commit a9532469718f53912a66073dfae12a5bcf8e7ffa Author: Grigory Shipunov Date: Wed May 25 19:27:42 2022 +0200 init diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..a896aac --- /dev/null +++ b/flake.lock @@ -0,0 +1,119 @@ +{ + "nodes": { + "flake-utils": { + "locked": { + "lastModified": 1652733177, + "narHash": "sha256-mRpdBbVk8tbYVgEE6oTBbFT1vkVdF7EzaP7bMQ26wWA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "04b4d989fda8f14e6fcd1fee631eab9c54d15b97", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "microvm": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1653399543, + "narHash": "sha256-qLFw8U3xop5U5KtYGykOVa0oKHmTYg3TaNB043GMIks=", + "owner": "astro", + "repo": "microvm.nix", + "rev": "309e172528cb6589210c2b19f0f8fc15a0fe2384", + "type": "github" + }, + "original": { + "owner": "astro", + "repo": "microvm.nix", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1653060744, + "narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dfd82985c273aac6eced03625f454b334daae2e8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-21_11": { + "locked": { + "lastModified": 1653132211, + "narHash": "sha256-5ugEYisGqixwarfn3BJvuWDnO6gT/AoxlsA6jnG8Fv8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b5991e4971523a5fcc9413b9003b58e5c15aa7d8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-21.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-22_05": { + "locked": { + "lastModified": 1653460991, + "narHash": "sha256-8MgFe84UUKw5k5MybirNH0S+oSluN2cRQGt+ZkW+dxQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0c3bf3a5c3ab6be29138b88900c417660a284fbd", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "microvm": "microvm", + "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-21_11": "nixpkgs-21_11", + "nixpkgs-22_05": "nixpkgs-22_05" + }, + "locked": { + "lastModified": 1653462763, + "narHash": "sha256-n0beO7WNvAeEtTtnetzQCaGs615tU/DfM97k8r/7bUw=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "7385b12722ce903e477878147794bed9040227e2", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..d570cc9 --- /dev/null +++ b/flake.nix @@ -0,0 +1,36 @@ +{ + description = "oxa's system configs"; + + inputs = { + nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable; + sops-nix.url = github:Mic92/sops-nix; + sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + microvm = { + url = github:astro/microvm.nix; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs@{ self, nixpkgs, sops-nix, microvm, ... }: { + nixosConfigurations = { + microwave = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ./hosts/microwave/configuration.nix + ./modules/graphical.nix + ./modules/hw-accel-intel.nix + ./modules/kernel-latest.nix + ./modules/virtualization.nix + ./modules/emacs.nix + ./modules/radio.nix + ./modules/tlp.nix + ./modules/chromium.nix + ./modules/wireguard.nix + ./modules/binary-caches.nix + ./modules/science.nix + ]; + }; + }; + }; +} diff --git a/hosts/microwave/configuration.nix b/hosts/microwave/configuration.nix new file mode 100644 index 0000000..7020447 --- /dev/null +++ b/hosts/microwave/configuration.nix @@ -0,0 +1,108 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # SWAP + zramSwap = { + enable = true; + algorithm = "zstd"; + }; + + environment.systemPackages = with pkgs; [ + tdesktop + signal-desktop + cubicsdr + kicad + gimp + inkscape + ]; + networking.firewall.enable = true; + services.xserver.videoDrivers = [ "displaylink" "modesetting" ]; + + networking = { + hostName = "microwave"; # Define your hostname. + networkmanager.enable = true; + wireguard.enable = true; + + }; + + + nixpkgs.config.allowUnfree = true; + + services.fstrim.enable = true; + + boot = { + supportedFilesystems = ["btrfs"]; + + # use systemd boot by default + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + tmpOnTmpfs = true; + plymouth.enable = false; + }; + + # update the microcode + hardware.cpu.intel.updateMicrocode = true; + hardware.enableAllFirmware = true; + + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + + # Enable touchpad support. + services.xserver.libinput = { + enable = true; + touchpad = { + disableWhileTyping = true; + naturalScrolling = true; + scrollMethod = "twofinger"; + tapping = true; + accelProfile = "adaptive"; + # clickMethod = "clickfinger"; + }; + }; + + # Shell config (bash) + programs.bash = { + enableCompletion = true; + }; + + security.sudo = { + enable = true; + wheelNeedsPassword = true; + }; + + # Users + users.users.grue = { + createHome = true; + extraGroups = [ "wheel" "networkmanager" "wireshark" "video" + "libvirtd" "plugdev" "dialout" "bluetooth" ]; + group = "users"; + home = "/home/grue"; + isNormalUser = true; + uid = 1000; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.05"; # Did you read the comment? + +} + diff --git a/hosts/microwave/hardware-configuration.nix b/hosts/microwave/hardware-configuration.nix new file mode 100644 index 0000000..13aefaa --- /dev/null +++ b/hosts/microwave/hardware-configuration.nix @@ -0,0 +1,56 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/f9edd500-f47b-42e5-9b88-7b6d86f76caa"; + fsType = "btrfs"; + options = [ "subvol=root" "noatime" "compress=zstd" ]; + }; + + boot.initrd.luks.devices."nixos-crypt".device = "/dev/disk/by-uuid/dbee4082-85ae-40f0-9c80-034f3574688f"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/4B02-CE16"; + fsType = "vfat"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/f9edd500-f47b-42e5-9b88-7b6d86f76caa"; + fsType = "btrfs"; + options = [ "subvol=home" "noatime" "compress=zstd" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/f9edd500-f47b-42e5-9b88-7b6d86f76caa"; + fsType = "btrfs"; + options = [ "subvol=nix" "noatime" "compress=zstd" ]; + }; + + fileSystems."/tmp" = + { device = "/dev/disk/by-uuid/f9edd500-f47b-42e5-9b88-7b6d86f76caa"; + fsType = "btrfs"; + options = [ "subvol=tmp" "noatime" "compress=zstd" ]; + }; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = lib.mkDefault false; + networking.interfaces.enp53s0.useDHCP = lib.mkDefault true; + networking.interfaces.wlp54s0.useDHCP = lib.mkDefault true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/basic-tools.nix b/modules/basic-tools.nix new file mode 100644 index 0000000..1500f82 --- /dev/null +++ b/modules/basic-tools.nix @@ -0,0 +1,97 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + bat + exa + fd + file + fzf + gitFull + gnupg + htop + irssi + killall + mercurial + neovim + ripgrep + tealdeer + tokei + traceroute + tree + liquidprompt + (aspellWithDicts (ps: with ps; [ en en-science en-computers ru de ])) + exfatprogs + nmap + bind + nnn + man-pages + neomutt + cachix + ]; + + nix = { + package = pkgs.nixUnstable; + autoOptimiseStore = true; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + + + programs.tmux = { + enable = true; + keyMode = "vi"; + escapeTime = 0; + historyLimit = 50000; + aggressiveResize = true; + terminal = "tmux-256color"; + }; + + # set appropriate environ variables + environment.variables = { + EDITOR = "nvim"; + PAGER = "less -F"; + }; + + environment.shellAliases = { + vim = "nvim"; + vi = "nvim"; + vf = "$EDITOR $(fzf)"; + vff = "$EDITOR $(ls|fzf)"; + ls = "exa"; + ll = "exa -l"; + l = "exa -al"; + ssh="TERM=xterm-256color ssh"; + mutt="neomutt"; + }; + + users.defaultUserShell = pkgs.zsh; + programs.zsh = { + enable = true; + enableCompletion = true; + syntaxHighlighting.enable = true; + interactiveShellInit = '' + bindkey -e + ''; + promptInit = '' + source /run/current-system/sw/share/zsh/plugins/liquidprompt/liquidprompt +if [[ -n "$IN_NIX_SHELL" ]]; then + prompt_tag "(nix-shell)" +fi + ''; + }; + + environment.etc.liquidpromptrc = { + text = '' + LP_ENABLE_SSH_COLORS=1 + LP_ENABLE_TITLE=1 + LP_ENABLE_SCREEN_TITLE=1 + ''; + }; + programs.msmtp = { + enable = true; + }; + programs.iftop.enable = true; + programs.mosh.enable = true; +} diff --git a/modules/binary-caches.nix b/modules/binary-caches.nix new file mode 100644 index 0000000..7b6a5bd --- /dev/null +++ b/modules/binary-caches.nix @@ -0,0 +1,36 @@ +{ pkgs, lib, ... }: { + nix = { + registry.microvm = { + from = { + type = "indirect"; + id = "microvm"; + }; + to = { + type = "github"; + owner = "astro"; + repo = "microvm.nix"; + }; + }; + settings = { + trusted-users = [ + "grue" + "@wheel" + ]; + substituters = [ + "https://microvm.cachix.org" + "https://nix-serve.hq.c3d2.de" + "https://dump-dvb.cachix.org" + ]; + trusted-substituters = [ + "https://microvm.cachix.org" + "https://nix-serve.hq.c3d2.de" + "https://dump-dvb.cachix.org" + ]; + trusted-public-keys = [ + "microvm.cachix.org-1:oXnBc6hRE3eX5rSYdRyMYXnfzcCxC7yKPTbZXALsqys=" + "nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=" + "dump-dvb.cachix.org-1:+Dq7gqpQG4YlLA2X3xJsG1v3BrlUGGpVtUKWk0dTyUU=" + ]; + }; + }; +} diff --git a/modules/chromium.nix b/modules/chromium.nix new file mode 100644 index 0000000..5021ea6 --- /dev/null +++ b/modules/chromium.nix @@ -0,0 +1,34 @@ +{config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + # (ungoogled-chromium.override { enableVaapi = true; }) + chromium + ]; + + nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland --force-dark-mode --enable-features=WebUIDarkMode"; + + programs.chromium = { + enable = true; + extensions = [ + "pkehgijcmpdhfbdbbnkijodmdjhbjlgp" # privacy badger + "ekhagklcjbdpajgpjgmbionohlpdbjgc" # zotero connector + "nngceckbapebfimnlniiiahkandclblb" # bitwarden + "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin + ]; + extraOpts = { + "BrowserSignin" = 0; + "SyncDisabled" = true; + "PasswordManagerEnabled" = false; + "TranslateEnabled" = false; + "AutofillAddressEnabled" = false; + "AutofillCreditCardEnabled" = false; + "AutoplayAllowed" = false; + "DefaultNotificationSetting" = 2; + "BackgroundModeEnabled" = false; + "DefaultSearchProviderEnabled" = true; + "DefaultSearchProviderSearchURL" = "https://duckduckgo.com/?q={searchTerms}"; + "SearchSuggestEnable" = false; + }; + }; +} diff --git a/modules/emacs.nix b/modules/emacs.nix new file mode 100644 index 0000000..52fdc52 --- /dev/null +++ b/modules/emacs.nix @@ -0,0 +1,21 @@ +{ lib, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + # language servers + clang-tools + clang + + sqlite + graphviz + ]; + + services.emacs = { + install = true; + enable = false; + # pure gtk, native compiled emacs with vterm and pdf-tools + package = with pkgs; ((emacsPackagesFor emacs).emacsWithPackages (epkgs: [ epkgs.vterm ])); + defaultEditor = false; + }; + +} diff --git a/modules/gnupg.nix b/modules/gnupg.nix new file mode 100644 index 0000000..57ca9fd --- /dev/null +++ b/modules/gnupg.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + gnupg + opensc + + yubioath-desktop + ]; + + # smartcard support + services.pcscd.enable = false; + hardware.gpgSmartcards.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; +} diff --git a/modules/graphical.nix b/modules/graphical.nix new file mode 100644 index 0000000..855c5b1 --- /dev/null +++ b/modules/graphical.nix @@ -0,0 +1,130 @@ +# General Desktop-related config +{ config, pkgs, ... }: + +{ + imports = [ + ./basic-tools.nix + ./gnupg.nix + ]; + + environment.systemPackages = with pkgs; [ + firefox-wayland + dino + alacritty + kitty + xclip + flameshot + wl-clipboard + brightnessctl + pulseaudio-ctl + feh + mpv + zathura + pulsemixer + screen-message + cmus + gtk-engine-murrine + gtk_engines + gsettings-desktop-schemas + pamixer + qbittorrent + ]; + + services.acpid.enable = true; + programs.light.enable = true; + + #on the desktop, we need nice fonts ^^ + fonts.fonts = with pkgs; [ + dejavu_fonts + julia-mono + uw-ttyp0 + gohufont + monoid + spleen + terminus_font + iosevka + creep + corefonts + dina-font + fira + fira-code + fira-code-symbols + fira-mono + hack-font + liberation_ttf + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + noto-fonts-extra + proggyfonts + symbola + open-sans + twemoji-color-font + twitter-color-emoji + ]; + + fonts.enableDefaultFonts = true; + fonts.fontconfig = { + enable = true; + allowBitmaps = true; + useEmbeddedBitmaps = true; + defaultFonts.emoji = [ + "Twitter Color Emoji" + "Noto Color Emoji" + ]; + }; + + # Enable sound. + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + hardware.bluetooth = { + enable = true; + package = pkgs.bluezFull; + }; + + services.blueman.enable = true; + + services.xserver.enable = false; + programs.xwayland.enable = true; + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + extraPackages = with pkgs; [ + swaylock + swayidle + wl-clipboard + mako + alacritty + wofi + waybar + gnome3.adwaita-icon-theme + i3status-rust + ]; + }; + environment.sessionVariables = { GTK_THEME = "Adwaita:dark"; }; + environment.loginShellInit = '' + if [ -z $DISPLAY ] && [ "$(tty)" = "/dev/tty1" ]; then + exec sway + fi + ''; + xdg.portal.wlr.enable = true; + + nix = { + binaryCaches = [ + "https://dump-dvb.cachix.org" + ]; + binaryCachePublicKeys = [ + "dump-dvb.cachix.org-1:+Dq7gqpQG4YlLA2X3xJsG1v3BrlUGGpVtUKWk0dTyUU=" + ]; + }; + programs.zsh.vteIntegration = true; + programs.bash.vteIntegration = true; + services.upower.enable = true; + +} diff --git a/modules/hw-accel-intel.nix b/modules/hw-accel-intel.nix new file mode 100644 index 0000000..a48a93e --- /dev/null +++ b/modules/hw-accel-intel.nix @@ -0,0 +1,21 @@ +# overrides to enable [sometimes] wonky intel acceleration +{ config, pkgs, ... }: + +{ + nixpkgs.config.packageOverrides = pkgs: { + vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + }; + + hardware.opengl = { + enable = true; + extraPackages = with pkgs; [ + vaapiVdpau + vaapiIntel + libvdpau-va-gl + intel-media-driver + ]; + }; + + boot.initrd.kernelModules = [ "i915" ]; + +} diff --git a/modules/kernel-latest.nix b/modules/kernel-latest.nix new file mode 100644 index 0000000..26b0dd7 --- /dev/null +++ b/modules/kernel-latest.nix @@ -0,0 +1,5 @@ +{ config, pkgs, ... }: + +{ + boot.kernelPackages = pkgs.linuxPackages_latest; +} diff --git a/modules/radio.nix b/modules/radio.nix new file mode 100644 index 0000000..21772bc --- /dev/null +++ b/modules/radio.nix @@ -0,0 +1,19 @@ +{ lib, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + gnuradio + gqrx + cubicsdr + + libusb + rtl-sdr + hackrf + soapyhackrf + ]; + + hardware = { + rtl-sdr.enable = true; + hackrf.enable = true; + }; +} diff --git a/modules/science.nix b/modules/science.nix new file mode 100644 index 0000000..b30093b --- /dev/null +++ b/modules/science.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + # (rWrapper.override{ packages = with rPackages; [ + # ggplot2 + # swirl + # languageserver + # dplyr + # data_table + # ]; }) + #(rstudioWrapper.override{ packages = with rPackages; [ ggplot2 ]; }) + texlive.combined.scheme-full + gnuplot + graphicsmagick + zotero + python3Full + ]; +} diff --git a/modules/tlp.nix b/modules/tlp.nix new file mode 100644 index 0000000..20d1ddc --- /dev/null +++ b/modules/tlp.nix @@ -0,0 +1,10 @@ +{ config, pkgs, ... }: + +{ + powerManagement.cpuFreqGovernor = null; + services.power-profiles-daemon.enable = false; + services.tlp.enable = true; + services.tlp.extraConfig = '' +USB_BLACKLIST="1d50:604b 1d50:6089 1d50:cc15 1fc9:000c" +''; +} diff --git a/modules/virtualization.nix b/modules/virtualization.nix new file mode 100644 index 0000000..52ab671 --- /dev/null +++ b/modules/virtualization.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + virtmanager + ]; + + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + # virtualization + boot.kernelModules = [ "kvm-intel" ]; + virtualisation = { + libvirtd = { + enable = true; + qemu.runAsRoot = false; + qemu.package = pkgs.qemu_full; + }; + podman = { + enable = true; + dockerCompat = true; + }; + }; +} diff --git a/modules/wireguard.nix b/modules/wireguard.nix new file mode 100644 index 0000000..728f291 --- /dev/null +++ b/modules/wireguard.nix @@ -0,0 +1,43 @@ +{ config, ... }: + +{ + networking.wg-quick.interfaces = { + wg-zw = { + privateKeyFile="/root/zw-wg-key"; + address = ["172.20.76.226" ]; + dns = [ "172.20.73.8" ]; + peers = [ + { + publicKey = "PG2VD0EB+Oi+U5/uVMUdO5MFzn59fAck6hz8GUyLMRo="; + endpoint = "81.201.149.152:1337"; + allowedIPs = [ "172.20.72.0/21" "172.22.99.0/24" ]; + } + ]; + }; + wg-dvb = { + privateKeyFile = "/root/wg-dvb"; + address = [ "10.13.37.3/32" ]; + + peers = [ + { + publicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY="; + allowedIPs = [ "10.13.37.0/24" ]; + endpoint = "academicstrokes.com:51820"; + persistentKeepalive = 25; + } + ]; + }; + + mlwd-nl = { + privateKeyFile = "/root/mlvd"; + address = [ "10.65.79.164/32" "fc00:bbbb:bbbb:bb01::2:4fa3/128" ]; + dns = [ "193.138.218.74" ]; + + peers = [ { + publicKey = "StMPmol1+QQQQCJyAkm7t+l/QYTKe5CzXUhw0I6VX14="; + allowedIPs = [ "0.0.0.0/0" "::0/0" ]; + endpoint = "92.60.40.194:51820"; + }]; + }; + }; +}