From 5dcd255c0d004d5d6e59340eef91a7f728c2eb1b Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Tue, 25 Apr 2023 23:39:37 -0400 Subject: [PATCH] Add productivity vm --- flake.nix | 10 +++ hardware/productivity-vm.nix | 32 ++++++++++ machines/productivity-vm/configuration.nix | 71 ++++++++++++++++++++++ machines/productivity-vm/home.nix | 61 +++++++++++++++++++ 4 files changed, 174 insertions(+) create mode 100755 hardware/productivity-vm.nix create mode 100644 machines/productivity-vm/configuration.nix create mode 100644 machines/productivity-vm/home.nix diff --git a/flake.nix b/flake.nix index 12c3864..858068b 100644 --- a/flake.nix +++ b/flake.nix @@ -174,6 +174,16 @@ extraModules = [ wsl.nixosModules.wsl ./machines/wsl/configuration.nix ]; }; + + # VMs + productivity-vm = makeNixosSystem { + system = "x86_64-linux"; + hostName = "productivity-vm"; + extraModules = [ + ./machines/productivity-vm/configuration.nix + ./hardware/productivity-vm.nix + ]; + }; }; # Mac systems darwinConfigurations = { diff --git a/hardware/productivity-vm.nix b/hardware/productivity-vm.nix new file mode 100755 index 0000000..a7e73a8 --- /dev/null +++ b/hardware/productivity-vm.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/af524dfe-a89e-4527-908d-eabdb09a3c71"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/6d1d7bfa-676a-4b81-ba92-5ba110375814"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens33.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/productivity-vm/configuration.nix b/machines/productivity-vm/configuration.nix new file mode 100644 index 0000000..5e4df4c --- /dev/null +++ b/machines/productivity-vm/configuration.nix @@ -0,0 +1,71 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + # Sops setup for this machine + sops.secrets = { + # "borg-ssh-key" = { + # sopsFile = ../../secrets/productivity-vm/borg.yaml; + # format = "yaml"; + # }; + # "borg-password" = { + # sopsFile = ../../secrets/productivity-vm/borg.yaml; + # format = "yaml"; + # }; + # "windows-bitlocker-key" = { + # sopsFile = ../../secrets/productivity-vm/windows.yaml; + # format = "yaml"; + # }; + # "last.fm" = { + # sopsFile = ../../secrets/productivity-vm/last.fm; + # format = "binary"; + # owner = "nathan"; + # mode = "0400"; + # }; + }; + # Setup system configuration + nathan = { + programs = { games = false; }; + services = { + borg = { + # TODO: Enable + enable = false; + extraExcludes = [ + "/home/${config.nathan.config.user}/Music" + "/var/lib/docker" + "/var/log" + ]; + passwordFile = config.sops.secrets."borg-password".path; + sshKey = config.sops.secrets."borg-ssh-key".path; + }; + kubo = { enable = false; }; + }; + config = { + isDesktop = true; + setupGrub = true; + nix.autoUpdate = false; + harden = false; + }; + }; + # Configure networking + networking = { + domain = "mccarty.io"; + useDHCP = false; + interfaces.ens33.useDHCP = true; + nat.externalInterface = "ens33"; + # Open ports for soulseek + firewall = { + allowedTCPPorts = [ 61377 ]; + allowedUDPPorts = [ 61377 ]; + }; + }; + + # Setup home manager + home-manager.users.nathan = import ./home.nix; + + # Configure nix build + nix.settings = { + cores = 8; + max-jobs = 4; + }; + +} diff --git a/machines/productivity-vm/home.nix b/machines/productivity-vm/home.nix new file mode 100644 index 0000000..3ce16b3 --- /dev/null +++ b/machines/productivity-vm/home.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: + +{ + nathan = { + # services = { email = { enable = true; }; }; + config = { isDesktop = true; }; + programs = { + media.enable = false; + util = { wine = true; }; + # games = { launcher = true; }; + # media.nicotineService = true; + }; + }; + + home.packages = with pkgs; [ gammastep ]; + + # Sway outputs + wayland.windowManager.sway.config = { + output = { + # DP-1 = { + # scale = "1.25"; + # subpixel = "rgb"; + # max_render_time = "6"; + # adaptive_sync = "on"; + # render_bit_depth = "10"; + # }; + }; + input = { "type:pointer" = { pointer_accel = "-0.3"; }; }; + startup = [ ]; + }; + + # Sway background + + # Spin up glpaper as a user service so we can have it restart on failure (liable due to kvm switch + # disconnecting input) + systemd.user.services.glpaper-dp1 = { + Unit = { + Description = "glpaper (DP-1)"; + After = [ "graphical-session.target" ]; + }; + Service = { + Type = "simple"; + ExecStart = '' + /etc/profiles/per-user/nathan/bin/glpaper DP-1 ${ + ../../custom-files/sway/selen.frag + } + ''; + Restart = "always"; + }; + Install = { WantedBy = [ "graphical-session.target" ]; }; + }; + + # System specific autoruns + systemd.user.services = { }; + + # Mako output configuration + programs.mako = { + # Lock mako notifs to main display + output = "DP-1"; + }; +}