blob: d139d941d017bf60b8fa21360cf776684a615667 (
plain) (
tree)
|
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
let
nurSrc = builtins.fetchTarball {
url =
"https://github.com/nix-community/NUR/archive/687ed97c4379e9ad1346fc673e3e0fc88210de14.tar.gz";
sha256 = "sha256:0pxljc5bzcwb8c43qmm5l49p03snq7piqnshglqday2dw6cfcd6l";
};
home-manager = builtins.fetchTarball {
# branch release-24.05 as of 2024-06-23
url = "https://github.com/nix-community/home-manager/archive/a1fddf0967c33754271761d91a3d921772b30d0e.tar.gz";
sha256 = "sha256:1vvrrk14vrhb6drj3fy8snly0sf24x3402ykb9q5j1gy99vvqqq6";
};
in
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
./common.nix
./sway.nix
./xfce.nix
./windowmaker.nix
(import "${home-manager}/nixos")
];
networking.hostName = "kusanagi";
networking.hostId = "b807fe35";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.luks.devices = {
lukszfs = {
device = "/dev/disk/by-uuid/90f30f15-3ee3-4a15-bab6-36fb31630e2a";
allowDiscards = true;
};
};
# ---- standard filesystems ----
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/E2FA-FB92";
fsType = "vfat";
};
fileSystems."/Z" =
{ device = "kusanagi/nixos/home";
fsType = "zfs";
neededForBoot = true; # because contains password files used below
};
fileSystems."/nix" =
{ device = "kusanagi/nixos/nix";
fsType = "zfs";
};
swapDevices = [ ];
# ---- tmpfs root filesystem with special persisted directory ----
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
options = [ "defaults" "size=8G" "mode=755" ];
};
fileSystems."/persist" =
{ device = "kusanagi/nixos/persist";
fsType = "zfs";
neededForBoot = true; # because contains /var/log
};
environment.etc."machine-id".source = "/persist/etc/machine-id";
fileSystems."/etc/NetworkManager/system-connections" =
{ device = "/persist/etc/NetworkManager/system-connections";
fsType = "none";
depends = [ "/persist" "/mnt-root/persist" ];
options = [ "bind" ];
};
fileSystems."/var/log" =
{ device = "/persist/var/log";
fsType = "none";
depends = [ "/persist" "/mnt-root/persist" ];
options = [ "bind" ];
};
fileSystems."/var/lib/tailscale" =
{ device = "/persist/var/lib/tailscale";
fsType = "none";
depends = [ "/persist" "/mnt-root/persist" ];
options = [ "bind" ];
};
# ---- immutable user config for tmpfs root ----
users.mutableUsers = false;
users.users.lx.hashedPasswordFile = "/Z/lx/.password";
users.users.lx.uid = 1000;
# ---- no persistent home, use home manager to set everything up ----
# nur has to be imported twice, otherwise doesn't work
nixpkgs.config.packageOverrides = pkgs: {
nur = import nurSrc {
inherit pkgs;
};
};
home-manager.users.lx = import ../nixpkgs/kusanagi.nix { inherit pkgs; };
# ---- disable nix gc ----
nix.gc.automatic = false;
# ---- improve graphics ----
services.xserver.videoDrivers = [ "intel" ];
services.xserver.deviceSection = ''
Option "DRI" "2"
Option "TearFree" "true"
'';
# ---- automatic login ----
services.displayManager.defaultSession = "sway";
services.xserver.displayManager.lightdm.enable = true;
services.displayManager.autoLogin.enable = true;
services.displayManager.autoLogin.user = "lx";
# ---- specialization with extra stuff
specialisation."extra".configuration = { pkgs, ...}: {
imports = [
./common2.nix
./wayfire.nix
];
# ---- printing ----
services.printing.drivers = [ pkgs.cups-brother-hl1210w ];
services.avahi.enable = true;
services.avahi.nssmdns4 = true;
services.avahi.openFirewall = true;
# ---- tor paths ----
services.tor.settings.ClientOnionAuthDir = "/persist/var/lib/tor/client-auth";
systemd.services."tor".serviceConfig.BindPaths = [ "/persist/var/lib/tor/client-auth" ];
# ---- remote backup (restic to infracoll)
# requires tailscale so not enabled in default specialisation
services.restic.backups."infracoll" = {
repository = "s3:http://garage.isomorphis.me:3900/restic-lx";
environmentFile = "/persist/etc/secrets/restic/infracoll/credentials";
passwordFile = "/persist/etc/secrets/restic/infracoll/password";
paths = [
"/persist"
"/Z/lx"
];
exclude = [
"/persist/var/log"
];
timerConfig = {
OnCalendar = "Fri, 8:00";
Persistent = true;
};
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
"--keep-yearly 75"
];
};
};
# ----
nixpkgs.hostPlatform = "x86_64-linux";
powerManagement.cpuFreqGovernor = "powersave";
hardware.cpu.intel.updateMicrocode = true;
}
|