }; }
]; nixosConfigurations.thinknix = nixpkgs.lib.nixosSystem {
mkSystem = system: extraModules: inherit system;
nixpkgs.lib.nixosSystem rec { modules = [ ./nixos/configuration.nix lanzaboote.nixosModules.lanzaboote ];
modules = defaultModules ++ extraModules; # necessary to make the top-level inputs available to system configuration
inherit system; specialArgs = {
#TODO: for system, consider moving to flake-utils
inherit inputs system;
};
}; };
mkHomeManager = confName: user: system: # unfortunately, home-manager configs are still system-specific homeConfigurations.spiollinux = inputs.home-manager.lib.homeManagerConfiguration {
# FIXME: this is thus still linux-x86_64 specific inherit pkgs;
home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.${system};
modules = [ modules = [
{ {
imports = [ imports = [
nur.hmModules.nur nur.hmModules.nur
# TODO: $name can be utilised to conditionally load other config files
./home/home.nix ./home/home.nix
]; ];
# extends the home config # extends the home config
home.username = user; home.username = "spiollinux";
home.homeDirectory = "/home/${user}"; home.homeDirectory = "/home/spiollinux";
} }
]; ];
# Optionally use extraSpecialArgs # Optionally use extraSpecialArgs
# to pass through arguments to home.nix # to pass through arguments to home.nix
extraSpecialArgs = { extraSpecialArgs = {
#TODO: for system, consider moving to flake-utils
inherit inputs system; inherit inputs system;
}; };
}; };
in
{
nixosConfigurations = {
thinknix = mkSystem systems.x86_64-linux [ ./hosts/thinknix inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t440s lanzaboote.nixosModules.lanzaboote ];
framenix = mkSystem systems.x86_64-linux [ ./hosts/framenix inputs.nixos-hardware.nixosModules.framework-13-7040-amd lanzaboote.nixosModules.lanzaboote ];
};
homeConfigurations.spiollinux = mkHomeManager "spiollinux" "spiollinux" systems.x86_64-linux;
}; };
} }

48
hosts/framenix/default.nix
View file

@ -1,48 +0,0 @@
{ config, lib, pkgs, inputs, ...}:
{
imports = [
../../common
./hardware-configuration.nix
./storage.nix
./swap.nix
];
networking.hostName = "framenix"; # Define your hostname.
# try newer kernels
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
hardware.enableRedistributableFirmware = true;
services.fwupd.enable = true;
# I do not need fingerprint reading
services.fprintd.enable = false;
environment.systemPackages = [ pkgs.radeontop ];
}

26
hosts/framenix/hardware-configuration.nix
View file

@ -1,26 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp193s0f3u1c2.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

44
hosts/framenix/storage.nix
View file

@ -1,44 +0,0 @@
{ config, lib, pkgs, ... }:
let
fsOptions = [ "noatime" "ssd" "compress=zstd" ];
in
{
boot.initrd.luks = {
devices =
# allow discards on all devices
builtins.mapAttrs (name: val: val // {allowDiscards = true;})
{
"system".device = "/dev/disk/by-uuid/1838cdc5-9b0b-4c46-9f23-9465549eeb92";
"cryptswap".device = "/dev/disk/by-uuid/ded7d649-ab3a-42ee-ae4a-f8c4ba029e9c";
};
reusePassphrases = true;
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/22388786-4285-403b-9994-e9aae1f11172";
fsType = "btrfs";
options = fsOptions ++ [ "subvol=nixos_root" ];
};
"/home" = {
device = "/dev/disk/by-uuid/22388786-4285-403b-9994-e9aae1f11172";
fsType = "btrfs";
options = fsOptions ++ [ "subvol=home" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/AF8E-E9E6";
fsType = "vfat";
options = [ "discard" ];
};
};
services.fstrim.enable = true;
services.btrfs.autoScrub = {
enable = true;
fileSystems = [ "/" "/home" ];
};
boot.tmp.useTmpfs = true;
}

12
hosts/framenix/swap.nix
View file

@ -1,12 +0,0 @@
{
swapDevices =
[ { device = "/dev/disk/by-uuid/24c47f3d-0d3e-4575-92a2-174b5a6b6086"; }
];
zramSwap = {
enable = true;
memoryPercent = 20;
};
boot.kernel.sysctl."vm.swappiness" = 9;
}

28
hosts/thinknix/default.nix
View file

@ -1,28 +0,0 @@
{ config, lib, pkgs, inputs, ...}:
{
imports = [
../../common
./hardware-configuration.nix
./storage.nix
./swap.nix
# FIXME: move this to common, conditional enabling
./secureboot.nix
];
hardware.trackpoint = {
enable = true;
sensitivity = 180;
speed = 180;
};
networking.hostName = "thinknix";
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09"; # Did you read the comment?
}

20
hosts/thinknix/hardware-configuration.nix
View file

@ -1,20 +0,0 @@
{ config, lib, pkgs, modulesPath, inputs, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [];
nix.settings.max-jobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# modesetting is always better than intel (legacy)
services.xserver.videoDrivers = [ "modesetting" ];
}

20
hosts/thinknix/secureboot.nix
View file

@ -1,20 +0,0 @@
{ config, lib, pkgs, inputs, ...}:
{
boot.loader.efi.canTouchEfiVariables = true;
# UEFI secure boot
environment.systemPackages = [
pkgs.sbctl
];
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
}

72
hosts/thinknix/storage.nix
View file

@ -1,72 +0,0 @@
{ config, lib, pkgs, inputs, ...}:
let
fsOptions = [ "noatime" "ssd" "space_cache" "compress=zstd" ];
in
{
# encrypted partitions
boot.initrd.luks = {
devices =
# allow discards on all devices
builtins.mapAttrs (name: val: val // {allowDiscards = true;})
{
"system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef";
"cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa";
"ssd2".device = "/dev/disk/by-uuid/cadd4e1f-3642-4faa-8d4e-37dd85465df1";
};
reusePassphrases = true;
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4";
fsType = "btrfs";
options = fsOptions ++ [ "subvol=nixos_root" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/DED9-661B";
fsType = "vfat";
options = [ "discard" ];
};
"/home" = {
device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4";
fsType = "btrfs";
options = fsOptions ++ [ "subvol=home" ];
};
"/var/tmp" = {
device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
fsType = "btrfs";
options = fsOptions ++ [ "subvol=vartmp" ];
};
"/var/log" = {
device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
fsType = "btrfs";
options = fsOptions ++ [ "subvol=varlog" ];
};
"/var/cache" = {
device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
fsType = "btrfs";
options = fsOptions ++ [ "subvol=varcache" ];
};
};
services.fstrim.enable = true;
services.btrfs.autoScrub = {
enable = true;
fileSystems = [ "/" "/home" ];
};
boot.tmp.useTmpfs = true;
fileSystems."/tmp".fsType = "tmpfs";
services.smartd =
{
enable = true;
devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }];
};
}

12
hosts/thinknix/swap.nix
View file

@ -1,12 +0,0 @@
{
swapDevices = [
{ device = "/dev/disk/by-uuid/bf928178-4e92-4e7e-8df2-18fbd658eecf"; }
];
zramSwap = {
enable = true;
memoryPercent = 20;
};
boot.kernel.sysctl."vm.swappiness" = 9;
}

63
common/default.nix → nixos/configuration.nix
View file

@ -1,25 +1,67 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, lib, inputs, ... }: { config, pkgs, lib, inputs, ... }:
let let
unstable = inputs.nixos-unstable; unstable = inputs.nixos-unstable;
localfork = import /home/spiollinux/src/nixpkgs { };
in in
{ {
imports = imports =
[ [
./packages.nix # Include the results of the hardware scan.
./nitrokey.nix ./hardware-configuration.nix
./modules/packages.nix
./modules/nitrokey.nix
]; ];
services.davfs2.enable = true; services.davfs2.enable = true;
# try newer kernels
#boot.kernelPackages = pkgs.linuxPackages_latest;
services.fstrim.enable = true;
services.btrfs.autoScrub =
{
enable = true;
fileSystems = [ "/" "/home" ];
};
# exfat support # exfat support
#boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; #boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
zramSwap =
{
enable = true;
memoryPercent = 20;
};
boot.kernel.sysctl."vm.swappiness" = 9;
boot.loader.efi.canTouchEfiVariables = true;
# UEFI secure boot
environment.systemPackages = [
pkgs.sbctl
];
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
# make the boot look good # make the boot look good
boot.plymouth.enable = true; boot.plymouth.enable = true;
networking.hostName = "thinknix";
# configure console # configure console
console = { console = {
font = "Lat2-Terminus16"; font = "Lat2-Terminus16";
@ -45,7 +87,7 @@ in
programs.adb.enable = true; programs.adb.enable = true;
programs.mtr.enable = true; # programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable: # List services that you want to enable:
@ -60,7 +102,6 @@ in
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];
networking.firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }]; networking.firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }];
networking.firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; # for KDE connect networking.firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; # for KDE connect
# FIXME: kdeconnect module
# Or disable the firewall altogether. # Or disable the firewall altogether.
# networking.firewall.enable = false; # networking.firewall.enable = false;
@ -142,7 +183,6 @@ in
}; };
# FIXME: at some point, hide GUI and sound (desktop vs. server) behind an option
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver.enable = true; services.xserver.enable = true;
services.xserver.layout = "de"; services.xserver.layout = "de";
@ -158,7 +198,7 @@ in
services.xserver.displayManager.sddm.enable = true; services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true; services.xserver.desktopManager.plasma5.enable = true;
# dconf required for several Gnome applications # dconf required for several Gnome applications like Cawbird
programs.dconf.enable = true; programs.dconf.enable = true;
programs.firefox.enable = true; # enables support for automatically setting additionsl nativeMessagingHosts programs.firefox.enable = true; # enables support for automatically setting additionsl nativeMessagingHosts
@ -193,6 +233,12 @@ in
# profile sync daemon # profile sync daemon
services.psd.enable = true; services.psd.enable = true;
services.smartd =
{
enable = true;
devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }];
};
fonts = { fonts = {
fontDir.enable = true; fontDir.enable = true;
fontconfig.enable = true; fontconfig.enable = true;
@ -255,5 +301,10 @@ in
# stop NetworkManager from managing virtual interfaces # stop NetworkManager from managing virtual interfaces
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09"; # Did you read the comment?
} }

95
nixos/hardware-configuration.nix Normal file
View file

@ -0,0 +1,95 @@
{ config, lib, pkgs, modulesPath, inputs, ... }:
let
fsOptions = [ "noatime" "ssd" "space_cache" "compress=zstd" ];
in
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
(inputs.nixos-hardware + "/lenovo/thinkpad/t440s")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [];
# encrypted partitions
boot.initrd.luks =
{
devices =
# allow discards on all devices
builtins.mapAttrs (name: val: val // {allowDiscards = true;})
{
"system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef";
"cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa";
"ssd2".device = "/dev/disk/by-uuid/cadd4e1f-3642-4faa-8d4e-37dd85465df1";
};
reusePassphrases = true;
};
fileSystems."/" =
{
device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4";
fsType = "btrfs";
options = fsOptions ++ [ "subvol=nixos_root" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/DED9-661B";
fsType = "vfat";
options = [ "discard" ];
};
fileSystems."/home" =
{
device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4";
fsType = "btrfs";
options = fsOptions ++ [ "subvol=home" ];
};
fileSystems."/var/tmp" =
{
device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
fsType = "btrfs";
options = fsOptions ++ [ "subvol=vartmp" ];
};
fileSystems."/var/log" =
{
device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
fsType = "btrfs";
options = fsOptions ++ [ "subvol=varlog" ];
};
fileSystems."/var/cache" =
{
device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
fsType = "btrfs";
options = fsOptions ++ [ "subvol=varcache" ];
};
boot.tmp.useTmpfs = true;
fileSystems."/tmp".fsType = "tmpfs";
swapDevices =
[
{ device = "/dev/disk/by-uuid/bf928178-4e92-4e7e-8df2-18fbd658eecf"; }
];
nix.settings.max-jobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.trackpoint = {
enable = true;
sensitivity = 180;
speed = 180;
};
# modesetting is always better than intel (legacy)
services.xserver.videoDrivers = [ "modesetting" ];
}

0
common/nitrokey.nix → nixos/modules/nitrokey.nix
View file

2
common/packages.nix → nixos/modules/packages.nix
View file

@ -15,7 +15,7 @@
python3 python3
man-pages man-pages
dnsutils dnsutils
netcat-openbsd netcat
ntfs3g ntfs3g
file file
multipath-tools multipath-tools