diff --git a/systems/nixos-pulse/default.nix b/systems/nixos-pulse/default.nix index 25e496c..3ac06d1 100644 --- a/systems/nixos-pulse/default.nix +++ b/systems/nixos-pulse/default.nix @@ -18,31 +18,87 @@ ../../os-mods/common ../../os-mods/desktop ../../os-mods/desktop/audio.nix - ../../os-mods/desktop/gaming.nix ../../os-mods/desktop/printing.nix ../../os-mods/network ../../os-mods/ryzenapu ../../os-mods/virt - ../../users ]; + nix.settings = { + trusted-users = [ "nixremote" "root" "tristand" ]; + system-features = [ + "benchmark" + "big-parallel" + "kvm" + "nixos-test" + "gccarch-x86-64-v3" + "gccarch-znver2" + ]; + }; + programs.corectrl.gpuOverclock.enable = lib.mkForce false; - nix.settings.system-features = [ - "benchmark" - "big-parallel" - "kvm" - "nixos-test" - "gccarch-x86-64-v3" - "gccarch-znver2" - ]; + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + users.tester = import ../../users/admin-shell.nix { + username = "tester"; + + inherit pkgs config inputs system lib; + }; + users.tristand = import ../../users/admin-shell.nix { + username = "tristand"; + + inherit pkgs config inputs system lib; + }; + }; + + users.groups.nixremote = { }; + users.users = { + tester = { + isNormalUser = true; + description = "Testa Test"; + extraGroups = [ "audio" "corectrl" "docker" "networkmanager" "i2c" "wheel" "libvirtd" "qemu-libvirtd" "input" ]; + shell = pkgs.fish; + home = "/home/tester"; + hashedPassword = "$6$YJT50/Za3FSFQuNT$0orD1URwoURoRKO9sIAsUiIHxOtEOjmPXn5Mp7vAmIYlgVmI629qS7YPUInmztEtEorRpkSMbV3.fCy9NQhKX."; + }; + tristand = { + isNormalUser = true; + description = "Tristan Druyen"; + extraGroups = [ "audio" "corectrl" "dialout" "docker" "networkmanager" "i2c" "wheel" "libvirtd" "qemu-libvirtd" "input" ]; + shell = pkgs.fish; + home = "/home/tristand"; + hashedPassword = "$6$Wj.XY8JgH5EWuog4$HnbtPJXDEqKXFrzkPVEjih3PytcpBCrkfL7TAwkXd0IFced7kGMlZNliNsAqQ3XqfyUzAYiiKTIqoPVJEk.s.."; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJ6wPntg8+kVLU4M+ykRuBb37SQd1csUtO3ZIStoW+4 root@he2.vault82.de" + ]; + }; + + nixremote = { + isSystemUser = true; + group = "nixremote"; + description = "remote builder user"; + extraGroups = [ "docker" "networkmanager" "wheel" ]; + shell = pkgs.bash; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDS/4JFRaAPoUaDiwDRbbNoaJqsBzaE+DEdaQH9OezM root@nixos-fw16" + ]; + }; + }; boot = { - kernelPackages = pkgs.pkgsx86_64_v3.linuxPackages_cachyos; + # kernelPackages = pkgs.pkgsx86_64_v3.linuxPackages_cachyos; + kernelPackages = pkgs.pkgsAMD64Microarchs.znver2.linuxPackages_cachyos; kernelPatches = [ ]; kernelParams = [ # "systemd.unit=emergency.target" - "systemd.setenv=SYSTEMD_SULOGIN_FORCE=1" + # "systemd.setenv=SYSTEMD_SULOGIN_FORCE=1" # "rescue" # "pcie_aspm=force" # "pcie_aspm.policy=powersupersave" @@ -93,48 +149,8 @@ networking = { hostName = "nixos-pulse"; extraHosts = '' - 192.168.0.75 monitor.oekonzept.de - 192.168.0.151 rosa.oekonzept.de - 192.168.0.171 karl.oekonzept.de - 192.168.0.206 vewadb.oekonzept.de - 192.168.0.191 vewadb2.oekonzept.de - 192.168.0.190 vpn.oekonzept.de - 192.168.0.180 vewasmb.oekonzept.de - 192.168.0.91 puppet.oekonzept.de - 192.168.0.245 camt.oekonzept.net - 192.168.0.245 camt-cbg.oekonzept.net - 192.168.0.245 camt-eth.oekonzept.net - 192.168.0.245 camt-pro.oekonzept.net - 192.168.0.245 camt-swbfk.oekonzept.net - 192.168.0.245 cloud.oekonzept.net - 192.168.0.245 office.oekonzept.net - 192.168.0.245 llama.oekonzept.net - 192.168.0.245 netdata.oekonzept.net - 192.168.0.245 nixos-karl-kvm-guest.oekonzept.de - 176.9.242.147 fe3f3294-c93a-4aca-895e-abe6c858dbd5-llama-cpp.redvau.lt + 176.9.242.147 he4.redvau.lt ''; - interfaces = { - enp5s0f4u1u1c2 = { - useDHCP = false; - ipv4.addresses = [ - { - address = "192.168.0.21"; - prefixLength = 24; - } - ]; - ipv4.routes = [ - { - address = "192.168.0.0"; - prefixLength = 24; - } - { - address = "0.0.0.0"; - prefixLength = 0; - via = "192.168.0.5"; - } - ]; - }; - }; }; fileSystems = @@ -142,11 +158,6 @@ automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; perm_opts = "uid=1000,gid=100"; btrfs_opts = "autodefrag,compress=zstd,discard=async,noatime,space_cache=v2,ssd"; - smb_opts = [ - "vers=2.0,credentials=/home/tristand/.smb-secrets" - perm_opts - automount_opts - ]; sshfs_opts = [ "allow_other,_netdev,reconnect,ServerAliveInterval=15,IdentityFile=/var/secrets/id_ed25519" perm_opts @@ -184,18 +195,6 @@ ]; }; - "/mnt/ServerF" = { - # device = "//srv-nas-01.local/Server_F"; - device = "//192.168.0.1/Server_F"; - fsType = "cifs"; - options = smb_opts; - }; - "/mnt/Scans" = { - # device = "//srv-nas-01.local/Server_F"; - device = "//192.168.0.1/Scans"; - fsType = "cifs"; - options = smb_opts; - }; "/mnt/media_v2" = { device = "root@23.88.68.113:/media_v2"; fsType = "sshfs"; @@ -204,29 +203,11 @@ }; system.fsPackages = [ pkgs.sshfs ]; - systemd = { - services = { - # This manually configures the automatically created network-adresses service to be more flexible - # regarding booting without the the device being available on boot - # It prevents slow timeouts & errors on boot while preserving Plug & Play ability - network-addresses-enp5s0f4u1u1c2.unitConfig = { - ConditionPathExists = "/sys/class/net/enp5s0f4u1u1c2"; - BindsTo = lib.mkForce null; - }; - }; - }; services.udev.extraRules = '' - ACTION=="add", KERNEL=="enp5s0f4u1u1c2", TAG+="systemd", ENV{SYSTEMD_WANTS}="network-addresses-enp5s0f4u1u1c2.service" - ACTION=="remove", KERNEL=="enp5s0f4u1u1c2", RUN+="${pkgs.systemd}/bin/systemctl stop network-addresses-enp5s0f4u1u1c2.service" SUBSYSTEM=="pci", ATTR{power/control}="auto" ACTION=="add", SUBSYSTEM=="serio", DRIVERS=="atkbd", ATTR{power/wakeup}="disabled" ''; - environment.systemPackages = with pkgs; [ - android-tools - android-udev-rules - ]; - hardware = { enableRedistributableFirmware = true; i2c.enable = true; @@ -236,7 +217,7 @@ sensor.iio.enable = true; tuxedo-rs = { enable = true; - tailor-gui.enable = true; + tailor-gui.enable = false; # used headless atm }; };