diff --git a/workstation/configuration.org b/workstation/configuration.org index c45a3cd..56f1c95 100755 --- a/workstation/configuration.org +++ b/workstation/configuration.org @@ -1,4 +1,4 @@ -#+TITLE: JawZ NixOS workstation configuration +#+TITLE: JawZ NixOS server configuration #+AUTHOR: Danilo Reyes #+PROPERTY: header-args :tangle configuration.nix #+auto_tangle: t @@ -16,26 +16,33 @@ times through the config file, such as the current version of NixOS, repositories and even some scripts that will be reused on systemd configurations. -** VARIABLES -- Global version number so NixOS and Home-Manager are in sync -- The unstable part allows me to build packages from the unstable channel by - prepending "unstable" to a package name. -- The next part creates a simple build of some of my simple scripts, turning - them into binaries which then I can integrate into the nix-store as well as - declared systemd units. +- version: used by both NixOS and home-manager to dictate the state repository + from which to pull configurations, modules and packages. +- myEmail myName: used by git and acme +- cpuArchitecture: used by NixOS to optimize the compiled binaries to my current + CPU specifications. +- home-manager: the channel containing the packages matching the NixOS state + version, with a commented out to the unstable master. +- unstable: a sort of overlay that allows to prepend "unstable" to a package, + to pull from the unstable channel rather than precompiled binaries on a case + by case use. +- jawz*: scripts that will be reused multiple times through the config, such as + on systemd, and as such this feels like a safe way to compile them only once. #+begin_src nix -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: let version = "23.05"; myEmail = "CaptainJawZ@outlook.com"; myName = "Danilo Reyes"; - home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz"; + cpuArchitecture = "skylake"; + home-manager = builtins.fetchTarball + # "https://github.com/nix-community/home-manager/archive/master.tar.gz"; + "https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz"; unstable = import (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") { config = config.nixpkgs.config; }; - sshKeyBattlestation = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDXxfFRSgII4w/S1mrekPQdfXNifqRxwJa0wpQo72wB jawz@battlestation"; jawzManageLibrary = pkgs.writeScriptBin "manage-library" (builtins.readFile ../scripts/manage-library.sh); jawzTasks = pkgs.writeScriptBin @@ -44,11 +51,13 @@ in { # Remember to close this bracket at the end of the document #+end_src -** IMPORTS These are files and modules which get loaded onto the configuration file, in the future I may segment this file into different modules once it becomes too cluttered, for example, I may create a module for systemd units. +- agenix: an encryption system which cleans up the nix-configuration files from +passwords and other secrets. + #+begin_src nix imports = [ ./hardware-configuration.nix @@ -61,20 +70,23 @@ imports = [ * SYSTEM CONFIGURATION ** NETWORKING -At the moment, I don't have a wireless card on this computer, however as I build -a new system, such setting may come in handy. +Sets sensible networking options, such as setting up a hostname, and creating a +hosts file with the static IP and hostname of other devices on my network. -Pick *ONLY ONE* of the below networking options. -- *wireless.enable* enables wireless support via wpa_supplicant. -- *NetworkManager* it's the default of GNOME, and easiest to use and integrate. +Also open ports on the firewall for LAN connectivity, and well keeping commented +what each port does, I declared the firwewall ports with variables, because I +can not be bothered to figure out whether I need TCP or UDP so let's open both, +and repetition is maddening. #+begin_src nix +powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; networking = { + useDHCP = lib.mkDefault true; enableIPv6 = false; - hostName = "workstation"; + hostName = "server"; networkmanager.enable = true; extraHosts = '' - 192.168.1.64 battlestation + 192.168.1.64 workstation ''; firewall = let open_firewall_ports = [ @@ -84,13 +96,14 @@ networking = { 2049 # nfs ]; open_firewall_port_ranges = [ ]; - in { - enable = true; - allowedTCPPorts = open_firewall_ports; - allowedUDPPorts = open_firewall_ports; - allowedTCPPortRanges = open_firewall_port_ranges; - allowedUDPPortRanges = open_firewall_port_ranges; - }; + in + { + enable = true; + allowedTCPPorts = open_firewall_ports; + allowedUDPPorts = open_firewall_ports; + allowedTCPPortRanges = open_firewall_port_ranges; + allowedUDPPortRanges = open_firewall_port_ranges; + }; }; #+end_src @@ -98,10 +111,10 @@ networking = { For some reason, useXkbConfig throws an error when building the system, either way it is an unnecessary setting as my keyboards are the default en_US, only locale set to Canadian out because I prefer how it displays the date. +LC_MONETARY, it's also a personal preference. #+begin_src nix time.timeZone = "America/Mexico_City"; - i18n = { defaultLocale = "en_CA.UTF-8"; extraLocaleSettings = { @@ -115,34 +128,94 @@ console = { }; #+end_src -* GNOME -At the time of writing this file, I require of X11, as the NVIDIA support for -Wayland is not perfect yet. At the time being, the ability to switch through -GDM from Wayland to XORG, it's pretty handy, but in the future these settings -will require an update. +** SYSTEM/NIX CONFIGURATIONS +The first setting creates a copy the NixOS configuration file and link it from +the resulting system (/run/current-system/configuration.nix). This is useful in +case you accidentally delete configuration.nix. -Sets up GNOME as the default desktop environment, while excluding some -undesirable packages from installing. +The version value determines the NixOS release from which the default settings for +stateful data, like file locations and database versions on your system. +It‘s perfectly fine and recommended to leave this value at the release version +of the first install of this system. + +Lastly I configure in here cachix repositories, which is a website that keeps a +cache of nixbuilds for easy quick deployments without having to compile +everything from scratch. + +- gc: automatically garbage-collects. +- auto-optimise-store: hard-links binaries whenever possible. +- system-features: features present on compiling time. + +#+begin_src nix +system = { + copySystemConfiguration = true; + stateVersion = "${version}"; +}; +nix = let featuresList = [ + "nixos-test" + "benchmark" + "big-parallel" + "kvm" + "gccarch-${cpuArchitecture}" + "gccarch-znver3" + ]; + in { + gc = { + automatic = true; + dates = "weekly"; + }; + # buildMachines = [ { + # hostName = "workstation"; + # system = "x86_64-linux"; + # sshUser = "nixremote"; + # maxJobs = 4; + # speedFactor = 1; + # supportedFeatures = featuresList; + # } ]; + distributedBuilds = true; + settings = { + cores = 6; + auto-optimise-store = true; + system-features = featuresList; + substituters = [ + "https://nix-gaming.cachix.org" + "https://nixpkgs-python.cachix.org" + "https://devenv.cachix.org" + "https://cuda-maintainers.cachix.org" + ]; + trusted-public-keys = [ + "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" + "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU=" + "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" + "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" + ]; + }; +}; +#+end_src + +* DISPLAY MANAGER +Rather than having the server be completely headless, temporarily I'm enabling +xfce as a minimal display manager. #+begin_src nix services = { xserver = { enable = true; displayManager.defaultSession = "xfce"; + videoDrivers = [ "nvidia" ]; desktopManager = { xfce.enable = true; xterm.enable = false; }; layout = "us"; - libinput.enable = true; # Wacom required? }; }; #+end_src * SOUND -In order to avoid issues with PipeWire, the wiki recommends to disable /sound.enable/ -This is a basic PipeWire configuration, in the future stuff like Bluetooth or -latency will require expanding these settings. +In order to avoid issues with PipeWire, the wiki recommends to disable +pulseaudio. This is a basic PipeWire configuration that can support alsa/pulse +backends. #+begin_src nix hardware.pulseaudio.enable = false; @@ -159,6 +232,10 @@ services.pipewire = { Disabled password in sudo for commodity, but this is obviously not recommended, regarding rkit, that setting enables pipewire to run with real-time capabilities. And lastly, the acme settings are for signing certificates. + +The pam limits exists so NixOS can compile the entire system without running +into "Too many files open" errors. + #+begin_src nix security = { rtkit.enable = true; @@ -166,42 +243,60 @@ security = { enable = true; wheelNeedsPassword = false; }; - acme = { - acceptTerms = true; - defaults.email = "${myEmail}"; - }; + pam.loginLimits = [{ + domain = "*"; + type = "soft"; + item = "nofile"; + value = "8192"; + }]; }; #+end_src -* NIXPKGS +* NIXPKGS SETTINGS Allow non-free, sadly is a requirement for some of my drivers, besides that, here is a good place to declare some package overrides as well as permit unsafe packages. +localSystem allows me to compile the entire operating system optimized to my CPU +architecture and other build flags. + +=note= if using gcc.arch flags, comment out hostPlatform and viceversa. + #+begin_src nix -nixpkgs.config = { - allowUnfree = true; +nixpkgs = { + hostPlatform = lib.mkDefault "x86_64-linux"; + config.allowUnfree = true; + # localSystem = { + # gcc.arch = cpuArchitecture; + # gcc.tune = cpuArchitecture; + # system = "x86_64-linux"; + # }; }; #+end_src * NORMAL USERS -Being part of the "wheel" group, means that the user has root privileges. +Being part of the "wheel" group, means that the user has root privileges. The +piracy.gid is so I have read/write access permissions on all the hard drives +split among my multiple systems, the rest of the groups are self explanatory. + +- nixremote: is a low-privilege user set exclusively with the intention to be a + proxy to build the nix-store remotely. #+begin_src nix -users.users.root.openssh.authorizedKeys.keys = [ sshKeyBattlestation ]; -users.groups.nixremote = { - name = "nixremote"; - gid = 555; -}; -users.users.nixremote = { - isNormalUser = true; - createHome = true; - group = "nixremote"; - home = "/var/nixremote/"; - openssh.authorizedKeys.keys = [ - sshKeyBattlestation - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyCBh8BmemoclUuTdmPsad/ROu15WlfyHtUrxU/+uAPwMvgniq0QzJg4ctHxFk+Fgg7YhHlf9vRVgtnrjXONf9XqSqUfA69rMsev8unNiJytOJ4J3X2YWYJQMZmJ33zudqxcTFjDXG7n4vC+Gfu9bKEeD/h+Vov47p8/DIBW+p/IYyICt8P5BRPGDDfmDIhslqUdxpq6F2TEtI33n68je4C8yiOBTSHGKNimK/NUpyEf8LtXPSuh/DXwigse1po+ft9nZ92mH/vHfsSU7a93xDhqPiyQbjqROa4YDt8D4tzpesTnYLDEvphJ5sS8wGe7PAtXnnXjQlVH0p1uC+AMu+U4RH8szK9/TukC5OWDn4uPrmLjfHi3jRCUpUT8ZMBaotzSpj9aitGnBtl8eNfJEP2FQuYNdVXJNiLGShCPqdRo0tpA8I77+oGF81RPT6HAugJWPfRvOyd+p0fJUM9tUShZTU873deFPIt4S0y27L+qI3fu6p1lrVc7l6aXHhvc= root@battlestation" - ]; +users = { + groups.nixremote = { + name = "nixremote"; + gid = 555; + }; + users.nixremote = { + isNormalUser = true; + createHome = true; + group = "nixremote"; + home = "/var/nixremote/"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiyTwryzw8CblPldplDpVUkXD9C1fXVgO8LeXdE5cuR root@battlestation" + ]; + }; }; users.users.jawz = { isNormalUser = true; @@ -212,7 +307,7 @@ users.users.jawz = { initialPassword = "password"; openssh = { authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES" - sshKeyBattlestation + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDXxfFRSgII4w/S1mrekPQdfXNifqRxwJa0wpQo72wB jawz@workstation"; ]; }; #+end_src @@ -222,23 +317,34 @@ want installed, attempting to group them as dependencies of others when necessary. * USER PACKAGES +This section of the document categorizes and organizes all he packages that I +want installed, attempting to group them as dependencies of others when +necessary. + Begin the block to install user packages. + #+begin_src nix packages = (with pkgs; [ #+end_src +cli and tui packages, which on their own right are as or more powerful than the +packages on the previous section. + +=note= exa is no longer maintained, and will soon be replaced by eza, a maintained +fork. ** COMMAND-LINE PACKAGES #+begin_src nix unstable.yt-dlp # downloads videos from most video websites unstable.gallery-dl # similar to yt-dlp but for most image gallery websites + +fd # modern find, faster searches +fzf # fuzzy finder! super cool and useful gdu # disk-space utility, somewhat useful du-dust # rusty du -exa # like ls but with colors trashy # oop! didn't meant to delete that +unstable.eza # like ls but with colors rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS -tldr # man for retards -tree-sitter # code parsing, required by Doom emacs #+end_src ** MY SCRIPTS @@ -256,18 +362,21 @@ jawzTasks #+end_src ** DEVELOPMENT PACKAGES +Assorted development packages and libraries, categorized by languages. #+begin_src nix -# required by doom emacs, but still are rather useful. -fd # modern find, faster searches -fzf # fuzzy finder! super cool and useful -ripgrep # modern grep -# languagetool # proofreader for English. check if works without the service +# required (optionally) by doom emacs, but still are rather useful +tree-sitter # code parsing based on symbols and shit, I do not get it graphviz # graphs tetex +# languagetool # proofreader for English # these two are for doom everywhere xorg.xwininfo xdotool +xclip + +tldr # man for retards +exercism # learn to code # SH bats # testing system, required by Exercism @@ -276,41 +385,26 @@ shellcheck # linting shfmt # a shell parser and formatter # NIX +expect # keep color when nom'ing +nix-output-monitor # autistic nix builds nixfmt # linting cachix # why spend time compiling? # PYTHON. python3 # base language -# pipenv # python development workflow for humans +pipenv # python development workflow for humans # poetry # dependency management made easy +# C# & Rust +# omnisharp-roslyn # c# linter and code formatter + +# HASKELL +# cabal-install # haskell interface + # JS nodejs # not as bad as I thought #+end_src -** HUNSPELL -These dictionaries work with Firefox, Doom Emacs and LibreOffice. - -#+begin_src nix -hunspell -hunspellDicts.it_IT -hunspellDicts.es_MX -hunspellDicts.en_CA -#+end_src - -** CUSTOMIZATION PACKAGES -Themes and other customization, making my DE look the way I want is one of the -main draws of Linux for me. - -#+begin_src nix -# Fonts -(nerdfonts.override { - fonts = [ "Agave" "CascadiaCode" "SourceCodePro" - "Ubuntu" "FiraCode" "Iosevka" ]; -}) -symbola -#+end_src - ** PYTHON #+begin_src nix @@ -359,28 +453,49 @@ symbola # }) #+end_src -** BAT-EXTRAS - -#+begin_src nix -]) ++ (with pkgs.bat-extras; [ - batman # man pages - batpipe # piping - batgrep # ripgrep - batdiff # this is getting crazy! - batwatch # probably my next best friend - prettybat # trans your sourcecode! -#+end_src - ** NODEJS PACKAGES +Mostly language servers and linters. #+begin_src nix ]) ++ (with pkgs.nodePackages; [ - dockerfile-language-server-nodejs # LSP - bash-language-server # LSP - pyright # LSP + # Language servers + dockerfile-language-server-nodejs + yaml-language-server + bash-language-server + vscode-json-languageserver + pyright + markdownlint-cli # Linter prettier # Linter pnpm # Package manager +#+end_src + +** HUNSPELL +These dictionaries work with Firefox, Doom Emacs and LibreOffice. + +#+begin_src nix +hunspell +hunspellDicts.it_IT +hunspellDicts.es_MX +hunspellDicts.en_CA +#+end_src + +** CUSTOMIZATION PACKAGES +Themes and other customization, making my DE look the way I want is one of the +main draws of Linux for me. + +#+begin_src nix +# Fonts +(nerdfonts.override { + fonts = [ "Agave" "CascadiaCode" "SourceCodePro" + "Ubuntu" "FiraCode" "Iosevka" ]; +}) +symbola +#+end_src + +** CLOSING USER PACKAGES + +#+begin_src nix ]); }; # <--- end of package list #+end_src @@ -390,27 +505,31 @@ These make it so packages install to '/etc' rather than the user home directory, also allow for upgrades when rebuilding the system. #+begin_src nix -home-manager.useUserPackages = true; -home-manager.useGlobalPkgs = true; -home-manager.users.jawz = { config, pkgs, ... }:{ +home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + users.jawz = { config, pkgs, ... }:{ home.stateVersion = "${version}"; #+end_src ** DOTFILES +I opted out of using home-manager to declare my package environment, and instead +I use it exclusively for setting up my dotfiles. + *** BASH +Declares my .bashrc file, and sets up some environment and functions. #+begin_src nix programs.bash = { enable = true; historyFile = "\${XDG_STATE_HOME}/bash/history"; - historyControl = [ "erasedups" ]; + historyControl = [ "erasedups" "ignorespace" ]; shellAliases = { - ls = "exa --icons --group-directories-first"; + hh = "hstr"; + ls = "eza --icons --group-directories-first"; edit = "emacsclient -t"; comic = "download -u jawz -i \"$(cat $LC | fzf --multi --exact -i)\""; gallery = "download -u jawz -i \"$(cat $LW | fzf --multi --exact -i)\""; - open-gallery = "cd /mnt/disk2/scrapping/JawZ/gallery-dl && xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)\""; - unique-extensions = "fd -tf | rev | cut -d. -f1 | rev | tr '[:upper:]' '[:lower:]' | sort | uniq --count | sort -rn"; cp = "cp -i"; mv = "mv -i"; mkcd = "mkdir -pv \"$1\" && cd \"$1\" || exit"; @@ -427,70 +546,35 @@ programs.bash = { f = "fzf --multi --exact -i"; sc = "systemctl --user"; jc = "journalctl --user -xefu"; + open-gallery = "cd /mnt/disk2/scrapping/JawZ/gallery-dl && xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)\""; + unique-extensions = "fd -tf | rev | cut -d. -f1 | rev | tr '[:upper:]' '[:lower:]' | sort | uniq --count | sort -rn"; }; enableVteIntegration = true; initExtra = '' -#+end_src + $HOME/.local/bin/pokemon-colorscripts -r --no-title + # Lists + list_root="${config.xdg.configHome}"/jawz/lists/jawz + export LW=$list_root/watch.txt + export LI=$list_root/instant.txt + export LC=$list_root/comic.txt + export command_timeout=30 -#+begin_src bash -$HOME/.local/bin/pokemon-colorscripts -r --no-title -# Lists -list_root="${config.xdg.configHome}"/jawz/lists/jawz -export LW=$list_root/watch.txt -export LI=$list_root/instant.txt -export LC=$list_root/comic.txt -export command_timeout=30 + if command -v fzf-share >/dev/null; then + source "$(fzf-share)/key-bindings.bash" + source "$(fzf-share)/completion.bash" + fi -# GPG_TTY=$(tty) -# export GPG_TTY - -if command -v fzf-share >/dev/null; then - source "$(fzf-share)/key-bindings.bash" - source "$(fzf-share)/completion.bash" -fi - -nixos-reload () { - nixfmt /home/jawz/Development/NixOS/workstation/*.nix - sudo nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/workstation/configuration.nix -} -#+end_src -#+begin_src nix + nixos-reload () { + nixfmt /home/jawz/Development/NixOS/workstation/*.nix + sudo nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/workstation/configuration.nix + } ''; }; #+end_src -*** OTHER - -#+begin_src nix -programs = { - emacs = { - enable = true; - }; - direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - }; - bat = { - enable = true; - config = { - pager = "less -FR"; - theme = "base16"; - }; - }; - git = { - enable = true; - userName = "${myName}"; - userEmail = "${myEmail}"; - }; - htop = { - enable = true; - package = pkgs.htop-vim; - }; -}; -#+end_src - *** XDG +Configurations for XDG directories, as well as installing dotfiles from the +sub-directory on this repository. #+begin_src nix xdg = { @@ -516,7 +600,52 @@ xdg = { }; #+end_src -** USER-SERVICES +** HOME-MANAGER PROGRAMS +Program declarations that are exclusive to home-manager, declaring packages this +way allows for extra configuration and integration beyond installing the +packages on the user environment, it's the only exception I make to installing +packages through home-manager. + +#+begin_src nix +programs = { + hstr.enable = true; + emacs.enable = true; + direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv.enable = true; + }; + bat = { + enable = true; + config = { + pager = "less -FR"; + theme = "base16"; + }; + extraPackages = with pkgs.bat-extras; [ + batman # man pages + batpipe # piping + batgrep # ripgrep + batdiff # this is getting crazy! + batwatch # probably my next best friend + prettybat # trans your sourcecode! + ]; + }; + git = { + enable = true; + userName = "${myName}"; + userEmail = "${myEmail}"; + }; + htop = { + enable = true; + package = pkgs.htop-vim; + }; +}; +#+end_src + +** HOME-MANAGER USER-SERVICES +Lorri helps optimize emacs compilations, and the declaring emacs as a service +through home-manager fixes the bug where emacs loads so quickly that can not +connect to a graphic environment unless restarting the systemd service. #+begin_src nix services = { @@ -532,72 +661,74 @@ services = { ** CLOSING HOME-MANAGER #+begin_src nix -}; +}; }; #+end_src -* ENVIRONMENT PACKAGES +* ENVIRONMENT These are a MUST to ensure the optimal function of nix, without these, recovery may be challenging. -#+begin_src nix -environment.systemPackages = with pkgs; [ - wget - jellyfin-ffmpeg # coolest video converter! - dlib -]; -#+end_src +The environment.etc block allows for bluetooth devices to control volume, pause, +and other things through the headset controls. -* ENVIRONMENT VARIABLES +Declare environment variables whose function is mostly to clear-up the $HOME +directory from as much bloat as possible, as well as some minor graphical tweaks +some applications use. #+begin_src nix -environment.variables = rec { - # PATH - XDG_CACHE_HOME = "\${HOME}/.cache"; - XDG_CONFIG_HOME = "\${HOME}/.config"; - XDG_BIN_HOME = "\${HOME}/.local/bin"; - XDG_DATA_HOME = "\${HOME}/.local/share"; - XDG_STATE_HOME = "\${HOME}/.local/state"; - - # DEV PATH - CABAL_DIR = "\${XDG_CACHE_HOME}/cabal"; - CARGO_HOME = "\${XDG_DATA_HOME}/cargo"; - GEM_HOME = "\${XDG_DATA_HOME}/ruby/gems"; - GEM_PATH = "\${XDG_DATA_HOME}/ruby/gems"; - GEM_SPEC_CACHE = "\${XDG_DATA_HOME}/ruby/specs"; - GOPATH = "\${XDG_DATA_HOME}/go"; - NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc"; - PNPM_HOME = "\${XDG_DATA_HOME}/pnpm"; - PSQL_HISTORY="\${XDG_DATA_HOME}/psql_history"; - REDISCLI_HISTFILE="\${XDG_DATA_HOME}/redis/rediscli_history"; - WINEPREFIX="\${XDG_DATA_HOME}/wine"; - - # OPTIONS - HISTFILE = "\${XDG_STATE_HOME}/bash/history"; - LESSHISTFILE = "-"; - GHCUP_USE_XDG_DIRS = "true"; - RIPGREP_CONFIG_PATH = "\${XDG_CONFIG_HOME}/ripgrep/ripgreprc"; - ELECTRUMDIR = "\${XDG_DATA_HOME}/electrum"; - VISUAL = "emacsclient -ca emacs"; - WGETRC = "\${XDG_CONFIG_HOME}/wgetrc"; - XCOMPOSECACHE = "\${XDG_CACHE_HOME}/X11/xcompose"; - "_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=\${XDG_CONFIG_HOME}/java"; - DOCKER_CONFIG="\${XDG_CONFIG_HOME}/docker"; - - # NVIDIA - CUDA_CACHE_PATH = "\${XDG_CACHE_HOME}/nv"; - # WEBKIT_DISABLE_COMPOSITING_MODE = "1"; - # GBM_BACKEND = "nvidia-drm"; - # "__GLX_VENDOR_LIBRARY_NAME" = "nvidia"; - - # Themes - CALIBRE_USE_SYSTEM_THEME = "1"; - - PATH = [ - "\${HOME}/.local/bin" - "\${XDG_CONFIG_HOME}/emacs/bin" - "\${XDG_DATA_HOME}/npm/bin" - "\${XDG_DATA_HOME}/pnpm" +environment = { + systemPackages = with pkgs; [ + wget + jellyfin-ffmpeg # coolest video converter! + dlib ]; + variables = rec { + # PATH + XDG_CACHE_HOME = "\${HOME}/.cache"; + XDG_CONFIG_HOME = "\${HOME}/.config"; + XDG_BIN_HOME = "\${HOME}/.local/bin"; + XDG_DATA_HOME = "\${HOME}/.local/share"; + XDG_STATE_HOME = "\${HOME}/.local/state"; + + # DEV PATH + CABAL_DIR = "${XDG_CACHE_HOME}/cabal"; + CARGO_HOME = "${XDG_DATA_HOME}/cargo"; + GEM_HOME = "${XDG_DATA_HOME}/ruby/gems"; + GEM_PATH = "${XDG_DATA_HOME}/ruby/gems"; + GEM_SPEC_CACHE = "${XDG_DATA_HOME}/ruby/specs"; + GOPATH = "${XDG_DATA_HOME}/go"; + NPM_CONFIG_USERCONFIG = "${XDG_CONFIG_HOME}/npm/npmrc"; + PNPM_HOME = "${XDG_DATA_HOME}/pnpm"; + PSQL_HISTORY="${XDG_DATA_HOME}/psql_history"; + REDISCLI_HISTFILE="${XDG_DATA_HOME}/redis/rediscli_history"; + WINEPREFIX="${XDG_DATA_HOME}/wine"; + + # OPTIONS + HISTFILE = "${XDG_STATE_HOME}/bash/history"; + LESSHISTFILE = "-"; + GHCUP_USE_XDG_DIRS = "true"; + RIPGREP_CONFIG_PATH = "${XDG_CONFIG_HOME}/ripgrep/ripgreprc"; + ELECTRUMDIR = "${XDG_DATA_HOME}/electrum"; + VISUAL = "emacsclient -ca emacs"; + WGETRC = "${XDG_CONFIG_HOME}/wgetrc"; + XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose"; + "_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java"; + DOCKER_CONFIG="${XDG_CONFIG_HOME}/docker"; + + # NVIDIA + CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv"; + + # Themes + # WEBKIT_DISABLE_COMPOSITING_MODE = "1"; + CALIBRE_USE_SYSTEM_THEME = "1"; + + PATH = [ + "\${HOME}/.local/bin" + "\${XDG_CONFIG_HOME}/emacs/bin" + "\${XDG_DATA_HOME}/npm/bin" + "\${XDG_DATA_HOME}/pnpm" + ]; + }; }; #+end_src @@ -679,6 +810,12 @@ programs = { * SERVICES Miscellaneous services, most of which are managed by systemd. +- minidlna: allows me to watch my media on my tv. +- avahi: allows to discover/connect to devices through their hostname on the + same network. +- fstrim/btrfs: file-system services. +- psd: profile-sync-daemon, loads the chrome/firefox profile to ram. + #+begin_src nix services = { minidlna = { @@ -688,6 +825,7 @@ services = { inotify = "yes"; media_dir = [ "/mnt/disk2/glue" + "/mnt/seedbox/glue" "/mnt/disk1/multimedia/downloads" ]; }; @@ -825,10 +963,9 @@ systemd = { }; #+end_src -* MISC SETTINGS -** ENABLE FONTCONFIG +* FONTCONFIG If enabled, a Fontconfig configuration file will point to a set of default -fonts. If you don't care about running X11 applications or any other program +fonts. If you don not care about running X11 applications or any other program that uses Fontconfig, you can turn this option off and prevent a dependency on all those fonts. =tip= once that Wayland is ready for deployment, I probably can remove this @@ -838,89 +975,29 @@ setting. fonts.fontconfig.enable = true; #+end_src -** NFS +* HARDWARE +Computer-specific hardware settings. The power management settings are +defaulted to "performance". + +- nvidia: GPU drivers. +- cpu.intel: microcode patches. + #+begin_src nix -fileSystems = { - "/export/disk1" = { - device = "/mnt/disk1"; - options = ["bind"]; +hardware = { + nvidia = { + modesetting.enable = true; + powerManagement.enable = true; }; - "/export/disk2" = { - device = "/mnt/disk2"; - options = ["bind"]; - }; - "/export/seedbox" = { - device = "/mnt/seedbox"; - options = ["bind"]; - }; - "/export/jawz" = { - device = "/home/jawz"; - options = ["bind"]; - }; -}; -services.nfs = { - server = { + cpu.intel.updateMicrocode = lib.mkDefault true; + opengl = { enable = true; - exports = '' - /export 192.168.1.64(rw,fsid=0,no_subtree_check) - /export/disk1 192.168.1.64(rw,nohide,insecure,no_subtree_check) - /export/disk2 192.168.1.64(rw,nohide,insecure,no_subtree_check) - /export/seedbox 192.168.1.64(rw,nohide,insecure,no_subtree_check) - /export/jawz 192.168.1.64(rw,nohide,insecure,no_subtree_check) - ''; + driSupport = true; + driSupport32Bit = true; }; }; #+end_src -* FINAL SYSTEM CONFIGURATIONS -The first setting creates a copy the NixOS configuration file and link it from -the resulting system (/run/current-system/configuration.nix). This is useful in -case you accidentally delete configuration.nix. - -The version value determines the NixOS release from which the default settings for -stateful data, like file locations and database versions on your system. -It‘s perfectly fine and recommended to leave this value at the release version -of the first install of this system. - -Lastly I configure in here Cachix repositories, which is a website that keeps a -cache of nixbuilds for easy quick deployments without having to compile -everything from scratch. - +* CLOSE SYSTEM #+begin_src nix -system = { - copySystemConfiguration = true; - stateVersion = "${version}"; -}; -nix = { - settings = { - trusted-users = [ "nixremote" ]; - auto-optimise-store = true; - system-features = [ - "nixos-test" - "benchmark" - "big-parallel" - "kvm" - "gccarch-znver3" - ]; - substituters = [ - "https://nix-gaming.cachix.org" - "https://nixpkgs-python.cachix.org" - "https://devenv.cachix.org" - "https://cuda-maintainers.cachix.org" - ]; - trusted-public-keys = [ - "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" - "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU=" - "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" - "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" - ]; - }; - gc = { - automatic = true; - dates = "weekly"; - }; -}; } #+end_src - -# LocalWords: useXkbConfig Wayland XORG NIXPKGS diff --git a/workstation/hardware-configuration.nix b/workstation/hardware-configuration.nix index 8151e9a..011e1d6 100755 --- a/workstation/hardware-configuration.nix +++ b/workstation/hardware-configuration.nix @@ -56,89 +56,108 @@ in { }; }; - fileSystems."/" = { - device = "/dev/mapper/nvme"; - fsType = "btrfs"; - options = [ - "subvol=nix" - "ssd" - "compress=zstd:3" - "x-systemd.device-timeout=0" - "space_cache=v2" - "commit=120" - "datacow" - "noatime" - ]; + fileSystems = { + "/" = { + device = "/dev/mapper/nvme"; + fsType = "btrfs"; + options = [ + "subvol=nix" + "ssd" + "compress=zstd:3" + "x-systemd.device-timeout=0" + "space_cache=v2" + "commit=120" + "datacow" + "noatime" + ]; + }; + "/home" = { + device = "/dev/mapper/nvme"; + fsType = "btrfs"; + options = [ + "subvol=home" + "ssd" + "compress=zstd:3" + "x-systemd.device-timeout=0" + "space_cache=v2" + "commit=120" + "datacow" + ]; + }; + "/mnt/disk1" = { + device = "/dev/mapper/disk1"; + fsType = "btrfs"; + options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ]; + }; + "/var/lib/nextcloud/data" = { + device = "/mnt/disk1/nextcloud"; + options = [ "bind" ]; + }; + "/mnt/jellyfin/media" = { + device = "/mnt/disk1/multimedia/media"; + options = [ "bind" "ro" ]; + }; + "/mnt/disk2" = { + device = "/dev/mapper/disk2"; + fsType = "btrfs"; + options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ]; + }; + "/mnt/hnbox" = { + device = "/dev/mapper/hnbox"; + fsType = "btrfs"; + options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ]; + }; + "/mnt/seedbox" = { + device = "/dev/mapper/seedbox"; + fsType = "btrfs"; + options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ]; + }; + "/mnt/jellyfin/external" = { + device = "/mnt/seedbox/external"; + options = [ "bind" "ro" ]; + }; + "/mnt/parity" = { + device = "/dev/disk/by-uuid/643b727a-555d-425c-943c-62f5b93631c9"; + fsType = "xfs"; + options = [ "defaults" ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156"; + fsType = "ext4"; + }; + "/boot/efi" = { + device = "/dev/disk/by-uuid/CBE7-5DEB"; + fsType = "vfat"; + }; + "/export/disk1" = { + device = "/mnt/disk1"; + options = [ "bind" ]; + }; + "/export/disk2" = { + device = "/mnt/disk2"; + options = [ "bind" ]; + }; + "/export/seedbox" = { + device = "/mnt/seedbox"; + options = [ "bind" ]; + }; + "/export/jawz" = { + device = "/home/jawz"; + options = [ "bind" ]; + }; }; - - fileSystems."/home" = { - device = "/dev/mapper/nvme"; - fsType = "btrfs"; - options = [ - "subvol=home" - "ssd" - "compress=zstd:3" - "x-systemd.device-timeout=0" - "space_cache=v2" - "commit=120" - "datacow" - ]; + services.nfs = { + server = { + enable = true; + exports = '' + /export 192.168.1.64(rw,fsid=0,no_subtree_check) + /export/disk1 192.168.1.64(rw,nohide,insecure,no_subtree_check) + /export/disk2 192.168.1.64(rw,nohide,insecure,no_subtree_check) + /export/seedbox 192.168.1.64(rw,nohide,insecure,no_subtree_check) + /export/jawz 192.168.1.64(rw,nohide,insecure,no_subtree_check) + ''; + }; }; - fileSystems."/mnt/disk1" = { - device = "/dev/mapper/disk1"; - fsType = "btrfs"; - options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ]; - }; - - fileSystems."/var/lib/nextcloud/data" = { - device = "/mnt/disk1/nextcloud"; - options = [ "bind" ]; - }; - - fileSystems."/mnt/jellyfin/media" = { - device = "/mnt/disk1/multimedia/media"; - options = [ "bind" "ro" ]; - }; - - fileSystems."/mnt/disk2" = { - device = "/dev/mapper/disk2"; - fsType = "btrfs"; - options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ]; - }; - - fileSystems."/mnt/hnbox" = { - device = "/dev/mapper/hnbox"; - fsType = "btrfs"; - options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ]; - }; - - fileSystems."/mnt/seedbox" = { - device = "/dev/mapper/seedbox"; - fsType = "btrfs"; - options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ]; - }; - - fileSystems."/mnt/jellyfin/external" = { - device = "/mnt/seedbox/external"; - options = [ "bind" "ro" ]; - }; - - fileSystems."/mnt/parity" = { - device = "/dev/disk/by-uuid/643b727a-555d-425c-943c-62f5b93631c9"; - fsType = "xfs"; - options = [ "defaults" ]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156"; - fsType = "ext4"; - }; - - fileSystems."/boot/efi" = { - device = "/dev/disk/by-uuid/CBE7-5DEB"; - fsType = "vfat"; - }; - swapDevices = [{ device = "/dev/disk/by-partuuid/cb0ad486-ebf8-4bfc-ad7c-96bdc68576ca"; randomEncryption = { @@ -148,45 +167,4 @@ in { sectorSize = 4096; }; }]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; - - # nixpkgs.config.packageOverrides = pkgs: { - # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; - # }; - - nixpkgs.config = { allowUnfree = true; }; - virtualisation.docker.enableNvidia = true; - services.xserver.videoDrivers = [ "nvidia" ]; - hardware = { - nvidia = { - modesetting.enable = true; - powerManagement.enable = true; - }; - sane = { - enable = true; - extraBackends = [ pkgs.hplip pkgs.hplipWithPlugin ]; - }; - cpu.intel.updateMicrocode = lib.mkDefault true; - bluetooth.enable = true; - opengl = { - enable = true; - driSupport = true; - driSupport32Bit = true; - # extraPackages = with pkgs; [ - # intel-media-driver # LIBVA_DRIVER_NAME=iHD - # vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - # vaapiVdpau - # libvdpau-va-gl - # ]; - }; - }; } diff --git a/workstation/servers.nix b/workstation/servers.nix index 798e3a4..83e3c3a 100644 --- a/workstation/servers.nix +++ b/workstation/servers.nix @@ -177,6 +177,7 @@ in { environment.systemPackages = with pkgs; [ docker-compose ]; virtualisation.docker = { enable = true; + enableNvidia = true; storageDriver = "btrfs"; }; systemd = {