feat: add test config for nom

2022-12-09 15:44:27 +01:00 · 2022-12-09 15:44:27 +01:00 · ccc9af28fd
commit ccc9af28fd
parent c31e43641e
8 changed files with 283 additions and 0 deletions
--- a/core/default.nix
+++ b/core/default.nix
@ -0,0 +1,86 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  dummyConfig = pkgs.writeText "configuration.nix" ''
+    assert builtins.trace "This is a dummy config, use deploy-rs!" false;
+    { }
+  '';
+in {
+  imports = [
+    ./nix.nix
+    ./resolved.nix
+    ./tmux.nix
+    ./xdg.nix
+    ./ssh.nix
+  ];
+
+  boot.kernelParams = ["log_buf_len=10M"];
+
+  environment = {
+    etc."nixos/configuration.nix".source = dummyConfig;
+    pathsToLink = [
+      "/share/zsh"
+    ];
+    systemPackages = with pkgs; [
+      neovim
+    ];
+  };
+
+  # Disable unnecessary stuff from the nixos defaults.
+  services.udisks2.enable = false;
+  networking.dhcpcd.enable = false;
+  networking.firewall.enable = false;
+  security.sudo.enable = false;
+
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    verbose = true;
+  };
+
+  time.timeZone = lib.mkDefault "Europe/Berlin";
+  i18n.defaultLocale = "C.UTF-8";
+
+  networking = {
+    # When using systemd-networkd it's still possible to use this option,
+    # but it's recommended to use it in conjunction with explicit per-interface
+    # declarations with `networking.interfaces.<interface>.useDHCP`.
+    useDHCP = lib.mkForce false;
+    useNetworkd = true;
+    wireguard.enable = true;
+  };
+
+  nix.nixPath = [
+    "nixos-config=${dummyConfig}"
+    "nixpkgs=/run/current-system/nixpkgs"
+    "nixpkgs-overlays=/run/current-system/overlays"
+  ];
+
+  nixpkgs.config.allowUnfree = true;
+
+  programs = {
+    zsh = {
+      enable = true;
+      enableGlobalCompInit = false;
+    };
+  };
+
+  system = {
+    extraSystemBuilderCmds = ''
+      ln -sv ${pkgs.path} $out/nixpkgs
+      ln -sv ${../nix/overlays} $out/overlays
+    '';
+
+    stateVersion = "22.11";
+  };
+
+  systemd = {
+    enableUnifiedCgroupHierarchy = true;
+    network.wait-online.anyInterface = true;
+  };
+
+  users.mutableUsers = false;
+}
--- a/core/nix.nix
+++ b/core/nix.nix
@ -0,0 +1,30 @@
+{
+  nix = {
+    settings = {
+      auto-optimise-store = true;
+      allowed-users = ["@wheel"];
+      trusted-users = ["root" "@wheel"];
+      system-features = ["recursive-nix"];
+      substituters = [
+        "https://nix-config.cachix.org"
+        "https://nix-community.cachix.org"
+      ];
+      trusted-public-keys = [
+        "nix-config.cachix.org-1:Vd6raEuldeIZpttVQfrUbLvXJHzzzkS0pezXCVVjDG4="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+      cores = 0;
+      max-jobs = "auto";
+    };
+    daemonCPUSchedPolicy = "batch";
+    daemonIOSchedPriority = 5;
+    distributedBuilds = true;
+    extraOptions = ''
+      builders-use-substitutes = true
+      experimental-features = nix-command flakes recursive-nix
+      flake-registry = /etc/nix/registry.json
+    '';
+    optimise.automatic = true;
+	gc.automatic = true;
+  };
+}
--- a/core/resolved.nix
+++ b/core/resolved.nix
@ -0,0 +1,30 @@
+{lib, ...}: {
+  networking = {
+    firewall = {
+      allowedTCPPorts = [5355];
+      allowedUDPPorts = [5353 5355];
+    };
+    networkmanager.dns = "systemd-resolved";
+  };
+
+  services.resolved = {
+    enable = true;
+    dnssec = "allow-downgrade";
+    fallbackDns = [
+      "1.1.1.1"
+      "2606:4700:4700::1111"
+      "8.8.8.8"
+      "2001:4860:4860::8844"
+    ];
+    llmnr = "true";
+    extraConfig = ''
+      Domains=~.
+      MulticastDNS=true
+    '';
+  };
+
+  system.nssDatabases.hosts = lib.mkMerge [
+    (lib.mkBefore ["mdns_minimal [NOTFOUND=return]"])
+    (lib.mkAfter ["mdns"])
+  ];
+}
--- a/core/tmux.nix
+++ b/core/tmux.nix
@ -0,0 +1,14 @@
+{
+  programs.tmux = {
+    enable = true;
+    aggressiveResize = true;
+    clock24 = true;
+    escapeTime = 0;
+    historyLimit = 10000;
+    # breaks tmate
+    newSession = false;
+    secureSocket = false;
+    shortcut = "g";
+    terminal = "tmux-256color";
+  };
+}
--- a/hardware/efi.nix
+++ b/hardware/efi.nix
@ -0,0 +1,11 @@
+{lib, ...}: {
+  boot.loader = {
+    efi.canTouchEfiVariables = true;
+    systemd-boot = {
+      enable = true;
+      configurationLimit = 15;
+    };
+    timeout = lib.mkDefault 2;
+  };
+  console.earlySetup = true;
+}
--- a/hardware/yubikey.nix
+++ b/hardware/yubikey.nix
@ -0,0 +1,4 @@
+{pkgs, ...}: {
+  services.udev.packages = with pkgs; [yubikey-personalization libu2f-host];
+  services.pcscd.enable = true;
+}
--- a/hardware/zfs.nix
+++ b/hardware/zfs.nix
@ -0,0 +1,16 @@
+{pkgs, ...}: {
+  boot.supportedFilesystems = ["zfs"];
+
+  environment.systemPackages = with pkgs; [zfs];
+
+  services.zfs = {
+    autoScrub = {
+      enable = true;
+      interval = "weekly";
+    };
+    trim = {
+      enable = true;
+      interval = "weekly";
+    };
+  };
+}
--- a/hosts/nom/default.nix
+++ b/hosts/nom/default.nix
@ -0,0 +1,92 @@
+{
+  config,
+  nixos-hardware,
+  pkgs,
+  ...
+}: {
+  imports = [
+    nixos-hardware.common-cpu-intel
+    nixos-hardware.common-gpu-intel
+    nixos-hardware.common-pc-laptop
+    nixos-hardware.common-pc-laptop-ssd
+    ../../core
+
+    ../../hardware/efi.nix
+    ../../users/oddlama
+
+    #./state.nix
+  ];
+
+  boot = {
+    initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+    kernelModules = [];
+    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+    supportedFilesystems = ["zfs"];
+    tmpOnTmpfs = true;
+  };
+
+  console = {
+    font = "ter-v28n";
+    keyMap = "de-latin1-nodeadkeys";
+    packages = with pkgs; [terminus_font];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "tmpfs";
+      fsType = "tmpfs";
+      options = ["defaults" "noatime" "size=20%" "mode=755"];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/FDA7-5E38";
+      fsType = "vfat";
+    };
+    "/nix" = {
+      device = "/dev/disk/by-uuid/4610a590-b6b8-4a8f-82a3-9ec7592911eb";
+      fsType = "ext4";
+      options = ["defaults" "noatime"];
+      neededForBoot = true;
+    };
+  };
+
+  hardware = {
+    enableRedistributableFirmware = true;
+    enableAllFirmware = true;
+    video.hidpi.enable = lib.mkDefault true;
+    opengl.enable = true;
+  };
+
+  networking = {
+    hostId = "4313abca";
+    hostName = "nom";
+    wireless.iwd.enable = true;
+  };
+
+  powerManagement.cpuFreqGovernor = "performance";
+
+  services = {
+    fwupd.enable = true;
+    smartd.enable = true;
+  };
+
+  systemd.network.networks = {
+    wired = {
+      DHCP = "yes";
+      matchConfig.MACAddress = "1c:83:41:30:ab:9b";
+      dhcpV4Config.RouteMetric = 10;
+      dhcpV6Config.RouteMetric = 10;
+    };
+    wireless = {
+      DHCP = "yes";
+      matchConfig.MACAddress = "60:dd:8e:12:67:bd";
+      dhcpV4Config.RouteMetric = 40;
+      dhcpV6Config.RouteMetric = 40;
+    };
+  };
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.root = {
+    initialHashedPassword = "$6$EBo/CaxB.dQoq2W8$lo2b5vKgJlLPdGGhEqa08q3Irf1Zd1PcFBCwJOrG8lqjwbABkn1DEhrMh1P3ezwnww2HusUBuZGDSMa4nvSQg1";
+    openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5Uq+CDy5Pmt3If5M6d8K/Q7HArU6sZ7sgoj3T521Wm"];
+  };
+}