Switch to flake-based configuration

2025-06-25 10:36:56 +02:00 · 2023-02-27 13:34:57 +00:00 · 2023-02-27 13:34:57 +00:00 · f17713236d
commit f17713236d
parent fad1c56a56
25 changed files with 578 additions and 216 deletions
--- a/nixos/kevin-tp/configuration.nix
+++ b/nixos/kevin-tp/configuration.nix
@ -0,0 +1,124 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+      
+      ../modules/gnome.nix
+      ../modules/pipewire.nix
+      ../modules/avahi.nix
+      ../modules/firewall/kde-connect.nix
+      ../modules/firewall/syncthing.nix
+      ../modules/firewall/wireguard.nix
+      ../modules/power/thinkpad.nix
+      ../modules/yubikey.nix
+    ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.luks.devices = {
+    cryptroot = {
+      device = "/dev/disk/by-uuid/0412bb67-c6c7-42fd-a532-ced413d1203d";
+      preLVM = true;
+    };
+  };
+
+  boot.initrd.kernelModules = [
+    "aesni_intel"
+    "cryptd"
+    "essiv"
+  ];
+
+  networking.hostName = "kevin-tp";
+  networking.hostId   = "2d62d680";
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  networking.networkmanager.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    firefox
+    league-of-moveable-type
+    hunspell
+    hunspellDicts.de_DE
+  ];
+
+  programs.gnupg.agent = {
+    enable = true;
+    # enableSSHSupport = true;
+  };
+
+  services.xserver.libinput.enable = true;
+
+  hardware.opengl.extraPackages = with pkgs; [
+    vaapiIntel
+    libvdpau-va-gl
+    intel-media-driver
+  ];
+
+  boot.kernel.sysctl = {
+    "vm.swappiness" = 1;
+    "vm.vfs_cache_pressure" = 50;
+    "vm.dirty_background_ratio" = 20;
+    "vm.dirty_ratio" = 50;
+    # these are the zen-kernel tweaks to CFS defaults (mostly)
+    "kernel.sched_latency_ns" = 4000000;
+    # should be one-eighth of sched_latency (this ratio is not
+    # configurable, apparently -- so while zen changes that to
+    # one-tenth, we cannot):
+    "kernel.sched_min_granularity_ns" = 500000;
+    "kernel.sched_wakeup_granularity_ns" = 50000;
+    "kernel.sched_migration_cost_ns" = 250000;
+    "kernel.sched_cfs_bandwidth_slice_us" = 3000;
+    "kernel.sched_nr_migrate" = 128;
+  };
+
+  systemd = {
+    extraConfig = ''
+      DefaultCPUAccounting=yes
+      DefaultMemoryAccounting=yes
+      DefaultIOAccounting=yes
+    '';
+    user.extraConfig = ''
+      DefaultCPUAccounting=yes
+      DefaultMemoryAccounting=yes
+      DefaultIOAccounting=yes
+    ''; 
+    services."user@".serviceConfig.Delegate = true;
+  };
+
+  systemd.services.nix-daemon.serviceConfig = {
+    CPUWeight = 20;
+    IOWeight = 20;
+  };
+
+  boot.kernelParams = ["cgroup_no_v1=all" "systemd.unified_cgroup_hierarchy=yes"];
+
+  services.syncthing = {
+    enable = true;
+    user = "kevin";
+    dataDir = "/home/kevin/Syncthing";
+    configDir = "/home/kevin/Syncthing/.config/syncthing";
+  };
+
+  services.fwupd.enable = true;
+  hardware.cpu.intel.updateMicrocode = true;
+
+  boot.supportedFilesystems = [ "ntfs" ];
+
+  services.printing.enable = true;
+
+  virtualisation.docker.enable = true;
+
+  
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+
+  #kevin.defaults = "laptop";
+
+  #system.copySystemConfiguration = true;
+
+  system.stateVersion = "23.05"; # No touchy. Locks defaults.
+
+}
--- a/nixos/kevin-tp/hardware-configuration.nix
+++ b/nixos/kevin-tp/hardware-configuration.nix
@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/e67b8d34-06ca-4a6e-a82c-9a8eafa38d0d";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot/efi" =
+    { device = "/dev/disk/by-uuid/BD90-5288";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/603d952f-99a3-413d-b499-c15b8b91eebf"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}