julian/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Rename systems folder to hosts

Browse Source
This commit is contained in:
Julian Mutter
2025-04-22 21:34:44 +02:00
parent fb2626372f
commit 3f9442fd02
8 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

157
hosts/aspi/default.nix Normal file
View File

@ -0,0 +1,157 @@
{
# Snowfall Lib provides a customized `lib` instance with access to your flake's library
# as well as the libraries available from your flake's inputs.
lib,
# An instance of `pkgs` with your overlays and packages applied is also available.
pkgs,
# You also have access to your flake's inputs.
inputs,
# Additional metadata is provided by Snowfall Lib.
namespace, # The namespace used for your flake, defaulting to "internal" if not set.
system, # The system architecture for this host (eg. `x86_64-linux`).
target, # The Snowfall Lib target for this system (eg. `x86_64-iso`).
format, # A normalized name for the system target (eg. `iso`).
virtual, # A boolean to determine whether this system is a virtual target using nixos-generators.
systems, # An attribute map of your defined hosts.
# All other arguments come from the system system.
config,
...
}:
{
imports = [ ./hardware-configuration.nix ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot.blacklistedKernelModules = [ "pcspkr" ]; # Disables "beep"
networking.hostName = "aspi";
networking.networkmanager.enable = true;
# networking.networkmanager.dns = "systemd-resolved";
services.resolved.enable = true;
topology.self = {
hardware.info = "ThinkPad L430, 8GB RAM";
};
time.timeZone = "Europe/Berlin";
sops.secrets = {
"password/aspi".neededForUsers = true; # necessary for setting password
};
modules = {
sops.enable = true;
nix-settings.enable = true;
xserver-defaults.enable = true;
keymap.enable = true;
builder.enable = true;
system.boot-efi.enable = true;
sound.enable = true;
locales.enable = true;
# thunar.enable = true;
pcmanfm.enable = true;
i3.enable = true;
gdm.enable = true;
# tuigreet.enable = true;
redshift.enable = true;
# wayland.enable = true;
# hyprland.enable = true;
# tuigreet.enable = true;
virtualbox.enable = true;
users-julian.enable = true;
syncthing = {
enable = true;
overrideSettings = false;
};
xdg-portal.enable = true;
polkit.enable = true;
keyring.enable = true;
};
users.mutableUsers = false;
users.users.julian.hashedPasswordFile = config.sops.secrets."password/aspi".path;
services.blueman.enable = true;
services.upower.enable = true;
programs.steam.enable = true;
programs.dconf.enable = true;
services.logind.lidSwitch = "lock";
services.logind.lidSwitchDocked = "lock";
programs.kdeconnect.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true;
# This interface is started on boot / switch
networking.wg-quick.interfaces = {
julian = {
configFile = "/etc/wireguard/julian.conf";
};
};
# List services that you want to enable:
services.openssh.enable = false;
services.flatpak.enable = true;
security.krb5.enable = true;
security.krb5.settings = {
# domain_realm = {
# ".julian-mutter.de" = "julian-mutter.de";
# "julian-mutter.de" = "julian-mutter.de";
# };
libdefaults = {
default_realm = "julian-mutter.de";
# dns_lookup_realm = true;
# dns_lookup_kdc = true;
# ticket_lifetime = "24h";
# renew_lifetime = "7d";
};
realms = {
"julian-mutter.de" = {
kdc = [ "kerberos.julian-mutter.de" ];
admin_server = "kerberos-admin.julian-mutter.de";
default_domain = "julian-mutter.de";
};
};
};
virtualisation.docker.enable = true;
# hardware.nvidia-container-toolkit.enable = true;
# services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.open = false;
# Do not alway generate man-cache, making builds much faster
documentation.man.generateCaches = false;
# MDNS on local network
services.avahi = {
enable = true;
nssmdns4 = true;
};
# Packages needed as root
environment.systemPackages = with pkgs; [
vim
htop
mc
xorg.xhost
pavucontrol
frajul.pulseaudio-popup
gparted-xhost # needs to be installed as system package so it can be actually opened
xclip
brightnessctl
];
# ======================== DO NOT CHANGE THIS ========================
system.stateVersion = "24.05";
# ======================== DO NOT CHANGE THIS ========================
}

62
hosts/aspi/hardware-configuration.nix Normal file
View File

@ -0,0 +1,62 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.luks.devices = {
root = {
device = "/dev/disk/by-uuid/a4dc9a2c-725b-4252-8fbb-093a271c31ba";
preLVM = true;
allowDiscards = true;
};
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/7040-F37C";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/26140b4a-0579-406d-a484-35aa31b32e80"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

289
hosts/builder/default.nix Normal file
View File

@ -0,0 +1,289 @@
# sudo nixos-rebuild switch --flake .#builder --target-host root@192.168.3.118
# or
# deploy .#builder
{ config, pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ];
# hardware.graphics = {
# enable = true;
# extraPackages = with pkgs; [
# rocmPackages.clr.icd
# linuxPackages.amdgpu-pro
# ];
# };
# boot.kernelParams = [
# "radeon.si_support=0"
# "radeon.cik_support=1"
# "amdgpu.si_support=0"
# "amdgpu.cik_support=1"
# ];
# boot.extraModulePackages = with config.boot.kernelPackages; [ amdgpu-pro ];
# boot.blacklistedKernelModules = [ "radeon" ];
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
# Emulated systems used as alternative to cross-compiling
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
networking.hostName = "builder";
networking.networkmanager.enable = true;
time.timeZone = "Europe/Berlin";
modules = {
keymap.enable = true;
locales.enable = true;
sops.enable = true;
};
users.users.nix = {
isNormalUser = true;
description = "Nix";
extraGroups = [
"networkmanager"
"wheel"
];
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# Setup binary caches
nix.settings = {
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
trusted-users = [ "nix" ];
max-jobs = "auto";
cores = 0;
};
# optimize store by hardlinking store files
nix.optimise.automatic = true;
nix.optimise.dates = [ "03:15" ];
# nix.gc.automatic = true;
# nix.gc.dates = "daily";
# nix.gc.options = "--delete-old";
# nix.settings.keep-derivations = false;
# nix.settings.keep-outputs = true;
# Garbage collect up to 100 GiB when only 20 GiB storage left
nix.extraOptions = ''
min-free = ${toString (20 * 1024 * 1024 * 1024)}
max-free = ${toString (100 * 1024 * 1024 * 1024)}
'';
environment.systemPackages = with pkgs; [
vim
htop
mc
# # AMD GPU tools
# pciutils
# nvtopPackages.amd
# linuxPackages.amdgpu-pro
];
nix.nrBuildUsers = 64;
# prevent memory to get filled
systemd.services.nix-daemon.serviceConfig = {
MemoryAccounting = true;
MemoryMax = "90%";
OOMScoreAdjust = 500;
};
# Ollama used by open-webui as llm backend
# services.ollama = {
# enable = true;
# # acceleration = "rocm";
# };
# services.open-webui = {
# enable = true;
# port = 8080;
# openFirewall = true;
# host = "builder.julian-mutter.de";
# };
networking.firewall.allowedTCPPorts = [
80
];
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = true;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "yes";
};
users.users."root".openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFcS+3d1tNgHmYCjueymCV9Bd2LcJcKGhVobrDe3r0s julian@kardorf"
];
users.users."nix".openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIQ+qMuXvyoxO1DuCR3/x+IQRfSA2WyMuzuotWZjCye root@aspi"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnfLJnS2SKUs47J0qpLTkk0LQA5quOuAhnxE6yppUDm root@kardorf"
];
# security.pam.sshAgentAuth.enable = true; # enable sudo via ssh
services.hydra = {
enable = true;
hydraURL = "http://hydra.julian-mutter.de"; # externally visible URL
port = 3000;
notificationSender = "hydra@julian-mutter.de"; # e-mail of hydra service
# a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
# buildMachinesFiles = [ ];
# you will probably also want, otherwise *everything* will be built from scratch
useSubstitutes = true;
minimumDiskFree = 5; # in GB
minimumDiskFreeEvaluator = 4; # in GB
};
# add builder itself as build machine so system emulation is properly supported
# nix.distributedBuilds = true;
nix.buildMachines = [
{
hostName = "localhost";
protocol = null;
# sshUser = "nix";
systems = [
"x86_64-linux"
"aarch64-linux"
];
maxJobs = 4;
speedFactor = 3;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];
# Uris allowed as flake inputs, otherwise hydra does not fetch them
nix.settings.allowed-uris = [
"github:"
"gitlab:"
"git+https://github.com/hyprwm/Hyprland"
"https://github.com/hyprwm/Hyprland"
"https://github"
"https://gitlab"
"https://gitlab.julian-mutter.de"
"git+https://gitlab.julian-mutter.de"
];
services.nginx = {
enable = true;
recommendedProxySettings = true;
# recommendedTlsSettings = true;
# other Nginx options
virtualHosts."hydra.julian-mutter.de" = {
# enableACME = true;
# forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
# proxyWebsockets = true; # needed if you need to use WebSocket
# extraConfig =
# # required when the target is also TLS server with multiple hosts
# "proxy_ssl_server_name on;" +
# # required when the server wants to use HTTP Authentication
# "proxy_pass_header Authorization;"
# ;
};
};
virtualHosts."binarycache.julian-mutter.de" = {
locations."/".proxyPass =
"http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
clientMaxBodySize = "2G";
virtualHosts."cache.julian-mutter.de" = {
locations."/".proxyPass = "http://127.0.0.1:8080";
};
};
# =========== Gitea actions ==========
services.gitea-actions-runner.instances."builder" = {
enable = true;
url = "https://gitlab.julian-mutter.de";
name = "builder";
tokenFile = config.sops.secrets."gitea_token".path;
labels = [ ]; # use default labels
};
virtualisation.docker.enable = true;
# TODO: podman fails with: "cannot resolve hostname"
# virtualisation.podman = {
# enable = true;
# dockerCompat = true;
# defaultNetwork.settings.dns_enabled = true;
# };
sops.secrets."gitea_token" = {
owner = config.users.users.nix.name;
sopsFile = ../../../secrets/secrets-builder.yaml;
};
# =========== Binary Cache ==========
services.nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
# =========== Binary Cache with attic ==========
sops.secrets."attic_token".sopsFile = ../../../secrets/secrets-builder.yaml;
services.atticd = {
enable = true;
environmentFile = config.sops.secrets."attic_token".path;
settings = {
listen = "[::]:8080";
jwt = { };
# Data chunking
#
# Warning: If you change any of the values here, it will be
# difficult to reuse existing chunks for newly-uploaded NARs
# since the cutpoints will be different. As a result, the
# deduplication ratio will suffer for a while after the change.
chunking = {
# The minimum NAR size to trigger chunking
#
# If 0, chunking is disabled entirely for newly-uploaded NARs.
# If 1, all NARs are chunked.
nar-size-threshold = 64 * 1024; # 64 KiB
# The preferred minimum size of a chunk, in bytes
min-size = 16 * 1024; # 16 KiB
# The preferred average size of a chunk, in bytes
avg-size = 64 * 1024; # 64 KiB
# The preferred maximum size of a chunk, in bytes
max-size = 256 * 1024; # 256 KiB
};
};
};
# ======================== DO NOT CHANGE THIS ========================
system.stateVersion = "23.11";
# ======================== DO NOT CHANGE THIS ========================
}

40
hosts/builder/hardware-configuration.nix Normal file
View File

@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
# boot.initrd.kernelModules = [ "amdgpu" ]; # GPU support
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/f088fe8e-bf3d-4a89-98bd-ead9852d381f";
fsType = "ext4";
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

78
hosts/kardorf/default.nix Normal file
View File

@ -0,0 +1,78 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
lib,
inputs,
config,
pkgs,
systems,
...
}:
{
imports = [ ./hardware-configuration.nix ];
networking.hostName = "kardorf"; # Define your hostname.
networking.networkmanager.enable = true;
services.resolved.enable = true;
topology.self = {
hardware.info = "Pc Kardorf";
};
time.timeZone = "Europe/Berlin";
modules = {
nix-settings.enable = true;
xserver-defaults.enable = true;
keymap.enable = true;
builder.enable = true;
system.boot-efi.enable = true;
sound.enable = true;
locales.enable = true;
pcmanfm.enable = true;
i3.enable = true;
gdm.enable = true;
virtualbox.enable = true;
users-julian.enable = true;
xdg-portal.enable = true;
polkit.enable = true;
keyring.enable = true;
redshift.enable = true;
syncthing.enable = true;
};
boot.loader.efi.efiSysMountPoint = "/boot/efi";
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
# hardware.nvidia.modesetting.enable = true; # for wayland
# Enable CUPS to print documents.
# hardware.sane.enable = true;
services.printing.enable = true;
services.printing.browsing = true;
# services.avahi.enable = true;
# services.avahi.nssmdns = true;
services.printing.drivers = with pkgs; [ gutenprint ];
# List services that you want to enable:
services.openssh.enable = false;
services.flatpak.enable = true;
# Smart card reader
services.pcscd.enable = true;
virtualisation.docker.enable = true;
# Packages needed as root
environment.systemPackages = with pkgs; [
vim
htop
mc
gparted-xhost # needs to be installed as system package so it can be actually opened
];
# ======================== DO NOT CHANGE THIS ========================
system.stateVersion = "22.11";
# ======================== DO NOT CHANGE THIS ========================
}

60
hosts/kardorf/hardware-configuration.nix Normal file
View File

@ -0,0 +1,60 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "ehci_pci" "ahci" "xhci_pci" "usbhid" "uas" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/swap" = {
device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94";
fsType = "btrfs";
options = [ "subvol=swap" "noatime" ];
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/7D48-A59C";
fsType = "vfat";
};
swapDevices = [{
device = "/swap/swapfile";
size = 16 * 1024;
}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

204
hosts/pianonix/default.nix Normal file
View File

@ -0,0 +1,204 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
lib,
inputs,
config,
pkgs,
...
}:
{
imports = [ ./hardware-configuration.nix ];
# disko.devices.disk.main.device = "/dev/mmcblk1";
networking.networkmanager.enable = true;
# networking.wireless.enable = true;
# networking.wireless.environmentFile = config.sops.secrets."wifi/pianonix".path;
# networking.wireless.networks = {
# "@SSID@".psk = "@PSK@";
# };
networking.hostName = "pianonix"; # Define your hostname.
# Set your time zone.
time.timeZone = "Europe/Berlin";
sops.secrets."vnc-passwd" = {
owner = config.users.users.julian.name;
sopsFile = ../../../secrets/vnc-passwd;
format = "binary";
};
sops.secrets."wifi/pianonix" = { };
sops.secrets."syncthing/pianonix/key" = { };
sops.secrets."syncthing/pianonix/cert" = { };
# sops.secrets."syncthing/public-keys/aspi-nix" = { };
# sops.secrets."syncthing/public-keys/pianonix" = { };
sops.secrets."password/pianonix" = {
neededForUsers = true; # necessary for setting password
};
modules = {
sops.enable = true;
nix-settings.enable = true;
xserver-defaults.enable = true;
keymap.enable = true;
builder.enable = false;
# system.boot-efi.enable = true;
sound.enable = true;
locales.enable = true;
pcmanfm.enable = true;
# i3.enable = true;
# gdm.enable = true;
redshift.enable = true;
# wayland.enable = true;
# hyprland.enable = true;
# tuigreet.enable = true;
# virtualbox.enable = true;
users-julian.enable = true;
syncthing = {
enable = true;
overrideSettings = true;
};
# xdg-portal.enable = true;
polkit.enable = true;
keyring.enable = true;
};
users.mutableUsers = false;
users.users.julian.hashedPasswordFile = config.sops.secrets."password/pianonix".path;
# Enable the Desktop Environment.
# services.xserver.displayManager.lightdm.enable = true;
services.displayManager.autoLogin = {
enable = true;
user = "julian";
};
systemd.services.x11vnc = {
description = "Run x11vnc server";
after = [ "display-manager.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.x11vnc}/bin/x11vnc -rfbauth ${
config.sops.secrets."vnc-passwd".path
} -forever -loop -noxdamage -repeat -rfbport 5900 -shared";
User = config.users.users.julian.name;
Restart = "on-failure";
Environment = "DISPLAY=:0";
};
};
boot.loader.timeout = 1; # Set boot loader timeout to 1s
programs.dconf.enable = true;
# De-facto disable network manager, which is enabled by gnome
# networking.networkmanager.unmanaged = [ "*" ];
services.xserver.desktopManager = {
xfce = {
enable = true;
};
};
services.xserver.displayManager.sessionCommands = ''
# Prevent screen from going blank or turning off (values in min)
${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -s 0
${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -s 0
${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -s 0
'';
services.xserver.xautolock.enable = false;
services.xserver.desktopManager.xfce.enableScreensaver = false;
# xdg.portal.lxqt.enable = true;
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "yes";
};
users.users."root".openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVk/m4ydcYXzHxTWeNw2MlwxKU+JirTVOeHsYR4wdTokwYyNWZ3/zPcU4+XekSRatwJW1LJYrZ1Y5IJkobzgnOvYVI7SXZ1Tbzb1kAcnChSt+Dp/pKdMPZ8yY3PTFZh+R5F3rWFA/YZqTRhh0vuxPIVbLl7zOPExWwYGn9crkZaYZvKHVvgE5660hXo9pxbUKsSs+DIy/AE7gfKiZLusY95nk9T/jZ7Vmhl0UsF0RiDsfxgE664/vEKe8b+82kKCDt5nJVe8THSrjaw4+NUhef6R8UoUO1/Pn4TKq3Gil3Z36wPEPdkw2lYzX+d1EFyaC3hZJedSUfdFliPOejIbNvvhPBBD1wAGxxyuJZB5KLwWN7/efwCgw45buLbVfUuwwug7K7GK84A3yzqClbZKKv8rYdO04UG64A+Taq2LeyxQIDjygTgGk/1j/0Neb1RO0FbjlbTeNMZ54P+u7BTEcikJCsbFeseWDtYzupQtLt96KMbcdRgHy0CTGqFHE+my8= julian@julian-aspi"
];
# Do not alway generate man-cache, making builds much faster
documentation.man.generateCaches = false;
# MDNS on local network
services.avahi = {
enable = true;
nssmdns4 = true;
publish.enable = true;
publish.addresses = true;
};
services.syncthing.key = config.sops.secrets."syncthing/pianonix/key".path;
services.syncthing.cert = config.sops.secrets."syncthing/pianonix/cert".path;
services.syncthing.settings = {
devices = {
"aspi-nix" = {
id = "DM5QRYU-ILJ4XYB-4V6NZDG-RAMVOND-3RSDSYR-52TW6RW-3XIU333-T7FNAA3";
};
"pianonix" = {
id = "FD3XSFW-7LQSCIQ-KHZPLNQ-7VZYGKH-RJ2ZKTJ-BG67NRH-36TQIZM-CXDYWAH";
};
};
folders = {
"Klavier" = {
path = "/home/julian/Klavier";
id = "flc3m-q4gp2";
devices = [
"aspi-nix"
"pianonix"
];
};
};
};
# Packages needed as root
environment.systemPackages = with pkgs; [
vim
htop
mc
];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
5900 # for vnc
];
# Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI!
# If no user is logged in, the machine will power down after 20 minutes.
systemd.targets.sleep.enable = false;
systemd.targets.suspend.enable = false;
systemd.targets.hibernate.enable = false;
systemd.targets.hybrid-sleep.enable = false;
## Raspberry pi specific config
# hardware.raspberry-pi."4" = {
# fkms-3d.enable = true;
# touch-ft5406.enable = true;
# };
# Prevent host becoming unreachable on wifi after some time (for raspberry pi)
networking.networkmanager.wifi.powersave = false;
# Enable audio devices on raspberry pi
# boot.kernelParams = [
# "snd_bcm2835.enable_hdmi=1"
# "snd_bcm2835.enable_headphones=1"
# ];
# boot.loader.raspberryPi.firmwareConfig = ''
# dtparam=audio=on
# '';
# ======================== DO NOT CHANGE THIS ========================
system.stateVersion = "22.11";
# ======================== DO NOT CHANGE THIS ========================
}

36
hosts/pianonix/hardware-configuration.nix Normal file
View File

@ -0,0 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}