picnoir
/
nom-nom-nix-gc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nom-nom-nix-gc/machines/trantor.nix

395 lines
10 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
let
myusers = import ../users.nix { inherit pkgs; };
mypkgs = import ../packages.nix { inherit pkgs; };
i3 = import ../modules/software-config/i3.nix { inherit pkgs; };
vimInit = import ../modules/software-config/neovim.nix { inherit pkgs; };
sources = import ../nix/sources.nix { };
keys = import ../keys.nix { inherit lib; };
nixos-hardware = sources.nixos-hardware;
temp-probe = pkgs.callPackage ../custom-pkgs/temp-probe.nix { };
desktop-status-bar = pkgs.callPackage ../custom-pkgs/desktop-status-bar.nix {
temp-probe = temp-probe;
};
pomodoro = pkgs.writers.writeBashBin "pomodoro" ''
sleep 1500
${pkgs.alsa-utils}/bin/aplay ~/Musique/bell.wav &
${pkgs.libnotify}/bin/notify-send "Pomodoro: " "TIME'S UP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"'';
in {
imports = [
../modules/core.nix
../modules/core-graphical-computers.nix
../modules/dev-services.nix
../modules/gitea-runner.nix
# ../modules/sockburp.nix
"${nixos-hardware}/common/pc/ssd/default.nix"
"${nixos-hardware}/common/cpu/amd/default.nix"
"${nixos-hardware}/common/gpu/amd/default.nix"
"${sources.sops-nix}/modules/sops"
./trantor-hardware.nix
];
sops = {
defaultSopsFile = ../secrets/trantor.yaml;
gnupg.sshKeyPaths = [ ];
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets = {
gitea-token = {
mode = "0400";
};
};
};
programs.firefox = {
nativeMessagingHosts.ff2mpv = true;
};
hardware.nvidia.nvidiaSettings = false;
services.xserver = {
enable = true;
videoDrivers = [ "amdgpu" ];
displayManager = {
sddm.enable = true;
defaultSession = "plasmawayland";
};
desktopManager = {
xterm.enable = false;
plasma5.enable = true;
};
windowManager.i3 = {
enable = true;
configFile = builtins.toPath (pkgs.writeText "desktop-i3-config" (i3.desktop-config desktop-status-bar));
};
};
services.usbmuxd.enable = true;
services.nscd.enableNsncd = true;
hardware.opengl = {
enable = true;
driSupport = true;
};
hardware.rtl-sdr.enable = true;
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
liberation_ttf
fira-code
fira-code-symbols
dina-font
proggyfonts
];
boot = {
initrd.kernelModules = [ "amdgpu" ];
loader.systemd-boot = {
enable = true;
memtest86.enable = true;
};
loader.systemd-boot.configurationLimit = 10;
initrd.systemd.enable = true;
};
programs.bcc.enable = true;
programs.kdeconnect.enable = true;
services.printing = {
enable = true;
drivers = [ pkgs.cups-brother-hll2350dw ];
};
services.openssh= {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
};
};
boot.initrd.systemd.network.wait-online.enable = false;
home-manager.users.ninjatrappeur = {
home.stateVersion = "18.09";
home.file = {
".config/msmtp/config".source = ../raw-conf-files/email/msmtp;
".notmuch-config".source = ../raw-conf-files/email/notmuch-config;
".config/waybar".source = ../raw-conf-files/waybar-trantor;
};
systemd.user = {
services = {
sync-mail = {
Unit = { Description = "Synchronize notmuch mailboxes"; };
Service = {
Type = "oneshot";
ExecStart = "${pkgs.ninjatrappeur-pkgs.sync-mail}/bin/sync-mail";
};
};
# multimedia-sshfs-fuse-mount = {
# Unit = {
# Description = "Home multimedia network share";
# After = [ "network.target" "nss-lookup.target" "graphical-session.target" ];
# };
# Install = {
# WantedBy = [ "default.target" ];
# };
# Service = {
# Type = "simple";
# ExecStart = ''${pkgs.sshfs}/bin/sshfs -f -oIdentityFile=/home/ninjatrappeur/.ssh/id_ed25519 "sftpUser@home.alternativebit.fr:/" /home/ninjatrappeur/multimedia-sshfs'';
# ExecStop = ''${pkgs.fuse}/bin/fusermount -u /home/ninjatrappeur/multimedia-sshfs'';
# # Race condition: The service will fail to resolve the DNS name at login.
# # We restart it on failure as a workaround.
# Restart="on-failure";
# RestartSec="10s";
# };
# };
};
timers = {
sync-mail = {
Unit = { Description = "Syncs the mailboxes"; };
Timer = {
OnBootSec = "3m";
OnUnitActiveSec = "30m";
Unit = "sync-mail.service";
};
Install = { WantedBy = [ "timers.target" ]; };
};
};
};
};
networking = {
extraHosts = ''
#127.0.0.1 youtube.com youtu.be www.youtube.com
10.25.3.41 gitlab.clearpath.ai gitlab.clearpathrobotics.com
10.25.3.105 hydra.clearpath.ai
10.25.11.150 prod-vm-hydra-02.clearpath.ai
#10.25.11.168 prod-vm-hydra-worker-01.clearpath.ai
10.25.3.105 prod-vm-hydra-main-01.clearpath.ai
10.25.3.241 prod-vm-hydra-worker-01.clearpath.ai
#10.25.11.167 prod-vm-hydra-worker-02.clearpath.ai
10.25.3.242 prod-vm-hydra-worker-02.clearpath.ai
10.26.3.91 prod-vm-devops-monitoring-01.clearpath.ai devops.clearpath.ai
10.25.0.169 jira.clearpathrobotics.com wiki.clearpathrobotics.com
10.25.3.101 jfrog.clearpathrobotics.com
10.25.0.224 reset.clearpath.ai
10.25.3.191 prod-vm-docker-registry-01.clearpathrobotics.com
10.25.3.191 harbor.clearpathrobotics.com
10.25.3.60 bundles.clearpath.ai
10.25.20.15 vsphere.clearpath.ai
# Framework via local VPN
192.168.166.3 framework
'';
hosts = {
#"127.0.0.1" = [ "www.youtube.com" "youtube.com" "youtu.be" "twitter.com" ];
};
hostName = "trantor";
domain = "alternativebit.fr";
firewall = {
enable = false;
allowedTCPPorts = [
# Random HTTP stuff
8000
# Patchwork
8008
8989
# Syncthing
22000
# VNC
5900
];
allowedUDPPorts = [
# Patchwork local discovery
8008
# Syncthing
21027
# Avahi
5353
];
};
};
services.avahi.enable = true;
services.resolved = { enable = false; };
services.emacs = {
enable = true;
defaultEditor = true;
package = pkgs.ninjatrappeur-pkgs.configured-emacs;
};
security.pam.loginLimits = [
{
domain = "*";
type = "-";
item = "nofile";
value = "9192";
}
];
# services.gnome = {
# core-utilities.enable = true;
# core-shell.enable = true;
# gnome-keyring.enable = true;
# };
services.udev.packages = [ pkgs.yubikey-personalization ];
services.pcscd.enable = true;
services.syncthing = {
user = "ninjatrappeur";
dataDir = "/home/ninjatrappeur/.config/syncthing";
};
users = {
groups.nfs.gid = 8;
extraUsers.ninjatrappeur = {
isNormalUser = true;
home = myusers.ninjatrappeur.home;
extraGroups = myusers.ninjatrappeur.extraGroups ++ [ "nfs" "libvirtd" "plugdev" ];
shell = myusers.ninjatrappeur.shell;
openssh.authorizedKeys.keys = pkgs.lib.attrsets.attrValues keys.ninjatrappeur;
};
extraGroups.vboxusers.members = [ "ninjatrappeur" ];
extraUsers.nfs = {
isSystemUser = true;
uid = 7;
group = "nfs";
};
};
services.dbus.packages = [ pkgs.gcr ];
programs.wireshark.enable = true;
programs.gnupg.agent = {
enable = true;
pinentryFlavor = "qt";
};
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
environment.etc."sway/config".source = builtins.toPath
(pkgs.writeText "desktop-sway-config"
(i3.desktop-config desktop-status-bar));
systemd.network = {
enable = true;
networks = {
"98-nope" = {
matchConfig = { Name = "enp*"; };
linkConfig.Unmanaged = true;
};
"80-lan" = {
matchConfig = { Name = "enp8s0"; };
DHCP = "yes";
networkConfig = {
IPv6AcceptRA = true;
IPv6PrivacyExtensions = "yes";
};
};
};
};
services.gvfs.enable = true;
environment.systemPackages = mypkgs.common ++ mypkgs.dev ++ mypkgs.media
++ mypkgs.graphic-apps ++ [
pomodoro
temp-probe
(pkgs.wrapOBS { plugins = [ pkgs.obs-studio-plugins.wlrobs ];})
pkgs.virt-manager
pkgs.gnome.nautilus
pkgs.gnome.eog
pkgs.gnome.gvfs
pkgs.cambalache
pkgs.jmtpfs
pkgs.element-desktop
pkgs.gpsbabel
pkgs.josm
pkgs.gnome.polari
pkgs.libimobiledevice
pkgs.ifuse
pkgs.gh
pkgs.strawberry
pkgs.ninjatrappeur-pkgs.picobak
pkgs.ninjatrappeur-pkgs.backup-iphone
pkgs.file
# KDE
pkgs.korganizer
pkgs.kalendar
pkgs.akonadi
pkgs.plasma5Packages.kdepim-runtime
pkgs.plasma5Packages.kdepim-addons
pkgs.plasma5Packages.akonadi-calendar
pkgs.plasma5Packages.akonadi-calendar-tools
pkgs.plasma5Packages.akonadi-contacts
pkgs.plasma5Packages.akonadi-import-wizard
pkgs.plasma5Packages.akonadi-mime
pkgs.plasma5Packages.akonadi-notes
pkgs.plasma5Packages.akonadi-search
pkgs.plasma5Packages.akonadiconsole
pkgs.plasma5Packages.akonadiconsole
# Rust
pkgs.cargo
pkgs.rustc
pkgs.rust-analyzer
pkgs.gcc
pkgs.valgrind
pkgs.gdb
];
system = { stateVersion = "19.09"; };
nix = {
settings = {
trusted-users = [ "root" "${myusers.ninjatrappeur.name}" ];
sandbox = "relaxed";
substituters = [
# "http://hydra.clearpath.ai"
"https://cache.nixos.org"
];
trusted-public-keys = [
# "hydra.clearpath.ai:VkmY4UV6HIDct2ZwjlvJniEQNZ1C7ZLglQweQpt6vE4="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
];
experimental-features = [
"flakes"
"nix-command"
"repl-flake"
];
# substituters = [
# "http://seldon.alternativebit.fr:5555?priority=30"
# ];
# Seldon pubkey
# trusted-public-keys = [ "binarycache.example.com:GjvB/hNEEYW+Gzlz1zJHxQQpk+EYUUu0WNYxbxhbmzs=" ];
};
nixPath = [
"nixpkgs=${sources.nixpkgs}"
"nixos-config=/etc/nixos/configuration.nix"
];
};
virtualisation = {
libvirtd = { enable = true; };
podman = {
enable = true;
extraPackages = [ pkgs.zfs ];
};
};
}
Reference in New Issue View Git Blame Copy Permalink