2021-05-03 07:48:31 +03:00
|
|
|
{ config, lib, pkgs, modulesPath, suites, ... }:
|
2020-11-21 23:54:07 +03:00
|
|
|
let
|
2020-11-22 18:34:10 +03:00
|
|
|
btrfsPartPath = "/dev/disk/by-label/NIXOS";
|
2020-11-21 23:54:07 +03:00
|
|
|
btrfsOptions = [ "compress-force=zstd" "noatime" ];
|
|
|
|
|
|
|
|
|
|
btrfsDiff = pkgs.writeScriptBin "btrfs-diff" ''
|
|
|
|
|
#!${pkgs.bash}/bin/bash
|
|
|
|
|
set -euo pipefail
|
|
|
|
|
|
|
|
|
|
sudo mkdir -p /mnt
|
|
|
|
|
sudo mount -o subvol=/ ${btrfsPartPath} /mnt
|
|
|
|
|
|
|
|
|
|
OLD_TRANSID=$(sudo btrfs subvolume find-new /mnt/root-blank 9999999)
|
|
|
|
|
|
|
|
|
|
sudo btrfs subvolume find-new "/mnt/root" "$OLD_TRANSID" |
|
|
|
|
|
sed '$d' |
|
|
|
|
|
cut -f17- -d' ' |
|
|
|
|
|
sort |
|
|
|
|
|
uniq |
|
|
|
|
|
while read path; do
|
|
|
|
|
path="/$path"
|
|
|
|
|
if [ -L "$path" ]; then
|
|
|
|
|
: # The path is a symbolic link, so is probably handled by NixOS already
|
|
|
|
|
elif [ -d "$path" ]; then
|
|
|
|
|
: # The path is a directory, ignore
|
|
|
|
|
else
|
|
|
|
|
echo "$path"
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
sudo umount /mnt
|
|
|
|
|
'';
|
2020-12-23 19:54:51 +03:00
|
|
|
in
|
|
|
|
|
{
|
2021-05-10 14:56:15 +03:00
|
|
|
imports = suites.base ++ suites.work ++ [
|
2021-05-03 07:48:31 +03:00
|
|
|
../profiles/network/networkmanager
|
2020-11-21 23:54:07 +03:00
|
|
|
(modulesPath + "/installer/scan/not-detected.nix")
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
boot = {
|
|
|
|
|
loader = {
|
|
|
|
|
efi.canTouchEfiVariables = true;
|
|
|
|
|
systemd-boot.enable = true;
|
|
|
|
|
};
|
|
|
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
|
supportedFilesystems = [ "btrfs" ];
|
|
|
|
|
initrd = {
|
|
|
|
|
availableKernelModules =
|
|
|
|
|
[ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
|
|
|
|
|
kernelModules = [ "amdgpu" ];
|
|
|
|
|
};
|
|
|
|
|
kernelModules = [ "kvm-amd" ];
|
|
|
|
|
extraModulePackages = [ ];
|
|
|
|
|
initrd.postDeviceCommands = pkgs.lib.mkBefore ''
|
|
|
|
|
mkdir -p /mnt
|
|
|
|
|
mount -o subvol=/ ${btrfsPartPath} /mnt
|
|
|
|
|
btrfs subvolume list -o /mnt/root |
|
|
|
|
|
cut -f9 -d' ' |
|
|
|
|
|
while read subvolume; do
|
|
|
|
|
echo "deleting /$subvolume subvolume..."
|
|
|
|
|
btrfs subvolume delete "/mnt/$subvolume"
|
|
|
|
|
done &&
|
|
|
|
|
echo "deleting /root subvolume..." &&
|
|
|
|
|
btrfs subvolume delete /mnt/root
|
|
|
|
|
echo "restoring blank /root subvolume"
|
|
|
|
|
btrfs subvolume snapshot /mnt/root-blank /mnt/root
|
|
|
|
|
umount /mnt
|
|
|
|
|
'';
|
2021-01-02 16:21:55 +03:00
|
|
|
kernel.sysctl = {
|
|
|
|
|
"fs.inotify.max_user_watches" = 524288;
|
|
|
|
|
};
|
2020-11-21 23:54:07 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileSystems."/" = {
|
|
|
|
|
device = btrfsPartPath;
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "subvol=root" ] ++ btrfsOptions;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileSystems."/home" = {
|
|
|
|
|
device = btrfsPartPath;
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "subvol=home" ] ++ btrfsOptions;
|
|
|
|
|
};
|
|
|
|
|
|
2020-11-22 18:34:10 +03:00
|
|
|
fileSystems."/media/archive" = {
|
|
|
|
|
device = "/dev/disk/by-uuid/f9b5f7f3-51e8-4357-8518-986b16311c71";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = btrfsOptions;
|
|
|
|
|
};
|
|
|
|
|
|
2020-11-21 23:54:07 +03:00
|
|
|
fileSystems."/nix" = {
|
|
|
|
|
device = btrfsPartPath;
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "subvol=nix" ] ++ btrfsOptions;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileSystems."/persist" = {
|
|
|
|
|
device = btrfsPartPath;
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "subvol=persist" ] ++ btrfsOptions;
|
|
|
|
|
neededForBoot = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileSystems."/boot" = {
|
|
|
|
|
device = "/dev/disk/by-uuid/5784-BBB1";
|
|
|
|
|
fsType = "vfat";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
swapDevices = [ ];
|
|
|
|
|
zramSwap = {
|
|
|
|
|
enable = true;
|
|
|
|
|
algorithm = "zstd";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
nix.maxJobs = lib.mkDefault 4;
|
|
|
|
|
|
|
|
|
|
security = {
|
|
|
|
|
mitigations.disable = true;
|
|
|
|
|
allowSimultaneousMultithreading = false;
|
|
|
|
|
# Deleting root subvolume makes sudo show lecture every boot
|
|
|
|
|
sudo.extraConfig = ''
|
|
|
|
|
Defaults lecture = never
|
|
|
|
|
'';
|
2021-05-14 22:10:53 +03:00
|
|
|
rtkit.enable = true;
|
2020-11-21 23:54:07 +03:00
|
|
|
};
|
|
|
|
|
|
2021-05-14 22:10:53 +03:00
|
|
|
sound.enable = false;
|
|
|
|
|
services.pipewire = {
|
|
|
|
|
enable = true;
|
|
|
|
|
alsa.enable = true;
|
|
|
|
|
alsa.support32Bit = true;
|
|
|
|
|
pulse.enable = true;
|
|
|
|
|
};
|
2020-11-21 23:54:07 +03:00
|
|
|
hardware = {
|
|
|
|
|
opengl = {
|
|
|
|
|
driSupport = true;
|
|
|
|
|
driSupport32Bit = true;
|
|
|
|
|
enable = true;
|
|
|
|
|
extraPackages = with pkgs; [
|
|
|
|
|
amdvlk
|
|
|
|
|
libvdpau-va-gl
|
|
|
|
|
vaapiVdpau
|
|
|
|
|
libva
|
|
|
|
|
vulkan-loader
|
2021-06-08 15:07:11 +03:00
|
|
|
vulkan-extension-layer
|
2021-06-13 09:52:12 +03:00
|
|
|
pipewire
|
2020-11-21 23:54:07 +03:00
|
|
|
];
|
|
|
|
|
extraPackages32 = with pkgs.pkgsi686Linux;
|
2021-06-08 15:07:11 +03:00
|
|
|
[
|
|
|
|
|
libvdpau-va-gl
|
|
|
|
|
vaapiVdpau
|
|
|
|
|
libva
|
|
|
|
|
vulkan-loader
|
|
|
|
|
vulkan-extension-layer
|
2021-06-13 09:52:12 +03:00
|
|
|
pipewire
|
2021-06-08 15:07:11 +03:00
|
|
|
]
|
2020-11-21 23:54:07 +03:00
|
|
|
++ [ pkgs.driversi686Linux.amdvlk ];
|
|
|
|
|
};
|
|
|
|
|
pulseaudio = {
|
2021-05-14 22:10:53 +03:00
|
|
|
enable = false;
|
2020-11-21 23:54:07 +03:00
|
|
|
support32Bit = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2021-05-14 22:10:53 +03:00
|
|
|
|
2020-11-21 23:54:07 +03:00
|
|
|
environment = {
|
2021-01-17 17:25:54 +03:00
|
|
|
systemPackages = [ btrfsDiff ];
|
2020-11-24 23:04:53 +03:00
|
|
|
pathsToLink = [ "/share/zsh" ];
|
2020-11-21 23:54:07 +03:00
|
|
|
persistence."/persist" = {
|
2020-11-22 18:34:10 +03:00
|
|
|
directories = [ "/etc/nixos" ];
|
2020-11-21 23:54:07 +03:00
|
|
|
files = [ "/etc/machine-id" ];
|
|
|
|
|
};
|
2021-07-12 10:37:42 +03:00
|
|
|
variables = {
|
2021-02-16 08:56:18 +03:00
|
|
|
VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
|
2021-06-08 15:07:11 +03:00
|
|
|
LD_LIBRARY_PATH = lib.mkForce "${lib.makeLibraryPath (config.hardware.opengl.extraPackages ++ config.hardware.opengl.extraPackages32)}";
|
2021-02-16 08:56:18 +03:00
|
|
|
};
|
2020-11-21 23:54:07 +03:00
|
|
|
};
|
|
|
|
|
networking.interfaces.enp6s0.useDHCP = true;
|
|
|
|
|
|
2021-02-13 20:30:31 +03:00
|
|
|
services = {
|
2021-04-03 11:25:07 +03:00
|
|
|
ipfs = {
|
2021-04-15 16:54:00 +03:00
|
|
|
enable = false;
|
2021-04-03 11:25:07 +03:00
|
|
|
enableGC = true;
|
|
|
|
|
autoMount = true;
|
|
|
|
|
};
|
2021-04-04 16:50:19 +03:00
|
|
|
flatpak.enable = false;
|
2021-02-13 20:30:31 +03:00
|
|
|
xserver = {
|
|
|
|
|
videoDrivers = [ "amdgpu" ];
|
|
|
|
|
};
|
|
|
|
|
postgresql = {
|
2021-04-04 16:50:19 +03:00
|
|
|
enable = false;
|
2021-02-13 20:30:31 +03:00
|
|
|
enableTCPIP = true;
|
2021-05-03 07:48:31 +03:00
|
|
|
authentication = lib.mkOverride 10 ''
|
2021-02-13 20:30:31 +03:00
|
|
|
local all all trust
|
|
|
|
|
host all all 0.0.0.0/0 md5
|
|
|
|
|
'';
|
|
|
|
|
settings = {
|
|
|
|
|
listen_addresses = "*";
|
|
|
|
|
};
|
|
|
|
|
initialScript = pkgs.writeText "backend-initScript" ''
|
|
|
|
|
CREATE ROLE patriot WITH LOGIN PASSWORD 'patriot' CREATEDB;
|
|
|
|
|
CREATE DATABASE harmony;
|
|
|
|
|
GRANT ALL PRIVILEGES ON DATABASE harmony TO patriot;
|
|
|
|
|
'';
|
2020-12-23 19:54:51 +03:00
|
|
|
};
|
|
|
|
|
};
|
2021-03-26 21:03:40 +03:00
|
|
|
virtualisation = {
|
|
|
|
|
podman.enable = true;
|
2021-05-25 03:24:39 +03:00
|
|
|
libvirtd.enable = false;
|
2021-03-26 21:03:40 +03:00
|
|
|
};
|
2020-11-21 23:54:07 +03:00
|
|
|
|
|
|
|
|
system.stateVersion = "20.09";
|
|
|
|
|
}
|
