Add heaven (my server)

2024-06-07 21:21:03 +02:00
parent d917ac9f6a
commit 17f93ea60b
25 changed files with 238 additions and 17 deletions
--- a/hosts/laptop/configuration.nix
+++ b/hosts/laptop/configuration.nix
@@ -0,0 +1,135 @@
+{ pkgs, config, ... }:
+let
+  variable = import ../../variables.nix;
+  imports = [ ./hardware-configuration.nix ];
+  # Weird variable name to avoid conflict with the `imports` variable...
+  secondImports =
+    if variable.enableNvidia then imports ++ [ ./nvidia.nix ] else imports;
+  thirdImports = if variable.enablePrime then
+    secondImports ++ [ ./prime.nix ]
+  else
+    secondImports;
+in {
+  imports = thirdImports;
+
+  # Bootloader.
+  boot = {
+    loader.efi.canTouchEfiVariables = true;
+    loader.systemd-boot = {
+      enable = true;
+      consoleMode = "auto";
+    };
+    tmp.cleanOnBoot = true;
+  };
+
+  networking.networkmanager.enable = true;
+
+  networking.hostName = variable.hostName;
+
+  time.timeZone = variable.timeZone;
+  i18n.defaultLocale = variable.defaultLocale;
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = variable.extraLocale;
+    LC_IDENTIFICATION = variable.extraLocale;
+    LC_MEASUREMENT = variable.extraLocale;
+    LC_MONETARY = variable.extraLocale;
+    LC_NAME = variable.extraLocale;
+    LC_NUMERIC = variable.extraLocale;
+    LC_PAPER = variable.extraLocale;
+    LC_TELEPHONE = variable.extraLocale;
+    LC_TIME = variable.extraLocale;
+  };
+
+  users.users.${variable.username} = {
+    isNormalUser = true;
+    description = "${variable.username} account";
+    extraGroups = [ "networkmanager" "wheel" ];
+  };
+
+  services = {
+    xserver = {
+      xkb.layout = variable.keyboardLayout;
+      xkb.variant = "";
+    };
+    blueman.enable = true;
+    gnome.gnome-keyring.enable = true;
+  };
+  console.keyMap = variable.keyboardLayout;
+
+  programs.zsh.enable = true;
+  users.defaultUserShell = pkgs.zsh;
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  environment.systemPackages = with pkgs; [ networkmanagerapplet ];
+
+  nixpkgs.config.permittedInsecurePackages = [
+    "electron-25.9.0"
+    "nix-2.16.2"
+  ]; # TODO: Remove this if not needed anymore
+
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = true;
+  };
+
+  # Set environment variables
+  environment.variables = {
+    XDG_DATA_HOME = "$HOME/.local/share";
+    PASSWORD_STORE_DIR = "$HOME/.local/share/password-store";
+    MOZ_ENABLE_WAYLAND = "1";
+    EDITOR = "nvim";
+    ANKI_WAYLAND = "1";
+    DISABLE_QT5_COMPAT = "0";
+    NIXOS_OZONE_WL = "1";
+  };
+
+  # Sound
+  sound = { enable = true; };
+
+  security.rtkit.enable = true;
+  hardware.pulseaudio.enable = false;
+
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+    wireplumber.enable = true;
+  };
+
+  nix = {
+    settings = {
+      auto-optimise-store = true;
+      experimental-features = [ "nix-command" "flakes" ];
+    };
+    gc = if variable.enableAutoGarbageCollector then {
+      automatic = true;
+      persistent = true;
+      dates = "weekly";
+      options = "--delete-older-than 7d";
+    } else
+      { };
+  };
+
+  system.autoUpgrade = if variable.enableAutoUpgrade then {
+    enable = true;
+    dates = "04:00";
+    flake = "${config.users.users.${variable.username}.home}/.config/nixos";
+    flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ];
+    allowReboot = false;
+  } else
+    { };
+
+  nix.settings = {
+    substituters = [ "https://hyprland.cachix.org" ];
+    trusted-public-keys =
+      [ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ];
+  };
+
+  services.dbus.enable = true;
+
+  system.stateVersion = variable.stateVersion;
+}
--- a/hosts/laptop/fonts.nix
+++ b/hosts/laptop/fonts.nix
@@ -0,0 +1,42 @@
+{ pkgs, inputs, ... }: {
+
+  fonts = {
+    packages = with pkgs; [
+      material-icons
+      material-design-icons
+      roboto
+      work-sans
+      comic-neue
+      source-sans
+      twemoji-color-font
+      comfortaa
+      inter
+      lato
+      lexend
+      jost
+      dejavu_fonts
+      iosevka-bin
+      noto-fonts
+      noto-fonts-cjk
+      noto-fonts-emoji
+      jetbrains-mono
+      (nerdfonts.override { fonts = [ "FiraCode" ]; })
+      inputs.apple-fonts.packages.${pkgs.system}.sf-pro-nerd
+      inputs.apple-fonts.packages.${pkgs.system}.sf-mono-nerd
+      openmoji-color
+    ];
+
+    enableDefaultPackages = false;
+
+    # this fixes emoji stuff
+    fontconfig = {
+      defaultFonts = {
+        monospace = [ "FiraCode Nerd Font Mono" "Noto Color Emoji" ];
+        sansSerif = [ "SFProDisplay Nerd Font" "Noto Color Emoji" ];
+        serif = [ "SFProDisplay Nerd Font" "Noto Color Emoji" ];
+        emoji = [ "Noto Color Emoji" ];
+      };
+    };
+
+  };
+}
--- a/hosts/laptop/hardware-configuration.nix
+++ b/hosts/laptop/hardware-configuration.nix
@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }: {
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot = {
+    initrd.availableKernelModules =
+      [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ];
+    initrd.kernelModules = [ ];
+    kernelModules = [ "kvm-amd" ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/6c2487ec-20ff-4ce3-9396-281c2094aba1";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/B4EA-C54F";
+    fsType = "vfat";
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/laptop/nvidia.nix
+++ b/hosts/laptop/nvidia.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, ... }: {
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+    extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ];
+  };
+
+  services.xserver.videoDrivers = [ "nvidia" ];
+
+  boot.kernelParams = [ "nvidia.NVreg_PreserveVideoMemoryAllocations=1" ];
+
+  hardware.nvidia = {
+    modesetting.enable = true;
+    powerManagement.enable = false;
+    powerManagement.finegrained = false;
+    open = false;
+    nvidiaSettings = true;
+    package = config.boot.kernelPackages.nvidiaPackages.production;
+  };
+}
--- a/hosts/laptop/prime.nix
+++ b/hosts/laptop/prime.nix
@@ -0,0 +1,13 @@
+{
+  hardware.nvidia.prime = {
+    offload = {
+      enable = true;
+      enableOffloadCmd = true;
+    };
+
+    # sync.enable = true;
+
+    amdgpuBusId = "PCI:5:0:0";
+    nvidiaBusId = "PCI:1:0:0";
+  };
+}
--- a/hosts/laptop/tuigreet.nix
+++ b/hosts/laptop/tuigreet.nix
@@ -0,0 +1,29 @@
+{ pkgs, ... }: {
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        command =
+          "${pkgs.greetd.tuigreet}/bin/tuigreet --remember --asterisks --container-padding 2 --time --time-format '%I:%M %p | %a • %h | %F' --cmd Hyprland";
+        user = "greeter";
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs; [ greetd.tuigreet ];
+
+  # this is a life saver.
+  # literally no documentation about this anywhere.
+  # might be good to write about this...
+  # https://www.reddit.com/r/NixOS/comments/u0cdpi/tuigreet_with_xmonad_how/
+  systemd.services.greetd.serviceConfig = {
+    Type = "idle";
+    StandardInput = "tty";
+    StandardOutput = "tty";
+    StandardError = "journal"; # Without this errors will spam on screen
+    # Without these bootlogs will spam on screen
+    TTYReset = true;
+    TTYVHangup = true;
+    TTYVTDisallocate = true;
+  };
+}
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -0,0 +1,79 @@
+{ pkgs, config, ... }:
+let variable = import ../../variables.nix;
+in {
+  imports = [ ./hardware-configuration.nix ./openssh.nix ];
+
+  boot = {
+    loader.efi.canTouchEfiVariables = true;
+    loader.systemd-boot = {
+      enable = true;
+      consoleMode = "auto";
+    };
+    tmp.cleanOnBoot = true;
+  };
+
+  networking.hostName = variable.server.hostName;
+
+  time.timeZone = variable.timeZone;
+  i18n.defaultLocale = variable.defaultLocale;
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = variable.extraLocale;
+    LC_IDENTIFICATION = variable.extraLocale;
+    LC_MEASUREMENT = variable.extraLocale;
+    LC_MONETARY = variable.extraLocale;
+    LC_NAME = variable.extraLocale;
+    LC_NUMERIC = variable.extraLocale;
+    LC_PAPER = variable.extraLocale;
+    LC_TELEPHONE = variable.extraLocale;
+    LC_TIME = variable.extraLocale;
+  };
+
+  users.users.${variable.username} = {
+    isNormalUser = true;
+    description = "${variable.username} account";
+    extraGroups = [ "wheel" ];
+  };
+
+  console.keyMap = variable.keyboardLayout;
+
+  programs.zsh.enable = true;
+  users.defaultUserShell = pkgs.zsh;
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  security.rtkit.enable = true;
+
+  nix = {
+    settings = {
+      auto-optimise-store = true;
+      experimental-features = [ "nix-command" "flakes" ];
+    };
+    gc = if variable.server.enableAutoGarbageCollector then {
+      automatic = true;
+      persistent = true;
+      dates = "weekly";
+      options = "--delete-older-than 7d";
+    } else
+      { };
+  };
+
+  system.autoUpgrade = if variable.server.enableAutoUpgrade then {
+    enable = true;
+    dates = "04:00";
+    flake = "${config.users.users.${variable.username}.home}/.config/nixos";
+    flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ];
+    allowReboot = false;
+  } else
+    { };
+
+  nix.settings = {
+    substituters = [ "https://hyprland.cachix.org" ];
+    trusted-public-keys =
+      [ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ];
+  };
+
+  services.dbus.enable = true;
+
+  system.stateVersion = variable.server.stateVersion;
+}
--- a/hosts/server/openssh.nix
+++ b/hosts/server/openssh.nix
@@ -0,0 +1,25 @@
+{
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "no";
+    passwordAuthentication = true;
+    ports = [ 22 ];
+    banner = ''
+      HEAVEN:
+
+      This system is for the use of authorized users only. Individuals using this
+      computer system without authority, or in excess of their authority, are
+      subject to having all of their activities on this system monitored and
+      recorded by system personnel.
+
+      In the course of monitoring individuals improperly using this system, or in
+      the course of system maintenance, the activities of authorized users may also
+      be monitored.
+
+      Anyone using this system expressly consents to such monitoring and is advised
+      that if such monitoring reveals possible evidence of criminal activity,
+      system personnel may provide the evidence of such monitoring to law
+      enforcement officials.
+    '';
+  };
+}