194 lines
4.6 KiB
Nix
194 lines
4.6 KiB
Nix
{
|
|
inputs,
|
|
lib,
|
|
pkgs,
|
|
configVars,
|
|
outputs,
|
|
...
|
|
}: let
|
|
# Disko setup
|
|
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
|
|
dev = "/dev/nvme0n1"; # depends on target hardware
|
|
encrypted = true; # currrently only applies to btrfs
|
|
btrfsMountDevice =
|
|
if encrypted
|
|
then "/dev/mapper/crypted"
|
|
else "/dev/root_vg/root";
|
|
user = "sam";
|
|
impermanence = true;
|
|
piholeIp = configVars.networking.addresses.pihole.ip;
|
|
gatewayIp = configVars.networking.addresses.gateway.ip;
|
|
semitaIp = configVars.networking.addresses.semita.ip;
|
|
in {
|
|
imports = [
|
|
# Create users for this host
|
|
../common/users/${user}
|
|
|
|
# Disk configuration
|
|
inputs.disko.nixosModules.disko
|
|
(import ../common/disks {
|
|
device = dev;
|
|
impermanence = impermanence;
|
|
fsType = fsType;
|
|
encrypted = encrypted;
|
|
})
|
|
|
|
# Impermanence
|
|
(import ../common/disks/btrfs/impermanence.nix {
|
|
btrfsMountDevice = btrfsMountDevice;
|
|
lib = lib;
|
|
})
|
|
|
|
# Import core options
|
|
./hardware-configuration.nix
|
|
../common/core
|
|
|
|
# Import optional options
|
|
../common/optional/persistence.nix
|
|
../common/optional/pipewire.nix
|
|
../common/optional/openssh.nix
|
|
../common/optional/dwm.nix
|
|
# ../common/optional/printing.nix
|
|
../common/optional/docker.nix
|
|
../common/optional/nix-ld.nix
|
|
../common/optional/gaming.nix
|
|
../common/optional/restic-backup.nix
|
|
#
|
|
# # bind mounts
|
|
# ../common/optional/fileserver/bind-mounts/homeshare.nix
|
|
|
|
../common/optional/fileserver/nfs-server/homeshare.nix
|
|
|
|
# nixos-containers
|
|
../common/optional/nixos-containers/nix-bitcoin.nix
|
|
../common/optional/nixos-containers/postgres.nix
|
|
../common/optional/nixos-containers/baseddata-worker.nix
|
|
../common/optional/nixos-containers/semitamaps-worker.nix
|
|
../common/optional/nixos-containers/backup-server.nix
|
|
../common/optional/nixos-containers/docker.nix
|
|
../common/optional/nixos-containers/pihole.nix
|
|
../common/optional/nixos-containers/metrics-server.nix
|
|
|
|
# # Build nix derivations on remote machine
|
|
# ../common/optional/distributed-builds/local-machine.nix
|
|
|
|
outputs.nixosModules.nixosAutoUpgrade
|
|
];
|
|
|
|
fileSystems."/mnt/main-ssd" = {
|
|
device = "/dev/disk/by-uuid/ba884006-e813-4b67-9fe6-62aea08b3b59";
|
|
fsType = "ext4";
|
|
};
|
|
|
|
services.tailscale.useRoutingFeatures = "server";
|
|
|
|
boot = {
|
|
blacklistedKernelModules = ["snd_hda_intel" "snd_soc_skl"];
|
|
kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
|
|
loader = {
|
|
systemd-boot.enable = true;
|
|
efi.canTouchEfiVariables = true;
|
|
timeout = 3;
|
|
};
|
|
};
|
|
|
|
services = {
|
|
xserver = {
|
|
dpi = 144;
|
|
upscaleDefaultCursor = true;
|
|
};
|
|
# enable oom killer when system ram drops below 5% free
|
|
earlyoom = {
|
|
enable = true;
|
|
freeMemThreshold = 5; # <%5 free
|
|
};
|
|
};
|
|
|
|
services.prometheus = {
|
|
exporters = {
|
|
node = {
|
|
enable = true;
|
|
enabledCollectors = ["systemd"];
|
|
openFirewall = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
# system.services.nixosAutoUpgrade = {
|
|
# enable = true;
|
|
# persistent = true;
|
|
# reboot = false;
|
|
# pushUpdates = false;
|
|
# configDir = "/etc/nixos";
|
|
# onCalendar = "*-*-* 06:00:00";
|
|
# user = "sam";
|
|
# };
|
|
|
|
environment.variables = {
|
|
GDK_SCALE = "1";
|
|
GDK_DPI_SCALE = "1";
|
|
_JAVA_OPTIONS = "-Dsun.java2d.uiScale=1.8";
|
|
QT_AUTO_SCREEN_SCALE_FACTOR = "1";
|
|
XCURSOR_SIZE = "32";
|
|
};
|
|
|
|
hardware.firmware = [
|
|
pkgs.sof-firmware
|
|
];
|
|
|
|
swapDevices = [
|
|
{
|
|
device = "/.swapvol/swapfile";
|
|
size = 4 * 1024;
|
|
}
|
|
];
|
|
|
|
# Add hardware support for intel gpus as specified here: https://nixos.wiki/wiki/Jellyfin
|
|
nixpkgs.config.packageOverrides = pkgs: {
|
|
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
|
|
};
|
|
|
|
hardware.graphics = {
|
|
enable = true;
|
|
extraPackages = with pkgs; [
|
|
intel-media-driver
|
|
intel-vaapi-driver
|
|
vaapiVdpau
|
|
libvdpau-va-gl
|
|
intel-compute-runtime
|
|
# only available on unstable
|
|
unstable.vpl-gpu-rt
|
|
intel-media-sdk
|
|
];
|
|
};
|
|
|
|
programs.fuse.userAllowOther = true;
|
|
|
|
boot.kernel.sysctl = {
|
|
"net.ipv4.ip_forward" = true;
|
|
"net.ipv6.conf.all.forwarding" = true;
|
|
};
|
|
|
|
networking = {
|
|
hostName = "semita";
|
|
nameservers = ["${piholeIp}" "${gatewayIp}" "8.8.8.8"];
|
|
defaultGateway = "${gatewayIp}";
|
|
useDHCP = false;
|
|
bridges = {
|
|
br0 = {
|
|
interfaces = ["eth0"];
|
|
};
|
|
};
|
|
interfaces.br0 = {
|
|
ipv4.addresses = [
|
|
{
|
|
"address" = "${semitaIp}";
|
|
"prefixLength" = 24;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
services.libinput.enable = true;
|
|
}
|