From 73d73991c74f398b071c2a32c88ff31a7f02c4f9 Mon Sep 17 00:00:00 2001 From: Sijmen Date: Wed, 10 Aug 2022 09:41:44 +0200 Subject: [PATCH] add framework --- .drone.yml | 10 ++ {thinkpad => common}/dconf.nix | 0 common/home-manager/home.nix | 27 ++--- framework/configuration.nix | 157 +++++++++++++++++++++++++++ framework/hardware-configuration.nix | 37 +++++++ thinkpad/configuration.nix | 2 +- 6 files changed, 219 insertions(+), 14 deletions(-) rename {thinkpad => common}/dconf.nix (100%) create mode 100644 framework/configuration.nix create mode 100644 framework/hardware-configuration.nix diff --git a/.drone.yml b/.drone.yml index 7594901..feea93f 100644 --- a/.drone.yml +++ b/.drone.yml @@ -12,6 +12,16 @@ steps: - nix-channel --update - nix-build '' -j4 -A config.system.build.toplevel -I nixos-config=thinkpad/configuration.nix + - name: framework + image: nixos/nix:latest + depends_on: [clone] + commands: + - nix-channel --add https://nixos.org/channels/nixos-unstable nixos + - nix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager + - nix-channel --add https://github.com/NixOS/nixos-hardware/archive/master.tar.gz nixos-hardware + - nix-channel --update + - nix-build '' -j4 -A config.system.build.toplevel -I nixos-config=framework/configuration.nix + - name: nas image: nixos/nix:latest depends_on: [clone] diff --git a/thinkpad/dconf.nix b/common/dconf.nix similarity index 100% rename from thinkpad/dconf.nix rename to common/dconf.nix diff --git a/common/home-manager/home.nix b/common/home-manager/home.nix index 8141564..018c64f 100644 --- a/common/home-manager/home.nix +++ b/common/home-manager/home.nix @@ -31,28 +31,29 @@ spotify # System Tools - htop - iotop - sysstat - lsof - screen borgbackup - smartmontools - tmux fd gnome.gnome-tweaks gnomeExtensions.openweather htop - tree + iotop killall - pika-backup - silver-searcher - unzip - unrar - zip + lsof p7zip + pika-backup + s-tui + screen + silver-searcher + smartmontools + sysstat + tmux + tree + unrar + unzip virt-manager + vulkan-tools wl-clipboard + zip ]; sessionVariables = { diff --git a/framework/configuration.nix b/framework/configuration.nix new file mode 100644 index 0000000..7e04e64 --- /dev/null +++ b/framework/configuration.nix @@ -0,0 +1,157 @@ +{ config, pkgs, ... }: + +{ + imports = [ + + ./hardware-configuration.nix + ../common/configuration.nix + ]; + + sound.enable = true; + + hardware = { + bluetooth.enable = true; + pulseaudio = { + enable = true; + support32Bit = true; + }; + opengl = { + enable = true; + driSupport32Bit = true; + extraPackages = with pkgs; [ intel-media-driver vaapiIntel ]; + }; + }; + + boot = { + loader = { + efi.canTouchEfiVariables = true; + + systemd-boot = { + enable = true; + consoleMode = "auto"; + }; + }; + + kernelPackages = pkgs.linuxPackages_latest; + kernelParams = [ + "quiet" + "splash" + "vga=current" + "udev.log_level=3" + "mem_sleep_default=deep" + ]; + + loader.timeout = 0; + initrd.verbose = false; + consoleLogLevel = 0; + plymouth.enable = true; + }; + + networking = { + hostName = "sijmen-framework"; + networkmanager.enable = true; + firewall = { + allowedTCPPorts = [ + 22 # ssh + 22000 # syncthing sync + 51414 # transmission + 57621 # spotify connect + ]; + + allowedUDPPorts = [ + 21027 # syncthing discovery + 22000 # syncthing sync + 51820 # wireguard + ]; + }; + +# wireguard.interfaces.wg0 = { +# ips = [ "10.100.0.4/32" ]; +# listenPort = 51820; +# +# privateKeyFile = "/home/sijmen/wireguard-keys/private"; +# +# peers = [{ +# publicKey = "zu9vXxxg4wm0R4yWQ2HPaAwJbizuccGYbBB/StwSsm4="; +# +# # Forward all the traffic via VPN. +# #allowedIPs = [ "0.0.0.0/0" ]; +# # Or forward only particular subnets +# allowedIPs = [ "10.100.0.0/24" ]; +# +# # Set this to the server IP and port. +# endpoint = "143.178.219.107:51820"; +# persistentKeepalive = 25; +# } +# ]; +# }; + }; + + services = { + xserver = { + enable = true; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + }; + + syncthing = { + overrideDevices = true; + overrideFolders = true; + + devices = { + nas.id = "5XADATO-6ZKNZFK-YIX2TU3-RTUOAXR-OMWOAH6-OIUB7LE-TWM5B3C-W2I2FQU"; + desktop-fedora.id = "RE3BCEP-2FVDNPA-C72KDCX-5NRTLD4-DEJZAIX-PJAMJAN-LJDFHOY-WOXNPQW"; + }; + + folders = { + "vhuse-qjbcl" = { + path = "${config.users.users.sijmen.home}/Sync"; + devices = [ "nas" "desktop-fedora" ]; + }; + }; + }; + + fprintd.enable = true; + logind.lidSwitchDocked = "suspend"; + }; + + security.pam.services.login.fprintAuth = true; + + environment = { + gnome.excludePackages = (with pkgs; [ + gnome-photos + gnome-tour + ]) ++ (with pkgs.gnome; [ + gnome-calendar + gnome-music + epiphany # web browser + geary # email reader + totem # video player + tali # poker game + iagno # go game + hitori # sudoku game + atomix # puzzle game + ]); + + systemPackages = with pkgs; [ + gnome.adwaita-icon-theme + ifuse + libimobiledevice + libheif + ]; + }; + + programs.steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + }; + + nixpkgs.config.packageOverrides = pkgs: { + vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + }; + + home-manager.users.sijmen.imports = [ ../common/dconf.nix ]; + + system.stateVersion = "22.05"; +} diff --git a/framework/hardware-configuration.nix b/framework/hardware-configuration.nix new file mode 100644 index 0000000..e7592e2 --- /dev/null +++ b/framework/hardware-configuration.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8b59ffd8-5c2a-4251-a5f6-00983895e19d"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/7438-EF9A"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp166s0.useDHCP = lib.mkDefault true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/thinkpad/configuration.nix b/thinkpad/configuration.nix index e89c0b4..6de69e1 100644 --- a/thinkpad/configuration.nix +++ b/thinkpad/configuration.nix @@ -135,7 +135,7 @@ dedicatedServer.openFirewall = true; }; - home-manager.users.sijmen.imports = [ ./dconf.nix ]; + home-manager.users.sijmen.imports = [ ../common/dconf.nix ]; system.stateVersion = "22.05"; }