From 78124dba37666f5124d81fe8ce44ccd419413ccc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Fri, 28 Jun 2024 10:28:15 +0200 Subject: [PATCH] hosts/miyagi: init --- hosts/default.nix | 1 + hosts/miyagi/default.nix | 91 ++++++++++++++++++++++++ hosts/miyagi/disks.nix | 83 ++++++++++++++++++++++ hosts/miyagi/sway.nix | 133 +++++++++++++++++++++++++++++++++++ secrets/miyagi-niko-pass.age | 7 ++ secrets/secrets.nix | 4 ++ 6 files changed, 319 insertions(+) create mode 100644 hosts/miyagi/default.nix create mode 100644 hosts/miyagi/disks.nix create mode 100644 hosts/miyagi/sway.nix create mode 100644 secrets/miyagi-niko-pass.age diff --git a/hosts/default.nix b/hosts/default.nix index 2322655..24063a8 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -14,6 +14,7 @@ # ./installer ./ude ./kogata + ./miyagi ]; builders = diff --git a/hosts/miyagi/default.nix b/hosts/miyagi/default.nix new file mode 100644 index 0000000..d39e028 --- /dev/null +++ b/hosts/miyagi/default.nix @@ -0,0 +1,91 @@ +{ + configurations.nixos.miyagi = + { + config, + pkgs, + username, + ... + }: + { + imports = [ + ./sway.nix + ./disks.nix + ]; + nixpkgs.hostPlatform = "x86_64-linux"; + + boot.kernelModules = [ + "kvm-intel" + "i2c-dev" + ]; + + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + }; + + powerManagement.cpuFreqGovernor = "performance"; + + networking.networkmanager.enable = true; + + zramSwap.enable = true; + boot.kernel.sysctl."kernel.sysrq" = 1; + + age.secrets.niko-pass.file = ../../secrets/miyagi-niko-pass.age; + users.users.${username} = { + hashedPasswordFile = config.age.secrets.niko-pass.path; + extraGroups = [ + "libvirtd" + "i2c" + "networkmanager" + ]; + }; + + settei.user.config = { + common.desktop.enable = true; + home.packages = [ pkgs.slack ]; + programs.git.userEmail = "nrabulinski@antmicro.com"; + # TODO: Move to common? + xdg.mimeApps = { + enable = true; + defaultApplications = { + "x-scheme-handler/http" = "org.qutebrowser.qutebrowser.desktop"; + "x-scheme-handler/https" = "org.qutebrowser.qutebrowser.desktop"; + "x-scheme-handler/chrome" = "org.qutebrowser.qutebrowser.desktop"; + "text/html" = "org.qutebrowser.qutebrowser.desktop"; + "application/x-extension-htm" = "org.qutebrowser.qutebrowser.desktop"; + "application/x-extension-html" = "org.qutebrowser.qutebrowser.desktop"; + "application/x-extension-shtml" = "org.qutebrowser.qutebrowser.desktop"; + "application/xhtml+xml" = "org.qutebrowser.qutebrowser.desktop"; + "application/x-extension-xhtml" = "org.qutebrowser.qutebrowser.desktop"; + "application/x-extension-xht" = "org.qutebrowser.qutebrowser.desktop"; + "application/pdf" = "org.qutebrowser.qutebrowser.desktop"; + }; + }; + }; + common.incus.enable = true; + + services.udisks2.enable = true; + services.printing = { + enable = true; + drivers = [ pkgs.brlaser ]; + }; + services.avahi = { + enable = true; + nssmdns4 = true; + }; + hardware.bluetooth = { + enable = true; + settings.General.ControllerMode = "bredr"; + }; + hardware.keyboard.qmk.enable = true; + + systemd.coredump.enable = true; + + # Needed for enableAllFirmware + nixpkgs.config.allowUnfree = true; + hardware = { + enableAllFirmware = true; + cpu.intel.updateMicrocode = true; + }; + }; +} diff --git a/hosts/miyagi/disks.nix b/hosts/miyagi/disks.nix new file mode 100644 index 0000000..a3c0d07 --- /dev/null +++ b/hosts/miyagi/disks.nix @@ -0,0 +1,83 @@ +args: +let + bootDevice = args.bootDevice or "/dev/nvme0n1"; +in +{ + disko.devices.disk.bootDisk = { + type = "disk"; + device = bootDevice; + content = { + type = "gpt"; + partitions = { + esp = { + label = "ESP"; + priority = 3; + type = "EF00"; + start = "1MiB"; + end = "512MiB"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + nixos = { + label = "primary"; + priority = 1; + start = "512MiB"; + end = "-8G"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = + let + mountOptions = [ + "compress=zstd" + "noatime" + ]; + in + { + "/root" = { + inherit mountOptions; + mountpoint = "/"; + }; + "/home" = { + inherit mountOptions; + mountpoint = "/home"; + }; + "/nix" = { + inherit mountOptions; + mountpoint = "/nix"; + }; + "/persist" = { + inherit mountOptions; + mountpoint = "/persist"; + }; + "/log" = { + inherit mountOptions; + mountpoint = "/var/log"; + }; + }; + }; + }; + swap = { + label = "swap"; + priority = 2; + size = "100%"; + content.type = "swap"; + }; + }; + }; + }; + + fileSystems."/var/log".neededForBoot = true; + + fileSystems."/bulk" = { + device = "/dev/disk/by-label/bulk"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "noatime" + ]; + }; +} diff --git a/hosts/miyagi/sway.nix b/hosts/miyagi/sway.nix new file mode 100644 index 0000000..6069503 --- /dev/null +++ b/hosts/miyagi/sway.nix @@ -0,0 +1,133 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + services.greetd = { + enable = true; + settings.default_session = { + command = "${lib.getExe pkgs.greetd.tuigreet} --time --cmd ${lib.getExe config.programs.sway.package}"; + user = "niko"; + }; + }; + + programs.sway = { + enable = true; + wrapperFeatures.base = true; + wrapperFeatures.gtk = true; + }; + + security.pam.services.swaylock = { }; + xdg.portal.config.common.default = "*"; + + settei.user.config = + { config, ... }: + { + home.packages = with pkgs; [ + (writeShellApplication { + name = "lock"; + text = '' + swaymsg output '*' power off + swaylock -c 000000 + swaymsg output '*' power on + ''; + }) + (writeShellApplication { + name = "screenshot"; + runtimeInputs = [ + slurp + grim + wl-clipboard + ]; + text = '' + grim -g "$(slurp)" - | \ + wl-copy -t image/png + ''; + }) + # Bitwarden stuff, move to separate module or properly package? + # Maybe use some other input method? + (rofi-rbw.override { waylandSupport = true; }) + rbw + pinentry.curses + ]; + + wayland.windowManager.sway = + let + mod = config.wayland.windowManager.sway.config.modifier; + in + { + enable = true; + package = null; + config.terminal = "wezterm"; + config.modifier = "Mod4"; + config.fonts.names = [ "Iosevka Nerd Font" ]; + config.keybindings = lib.mkOptionDefault { + "${mod}+b" = "exec rofi-rbw --selector rofi"; + "${mod}+d" = "exec rofi -show drun"; + "${mod}+Shift+s" = "exec screenshot"; + }; + config.keycodebindings = { + "${mod}+Shift+60" = "exec lock"; + }; + config.window.commands = + let + alwaysFloating = [ + { window_role = "pop-up"; } + { window_role = "bubble"; } + { window_role = "dialog"; } + { window_type = "dialog"; } + { window_role = "task_dialog"; } + { window_type = "menu"; } + { app_id = "floating"; } + { app_id = "floating_update"; } + { class = "(?i)pinentry"; } + { title = "Administrator privileges required"; } + { title = "About Mozilla Firefox"; } + { window_role = "About"; } + { + app_id = "firefox"; + title = "Library"; + } + ]; + in + map (criteria: { + inherit criteria; + command = "floating enable"; + }) alwaysFloating; + config.output = { + "HDMI-A-1" = { + pos = "0 472"; + }; + "DP-1" = { + pos = "2560 0"; + transform = "90"; + }; + }; + config.input = { + "type:pointer" = { + accel_profile = "flat"; + pointer_accel = "0.2"; + }; + "type:keyboard" = { + xkb_layout = "pl"; + }; + }; + config.workspaceOutputAssign = [ + { + workspace = "1"; + output = "HDMI-A-1"; + } + { + workspace = "2"; + output = "DP-1"; + } + ]; + }; + programs.rofi = { + enable = true; + package = pkgs.rofi-wayland; + }; + }; +} diff --git a/secrets/miyagi-niko-pass.age b/secrets/miyagi-niko-pass.age new file mode 100644 index 0000000..43c8e19 --- /dev/null +++ b/secrets/miyagi-niko-pass.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 g2vRWw 3mHAcu63Cw+hKbRkAQMlddIg071e+ggdU7lGWF3Lmmw +K3NBGhpyON3JLa8kb46dJD6mY+4ZHYDO5v78uYUY96s +-> ssh-ed25519 GKhvwg hm8EAsFbWe1OykH/uovSvmPJdVIQd91rcWvgjfIEPwg +Wn1ywatZ7KCfxOhvoLXUGAA15nAobR6Qs+5xuOb51rM +--- NS6E6N7YAmP+kTht3ZiqVEuyNsJzIumut4sppS7L6dQ +a93jm;0pl;¨ncCJHH ʴÄ/M0,kJoZ!?:^D72Z5ao'4T09‹ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e24aa29..e03a19d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -72,4 +72,8 @@ in keys.other.bootstrap ]; "ntfy-alert-pass.age".publicKeys = (builtins.attrValues keys.system) ++ [ keys.other.bootstrap ]; + "miyagi-niko-pass.age".publicKeys = [ + keys.system.miyagi + keys.other.bootstrap + ]; }