path: root/nixos/kusanagi.nix



# Do not modify this file!  It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations.  Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:

let
  nurSrc = builtins.fetchTarball {
    url =
      "https://github.com/nix-community/NUR/archive/687ed97c4379e9ad1346fc673e3e0fc88210de14.tar.gz";
    sha256 = "sha256:0pxljc5bzcwb8c43qmm5l49p03snq7piqnshglqday2dw6cfcd6l";
  };
  home-manager = builtins.fetchTarball {
    # branch release-24.05 as of 2024-06-23
    url = "https://github.com/nix-community/home-manager/archive/a1fddf0967c33754271761d91a3d921772b30d0e.tar.gz";
    sha256 = "sha256:1vvrrk14vrhb6drj3fy8snly0sf24x3402ykb9q5j1gy99vvqqq6";
  };
in
{
  imports =
    [
      (modulesPath + "/installer/scan/not-detected.nix")
      ./common.nix
      ./sway.nix
      ./xfce.nix
      ./windowmaker.nix
      (import "${home-manager}/nixos")
    ];

  networking.hostName = "kusanagi";
  networking.hostId = "b807fe35";

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

  boot.initrd.luks.devices = {
    lukszfs = {
      device = "/dev/disk/by-uuid/90f30f15-3ee3-4a15-bab6-36fb31630e2a";
      allowDiscards = true;
    };
  };

  # ---- standard filesystems ----

  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/E2FA-FB92";
      fsType = "vfat";
    };

  fileSystems."/Z" =
    { device = "kusanagi/nixos/home";
      fsType = "zfs";
      neededForBoot = true; # because contains password files used below
    };

  fileSystems."/nix" =
    { device = "kusanagi/nixos/nix";
      fsType = "zfs";
    };

  swapDevices = [ ];

  services.zfs.autoSnapshot.enable = true;

  # ---- tmpfs root filesystem with special persisted directory ----

  fileSystems."/" = {
    device = "none";
    fsType = "tmpfs";
    options = [ "defaults" "size=8G" "mode=755" ];
  };

  fileSystems."/persist" =
    { device = "kusanagi/nixos/persist";
      fsType = "zfs";
      neededForBoot = true;  # because contains /var/log
    };

  environment.etc."machine-id".source = "/persist/etc/machine-id";

  fileSystems."/etc/NetworkManager/system-connections" =
    { device = "/persist/etc/NetworkManager/system-connections";
      fsType = "none";
      depends = [ "/persist" "/mnt-root/persist" ];
      options = [ "bind" ];
    };

  fileSystems."/var/log" =
    { device = "/persist/var/log";
      fsType = "none";
      depends = [ "/persist" "/mnt-root/persist" ];
      options = [ "bind" ];
    };

  fileSystems."/var/lib/tailscale" =
    { device = "/persist/var/lib/tailscale";
      fsType = "none";
      depends = [ "/persist" "/mnt-root/persist" ];
      options = [ "bind" ];
    };

  # ---- immutable user config for tmpfs root ----

  users.mutableUsers = false;
  users.users.lx.hashedPasswordFile = "/Z/lx/.password";
  users.users.lx.uid = 1000;

  # ---- no persistent home, use home manager to set everything up ----

  # nur has to be imported twice, otherwise doesn't work
  nixpkgs.config.packageOverrides = pkgs: {
    nur = import nurSrc {
      inherit pkgs;
    };
  };
  home-manager.users.lx = import ../nixpkgs/kusanagi.nix { inherit pkgs; };

  # ---- disable nix gc ----

  nix.gc.automatic = false;

  # ---- improve graphics ----

  services.xserver.videoDrivers = [ "intel" ];
  services.xserver.deviceSection = ''
    Option "DRI" "2"
    Option "TearFree" "true"
  '';

  # ---- automatic login ----

  services.displayManager.defaultSession = "sway";
  services.xserver.displayManager.lightdm.enable = true;
  services.displayManager.autoLogin.enable = true;
  services.displayManager.autoLogin.user = "lx";

  # ---- specialization with extra stuff

  specialisation."extra".configuration = { pkgs, ...}: {
    imports = [
      ./common2.nix
      ./wayfire.nix
    ];

    # ---- printing ----

    services.printing.drivers = [ pkgs.cups-brother-hl1210w ];

    services.avahi.enable = true;
    services.avahi.nssmdns4 = true;
    services.avahi.openFirewall = true;

    # ---- tor paths ----

    services.tor.settings.ClientOnionAuthDir = "/persist/var/lib/tor/client-auth";
    systemd.services."tor".serviceConfig.BindPaths = [ "/persist/var/lib/tor/client-auth" ];

    # ---- remote backup (restic to infracoll)
    # requires tailscale so not enabled in default specialisation

    services.restic.backups."infracoll" = {
      repository = "s3:https://garage.bolobolo.fr.eu.org/lx-restic-perso";
      environmentFile = "/persist/etc/secrets/restic/infracoll/credentials";
      passwordFile = "/persist/etc/secrets/restic/infracoll/password";
      paths = [
        "/persist"
        "/Z/lx"
      ];
      exclude = [
        "/persist/var/log"
      ];
      timerConfig = {
        OnCalendar = "Fri, 8:00";
        Persistent = true;
      };
      pruneOpts = [
        "--keep-daily 7"
        "--keep-weekly 5"
        "--keep-monthly 12"
        "--keep-yearly 75"
      ];
    };
  };

  # ----

  nixpkgs.hostPlatform =  "x86_64-linux";
  powerManagement.cpuFreqGovernor = "powersave";
  hardware.cpu.intel.updateMicrocode = true;
}
# Do not modify this file!  It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations.  Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:

let
  nurSrc = builtins.fetchTarball {
    url =
      "https://github.com/nix-community/NUR/archive/687ed97c4379e9ad1346fc673e3e0fc88210de14.tar.gz";
    sha256 = "sha256:0pxljc5bzcwb8c43qmm5l49p03snq7piqnshglqday2dw6cfcd6l";
  };
  home-manager = builtins.fetchTarball {
    # branch release-24.05 as of 2024-06-23
    url = "https://github.com/nix-community/home-manager/archive/a1fddf0967c33754271761d91a3d921772b30d0e.tar.gz";
    sha256 = "sha256:1vvrrk14vrhb6drj3fy8snly0sf24x3402ykb9q5j1gy99vvqqq6";
  };
in
{
  imports =
    [
      (modulesPath + "/installer/scan/not-detected.nix")
      ./common.nix
      ./sway.nix
      ./xfce.nix
      ./windowmaker.nix
      (import "${home-manager}/nixos")
    ];

  networking.hostName = "kusanagi";
  networking.hostId = "b807fe35";

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

  boot.initrd.luks.devices = {
    lukszfs = {
      device = "/dev/disk/by-uuid/90f30f15-3ee3-4a15-bab6-36fb31630e2a";
      allowDiscards = true;
    };
  };

  # ---- standard filesystems ----

  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/E2FA-FB92";
      fsType = "vfat";
    };

  fileSystems."/Z" =
    { device = "kusanagi/nixos/home";
      fsType = "zfs";
      neededForBoot = true; # because contains password files used below
    };

  fileSystems."/nix" =
    { device = "kusanagi/nixos/nix";
      fsType = "zfs";
    };

  swapDevices = [ ];

  services.zfs.autoSnapshot.enable = true;

  # ---- tmpfs root filesystem with special persisted directory ----

  fileSystems."/" = {
    device = "none";
    fsType = "tmpfs";
    options = [ "defaults" "size=8G" "mode=755" ];
  };

  fileSystems."/persist" =
    { device = "kusanagi/nixos/persist";
      fsType = "zfs";
      neededForBoot = true;  # because contains /var/log
    };

  environment.etc."machine-id".source = "/persist/etc/machine-id";

  fileSystems."/etc/NetworkManager/system-connections" =
    { device = "/persist/etc/NetworkManager/system-connections";
      fsType = "none";
      depends = [ "/persist" "/mnt-root/persist" ];
      options = [ "bind" ];
    };

  fileSystems."/var/log" =
    { device = "/persist/var/log";
      fsType = "none";
      depends = [ "/persist" "/mnt-root/persist" ];
      options = [ "bind" ];
    };

  fileSystems."/var/lib/tailscale" =
    { device = "/persist/var/lib/tailscale";
      fsType = "none";
      depends = [ "/persist" "/mnt-root/persist" ];
      options = [ "bind" ];
    };

  # ---- immutable user config for tmpfs root ----

  users.mutableUsers = false;
  users.users.lx.hashedPasswordFile = "/Z/lx/.password";
  users.users.lx.uid = 1000;

  # ---- no persistent home, use home manager to set everything up ----

  # nur has to be imported twice, otherwise doesn't work
  nixpkgs.config.packageOverrides = pkgs: {
    nur = import nurSrc {
      inherit pkgs;
    };
  };
  home-manager.users.lx = import ../nixpkgs/kusanagi.nix { inherit pkgs; };

  # ---- disable nix gc ----

  nix.gc.automatic = false;

  # ---- improve graphics ----

  services.xserver.videoDrivers = [ "intel" ];
  services.xserver.deviceSection = ''
    Option "DRI" "2"
    Option "TearFree" "true"
  '';

  # ---- automatic login ----

  services.displayManager.defaultSession = "sway";
  services.xserver.displayManager.lightdm.enable = true;
  services.displayManager.autoLogin.enable = true;
  services.displayManager.autoLogin.user = "lx";

  # ---- specialization with extra stuff

  specialisation."extra".configuration = { pkgs, ...}: {
    imports = [
      ./common2.nix
      ./wayfire.nix
    ];

    # ---- printing ----

    services.printing.drivers = [ pkgs.cups-brother-hl1210w ];

    services.avahi.enable = true;
    services.avahi.nssmdns4 = true;
    services.avahi.openFirewall = true;

    # ---- tor paths ----

    services.tor.settings.ClientOnionAuthDir = "/persist/var/lib/tor/client-auth";
    systemd.services."tor".serviceConfig.BindPaths = [ "/persist/var/lib/tor/client-auth" ];

    # ---- remote backup (restic to infracoll)
    # requires tailscale so not enabled in default specialisation

    services.restic.backups."infracoll" = {
      repository = "s3:https://garage.bolobolo.fr.eu.org/lx-restic-perso";
      environmentFile = "/persist/etc/secrets/restic/infracoll/credentials";
      passwordFile = "/persist/etc/secrets/restic/infracoll/password";
      paths = [
        "/persist"
        "/Z/lx"
      ];
      exclude = [
        "/persist/var/log"
      ];
      timerConfig = {
        OnCalendar = "Fri, 8:00";
        Persistent = true;
      };
      pruneOpts = [
        "--keep-daily 7"
        "--keep-weekly 5"
        "--keep-monthly 12"
        "--keep-yearly 75"
      ];
    };
  };

  # ----

  nixpkgs.hostPlatform =  "x86_64-linux";
  powerManagement.cpuFreqGovernor = "powersave";
  hardware.cpu.intel.updateMicrocode = true;
}