ark/hosts/lungmen.nix

210 lines
5.0 KiB
Nix
Raw Normal View History

2020-11-21 23:54:07 +03:00
{ config, lib, pkgs, modulesPath, nixosPersistence, ... }:
let
2020-11-22 18:34:10 +03:00
btrfsPartPath = "/dev/disk/by-label/NIXOS";
2020-11-21 23:54:07 +03:00
btrfsOptions = [ "compress-force=zstd" "noatime" ];
btrfsDiff = pkgs.writeScriptBin "btrfs-diff" ''
#!${pkgs.bash}/bin/bash
set -euo pipefail
sudo mkdir -p /mnt
sudo mount -o subvol=/ ${btrfsPartPath} /mnt
OLD_TRANSID=$(sudo btrfs subvolume find-new /mnt/root-blank 9999999)
sudo btrfs subvolume find-new "/mnt/root" "$OLD_TRANSID" |
sed '$d' |
cut -f17- -d' ' |
sort |
uniq |
while read path; do
path="/$path"
if [ -L "$path" ]; then
: # The path is a symbolic link, so is probably handled by NixOS already
elif [ -d "$path" ]; then
: # The path is a directory, ignore
else
echo "$path"
fi
done
sudo umount /mnt
'';
2020-12-23 19:54:51 +03:00
in
{
2020-11-21 23:54:07 +03:00
imports = [
../users/patriot
../users/root
2021-01-27 17:52:23 +03:00
../profiles/network/networkmanager.nix
2020-12-23 19:54:51 +03:00
# ../profiles/network/nginx.nix
2020-11-21 23:54:07 +03:00
../profiles/develop
(modulesPath + "/installer/scan/not-detected.nix")
nixosPersistence
];
2021-03-26 21:03:40 +03:00
#systemd.additionalUpstreamSystemUnits = [ "tmp.mount" ];
2020-11-21 23:54:07 +03:00
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
kernelPackages = pkgs.linuxPackages_latest;
supportedFilesystems = [ "btrfs" ];
initrd = {
availableKernelModules =
[ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
kernelModules = [ "amdgpu" ];
};
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
initrd.postDeviceCommands = pkgs.lib.mkBefore ''
mkdir -p /mnt
mount -o subvol=/ ${btrfsPartPath} /mnt
btrfs subvolume list -o /mnt/root |
cut -f9 -d' ' |
while read subvolume; do
echo "deleting /$subvolume subvolume..."
btrfs subvolume delete "/mnt/$subvolume"
done &&
echo "deleting /root subvolume..." &&
btrfs subvolume delete /mnt/root
echo "restoring blank /root subvolume"
btrfs subvolume snapshot /mnt/root-blank /mnt/root
umount /mnt
'';
2021-01-02 16:21:55 +03:00
kernel.sysctl = {
"fs.inotify.max_user_watches" = 524288;
};
2020-11-21 23:54:07 +03:00
};
fileSystems."/" = {
device = btrfsPartPath;
fsType = "btrfs";
options = [ "subvol=root" ] ++ btrfsOptions;
};
fileSystems."/home" = {
device = btrfsPartPath;
fsType = "btrfs";
options = [ "subvol=home" ] ++ btrfsOptions;
};
2020-11-22 18:34:10 +03:00
fileSystems."/media/archive" = {
device = "/dev/disk/by-uuid/f9b5f7f3-51e8-4357-8518-986b16311c71";
fsType = "btrfs";
options = btrfsOptions;
};
2020-11-21 23:54:07 +03:00
fileSystems."/nix" = {
device = btrfsPartPath;
fsType = "btrfs";
options = [ "subvol=nix" ] ++ btrfsOptions;
};
fileSystems."/persist" = {
device = btrfsPartPath;
fsType = "btrfs";
options = [ "subvol=persist" ] ++ btrfsOptions;
neededForBoot = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/5784-BBB1";
fsType = "vfat";
};
swapDevices = [ ];
zramSwap = {
enable = true;
algorithm = "zstd";
};
nix.maxJobs = lib.mkDefault 4;
security = {
mitigations.disable = true;
allowSimultaneousMultithreading = false;
# Deleting root subvolume makes sudo show lecture every boot
sudo.extraConfig = ''
Defaults lecture = never
'';
};
sound.enable = true;
hardware = {
opengl = {
driSupport = true;
driSupport32Bit = true;
enable = true;
extraPackages = with pkgs; [
amdvlk
libvdpau-va-gl
vaapiVdpau
libva
vulkan-loader
];
extraPackages32 = with pkgs.pkgsi686Linux;
[ libvdpau-va-gl vaapiVdpau libva vulkan-loader ]
++ [ pkgs.driversi686Linux.amdvlk ];
};
pulseaudio = {
enable = true;
support32Bit = true;
};
};
environment = {
2021-01-17 17:25:54 +03:00
systemPackages = [ btrfsDiff ];
2020-11-24 23:04:53 +03:00
pathsToLink = [ "/share/zsh" ];
2020-11-21 23:54:07 +03:00
persistence."/persist" = {
2020-11-22 18:34:10 +03:00
directories = [ "/etc/nixos" ];
2020-11-21 23:54:07 +03:00
files = [ "/etc/machine-id" ];
};
2021-02-16 08:56:18 +03:00
variables = {
VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
};
2020-11-21 23:54:07 +03:00
};
networking.interfaces.enp6s0.useDHCP = true;
2021-02-13 20:30:31 +03:00
services = {
2021-04-03 11:25:07 +03:00
ipfs = {
enable = true;
enableGC = true;
autoMount = true;
};
2021-02-13 20:30:31 +03:00
flatpak.enable = true;
xserver = {
videoDrivers = [ "amdgpu" ];
};
2021-02-18 16:57:12 +03:00
pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
};
2021-02-13 20:30:31 +03:00
postgresql = {
enable = true;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 0.0.0.0/0 md5
'';
settings = {
listen_addresses = "*";
};
initialScript = pkgs.writeText "backend-initScript" ''
CREATE ROLE patriot WITH LOGIN PASSWORD 'patriot' CREATEDB;
CREATE DATABASE harmony;
GRANT ALL PRIVILEGES ON DATABASE harmony TO patriot;
'';
2020-12-23 19:54:51 +03:00
};
};
2021-03-26 21:03:40 +03:00
virtualisation = {
podman.enable = true;
libvirtd.enable = true;
};
2020-11-21 23:54:07 +03:00
system.stateVersion = "20.09";
}