primrose/.files
1
0
Fork 0
mirror of https://codeberg.org/leana8959/.files.git synced 2025-12-06 06:39:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

nix: move all nixos configuration to nixosModules

Browse source 
export them
This commit is contained in:
Primrose 2024-10-30 19:27:45 +01:00
parent ce26e04e9c
commit 30bbb00f6b
Signed by: primrose
GPG key ID: 4E887A4CA9714ADA
17 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
nix/nixosModules/default.nix
View file

@ -9,6 +9,12 @@ let
# extra opt-in configurations
extra = modulesFromDir ./extra;
# per host configuration
named = lib.mapAttrs' (name: value: {
name = "named-" + name;
inherit value;
}) (modulesFromDir ./named);
in
{
@ -21,5 +27,6 @@ in
shared
common
extra
named
];
}

35
nix/nixosModules/named/carbon/audio.nix Normal file
View file

@ -0,0 +1,35 @@
{ pkgs, ... }:
{
sound = {
enable = true;
mediaKeys.enable = true;
};
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
extraConfig.pipewire = {
"10-buffer_size" = {
"context.properties" = {
"default.clock.quantum" = 2048;
"default.clock.min-quantum" = 1024;
};
};
};
};
environment.systemPackages = [
pkgs.helvum
pkgs.pavucontrol
pkgs.easyeffects
];
users.users."leana".extraGroups = [ "audio" ];
}

55
nix/nixosModules/named/carbon/battery.nix Normal file
View file

@ -0,0 +1,55 @@
{ pkgs, lib, ... }:
{
systemd.sleep.extraConfig = ''
HibernateDelaySec=2hour
'';
services.logind = {
lidSwitch = "suspend-then-hibernate";
lidSwitchExternalPower = "ignore";
};
services.tlp = {
enable = true;
settings = {
# battery limiter
START_CHARGE_THRESH_BAT0 = 80;
STOP_CHARGE_THRESH_BAT0 = 90;
START_CHARGE_THRESH_BAT1 = 80;
STOP_CHARGE_THRESH_BAT1 = 90;
# audio popping fix
SOUND_POWER_SAVE_ON_AC = 0;
SOUND_POWER_SAVE_ON_BAT = 0;
SOUND_POWER_SAVE_CONTROLLER = "N";
};
};
systemd.services."battery-notify" = {
enable = true;
description = "Scream when battery is dying";
startAt = [ "*:0/5" ];
unitConfig.After = "multi-user.target";
serviceConfig.ExecStart =
let
script = pkgs.writeShellApplication {
name = "battery-notify";
runtimeInputs = [
pkgs.bc
pkgs.libnotify
];
text = ''
battery="/sys/class/power_supply/BAT1"
thres="0.2"
isLow=$(echo "($(cat $battery/energy_now) / $(cat $battery/energy_full)) < $thres" | bc -l)
if [ "$isLow" -eq 1 ]; then
echo "You're battery level is below $thres"
notify-send -u critical "Battery Low" "Please charge your battery"
fi
'';
};
in
lib.getExe script;
};
}

15
nix/nixosModules/named/carbon/bluetooth.nix Normal file
View file

@ -0,0 +1,15 @@
{
hardware.bluetooth.enable = true;
services.blueman.enable = true;
# FIXME: this breaks the handsfree microphone mode for XM4
# environment.etc = {
# "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
# bluez_monitor.properties = {
# ["bluez5.enable-sbc-xq"] = true,
# ["bluez5.enable-msbc"] = true,
# ["bluez5.enable-hw-volume"] = true,
# ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
# }
# '';
# };
}

97
nix/nixosModules/named/carbon/certs/universite_de_rennes.pem Normal file
View file

@ -0,0 +1,97 @@
-----BEGIN CERTIFICATE-----
MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
vGp4z7h/jnZymQyd/teRCBaho1+V
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw
MDIxODAwMDAwMFoXDTMzMDUwMTIzNTk1OVowRDELMAkGA1UEBhMCTkwxGTAXBgNV
BAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNVBAMTEUdFQU5UIE9WIFJTQSBDQSA0
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYhi1aEiPsg9ZKRMAw9Q
r8Mthsr6R20VSfFeh7TgwtLQi6RSRLOh4or4EMG/1th8lijv7xnBMVZkTysFiPmT
PiLOfvz+QwO1NwjvgY+Jrs7fSoVA/TQkXzcxu4Tl3WHi+qJmKLJVu/JOuHud6mOp
LWkIbhODSzOxANJ24IGPx9h4OXDyy6/342eE6UPXCtJ8AzeumTG6Dfv5KVx24lCF
TGUzHUB+j+g0lSKg/Sf1OzgCajJV9enmZ/84ydh48wPp6vbWf1H0O3Rd3LhpMSVn
TqFTLKZSbQeLcx/l9DOKZfBCC9ghWxsgTqW9gQ7v3T3aIfSaVC9rnwVxO0VjmDdP
FNbdoxnh0zYwf45nV1QQgpRwZJ93yWedhp4ch1a6Ajwqs+wv4mZzmBSjovtV0mKw
d+CQbSToalEUP4QeJq4Udz5WNmNMI4OYP6cgrnlJ50aa0DZPlJqrKQPGL69KQQz1
2WgxvhCuVU70y6ZWAPopBa1ykbsttpLxADZre5cH573lIuLHdjx7NjpYIXRx2+QJ
URnX2qx37eZIxYXz8ggM+wXH6RDbU3V2o5DP67hXPHSAbA+p0orjAocpk2osxHKo
NSE3LCjNx8WVdxnXvuQ28tKdaK69knfm3bB7xpdfsNNTPH9ElcjscWZxpeZ5Iij8
lyrCG1z0vSWtSBsgSnUyG/sCAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5v1qq
K0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRvHTVJEGwy+lmgnryK6B+VvnF6DDAO
BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUH
AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0
dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u
QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6
Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl
BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B
AQwFAAOCAgEAUtlC3e0xj/1BMfPhdQhUXeLjb0xp8UE28kzWE5xDzGKbfGgnrT2R
lw5gLIx+/cNVrad//+MrpTppMlxq59AsXYZW3xRasrvkjGfNR3vt/1RAl8iI31lG
hIg6dfIX5N4esLkrQeN8HiyHKH6khm4966IkVVtnxz5CgUPqEYn4eQ+4eeESrWBh
AqXaiv7HRvpsdwLYekAhnrlGpioZ/CJIT2PTTxf+GHM6cuUnNqdUzfvrQgA8kt1/
ASXx2od/M+c8nlJqrGz29lrJveJOSEMX0c/ts02WhsfMhkYa6XujUZLmvR1Eq08r
48/EZ4l+t5L4wt0DV8VaPbsEBF1EOFpz/YS2H6mSwcFaNJbnYqqJHIvm3PLJHkFm
EoLXRVrQXdCT+3wgBfgU6heCV5CYBz/YkrdWES7tiiT8sVUDqXmVlTsbiRNiyLs2
bmEWWFUl76jViIJog5fongEqN3jLIGTG/mXrJT1UyymIcobnIGrbwwRVz/mpFQo0
vBYIi1k2ThVh0Dx88BbF9YiP84dd8Fkn5wbE6FxXYJ287qfRTgmhePecPc73Yrzt
apdRcsKVGkOpaTIJP/l+lAHRLZxk/dUtyN95G++bOSQqnOCpVPabUGl2E/OEyFrp
Ipwgu2L/WJclvd6g+ZA/iWkLSMcpnFb+uX6QBqvD6+RNxul1FaB5iHY=
-----END CERTIFICATE-----

13
nix/nixosModules/named/carbon/db.nix Normal file
View file

@ -0,0 +1,13 @@
{
services.postgresql = {
enable = true;
ensureDatabases = [ "M1BDD" ];
ensureUsers = [ { name = "M1BDD"; } ];
};
services.monetdb = {
enable = true;
};
}

72
nix/nixosModules/named/carbon/default.nix Normal file
View file

@ -0,0 +1,72 @@
{
imports = [
./hardware-configuration.nix # generated
./battery.nix
./audio.nix
./networking.nix
./bluetooth.nix
./display.nix
./scanner.nix
./restic.nix
./fs.nix
./packages.nix
./gui.nix
./db.nix # M1 BDD course
];
boot.loader = {
systemd-boot = {
enable = true;
editor = false;
};
efi.canTouchEfiVariables = true;
};
# related issues
# https://unix.stackexchange.com/questions/20483/how-to-find-which-process-is-causing-high-cpu-usage
# https://unix.stackexchange.com/questions/588018/kworker-thread-kacpid-notify-kacpid-hogging-60-70-of-cpu
# https://askubuntu.com/questions/1275749/acpi-event-69-made-my-system-unusable
boot.kernelParams = [
# Happens after waking up
"acpi_mask_gpe=0x69" # very high count
# # This bricks bluetooth ?
# "acpi_mask_gpe=0x16"
];
nix.settings.trusted-users = [
"root"
"leana"
];
nix.gc = {
automatic = true;
options = "--delete-older-than 90d";
};
age.secrets = {
sshconfig = {
file = ../../secrets/sshconfig.age;
path = "/home/leana/.ssh/config";
mode = "644";
owner = "leana";
};
wpa_password.file = ../../secrets/wpa_password.age;
wireguard_priv.file = ../../secrets/wireguard_priv.age;
wireguard_psk.file = ../../secrets/wireguard_psk.age;
restic_backblaze_pwd.file = ../../secrets/restic_backblaze_pwd.age;
restic_backblaze_repo.file = ../../secrets/restic_backblaze_repo.age;
restic_backblaze_env.file = ../../secrets/restic_backblaze_env.age;
};
hardware.keyboard.zsa.enable = true;
services.fwupd.enable = true;
}

108
nix/nixosModules/named/carbon/display.nix Normal file
View file

@ -0,0 +1,108 @@
{ pkgs, ... }:
{
users.users."leana".extraGroups = [
"video" # light
"i2c" # i2c (for ddcutil)
];
# Control builtin screen brightness
programs.light.enable = true;
# Control external screen brightness
hardware.i2c.enable = true;
environment.systemPackages = [ pkgs.ddcutil ];
# Auto setup external screen
services.autorandr = {
enable = true;
hooks.postswitch = {
"20_xmonad" = "xmonad --restart"; # make sure feh keeps up
};
ignoreLid = true; # clamshell support
profiles =
let
lg-monitor = "00ffffffffffff001e6d0777dd6a0100041f0104b53c22789e3e31ae5047ac270c50542108007140818081c0a9c0d1c08100010101014dd000a0f0703e803020650c58542100001a286800a0f0703e800890650c58542100001a000000fd00383d1e8738000a202020202020000000fc004c472048445220344b0a202020012102031c7144900403012309070783010000e305c000e6060501605550023a801871382d40582c450058542100001e565e00a0a0a029503020350058542100001a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e";
built-in = "00ffffffffffff0030e4210500000000001a0104951f1178ea9d35945c558f291e5054000000010101010101010101010101010101012e3680a070381f403020350035ae1000001a542b80a070381f403020350035ae1000001a000000fe004c4720446973706c61790a2020000000fe004c503134305746362d535042370074";
allOff = {
eDP-1.enable = false;
DP-1.enable = false;
DP-2.enable = false;
DP-2-1.enable = false;
DP-2-2.enable = false;
HDMI-1.enable = false;
HDMI-2.enable = false;
};
in
{
"home-DP-2-2" =
let
dev = "DP-2-2";
in
{
fingerprint = {
${dev} = lg-monitor;
eDP-1 = built-in;
};
config = allOff // {
${dev} = {
enable = true;
crtc = 1;
mode = "3840x2160";
rate = "60";
primary = true;
};
};
hooks.postswitch = {
"10_xrdb-dpi" = "xrdb -merge ${pkgs.writeText "xrdb-dpi-config" ''
Xcursor.size: 84
Xft.dpi: 163
''}";
"20_alsa" = ''
amixer set Master 10%
amixer set Master unmute
'';
"30_xkbcapswap" = ''
setxkbmap -option
'';
};
};
"laptop" = {
fingerprint.eDP-1 = built-in;
config = allOff // {
eDP-1 = {
enable = true;
crtc = 0;
mode = "1920x1080";
rate = "60.02";
primary = true;
};
};
hooks.postswitch = {
"10_xrdb-dpi" = "xrdb -merge ${pkgs.writeText "xrdb-dpi-config" ''
Xcursor.size: 64
Xft.dpi: 120
''}";
"20_alsa" = ''
amixer set Master 10%
amixer set Master mute
'';
"30_xkbcapswap" = ''
setxkbmap -option caps:swapescape
'';
};
};
};
};
}

33
nix/nixosModules/named/carbon/fs.nix Normal file
View file

@ -0,0 +1,33 @@
{
systemd.tmpfiles.rules = [
"d /mnt/data 0700 leana leana - -"
"d /mnt/seagate 0700 leana leana - -"
"d /home/leana/mnt/tdk32 0700 leana leana - -"
# tmux_sessionizer directories
"d /home/leana/repos/ 0700 leana leana - -"
"d /home/leana/univ-repos/ 0700 leana leana - -"
"d /home/leana/playground/ 0700 leana leana 4w -"
];
fileSystems."/mnt/data" = {
device = "10.0.0.20:/mnt/mainPool/data";
fsType = "nfs";
options = [
"ro"
"noauto"
"user"
];
};
fileSystems."/home/leana/mnt/tdk32" = {
device = "/dev/disk/by-uuid/EF28-13EC";
fsType = "vfat";
options = [
"umask=0000"
"noauto"
"user"
];
};
}

49
nix/nixosModules/named/carbon/gui.nix Normal file
View file

@ -0,0 +1,49 @@
{ pkgs, ... }:
{
services.xserver = {
enable = true;
autoRepeatDelay = 300;
autoRepeatInterval = 40;
windowManager.xmonad = {
enable = true;
enableContribAndExtras = true;
};
displayManager.lightdm = {
enable = true;
background = "#000000";
greeters.gtk.cursorTheme = {
name = "volantes_cursors";
package = pkgs.volantes-cursors;
size = 64;
};
};
};
services.xscreensaver.enable = true;
services.picom = {
enable = true;
vSync = true;
fade = true;
fadeDelta = 3;
settings.fade-exclude = [
"name = 'Fcitx5 Input Window'"
"class_g = 'fcitx'"
"class_i = 'fcitx'"
];
};
services.libinput = {
mouse = {
naturalScrolling = true;
accelSpeed = "-0.5";
};
touchpad = {
naturalScrolling = true;
tapping = false;
};
};
}

36
nix/nixosModules/named/carbon/hardware-configuration.nix Normal file
View file

@ -0,0 +1,36 @@
# Do not modify this file! It was generated by Äònixos-generate-configÄô
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.vboxnet0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

53
nix/nixosModules/named/carbon/networking.nix Normal file
View file

@ -0,0 +1,53 @@
{ config, lib, ... }:
{
networking.networkmanager.enable = lib.mkForce false;
networking.firewall.allowedTCPPorts = [ 8080 ];
services.hoogle.port = 1992;
networking.wireless = {
enable = true;
userControlled.enable = true;
environmentFile = config.age.secrets.wpa_password.path;
networks =
let
ordered =
nss:
lib.pipe nss [
lib.lists.reverseList
(lib.lists.imap0 (i: lib.mapAttrs (_: n: n // { priority = i; })))
lib.mergeAttrsList
];
in
ordered [
# first in list is tried first
{
"HiddenParadize@Earth2077".psk = "@HOME@";
"Peis Wifi".psk = "@PEI_PASSWORD@";
}
{
"_SNCF_WIFI_INOUI" = { };
"EurostarTrainsWiFi" = { };
}
{
eduroam = {
authProtocols = [ "WPA-EAP" ];
auth = ''
pairwise=CCMP
group=CCMP TKIP
eap=PEAP
ca_cert="${./certs/universite_de_rennes.pem}"
identity="@EDUROAM_ID@"
altsubject_match="DNS:radius.univ-rennes1.fr;DNS:radius1.univ-rennes1.fr;DNS:radius2.univ-rennes1.fr;DNS:vmradius-psf1.univ-rennes1.fr;DNS:vmradius-psf2.univ-rennes1.fr"
phase2="auth=MSCHAPV2"
password="@EDUROAM_PSK@"
anonymous_identity="anonymous@univ-rennes.fr"
'';
};
}
{ "iPhone de Léana ".psk = "@PHONE@"; }
];
};
}

38
nix/nixosModules/named/carbon/packages.nix Normal file
View file

@ -0,0 +1,38 @@
{ pkgs, ... }:
{
environment.systemPackages = [
pkgs.curl
pkgs.stow
pkgs.gcc
];
programs.vim.defaultEditor = true;
programs.git.enable = true;
programs.dconf.enable = true;
services.gnome.gnome-keyring.enable = true;
programs.seahorse.enable = true;
# programs.steam.enable = true;
services.hoogle = {
enable = true;
packages =
self:
map pkgs.haskell.lib.doHaddock [
self.xmonad
self.xmonad-contrib
self.xmonad-extras
self.hip # image processing
];
};
virtualisation = {
docker.enable = true;
virtualbox.host.enable = true;
};
users.users."leana".extraGroups = [
"docker"
"vboxusers"
];
}

18
nix/nixosModules/named/carbon/restic.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, ... }:
{
services.restic.backups."Documents-backblaze" = {
paths = [ "/home/leana/Documents" ];
passwordFile = config.age.secrets.restic_backblaze_pwd.path;
repositoryFile = config.age.secrets.restic_backblaze_repo.path;
environmentFile = config.age.secrets.restic_backblaze_env.path;
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 12"
"--keep-yearly 10"
];
};
}

8
nix/nixosModules/named/carbon/scanner.nix Normal file
View file

@ -0,0 +1,8 @@
{
users.users.leana.extraGroups = [ "scanner" ];
hardware.sane = {
enable = true;
brscan5.enable = true;
};
}

80
nix/nixosModules/named/hydrogen/default.nix Normal file
View file

@ -0,0 +1,80 @@
{ config, modulesPath, ... }:
{
imports = [
# The generator and hardware configuration
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
./forgejo.nix
];
networking.wireless.enable = false;
networking.firewall.allowedTCPPorts = [
5432
3000 # forgejo
];
services.postgresql = {
enable = true;
ensureDatabases = [ "mockingjay" ];
ensureUsers = [ { name = "postgres"; } ];
enableTCPIP = true;
authentication = ''
host all all 10.0.0.1/23 trust
'';
};
age.secrets.sshconfig = {
file = ../../secrets/sshconfig.age;
path = "/home/leana/.ssh/config";
mode = "644";
owner = "leana";
};
# hoot, the discord bot
services.hoot = {
enable = true;
environmentFile = config.age.secrets.hoot_token.path;
configDir = "/var/hoot";
};
age.secrets.hoot_token = {
owner = "hoot";
mode = "600";
file = ../../secrets/hoot_token.age;
};
services.typst-bot = {
enable = true;
environmentFile = config.age.secrets.typst-bot_token.path;
dataDir = "/var/typst-bot";
};
age.secrets.typst-bot_token = {
owner = "typst-bot";
mode = "600";
file = ../../secrets/typst-bot_token.age;
};
services.parrot = {
enable = true;
environmentFile = config.age.secrets.parrot_token.path;
};
age.secrets.parrot_token = {
owner = "parrot";
mode = "600";
file = ../../secrets/parrot_token.age;
};
services.forgejo = {
enable = true;
lfs.enable = true;
settings = {
server = {
HTTP_PORT = 3000;
};
};
database = {
type = "postgres";
};
};
}