add framework

.drone.yml

@@ -12,6 +12,16 @@ steps:
       - nix-channel --update
       - nix-build '<nixpkgs/nixos>' -j4 -A config.system.build.toplevel -I nixos-config=thinkpad/configuration.nix
 
+  - name: framework
+    image: nixos/nix:latest
+    depends_on: [clone]
+    commands:
+      - nix-channel --add https://nixos.org/channels/nixos-unstable nixos
+      - nix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager
+      - nix-channel --add https://github.com/NixOS/nixos-hardware/archive/master.tar.gz nixos-hardware
+      - nix-channel --update
+      - nix-build '<nixpkgs/nixos>' -j4 -A config.system.build.toplevel -I nixos-config=framework/configuration.nix
+
   - name: nas
     image: nixos/nix:latest
     depends_on: [clone]

common/home-manager/home.nix

@@ -31,28 +31,29 @@
       spotify
 
       # System Tools
-      htop
-      iotop
-      sysstat
-      lsof
-      screen
       borgbackup
-      smartmontools
-      tmux
       fd
       gnome.gnome-tweaks
       gnomeExtensions.openweather
       htop
-      tree
+      iotop
       killall
-      pika-backup
+      lsof
-      silver-searcher
-      unzip
-      unrar
-      zip
       p7zip
+      pika-backup
+      s-tui
+      screen
+      silver-searcher
+      smartmontools
+      sysstat
+      tmux
+      tree
+      unrar
+      unzip
       virt-manager
+      vulkan-tools
       wl-clipboard
+      zip
     ];
 
     sessionVariables = {

framework/configuration.nix

@@ -0,0 +1,157 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    <nixos-hardware/framework>
+    ./hardware-configuration.nix
+    ../common/configuration.nix
+  ];
+
+  sound.enable = true;
+
+  hardware = {
+    bluetooth.enable = true;
+    pulseaudio = {
+      enable = true;
+      support32Bit = true;
+    };
+    opengl = {
+      enable = true;
+      driSupport32Bit = true;
+      extraPackages = with pkgs; [ intel-media-driver vaapiIntel ];
+    };
+  };
+
+  boot = {
+    loader = {
+      efi.canTouchEfiVariables = true;
+
+      systemd-boot = {
+        enable = true;
+        consoleMode = "auto";
+      };
+    };
+
+    kernelPackages = pkgs.linuxPackages_latest;
+    kernelParams = [ 
+      "quiet"
+      "splash"
+      "vga=current"
+      "udev.log_level=3"
+      "mem_sleep_default=deep"
+    ];
+
+    loader.timeout = 0;
+    initrd.verbose = false;
+    consoleLogLevel = 0;
+    plymouth.enable = true;
+  };
+
+  networking = {
+    hostName = "sijmen-framework";
+    networkmanager.enable = true;
+    firewall = {
+      allowedTCPPorts = [
+        22      # ssh
+        22000   # syncthing sync
+        51414   # transmission
+        57621   # spotify connect
+      ];
+
+      allowedUDPPorts = [
+        21027   # syncthing discovery
+        22000   # syncthing sync
+        51820   # wireguard
+      ];
+    };
+
+#    wireguard.interfaces.wg0 = {
+#      ips = [ "10.100.0.4/32" ];
+#      listenPort = 51820;
+#
+#      privateKeyFile = "/home/sijmen/wireguard-keys/private";
+#
+#      peers = [{
+#          publicKey = "zu9vXxxg4wm0R4yWQ2HPaAwJbizuccGYbBB/StwSsm4=";
+#
+#          # Forward all the traffic via VPN.
+#          #allowedIPs = [ "0.0.0.0/0" ];
+#          # Or forward only particular subnets
+#          allowedIPs = [ "10.100.0.0/24" ];
+#
+#          # Set this to the server IP and port.
+#          endpoint = "143.178.219.107:51820";
+#          persistentKeepalive = 25;
+#        }
+#      ];
+#    };
+  };
+
+  services = {
+    xserver = {
+      enable = true;
+      displayManager.gdm.enable = true;
+      desktopManager.gnome.enable = true;
+    };
+
+    syncthing = {
+      overrideDevices = true;
+      overrideFolders = true;
+
+      devices = {
+        nas.id = "5XADATO-6ZKNZFK-YIX2TU3-RTUOAXR-OMWOAH6-OIUB7LE-TWM5B3C-W2I2FQU";
+        desktop-fedora.id = "RE3BCEP-2FVDNPA-C72KDCX-5NRTLD4-DEJZAIX-PJAMJAN-LJDFHOY-WOXNPQW";
+      };
+
+      folders = {
+        "vhuse-qjbcl" = {
+          path = "${config.users.users.sijmen.home}/Sync";
+          devices = [ "nas" "desktop-fedora" ];
+        };
+      };
+    };
+
+    fprintd.enable = true;
+    logind.lidSwitchDocked = "suspend";
+  };
+
+  security.pam.services.login.fprintAuth = true;
+
+  environment = {
+    gnome.excludePackages = (with pkgs; [
+      gnome-photos
+      gnome-tour
+    ]) ++ (with pkgs.gnome; [
+      gnome-calendar
+      gnome-music
+      epiphany        # web browser
+      geary           # email reader
+      totem           # video player
+      tali            # poker game
+      iagno           # go game
+      hitori          # sudoku game
+      atomix          # puzzle game
+    ]);
+
+    systemPackages = with pkgs; [
+      gnome.adwaita-icon-theme
+      ifuse
+      libimobiledevice
+      libheif
+    ];
+  };
+
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true;
+    dedicatedServer.openFirewall = true;
+  };
+
+  nixpkgs.config.packageOverrides = pkgs: {
+    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
+  };
+
+  home-manager.users.sijmen.imports = [ ../common/dconf.nix ];
+
+  system.stateVersion = "22.05";
+}

framework/hardware-configuration.nix

@@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/8b59ffd8-5c2a-4251-a5f6-00983895e19d";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/7438-EF9A";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp166s0.useDHCP = lib.mkDefault true;
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

thinkpad/configuration.nix

@@ -135,7 +135,7 @@
     dedicatedServer.openFirewall = true;
   };
 
-  home-manager.users.sijmen.imports = [ ./dconf.nix ];
+  home-manager.users.sijmen.imports = [ ../common/dconf.nix ];
 
   system.stateVersion = "22.05";
 }