diff --git a/flake.nix b/flake.nix index 4c1d644..273d5b1 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,7 @@ ./nixos/machines/wsl/configuration.nix ./nixos/machines/installer/configuration.nix ./nixos/machines/crash/machine.nix + ./nixos/machines/swarm/machine.nix ./nixos/machines/tides/machine.nix ./nixos/machines/driftwood/machine.nix ./home-manager/machines/wsl/home.nix diff --git a/home-manager/modules/programs/ssh-agent.nix b/home-manager/modules/programs/ssh-agent.nix index 73d9324..2911ad7 100644 --- a/home-manager/modules/programs/ssh-agent.nix +++ b/home-manager/modules/programs/ssh-agent.nix @@ -9,9 +9,8 @@ enable = true; }; # Setup fish init - programs.fish.shellInit = - '' + programs.fish.shellInit = '' set -x SSH_AUTH_SOCK $XDG_RUNTIME_DIR/ssh-agent ssh-add -''; + ''; } diff --git a/nixos/machines/driftwood/headscale.nix b/nixos/machines/driftwood/headscale.nix index 72dfd9f..14c5436 100644 --- a/nixos/machines/driftwood/headscale.nix +++ b/nixos/machines/driftwood/headscale.nix @@ -18,9 +18,11 @@ base_domain = "tailnet.stranger.systems"; magic_dns = true; extra_records = [ - {name = "hub.tailnet.stranger.systems"; - type = "A"; - value = "100.64.0.3";} + { + name = "hub.tailnet.stranger.systems"; + type = "A"; + value = "100.64.0.3"; + } ]; }; }; diff --git a/nixos/machines/swarm/configuration.nix b/nixos/machines/swarm/configuration.nix new file mode 100644 index 0000000..07493f2 --- /dev/null +++ b/nixos/machines/swarm/configuration.nix @@ -0,0 +1,248 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + config, + pkgs, + ... +}: { + imports = [ + ]; + + # Setup nixbuild.net, since this laptop is somewhat under powered + # programs.ssh.extraConfig = '' + # Host eu.nixbuild.net + # PubkeyAcceptedKeyTypes ssh-ed255191 + # ServerAliveInterval 60 + # IPQoS throughput + # IdentityFile /home/nathan/.ssh/id_ed25519 + # ControlMaster auto + # ''; + # programs.ssh.knownHosts = { + # nixbuild = { + # hostNames = ["eu.nixbuild.net"]; + # publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM"; + # }; + # }; + + # Configure nix + nix = { + settings = { + # Auto optimize the store after every action + auto-optimise-store = true; + trusted-users = [ + "root" + "nathan" + ]; + }; + # GC agressively + gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 7d"; + }; + distributedBuilds = true; + buildMachines = [ + ]; + }; + + # Bootloader and plymouth + boot = { + loader = { + grub = { + enable = true; + device = "nodev"; + efiSupport = true; + useOSProber = true; + }; + efi.canTouchEfiVariables = true; + }; + plymouth = { + enable = true; + }; + }; + + networking.hostName = "swarm"; # Define your hostname. + + services.tailscale.enable = true; + + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/New_York"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + # Enable the X11 windowing system. + # You can disable this if you're only using the Wayland session. + services.xserver.enable = true; + + # Enable the KDE Plasma Desktop Environment. + services.displayManager.sddm.enable = true; + services.desktopManager.plasma6.enable = true; + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + # Setup bluetooth + hardware.bluetooth.enable = true; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.nathan = { + extraGroups = ["networkmanager"]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # Touch stuff + libinput + maliit-keyboard + dconf-editor + iptsd + surface-control + wl-clipboard + # Podman + podman-desktop + podman-compose + # System tools + gparted + f2fs-tools + ]; + + virtualisation.podman = {enable = true;}; + + # Enable sway + programs.sway = { + enable = true; + package = pkgs.swayfx; + }; + + # We need to use a fork of iptsd for the LiftTimeout option + # https://github.com/linux-surface/iptsd/issues/166#issuecomment-2391567615 + nixpkgs.overlays = let + iptsd_overlay = self: super: { + iptsd = super.iptsd.overrideAttrs (prev: { + src = pkgs.fetchFromGitHub { + owner = "wvffle"; + repo = "iptsd"; + rev = "9c3e4c7b85767a3239bb2ba1ee12430ba5c92a86"; + hash = "sha256-wyCstqTpyFDLRe/AGFrjJi9A+txwkFNbsW4KLNcMf1Q="; + }; + }); + }; + in [iptsd_overlay]; + # Setup iptsd for touch and stylus support + services.iptsd = { + enable = true; + config = { + Touchscreen = { + DisableOnPalm = true; + DisableOnStylus = true; + }; + Contacts = { + SizeMin = "0.775"; + SizeMax = "1.710"; + AspectMin = "1.005"; + AspectMax = "1.470"; + }; + Stylus = { + LiftTimeout = "0.07"; + }; + DFT = { + PositionMinAmp = "10"; + }; + }; + }; + + # Since this _is_ a tablet, waydroid time + virtualisation.waydroid.enable = true; + + # And thermald + services.thermald = { + enable = true; + }; + + # Other power saving goodies + hardware.enableAllFirmware = true; + services.tlp = { + enable = false; + settings = { + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + + CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; + CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; + }; + }; + powerManagement.enable = true; + services.power-profiles-daemon.enable = true; + services.cpupower-gui.enable = true; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + + system.stateVersion = "24.11"; # Did you read the comment? +} diff --git a/nixos/machines/swarm/hardware.nix b/nixos/machines/swarm/hardware.nix new file mode 100644 index 0000000..4a4bb21 --- /dev/null +++ b/nixos/machines/swarm/hardware.nix @@ -0,0 +1,64 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = ["dm-snapshot" "cryptd" "pinctrl_icelake" "surface_aggregator" "surface_aggregator_registry" "surface_aggregator_hub" "surface_hid_core" "8250_dw" "surface_hid"]; + boot.initrd.luks.devices."crypt".device = "/dev/disk/by-uuid/f16ca8aa-f596-4876-ba82-7427da9afaba"; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/1e6c0a42-1a50-42a6-a1ce-972cfc63a1c3"; + fsType = "btrfs"; + options = ["subvol=root"]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/1e6c0a42-1a50-42a6-a1ce-972cfc63a1c3"; + fsType = "btrfs"; + options = ["subvol=home"]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/1e6c0a42-1a50-42a6-a1ce-972cfc63a1c3"; + fsType = "btrfs"; + options = ["subvol=nix"]; + }; + + fileSystems."/var" = { + device = "/dev/disk/by-uuid/1e6c0a42-1a50-42a6-a1ce-972cfc63a1c3"; + fsType = "btrfs"; + options = ["subvol=var"]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/5742-D107"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/36cee131-a975-4a20-a0b8-c063af268bcb";} + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/machines/swarm/machine.nix b/nixos/machines/swarm/machine.nix new file mode 100644 index 0000000..426314a --- /dev/null +++ b/nixos/machines/swarm/machine.nix @@ -0,0 +1,60 @@ +{ + withSystem, + inputs, + ... +}: { + # perSystem = { ... }: { config.packages.hello = ...; }; + + flake.nixosConfigurations.swarm = withSystem "x86_64-linux" ( + ctx @ { + config, + inputs', + ... + }: + inputs.nixpkgs.lib.nixosSystem { + # Expose `packages`, `inputs` and `inputs'` as module arguments. + # Use specialArgs permits use in `imports`. + # Note: if you publish modules for reuse, do not rely on specialArgs, but + # on the flake scope instead. See also https://flake.parts/define-module-in-separate-file.html + specialArgs = { + packages = config.packages; + inherit inputs inputs'; + }; + modules = [ + ( + { + config, + lib, + pkgs, + ... + }: { + imports = [ + # Hardware support + inputs.nixos-hardware.nixosModules.microsoft-surface-common + inputs.nixos-hardware.nixosModules.common-pc + inputs.nixos-hardware.nixosModules.common-pc-laptop + inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd + inputs.nixos-hardware.nixosModules.common-cpu-intel + # Disable the dGPU + inputs.nixos-hardware.nixosModules.common-gpu-nvidia-disable + # Our modules + (import ../../modules/base.nix {inherit inputs;}) + (import ../../modules/desktop.nix) + (import ./configuration.nix) + (import ./hardware.nix) + (import ../../modules/user.nix { + inherit inputs; + mutableUsers = false; + }) + ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + } + ) + ]; + } + ); +} diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index db7184a..3fa5f19 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -7,8 +7,7 @@ security.sudo.wheelNeedsPassword = false; environment.systemPackages = with pkgs; [ # Filesystem types - f2fs-tools + f2fs-tools exfatprogs ]; - } diff --git a/nixos/modules/user.nix b/nixos/modules/user.nix index bf5dd41..35885e7 100644 --- a/nixos/modules/user.nix +++ b/nixos/modules/user.nix @@ -27,6 +27,7 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEtE+KjKuHUj5bKKQBDKqhO5dpEQf8E8u1G6kRj7y6dI nathan@nixos" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOYLrArZUT8AQwr9jHLj8DnnJM46C6myF8C7AOza+BDr nathan@Nathan-Surface" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrgiGxTw0AcInjsELMpq6MZfsl4oTHjo1MVwOc4QgdD nathan@swarm" ]; }; };