dregil: Import current config into flake

2023-03-14 23:24:26 +01:00 · 2023-03-14 23:24:26 +01:00 · 808f23e20c
commit 808f23e20c
parent 01aa1ae9ee
6 changed files with 373 additions and 217 deletions
--- a/flake.lock
+++ b/flake.lock
@ -8,11 +8,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1676153903,
+        "lastModified": 1677969766,
-        "narHash": "sha256-uetRyjgMiZCs6srmZ10M764Vn7F53M9mVuqnzHmyBqU=",
+        "narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "ea17cc71b4e1bc5b2601f210a1c85db9453ad723",
+        "rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e",
        "type": "github"
      },
      "original": {
@ -67,11 +67,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1676484851,
+        "lastModified": 1678817767,
-        "narHash": "sha256-IQtPR+ObyNgh+Gc5rvfPUD3Xe7jsWk6jTMSwU6YOdHs=",
+        "narHash": "sha256-P+Al3yNlM53oL+kxtU853arGO8YsfZPXjXqB1exaPKo=",
        "owner": "nix-community",
        "repo": "emacs-overlay",
-        "rev": "fb1cdbb0a12d7f0e0e50022c405aca7c856dd233",
+        "rev": "7ba9b9e2392d33071f06dcff9845b42f3096f7c3",
        "type": "github"
      },
      "original": {
@ -95,7 +95,7 @@
        "type": "github"
      }
    },
-    "hm": {
+    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
@ -103,43 +103,58 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1676257154,
+        "lastModified": 1678831854,
-        "narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=",
+        "narHash": "sha256-7HBmLFNVD2KjovSzypIN9NfyzpWelMe8sNbUVZIRsS0=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527",
+        "rev": "cae54dc45c0d61c99c1dc8b04bc42f36c76f9771",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-22.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1676546582,
+        "lastModified": 1678703398,
-        "narHash": "sha256-MJ+PXNmUyxnMTFoss7G2lEcUY2cfYZM6RudBAL5aX1k=",
+        "narHash": "sha256-Y1mW3dBsoWLHpYm+UIHb5VZ7rx024NNHaF16oZBx++o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2fb7d749c084890192b2cd08ba264e5e4a14df1b",
+        "rev": "67f26c1cfc5d5783628231e776a81c1ade623e0b",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-22.11-small",
+        "ref": "nixos-22.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
        "lastModified": 1678654296,
        "narHash": "sha256-aVfw3ThpY7vkUeF1rFy10NAkpKDS2imj3IakrzT0Occ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "5a1dc8acd977ff3dccd1328b7c4a6995429a656b",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1676569297,
+        "lastModified": 1669542132,
-        "narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=",
+        "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37",
+        "rev": "a115bb9bd56831941be3776c8a94005867f316a7",
        "type": "github"
      },
      "original": {
@ -152,8 +167,9 @@
      "inputs": {
        "agenix": "agenix",
        "emacs": "emacs",
-        "hm": "hm",
+        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "snm": "snm"
      }
    },
--- a/flake.nix
+++ b/flake.nix
@ -1,9 +1,10 @@
 {
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
-    hm = {
+    home-manager = {
-      url = "github:nix-community/home-manager/release-22.11";
+      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
@ -13,8 +14,10 @@
      inputs.nixpkgs-22_11.follows = "nixpkgs";
    };
-    emacs.url = "github:nix-community/emacs-overlay";
+    emacs = {
-    emacs.inputs.nixpkgs.follows = "nixpkgs";
+      url = "github:nix-community/emacs-overlay";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # age for nix to store encrypted passwords conveniently
    agenix = {
@ -23,7 +26,7 @@
    };
  };
-  outputs = { self, hm, nixpkgs, agenix, snm, ... }@inputs: {
+  outputs = { self, home-manager, nixpkgs, agenix, snm, ... }@inputs: {
    nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
@ -37,7 +40,7 @@
        ./modules/security.nix
        ./hosts/thrall
        agenix.nixosModules.age
-        hm.nixosModules.home-manager
+        home-manager.nixosModules.home-manager
        {
          home-manager.useGlobalPkgs = true;
          home-manager.useUserPackages = true;
@ -46,25 +49,6 @@
      ];
    };
-    nixosConfigurations."dregil" = nixpkgs.lib.nixosSystem {
+    nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; };
      system = "x86_64-linux";
      modules = [
        ({
          nixpkgs = {
            config.allowUnfree = true;
            overlays = with inputs; [ emacs.overlay ];
          };
        })
        ./modules/security.nix
        ./hosts/dregil
        agenix.nixosModules.age
        hm.nixosModules.home-manager
        {
          home-manager.useGlobalPkgs = true;
          home-manager.useUserPackages = true;
          home-manager.users.alex = import ./home/cli.nix;
        }
      ];
    };
  };
 }
--- a/hosts/dregil/configuration.nix
+++ b/hosts/dregil/configuration.nix
@ -0,0 +1,166 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { inputs, config, pkgs, ... }:
 let
  nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
    export __NV_PRIME_RENDER_OFFLOAD=1
    export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
    export __GLX_VENDOR_LIBRARY_NAME=nvidia
    export __VK_LAYER_NV_optimus=NVIDIA_only
    exec "$@"
  '';
 in
 {
  imports =
    [
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
      # <nixos-hardware/lenovo/legion/15ich>
    ];
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  networking.hostName = "dregil"; # Define your hostname.
  # Pick only one of the below networking options.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  console = {
    font = "Lat2-Terminus16";
    useXkbConfig = true; # use xkbOptions in tty.
  };
  # Enable the X11 windowing system.
  services.xserver = {
    enable = true;
    exportConfiguration = true;
    # Configure keymap in X11
    layout = "dvorak";
    xkbOptions = "terminate:ctrl_alt_bksp,caps:escape,compose:ralt";
    videoDrivers = [ "nvidia" ]; # "modesetting" ];
    displayManager.lightdm = {
      enable = true;
    };
    desktopManager.xfce.enable = true;
    # Enable touchpad support (enabled default in most desktopManager).
    libinput = {
      enable = true;
      touchpad.disableWhileTyping = true;
      touchpad.naturalScrolling = true;
      mouse.naturalScrolling = config.services.xserver.libinput.touchpad.naturalScrolling;
    };
  };
  fonts = {
    enableDefaultFonts = true;
    fonts = with pkgs; [
        noto-fonts
        noto-fonts-emoji
        fira-code
        fira-code-symbols
        nerdfonts
    ];
  };
  # Enable CUPS to print documents.
  # services.printing.enable = true;
  # Enable sound.
  sound.enable = true;
  hardware.pulseaudio.enable = true;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.alex = {
    isNormalUser = true;
    extraGroups = [ "wheel" # Enable ‘sudo’ for the user.
                    "input"
                  ];
    packages = with pkgs; [
      # gui tool
      alacritty
      firefox
      jitsi-meet-electron
      # editing
      helix
      nil          # nix language server
      # system tools
      htop-vim     # htop with vim bindings
      erdtree      # du+tree had sex
      dua          # ncdu but better
      bat          # better cat
      uhk-agent
      # gaming support
      bottles
    ];
  };
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
     wget
     ripgrep
     git
     nvidia-offload
  ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
  programs.neovim = {
    enable = true;
  };
  programs.steam = {
    enable = true;
  };
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;
  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;
  system.nixos.tags = [ "HiDPI" "nvidia-only" ];
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?
 }
--- a/hosts/dregil/default.nix
+++ b/hosts/dregil/default.nix
@ -1,173 +1,22 @@
-{ config, lib, pkgs, ... }:
+{ inputs, ... }:
-let extIface = "ens3";
+let
-in {
+  inherit (inputs.nixpkgs-unstable.lib) nixosSystem;
-  imports = [ # Include the results of the hardware scan.
+
-    ./hardware-configuration.nix
+  system = "x86_64-linux";
  pkgs = import inputs.nixpkgs-unstable {
    inherit system;
    config = {
        allowUnfree = true;
    };      
  };
 in
 nixosSystem {
  inherit system pkgs;
  specialArgs = { inherit inputs; };
  modules = [
    ../../modules/security.nix
    ../../modules/common-system.nix
    ./configuration.nix
  ];
  nix.package = pkgs.nixUnstable;
  nix.extraOptions = ''
    experimental-features = nix-command flakes ca-derivations
  '';
  #nix.registry.nixpkgs.flake = nixpkgs;
  # Binary Cache for Haskell.nix
  nix.settings.trusted-public-keys =
    [ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ];
  #nix.binaryCaches = [ "https://hydra.iohk.io" ];
  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  # boot.loader.grub.efiSupport = true;
  # boot.loader.grub.efiInstallAsRemovable = true;
  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
  # Define on which hard drive you want to install Grub.
  boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
  # boot.loader.systemd-boot.enable = true;
  # Set your time zone.
  time.timeZone = "Europe/Berlin";
  age.secrets = {
    #    mailPass.file = ../../secrets/mailPass.age;
    #    wireguard-thrall.file = ../../secrets/wireguard-thrall.age;
  };
  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
  # Per-interface useDHCP will be mandatory in the future, so this generated config
  # replicates the default behaviour.
  networking = {
    hostName = "dregil";
    domain = "failco.de";
    wireless.enable = true;
    useDHCP = true;
    enableIPv6 = true;
    firewall = {
      allowedTCPPorts = [ 22 ];
      allowedUDPPorts = [ 42666 ];
    };
    #    wireguard.interfaces = {
    #      wg0 = {
    #        ips = [ "10.0.0.1/24" ];
    #        listenPort = 42666;
    #
    #        privateKeyFile = config.age.secrets.wireguard-thrall.path;
    #        peers = [
    #          {
    #            # my phone
    #            publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk=";
    #            allowedIPs = [ "10.0.0.2/32" ];
    #          }
    #          {
    #            # my tablet
    #            publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k=";
    #            allowedIPs = [ "10.0.0.3/32" ];
    #          }
    #        ];
    #      };
    #    };
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "alex@jakalx.net";
  };
  security.sudo = {
    enable = true;
    execWheelOnly = true;
    extraRules = [{
      groups = [ "wheel" ];
      commands = [{
        command = "/run/current-system/sw/bin/nixos-rebuild";
        options = [ "NOPASSWD" ];
      }];
    }];
  };
  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "dvorak";
  };
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.alex = {
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    shell = pkgs.zsh;
  };
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    wget
    rsync
    htop
    tmux
    git
    #agenix.defaultPackage.x86_64-linux
    restic # fast and secure backup
    rclone
  ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };
  programs.neovim = {
    enable = true;
    defaultEditor = true;
    viAlias = true;
    vimAlias = true;
  };
  # enable zsh globally in order to get home.sessionPath to propagate :()
  programs.zsh.enable = true;
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
  services.lorri.enable = true;
  # configure backup via restic to gdrive
  services.restic.backups = { };
  services.keybase = { enable = true; };
  services.syncthing = {
    enable = true;
    user = "alex";
    dataDir = "/home/alex/sync";
    overrideDevices =
      true; # overrides any devices added or deleted through the WebUI
    overrideFolders =
      true; # overrides any folders added or deleted through the WebUI
    folders = {
      "org" = {
        path = "/home/alex/org";
        devices = [ "thrall" "redmi" ];
      };
      "scan" = {
        path = "/home/alex/media/scan";
        devices = [ "thrall" "redmi" ];
      };
    };
    devices = {
      "redmi" = {
        id = "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW";
      };
    };
  };
  system.stateVersion = "20.09"; # Did you read the comment?
 }
--- a/hosts/dregil/hardware-configuration.nix
+++ b/hosts/dregil/hardware-configuration.nix
@ -0,0 +1,92 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ "dm-snapshot" "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" ];
  boot.initrd.luks.devices = {
    root = {
      device = "/dev/disk/by-uuid/bebf96d1-2a2b-412c-a5f0-f9ed5730a05f";
      preLVM = true;
      allowDiscards = true;
      fallbackToPassword = true;
      keyFile = "/dev/sda2";
      keyFileSize = 4096;
    };
  };
  boot.kernelModules = [ "kvm-intel" "nvidia" ];
  boot.extraModulePackages = [ pkgs.linuxPackages.nvidia_x11 ];
  boot.kernelParams = [ "module_blacklist=i915" ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
      fsType = "btrfs";
      options = [ "subvol=root" "compress=zstd" ];
    };
  fileSystems."/home" =
    { device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
      fsType = "btrfs";
      options = [ "subvol=home" "compress=zstd" ];
    };
  fileSystems."/nix" =
    { device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
      fsType = "btrfs";
      options = [ "subvol=nix" "compress=zstd" "noatime" ];
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/786D-42D7";
      fsType = "vfat";
    };
  swapDevices =
    [ { device = "/dev/disk/by-uuid/b8c224ad-095e-4a48-b5b2-a19451fdeb95";
      }
    ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp52s0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  hardware.video.hidpi.enable = true;
  hardware.nvidia = {
     nvidiaSettings = true;
     nvidiaPersistenced = true;
 #    modesetting.enable = true;
     package = config.boot.kernelPackages.nvidiaPackages.beta;
 #    prime = {
 #      offload.enable = true;
 #
 #      intelBusId = "PCI:1:0:0";
 #      nvidiaBusId = "PCI:1:0:0";
 #      intelBusId = "0@0:2:0";
 #      nvidiaBusId = "1@1:0:0";
 #    };
  };
  hardware.opengl = {
    enable = true;
    driSupport = true;
    driSupport32Bit = true;
  };
  hardware.keyboard.uhk.enable = true;
 }
--- a/modules/common-system.nix
+++ b/modules/common-system.nix
@ -0,0 +1,49 @@
 {config, pkgs, inputs, ...}:
 {
  i18n.defaultLocale = "en_US.UTF-8";
  time.timeZone = "Europe/Berlin";
  environment.systemPackages = with pkgs; [
    wget
    tmux
    ripgrep
    git
    dua
    erdtree
    exa
    fd
    fzf
    bat
  ];
  networking.firewall.enable = true;
  users.users.alex = {
      isNormalUser = true;
      extraGroups = [ "wheel" "input" ];
      shell = pkgs.zsh;
  };
  nix = {
      gc = {
        automatic = true;
        dates = "weekly";
        options = "--delete-older-than 30d";
      };
      registry = {
        nixpkgs.flake = inputs.nixpkgs;
        nixpkgs-unstable.flake = inputs.nixpkgs-unstable;
      };
      settings = {
        auto-optimise-store = true;
        experimental-features = [ "nix-command" "flakes" ];
        warn-dirty = false;
        # avoid unwanted garbage collection when using direnv
        keep-outputs = true;
        keep-derivations = true;
      };
  };
 }