tristan/nix
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity
nix/systems/nixos-desk/default.nix

154 lines
4.2 KiB
Nix
Raw Normal View History

Reinit after agenix setup
2025-02-24 17:26:11 +01:00
{ confin
, lib
, pkgs
, modulesPath
, system
, inputs
, ...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
inputs.nixos-hardware.nixosModules.common-gpu-amd
inputs.nixos-hardware.nixosModules.common-pc
inputs.nixos-hardware.nixosModules.common-pc-ssd
../../os-mods/age
../../os-mods/amdgpu
../../os-mods/cachix
../../os-mods/common
../../os-mods/desktop
../../os-mods/desktop/audio.nix
../../os-mods/desktop/gaming.nix
../../os-mods/desktop/printing.nix
../../os-mods/netdata/client.nix
../../os-mods/network
../../os-mods/virt
../../os-mods/xmrig
../../users
./disko.nix
];
config =
let
# hid-fanatecff = pkgs.callPackage ./hid-fanatecff.nix { kernelPackages = config.boot.kernelPackages; };
in
{
system.stateVersion = "23.05";
age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHvqEPN39Brd3SYJxVYROwtv0UXl/7fW6z3otUWEaEU root@nixos-desk";
nix.settings.system-features = [
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
"gccarch-x86-64-v3"
Switch desk to optimized kernel
2025-02-26 17:49:29 +01:00
"gccarch-znver1"
"gccarch-znver2"
"gccarch-znver3" # 3 is backwards compat to 1
Reinit after agenix setup
2025-02-24 17:26:11 +01:00
];
boot = {
# kernelPackages = pkgs.linuxPackages_latest;
# kernelPackages = pkgs.linuxPackages_zen;
# kernelPackages = pkgs.linuxPackages_cachyos;
Switch desk to optimized kernel
2025-02-26 17:49:29 +01:00
# kernelPackages = pkgs.linuxPackages_cachyos-rc;
kernelPackages = pkgs.pkgsAMD64Microarchs.znver2.linuxPackages_cachyos-rc;
Reinit after agenix setup
2025-02-24 17:26:11 +01:00
kernelModules = [ "nct6775" ];
# extraModulePackages = [ hid-fanatecff ];
loader = {
systemd-boot = {
enable = lib.mkForce false; #lanzaboote
configurationLimit = 16;
};
efi.canTouchEfiVariables = true;
};
# TODO Extract secureboot module
lanzaboote = {
enable = true;
configurationLimit = 16;
pkiBundle = "/etc/secureboot";
};
initrd = {
availableKernelModules = [ "ahci" "nvme" "xhci_pci" "uas" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = [ ];
systemd.enable = true;
};
};
programs.fuse.userAllowOther = true;
environment.systemPackages = with pkgs; [
input-remapper
lm_sensors
sshfs
coreutils-full
cpu-x
sbctl # secureboot debugging/config/mgmt
];
environment.etc = {
"sysconfig/lm_sensors".text = ''
HWMON_MODULES="nct6775"
'';
};
# TODO nixify current mousewheel workaround config
# likely just need to add json to home-manager
services.input-remapper.enable = true;
services.btrfs.autoScrub.enable = true;
# services.udev.packages = [ hid-fanatecff ];
networking = {
# tailscale docker test
firewall.allowedTCPPorts = [ 80 443 3478 41641 ];
firewall.allowedUDPPorts = [ 80 443 3478 41641 ];
firewall.allowedTCPPortRanges = [
{
from = 39000;
to = 42000;
}
{
from = 18000;
to = 19000;
}
];
firewall.allowedUDPPortRanges = [
{
from = 39000;
to = 42000;
}
{
from = 18000;
to = 19000;
}
];
hostName = "nixos-desk";
useDHCP = lib.mkDefault true;
extraHosts = ''
100.64.0.1 oekonzept.net
100.64.0.1 camt.oekonzept.net
100.64.0.1 camt-cbg.oekonzept.net
100.64.0.1 camt-eth.oekonzept.net
100.64.0.1 camt-pro.oekonzept.net
100.64.0.1 camt-swbfk.oekonzept.net
100.64.0.1 cloud.oekonzept.net
100.64.0.1 office.oekonzept.net
100.64.0.1 llama.oekonzept.net
100.64.0.1 netdata.oekonzept.net
100.64.0.1 oproject.oekonzept.net
100.64.0.1 leantime.oekonzept.net
'';
};
hardware = {
enableRedistributableFirmware = true;
};
zramSwap.enable = true;
};
}
Reference in a new issue Copy permalink