dishwasher's hw is in valhalla, microwave's new dishwasher

2023-07-11 21:55:21 +02:00 · 2023-07-11 21:55:21 +02:00 · 33b86e8594
commit 33b86e8594
parent 94f0006952
8 changed files with 32 additions and 321 deletions
--- a/hosts/dishwasher/default.nix
+++ b/hosts/dishwasher/default.nix
@ -5,6 +5,6 @@
    ./secrets.nix
    ./oxalab.nix
    ./mcvm-network.nix
-    ./microvms.nix
+    # ./microvms.nix
  ];
 }
--- a/hosts/dishwasher/hardware-configuration.nix
+++ b/hosts/dishwasher/hardware-configuration.nix
@ -9,57 +9,54 @@
      (modulesPath + "/installer/scan/not-detected.nix")
    ];
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    {
-      device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1";
+      device = "rpool/nixos";
-      fsType = "btrfs";
+      fsType = "zfs";
-      options = [ "subvol=nixos" "compress=zstd" "noatime" ];
+      options = [ "zfsutil" ];
    };
  fileSystems."/var/lib" =
    {
      device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1";
      fsType = "btrfs";
      options = [ "subvol=var-lib" "compress=zstd" "noatime" ];
    };
  fileSystems."/var/log" =
    {
      device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1";
      fsType = "btrfs";
      options = [ "subvol=var-log" "compress=zstd" "noatime" ];
    };
  fileSystems."/var/microvms" =
    {
      device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1";
      fsType = "btrfs";
      options = [ "subvol=microvms" "compress=zstd" "noatime" ];
    };
  fileSystems."/nix" =
    {
-      device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1";
+      device = "rpool/nixos/nix";
-      fsType = "btrfs";
+      fsType = "zfs";
-      options = [ "subvol=nix" "compress=zstd" "noatime" ];
+      options = [ "zfsutil" ];
    };
  fileSystems."/home" =
    {
      device = "rpool/userdata/home";
      fsType = "zfs";
      options = [ "zfsutil" ];
    };
  fileSystems."/boot" =
    {
-      device = "/dev/disk/by-uuid/2A04-BFAE";
+      device = "/dev/disk/by-uuid/A8AA-1CC4";
      fsType = "vfat";
      options = [ "X-mount.mkdir" ];
    };
-  swapDevices = [ ];
+  swapDevices =
    [{
      device = "/dev/disk/by-partuuid/f9712640-96a5-46e1-b07d-53b0cba19057";
      randomEncryption = true;
    }];
-  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  networking.interfaces.enp53s0.useDHCP = lib.mkDefault true;
  networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  networking.interfaces.wlan0.useDHCP = true;
  networking.interfaces.enp1s0.useDHCP = true;
  services.logind.lidSwitch = "ignore";
 }
--- a/hosts/microwave/configuration.nix
+++ b/hosts/microwave/configuration.nix
@ -1,115 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, ... }:
 {
  # SWAP
  zramSwap = {
    enable = true;
    algorithm = "zstd";
  };
  environment.systemPackages = with pkgs; [
    tdesktop
    signal-desktop
    cubicsdr
    kicad
    gimp
    inkscape
    fractal-next
  ];
  nixpkgs.config.allowUnfree = true;
  services.fstrim.enable = true;
  boot = {
    loader = {
      efi.canTouchEfiVariables = true;
      systemd-boot.enable = true;
    };
    supportedFilesystems = [ "zfs" ];
    kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages;
    kernelParams = [ "nohibernate" ];
    zfs.devNodes = "/dev/";
    plymouth.enable = false;
    tmp.useTmpfs = true;
  };
  services.zfs = {
    trim.enable = true;
    autoScrub = {
      enable = true;
      pools = [ "rpool" ];
    };
    autoSnapshot.enable = true;
  };
  # update the microcode
  hardware.cpu.intel.updateMicrocode = true;
  hardware.enableAllFirmware = true;
  # Shell config (bash)
  programs.bash = {
    enableCompletion = true;
  };
  security.sudo = {
    enable = true;
    wheelNeedsPassword = true;
  };
  # Users
  users.users.grue = {
    createHome = true;
    extraGroups = [
      "wheel"
      "video"
      "libvirtd"
      "plugdev"
      "dialout"
      "bluetooth"
    ];
    group = "users";
    home = "/home/grue";
    isNormalUser = true;
    uid = 1000;
  };
  time.timeZone = "Europe/Amsterdam";
  i18n = {
    defaultLocale = "en_US.UTF-8";
    supportedLocales = [ "all" ];
    #supportedLocales = [ "en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "ru_RU.UTF-8/UTF-8" ];
  };
  programs.steam.enable = true;
  services.udev.extraRules = ''
    # MCH2022 Badge
    SUBSYSTEM=="usb", ATTR{idVendor}=="16d0", ATTR{idProduct}=="0f9a", MODE="0666"
    #Flipper Zero serial port
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="5740", ATTRS{manufacturer}=="Flipper Devices Inc.", TAG+="uaccess"
    #Flipper Zero DFU
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", ATTRS{manufacturer}=="STMicroelectronics", TAG+="uaccess"
    #Flipper ESP32s2 BlackMagic
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="303a", ATTRS{idProduct}=="40??", ATTRS{manufacturer}=="Flipper Devices Inc.", TAG+="uaccess"
  '';
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?
 }
--- a/hosts/microwave/default.nix
+++ b/hosts/microwave/default.nix
@ -1,8 +0,0 @@
 {
  imports = [
    ./configuration.nix
    ./hardware-configuration.nix
    ./network.nix
    ./secrets.nix
  ];
 }
--- a/hosts/microwave/hardware-configuration.nix
+++ b/hosts/microwave/hardware-configuration.nix
@ -1,62 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [
      (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    {
      device = "rpool/nixos";
      fsType = "zfs";
      options = [ "zfsutil" ];
    };
  fileSystems."/nix" =
    {
      device = "rpool/nixos/nix";
      fsType = "zfs";
      options = [ "zfsutil" ];
    };
  fileSystems."/home" =
    {
      device = "rpool/userdata/home";
      fsType = "zfs";
      options = [ "zfsutil" ];
    };
  fileSystems."/boot" =
    {
      device = "/dev/disk/by-uuid/A8AA-1CC4";
      fsType = "vfat";
      options = [ "X-mount.mkdir" ];
    };
  swapDevices =
    [{
      device = "/dev/disk/by-partuuid/f9712640-96a5-46e1-b07d-53b0cba19057";
      randomEncryption = true;
    }];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  networking.interfaces.enp53s0.useDHCP = lib.mkDefault true;
  networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/microwave/network.nix
+++ b/hosts/microwave/network.nix
@ -1,66 +0,0 @@
 { pkgs, config, ... }: {
  environment.systemPackages = with pkgs; [
    iwgtk
  ];
  networking = {
    hostName = "microwave"; # Define your hostname.
    hostId = "7da4f1e6";
    firewall.enable = true;
    networkmanager.enable = false;
    useNetworkd = true;
    wireguard.enable = true;
    wireless.iwd = {
      enable = true;
    };
  };
  services.resolved = {
    enable = true;
    dnssec = "allow-downgrade";
  };
  # workaround for networkd waiting for shit
  systemd.services.systemd-networkd-wait-online.serviceConfig.ExecStart = [
    "" # clear old command
    "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online --any"
  ];
  systemd.network = {
    enable = true;
    # wait-online.ignoredInterfaces = [ "wlan0" "enp53s0" ];
    # Interfaces on the machine
    netdevs."10-james" = {
      netdevConfig = {
        Name = "james";
        Kind = "bond";
      };
      bondConfig = {
        Mode = "active-backup";
        PrimaryReselectPolicy = "always";
        MIIMonitorSec = "1s";
      };
    };
    networks."10-ether-bond" = {
      matchConfig.Name = "enp53s0";
      networkConfig = {
        Bond = "james";
        PrimarySlave = true;
      };
    };
    networks."10-wlan-bond" = {
      matchConfig.Name = "wlan0";
      networkConfig = {
        Bond = "james";
      };
    };
    networks."10-james-bond" = {
      matchConfig.Name = "james";
      networkConfig = {
        DHCP = "yes";
        IPv6AcceptRA = true;
      };
    };
  };
 }
--- a/hosts/microwave/secrets.nix
+++ b/hosts/microwave/secrets.nix
@ -1,5 +0,0 @@
 { config, ... }:
 {
  sops.defaultSopsFile = ../../secrets/microwave/secrets.yaml;
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 }
--- a/hosts/microwave/stateful-networking.nix
+++ b/hosts/microwave/stateful-networking.nix
@ -1,30 +0,0 @@
 { pkgs, config, ... }: {
  networking = {
    hostName = "microwave"; # Define your hostname.
    hostId = "7da4f1e6";
    firewall.enable = true;
    wireguard.enable = true;
    # wireless.iwd.enable = true;
    # networkmanager.wifi.backend = "iwd";
  };
  # fix networkmanager wireguard
  networking.firewall = {
    # if packets are still dropped, they will show up in dmesg
    logReversePathDrops = true;
    # wireguard trips rpfilter up
    extraCommands = ''
      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
    '';
    extraStopCommands = ''
      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
    '';
  };
  services.resolved = {
    enable = true;
    dnssec = "allow-downgrade";
  };
 }