jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

god save me massive rewrite

Browse Source
This commit is contained in:
Danilo Reyes 2023-09-24 18:13:19 -06:00
parent 888fba07f2
commit b8b4589dca
3 changed files with 484 additions and 428 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

689
workstation/configuration.org
View File

@ -1,4 +1,4 @@
#+TITLE: JawZ NixOS workstation configuration
#+TITLE: JawZ NixOS server configuration
#+AUTHOR: Danilo Reyes
#+PROPERTY: header-args :tangle configuration.nix
#+auto_tangle: t
@ -16,26 +16,33 @@ times through the config file, such as the current version of NixOS,
repositories and even some scripts that will be reused on systemd
configurations.
** VARIABLES
- Global version number so NixOS and Home-Manager are in sync
- The unstable part allows me to build packages from the unstable channel by
prepending "unstable" to a package name.
- The next part creates a simple build of some of my simple scripts, turning
them into binaries which then I can integrate into the nix-store as well as
declared systemd units.
- version: used by both NixOS and home-manager to dictate the state repository
from which to pull configurations, modules and packages.
- myEmail myName: used by git and acme
- cpuArchitecture: used by NixOS to optimize the compiled binaries to my current
CPU specifications.
- home-manager: the channel containing the packages matching the NixOS state
version, with a commented out to the unstable master.
- unstable: a sort of overlay that allows to prepend "unstable" to a package,
to pull from the unstable channel rather than precompiled binaries on a case
by case use.
- jawz*: scripts that will be reused multiple times through the config, such as
on systemd, and as such this feels like a safe way to compile them only once.
#+begin_src nix
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
let
version = "23.05";
myEmail = "CaptainJawZ@outlook.com";
myName = "Danilo Reyes";
home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz";
cpuArchitecture = "skylake";
home-manager = builtins.fetchTarball
# "https://github.com/nix-community/home-manager/archive/master.tar.gz";
"https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz";
unstable = import
(builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") {
config = config.nixpkgs.config;
};
sshKeyBattlestation = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDXxfFRSgII4w/S1mrekPQdfXNifqRxwJa0wpQo72wB jawz@battlestation";
jawzManageLibrary = pkgs.writeScriptBin
"manage-library" (builtins.readFile ../scripts/manage-library.sh);
jawzTasks = pkgs.writeScriptBin
@ -44,11 +51,13 @@ in
{ # Remember to close this bracket at the end of the document
#+end_src
** IMPORTS
These are files and modules which get loaded onto the configuration file, in the
future I may segment this file into different modules once it becomes too
cluttered, for example, I may create a module for systemd units.
- agenix: an encryption system which cleans up the nix-configuration files from
passwords and other secrets.
#+begin_src nix
imports = [
./hardware-configuration.nix
@ -61,20 +70,23 @@ imports = [
* SYSTEM CONFIGURATION
** NETWORKING
At the moment, I don't have a wireless card on this computer, however as I build
a new system, such setting may come in handy.
Sets sensible networking options, such as setting up a hostname, and creating a
hosts file with the static IP and hostname of other devices on my network.
Pick *ONLY ONE* of the below networking options.
- *wireless.enable* enables wireless support via wpa_supplicant.
- *NetworkManager* it's the default of GNOME, and easiest to use and integrate.
Also open ports on the firewall for LAN connectivity, and well keeping commented
what each port does, I declared the firwewall ports with variables, because I
can not be bothered to figure out whether I need TCP or UDP so let's open both,
and repetition is maddening.
#+begin_src nix
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
networking = {
useDHCP = lib.mkDefault true;
enableIPv6 = false;
hostName = "workstation";
hostName = "server";
networkmanager.enable = true;
extraHosts = ''
192.168.1.64 battlestation
192.168.1.64 workstation
'';
firewall = let
open_firewall_ports = [
@ -84,13 +96,14 @@ networking = {
2049 # nfs
];
open_firewall_port_ranges = [ ];
in {
enable = true;
allowedTCPPorts = open_firewall_ports;
allowedUDPPorts = open_firewall_ports;
allowedTCPPortRanges = open_firewall_port_ranges;
allowedUDPPortRanges = open_firewall_port_ranges;
};
in
{
enable = true;
allowedTCPPorts = open_firewall_ports;
allowedUDPPorts = open_firewall_ports;
allowedTCPPortRanges = open_firewall_port_ranges;
allowedUDPPortRanges = open_firewall_port_ranges;
};
};
#+end_src
@ -98,10 +111,10 @@ networking = {
For some reason, useXkbConfig throws an error when building the system, either
way it is an unnecessary setting as my keyboards are the default en_US, only
locale set to Canadian out because I prefer how it displays the date.
LC_MONETARY, it's also a personal preference.
#+begin_src nix
time.timeZone = "America/Mexico_City";
i18n = {
defaultLocale = "en_CA.UTF-8";
extraLocaleSettings = {
@ -115,34 +128,94 @@ console = {
};
#+end_src
* GNOME
At the time of writing this file, I require of X11, as the NVIDIA support for
Wayland is not perfect yet. At the time being, the ability to switch through
GDM from Wayland to XORG, it's pretty handy, but in the future these settings
will require an update.
** SYSTEM/NIX CONFIGURATIONS
The first setting creates a copy the NixOS configuration file and link it from
the resulting system (/run/current-system/configuration.nix). This is useful in
case you accidentally delete configuration.nix.
Sets up GNOME as the default desktop environment, while excluding some
undesirable packages from installing.
The version value determines the NixOS release from which the default settings for
stateful data, like file locations and database versions on your system.
Its perfectly fine and recommended to leave this value at the release version
of the first install of this system.
Lastly I configure in here cachix repositories, which is a website that keeps a
cache of nixbuilds for easy quick deployments without having to compile
everything from scratch.
- gc: automatically garbage-collects.
- auto-optimise-store: hard-links binaries whenever possible.
- system-features: features present on compiling time.
#+begin_src nix
system = {
copySystemConfiguration = true;
stateVersion = "${version}";
};
nix = let featuresList = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"gccarch-${cpuArchitecture}"
"gccarch-znver3"
];
in {
gc = {
automatic = true;
dates = "weekly";
};
# buildMachines = [ {
# hostName = "workstation";
# system = "x86_64-linux";
# sshUser = "nixremote";
# maxJobs = 4;
# speedFactor = 1;
# supportedFeatures = featuresList;
# } ];
distributedBuilds = true;
settings = {
cores = 6;
auto-optimise-store = true;
system-features = featuresList;
substituters = [
"https://nix-gaming.cachix.org"
"https://nixpkgs-python.cachix.org"
"https://devenv.cachix.org"
"https://cuda-maintainers.cachix.org"
];
trusted-public-keys = [
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
};
};
#+end_src
* DISPLAY MANAGER
Rather than having the server be completely headless, temporarily I'm enabling
xfce as a minimal display manager.
#+begin_src nix
services = {
xserver = {
enable = true;
displayManager.defaultSession = "xfce";
videoDrivers = [ "nvidia" ];
desktopManager = {
xfce.enable = true;
xterm.enable = false;
};
layout = "us";
libinput.enable = true; # Wacom required?
};
};
#+end_src
* SOUND
In order to avoid issues with PipeWire, the wiki recommends to disable /sound.enable/
This is a basic PipeWire configuration, in the future stuff like Bluetooth or
latency will require expanding these settings.
In order to avoid issues with PipeWire, the wiki recommends to disable
pulseaudio. This is a basic PipeWire configuration that can support alsa/pulse
backends.
#+begin_src nix
hardware.pulseaudio.enable = false;
@ -159,6 +232,10 @@ services.pipewire = {
Disabled password in sudo for commodity, but this is obviously not recommended,
regarding rkit, that setting enables pipewire to run with real-time
capabilities. And lastly, the acme settings are for signing certificates.
The pam limits exists so NixOS can compile the entire system without running
into "Too many files open" errors.
#+begin_src nix
security = {
rtkit.enable = true;
@ -166,42 +243,60 @@ security = {
enable = true;
wheelNeedsPassword = false;
};
acme = {
acceptTerms = true;
defaults.email = "${myEmail}";
};
pam.loginLimits = [{
domain = "*";
type = "soft";
item = "nofile";
value = "8192";
}];
};
#+end_src
* NIXPKGS
* NIXPKGS SETTINGS
Allow non-free, sadly is a requirement for some of my drivers, besides that,
here is a good place to declare some package overrides as well as permit unsafe
packages.
localSystem allows me to compile the entire operating system optimized to my CPU
architecture and other build flags.
=note= if using gcc.arch flags, comment out hostPlatform and viceversa.
#+begin_src nix
nixpkgs.config = {
allowUnfree = true;
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config.allowUnfree = true;
# localSystem = {
# gcc.arch = cpuArchitecture;
# gcc.tune = cpuArchitecture;
# system = "x86_64-linux";
# };
};
#+end_src
* NORMAL USERS
Being part of the "wheel" group, means that the user has root privileges.
Being part of the "wheel" group, means that the user has root privileges. The
piracy.gid is so I have read/write access permissions on all the hard drives
split among my multiple systems, the rest of the groups are self explanatory.
- nixremote: is a low-privilege user set exclusively with the intention to be a
proxy to build the nix-store remotely.
#+begin_src nix
users.users.root.openssh.authorizedKeys.keys = [ sshKeyBattlestation ];
users.groups.nixremote = {
name = "nixremote";
gid = 555;
};
users.users.nixremote = {
isNormalUser = true;
createHome = true;
group = "nixremote";
home = "/var/nixremote/";
openssh.authorizedKeys.keys = [
sshKeyBattlestation
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyCBh8BmemoclUuTdmPsad/ROu15WlfyHtUrxU/+uAPwMvgniq0QzJg4ctHxFk+Fgg7YhHlf9vRVgtnrjXONf9XqSqUfA69rMsev8unNiJytOJ4J3X2YWYJQMZmJ33zudqxcTFjDXG7n4vC+Gfu9bKEeD/h+Vov47p8/DIBW+p/IYyICt8P5BRPGDDfmDIhslqUdxpq6F2TEtI33n68je4C8yiOBTSHGKNimK/NUpyEf8LtXPSuh/DXwigse1po+ft9nZ92mH/vHfsSU7a93xDhqPiyQbjqROa4YDt8D4tzpesTnYLDEvphJ5sS8wGe7PAtXnnXjQlVH0p1uC+AMu+U4RH8szK9/TukC5OWDn4uPrmLjfHi3jRCUpUT8ZMBaotzSpj9aitGnBtl8eNfJEP2FQuYNdVXJNiLGShCPqdRo0tpA8I77+oGF81RPT6HAugJWPfRvOyd+p0fJUM9tUShZTU873deFPIt4S0y27L+qI3fu6p1lrVc7l6aXHhvc= root@battlestation"
];
users = {
groups.nixremote = {
name = "nixremote";
gid = 555;
};
users.nixremote = {
isNormalUser = true;
createHome = true;
group = "nixremote";
home = "/var/nixremote/";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiyTwryzw8CblPldplDpVUkXD9C1fXVgO8LeXdE5cuR root@battlestation"
];
};
};
users.users.jawz = {
isNormalUser = true;
@ -212,7 +307,7 @@ users.users.jawz = {
initialPassword = "password";
openssh = {
authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES"
sshKeyBattlestation
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDXxfFRSgII4w/S1mrekPQdfXNifqRxwJa0wpQo72wB jawz@workstation";
];
};
#+end_src
@ -222,23 +317,34 @@ want installed, attempting to group them as dependencies of others when
necessary.
* USER PACKAGES
This section of the document categorizes and organizes all he packages that I
want installed, attempting to group them as dependencies of others when
necessary.
Begin the block to install user packages.
#+begin_src nix
packages = (with pkgs; [
#+end_src
cli and tui packages, which on their own right are as or more powerful than the
packages on the previous section.
=note= exa is no longer maintained, and will soon be replaced by eza, a maintained
fork.
** COMMAND-LINE PACKAGES
#+begin_src nix
unstable.yt-dlp # downloads videos from most video websites
unstable.gallery-dl # similar to yt-dlp but for most image gallery websites
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
gdu # disk-space utility, somewhat useful
du-dust # rusty du
exa # like ls but with colors
trashy # oop! didn't meant to delete that
unstable.eza # like ls but with colors
rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS
tldr # man for retards
tree-sitter # code parsing, required by Doom emacs
#+end_src
** MY SCRIPTS
@ -256,18 +362,21 @@ jawzTasks
#+end_src
** DEVELOPMENT PACKAGES
Assorted development packages and libraries, categorized by languages.
#+begin_src nix
# required by doom emacs, but still are rather useful.
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
ripgrep # modern grep
# languagetool # proofreader for English. check if works without the service
# required (optionally) by doom emacs, but still are rather useful
tree-sitter # code parsing based on symbols and shit, I do not get it
graphviz # graphs
tetex
# languagetool # proofreader for English
# these two are for doom everywhere
xorg.xwininfo
xdotool
xclip
tldr # man for retards
exercism # learn to code
# SH
bats # testing system, required by Exercism
@ -276,41 +385,26 @@ shellcheck # linting
shfmt # a shell parser and formatter
# NIX
expect # keep color when nom'ing
nix-output-monitor # autistic nix builds
nixfmt # linting
cachix # why spend time compiling?
# PYTHON.
python3 # base language
# pipenv # python development workflow for humans
pipenv # python development workflow for humans
# poetry # dependency management made easy
# C# & Rust
# omnisharp-roslyn # c# linter and code formatter
# HASKELL
# cabal-install # haskell interface
# JS
nodejs # not as bad as I thought
#+end_src
** HUNSPELL
These dictionaries work with Firefox, Doom Emacs and LibreOffice.
#+begin_src nix
hunspell
hunspellDicts.it_IT
hunspellDicts.es_MX
hunspellDicts.en_CA
#+end_src
** CUSTOMIZATION PACKAGES
Themes and other customization, making my DE look the way I want is one of the
main draws of Linux for me.
#+begin_src nix
# Fonts
(nerdfonts.override {
fonts = [ "Agave" "CascadiaCode" "SourceCodePro"
"Ubuntu" "FiraCode" "Iosevka" ];
})
symbola
#+end_src
** PYTHON
#+begin_src nix
@ -359,28 +453,49 @@ symbola
# })
#+end_src
** BAT-EXTRAS
#+begin_src nix
]) ++ (with pkgs.bat-extras; [
batman # man pages
batpipe # piping
batgrep # ripgrep
batdiff # this is getting crazy!
batwatch # probably my next best friend
prettybat # trans your sourcecode!
#+end_src
** NODEJS PACKAGES
Mostly language servers and linters.
#+begin_src nix
]) ++ (with pkgs.nodePackages; [
dockerfile-language-server-nodejs # LSP
bash-language-server # LSP
pyright # LSP
# Language servers
dockerfile-language-server-nodejs
yaml-language-server
bash-language-server
vscode-json-languageserver
pyright
markdownlint-cli # Linter
prettier # Linter
pnpm # Package manager
#+end_src
** HUNSPELL
These dictionaries work with Firefox, Doom Emacs and LibreOffice.
#+begin_src nix
hunspell
hunspellDicts.it_IT
hunspellDicts.es_MX
hunspellDicts.en_CA
#+end_src
** CUSTOMIZATION PACKAGES
Themes and other customization, making my DE look the way I want is one of the
main draws of Linux for me.
#+begin_src nix
# Fonts
(nerdfonts.override {
fonts = [ "Agave" "CascadiaCode" "SourceCodePro"
"Ubuntu" "FiraCode" "Iosevka" ];
})
symbola
#+end_src
** CLOSING USER PACKAGES
#+begin_src nix
]); }; # <--- end of package list
#+end_src
@ -390,27 +505,31 @@ These make it so packages install to '/etc' rather than the user home directory,
also allow for upgrades when rebuilding the system.
#+begin_src nix
home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;
home-manager.users.jawz = { config, pkgs, ... }:{
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users.jawz = { config, pkgs, ... }:{
home.stateVersion = "${version}";
#+end_src
** DOTFILES
I opted out of using home-manager to declare my package environment, and instead
I use it exclusively for setting up my dotfiles.
*** BASH
Declares my .bashrc file, and sets up some environment and functions.
#+begin_src nix
programs.bash = {
enable = true;
historyFile = "\${XDG_STATE_HOME}/bash/history";
historyControl = [ "erasedups" ];
historyControl = [ "erasedups" "ignorespace" ];
shellAliases = {
ls = "exa --icons --group-directories-first";
hh = "hstr";
ls = "eza --icons --group-directories-first";
edit = "emacsclient -t";
comic = "download -u jawz -i \"$(cat $LC | fzf --multi --exact -i)\"";
gallery = "download -u jawz -i \"$(cat $LW | fzf --multi --exact -i)\"";
open-gallery = "cd /mnt/disk2/scrapping/JawZ/gallery-dl && xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)\"";
unique-extensions = "fd -tf | rev | cut -d. -f1 | rev | tr '[:upper:]' '[:lower:]' | sort | uniq --count | sort -rn";
cp = "cp -i";
mv = "mv -i";
mkcd = "mkdir -pv \"$1\" && cd \"$1\" || exit";
@ -427,70 +546,35 @@ programs.bash = {
f = "fzf --multi --exact -i";
sc = "systemctl --user";
jc = "journalctl --user -xefu";
open-gallery = "cd /mnt/disk2/scrapping/JawZ/gallery-dl && xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)\"";
unique-extensions = "fd -tf | rev | cut -d. -f1 | rev | tr '[:upper:]' '[:lower:]' | sort | uniq --count | sort -rn";
};
enableVteIntegration = true;
initExtra = ''
#+end_src
$HOME/.local/bin/pokemon-colorscripts -r --no-title
# Lists
list_root="${config.xdg.configHome}"/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
export command_timeout=30
#+begin_src bash
$HOME/.local/bin/pokemon-colorscripts -r --no-title
# Lists
list_root="${config.xdg.configHome}"/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
export command_timeout=30
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
# GPG_TTY=$(tty)
# export GPG_TTY
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
nixos-reload () {
nixfmt /home/jawz/Development/NixOS/workstation/*.nix
sudo nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/workstation/configuration.nix
}
#+end_src
#+begin_src nix
nixos-reload () {
nixfmt /home/jawz/Development/NixOS/workstation/*.nix
sudo nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/workstation/configuration.nix
}
'';
};
#+end_src
*** OTHER
#+begin_src nix
programs = {
emacs = {
enable = true;
};
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
bat = {
enable = true;
config = {
pager = "less -FR";
theme = "base16";
};
};
git = {
enable = true;
userName = "${myName}";
userEmail = "${myEmail}";
};
htop = {
enable = true;
package = pkgs.htop-vim;
};
};
#+end_src
*** XDG
Configurations for XDG directories, as well as installing dotfiles from the
sub-directory on this repository.
#+begin_src nix
xdg = {
@ -516,7 +600,52 @@ xdg = {
};
#+end_src
** USER-SERVICES
** HOME-MANAGER PROGRAMS
Program declarations that are exclusive to home-manager, declaring packages this
way allows for extra configuration and integration beyond installing the
packages on the user environment, it's the only exception I make to installing
packages through home-manager.
#+begin_src nix
programs = {
hstr.enable = true;
emacs.enable = true;
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
bat = {
enable = true;
config = {
pager = "less -FR";
theme = "base16";
};
extraPackages = with pkgs.bat-extras; [
batman # man pages
batpipe # piping
batgrep # ripgrep
batdiff # this is getting crazy!
batwatch # probably my next best friend
prettybat # trans your sourcecode!
];
};
git = {
enable = true;
userName = "${myName}";
userEmail = "${myEmail}";
};
htop = {
enable = true;
package = pkgs.htop-vim;
};
};
#+end_src
** HOME-MANAGER USER-SERVICES
Lorri helps optimize emacs compilations, and the declaring emacs as a service
through home-manager fixes the bug where emacs loads so quickly that can not
connect to a graphic environment unless restarting the systemd service.
#+begin_src nix
services = {
@ -532,72 +661,74 @@ services = {
** CLOSING HOME-MANAGER
#+begin_src nix
};
}; };
#+end_src
* ENVIRONMENT PACKAGES
* ENVIRONMENT
These are a MUST to ensure the optimal function of nix, without these, recovery
may be challenging.
#+begin_src nix
environment.systemPackages = with pkgs; [
wget
jellyfin-ffmpeg # coolest video converter!
dlib
];
#+end_src
The environment.etc block allows for bluetooth devices to control volume, pause,
and other things through the headset controls.
* ENVIRONMENT VARIABLES
Declare environment variables whose function is mostly to clear-up the $HOME
directory from as much bloat as possible, as well as some minor graphical tweaks
some applications use.
#+begin_src nix
environment.variables = rec {
# PATH
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_STATE_HOME = "\${HOME}/.local/state";
# DEV PATH
CABAL_DIR = "\${XDG_CACHE_HOME}/cabal";
CARGO_HOME = "\${XDG_DATA_HOME}/cargo";
GEM_HOME = "\${XDG_DATA_HOME}/ruby/gems";
GEM_PATH = "\${XDG_DATA_HOME}/ruby/gems";
GEM_SPEC_CACHE = "\${XDG_DATA_HOME}/ruby/specs";
GOPATH = "\${XDG_DATA_HOME}/go";
NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
PSQL_HISTORY="\${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE="\${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX="\${XDG_DATA_HOME}/wine";
# OPTIONS
HISTFILE = "\${XDG_STATE_HOME}/bash/history";
LESSHISTFILE = "-";
GHCUP_USE_XDG_DIRS = "true";
RIPGREP_CONFIG_PATH = "\${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
ELECTRUMDIR = "\${XDG_DATA_HOME}/electrum";
VISUAL = "emacsclient -ca emacs";
WGETRC = "\${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "\${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=\${XDG_CONFIG_HOME}/java";
DOCKER_CONFIG="\${XDG_CONFIG_HOME}/docker";
# NVIDIA
CUDA_CACHE_PATH = "\${XDG_CACHE_HOME}/nv";
# WEBKIT_DISABLE_COMPOSITING_MODE = "1";
# GBM_BACKEND = "nvidia-drm";
# "__GLX_VENDOR_LIBRARY_NAME" = "nvidia";
# Themes
CALIBRE_USE_SYSTEM_THEME = "1";
PATH = [
"\${HOME}/.local/bin"
"\${XDG_CONFIG_HOME}/emacs/bin"
"\${XDG_DATA_HOME}/npm/bin"
"\${XDG_DATA_HOME}/pnpm"
environment = {
systemPackages = with pkgs; [
wget
jellyfin-ffmpeg # coolest video converter!
dlib
];
variables = rec {
# PATH
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_STATE_HOME = "\${HOME}/.local/state";
# DEV PATH
CABAL_DIR = "${XDG_CACHE_HOME}/cabal";
CARGO_HOME = "${XDG_DATA_HOME}/cargo";
GEM_HOME = "${XDG_DATA_HOME}/ruby/gems";
GEM_PATH = "${XDG_DATA_HOME}/ruby/gems";
GEM_SPEC_CACHE = "${XDG_DATA_HOME}/ruby/specs";
GOPATH = "${XDG_DATA_HOME}/go";
NPM_CONFIG_USERCONFIG = "${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "${XDG_DATA_HOME}/pnpm";
PSQL_HISTORY="${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE="${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX="${XDG_DATA_HOME}/wine";
# OPTIONS
HISTFILE = "${XDG_STATE_HOME}/bash/history";
LESSHISTFILE = "-";
GHCUP_USE_XDG_DIRS = "true";
RIPGREP_CONFIG_PATH = "${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
ELECTRUMDIR = "${XDG_DATA_HOME}/electrum";
VISUAL = "emacsclient -ca emacs";
WGETRC = "${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
DOCKER_CONFIG="${XDG_CONFIG_HOME}/docker";
# NVIDIA
CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
# Themes
# WEBKIT_DISABLE_COMPOSITING_MODE = "1";
CALIBRE_USE_SYSTEM_THEME = "1";
PATH = [
"\${HOME}/.local/bin"
"\${XDG_CONFIG_HOME}/emacs/bin"
"\${XDG_DATA_HOME}/npm/bin"
"\${XDG_DATA_HOME}/pnpm"
];
};
};
#+end_src
@ -679,6 +810,12 @@ programs = {
* SERVICES
Miscellaneous services, most of which are managed by systemd.
- minidlna: allows me to watch my media on my tv.
- avahi: allows to discover/connect to devices through their hostname on the
same network.
- fstrim/btrfs: file-system services.
- psd: profile-sync-daemon, loads the chrome/firefox profile to ram.
#+begin_src nix
services = {
minidlna = {
@ -688,6 +825,7 @@ services = {
inotify = "yes";
media_dir = [
"/mnt/disk2/glue"
"/mnt/seedbox/glue"
"/mnt/disk1/multimedia/downloads"
];
};
@ -825,10 +963,9 @@ systemd = {
};
#+end_src
* MISC SETTINGS
** ENABLE FONTCONFIG
* FONTCONFIG
If enabled, a Fontconfig configuration file will point to a set of default
fonts. If you don't care about running X11 applications or any other program
fonts. If you don not care about running X11 applications or any other program
that uses Fontconfig, you can turn this option off and prevent a dependency on
all those fonts.
=tip= once that Wayland is ready for deployment, I probably can remove this
@ -838,89 +975,29 @@ setting.
fonts.fontconfig.enable = true;
#+end_src
** NFS
* HARDWARE
Computer-specific hardware settings. The power management settings are
defaulted to "performance".
- nvidia: GPU drivers.
- cpu.intel: microcode patches.
#+begin_src nix
fileSystems = {
"/export/disk1" = {
device = "/mnt/disk1";
options = ["bind"];
hardware = {
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
};
"/export/disk2" = {
device = "/mnt/disk2";
options = ["bind"];
};
"/export/seedbox" = {
device = "/mnt/seedbox";
options = ["bind"];
};
"/export/jawz" = {
device = "/home/jawz";
options = ["bind"];
};
};
services.nfs = {
server = {
cpu.intel.updateMicrocode = lib.mkDefault true;
opengl = {
enable = true;
exports = ''
/export 192.168.1.64(rw,fsid=0,no_subtree_check)
/export/disk1 192.168.1.64(rw,nohide,insecure,no_subtree_check)
/export/disk2 192.168.1.64(rw,nohide,insecure,no_subtree_check)
/export/seedbox 192.168.1.64(rw,nohide,insecure,no_subtree_check)
/export/jawz 192.168.1.64(rw,nohide,insecure,no_subtree_check)
'';
driSupport = true;
driSupport32Bit = true;
};
};
#+end_src
* FINAL SYSTEM CONFIGURATIONS
The first setting creates a copy the NixOS configuration file and link it from
the resulting system (/run/current-system/configuration.nix). This is useful in
case you accidentally delete configuration.nix.
The version value determines the NixOS release from which the default settings for
stateful data, like file locations and database versions on your system.
Its perfectly fine and recommended to leave this value at the release version
of the first install of this system.
Lastly I configure in here Cachix repositories, which is a website that keeps a
cache of nixbuilds for easy quick deployments without having to compile
everything from scratch.
* CLOSE SYSTEM
#+begin_src nix
system = {
copySystemConfiguration = true;
stateVersion = "${version}";
};
nix = {
settings = {
trusted-users = [ "nixremote" ];
auto-optimise-store = true;
system-features = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"gccarch-znver3"
];
substituters = [
"https://nix-gaming.cachix.org"
"https://nixpkgs-python.cachix.org"
"https://devenv.cachix.org"
"https://cuda-maintainers.cachix.org"
];
trusted-public-keys = [
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
};
gc = {
automatic = true;
dates = "weekly";
};
};
}
#+end_src
# LocalWords: useXkbConfig Wayland XORG NIXPKGS

222
workstation/hardware-configuration.nix
View File

@ -56,89 +56,108 @@ in {
};
};
fileSystems."/" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
options = [
"subvol=nix"
"ssd"
"compress=zstd:3"
"x-systemd.device-timeout=0"
"space_cache=v2"
"commit=120"
"datacow"
"noatime"
];
fileSystems = {
"/" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
options = [
"subvol=nix"
"ssd"
"compress=zstd:3"
"x-systemd.device-timeout=0"
"space_cache=v2"
"commit=120"
"datacow"
"noatime"
];
};
"/home" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
options = [
"subvol=home"
"ssd"
"compress=zstd:3"
"x-systemd.device-timeout=0"
"space_cache=v2"
"commit=120"
"datacow"
];
};
"/mnt/disk1" = {
device = "/dev/mapper/disk1";
fsType = "btrfs";
options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
};
"/var/lib/nextcloud/data" = {
device = "/mnt/disk1/nextcloud";
options = [ "bind" ];
};
"/mnt/jellyfin/media" = {
device = "/mnt/disk1/multimedia/media";
options = [ "bind" "ro" ];
};
"/mnt/disk2" = {
device = "/dev/mapper/disk2";
fsType = "btrfs";
options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
};
"/mnt/hnbox" = {
device = "/dev/mapper/hnbox";
fsType = "btrfs";
options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
};
"/mnt/seedbox" = {
device = "/dev/mapper/seedbox";
fsType = "btrfs";
options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
};
"/mnt/jellyfin/external" = {
device = "/mnt/seedbox/external";
options = [ "bind" "ro" ];
};
"/mnt/parity" = {
device = "/dev/disk/by-uuid/643b727a-555d-425c-943c-62f5b93631c9";
fsType = "xfs";
options = [ "defaults" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156";
fsType = "ext4";
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/CBE7-5DEB";
fsType = "vfat";
};
"/export/disk1" = {
device = "/mnt/disk1";
options = [ "bind" ];
};
"/export/disk2" = {
device = "/mnt/disk2";
options = [ "bind" ];
};
"/export/seedbox" = {
device = "/mnt/seedbox";
options = [ "bind" ];
};
"/export/jawz" = {
device = "/home/jawz";
options = [ "bind" ];
};
};
fileSystems."/home" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
options = [
"subvol=home"
"ssd"
"compress=zstd:3"
"x-systemd.device-timeout=0"
"space_cache=v2"
"commit=120"
"datacow"
];
services.nfs = {
server = {
enable = true;
exports = ''
/export 192.168.1.64(rw,fsid=0,no_subtree_check)
/export/disk1 192.168.1.64(rw,nohide,insecure,no_subtree_check)
/export/disk2 192.168.1.64(rw,nohide,insecure,no_subtree_check)
/export/seedbox 192.168.1.64(rw,nohide,insecure,no_subtree_check)
/export/jawz 192.168.1.64(rw,nohide,insecure,no_subtree_check)
'';
};
};
fileSystems."/mnt/disk1" = {
device = "/dev/mapper/disk1";
fsType = "btrfs";
options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
};
fileSystems."/var/lib/nextcloud/data" = {
device = "/mnt/disk1/nextcloud";
options = [ "bind" ];
};
fileSystems."/mnt/jellyfin/media" = {
device = "/mnt/disk1/multimedia/media";
options = [ "bind" "ro" ];
};
fileSystems."/mnt/disk2" = {
device = "/dev/mapper/disk2";
fsType = "btrfs";
options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
};
fileSystems."/mnt/hnbox" = {
device = "/dev/mapper/hnbox";
fsType = "btrfs";
options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
};
fileSystems."/mnt/seedbox" = {
device = "/dev/mapper/seedbox";
fsType = "btrfs";
options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
};
fileSystems."/mnt/jellyfin/external" = {
device = "/mnt/seedbox/external";
options = [ "bind" "ro" ];
};
fileSystems."/mnt/parity" = {
device = "/dev/disk/by-uuid/643b727a-555d-425c-943c-62f5b93631c9";
fsType = "xfs";
options = [ "defaults" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156";
fsType = "ext4";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/CBE7-5DEB";
fsType = "vfat";
};
swapDevices = [{
device = "/dev/disk/by-partuuid/cb0ad486-ebf8-4bfc-ad7c-96bdc68576ca";
randomEncryption = {
@ -148,45 +167,4 @@ in {
sectorSize = 4096;
};
}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
# nixpkgs.config.packageOverrides = pkgs: {
# vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
# };
nixpkgs.config = { allowUnfree = true; };
virtualisation.docker.enableNvidia = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware = {
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
};
sane = {
enable = true;
extraBackends = [ pkgs.hplip pkgs.hplipWithPlugin ];
};
cpu.intel.updateMicrocode = lib.mkDefault true;
bluetooth.enable = true;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
# extraPackages = with pkgs; [
# intel-media-driver # LIBVA_DRIVER_NAME=iHD
# vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
# vaapiVdpau
# libvdpau-va-gl
# ];
};
};
}

1
workstation/servers.nix
View File

@ -177,6 +177,7 @@ in {
environment.systemPackages = with pkgs; [ docker-compose ];
virtualisation.docker = {
enable = true;
enableNvidia = true;
storageDriver = "btrfs";
};
systemd = {