Add productivity vm

2023-04-25 23:39:37 -04:00 · 2023-04-25 23:39:37 -04:00 · 5dcd255c0d
parent 5ee9cc3881
commit 5dcd255c0d
4 changed files with 174 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -174,6 +174,16 @@
          extraModules =
            [ wsl.nixosModules.wsl ./machines/wsl/configuration.nix ];
        };
+
+        # VMs
+        productivity-vm = makeNixosSystem {
+          system = "x86_64-linux";
+          hostName = "productivity-vm";
+          extraModules = [
+            ./machines/productivity-vm/configuration.nix
+            ./hardware/productivity-vm.nix
+          ];
+        };
      };
      # Mac systems
      darwinConfigurations = {
--- a/hardware/productivity-vm.nix
+++ b/hardware/productivity-vm.nix
@ -0,0 +1,32 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/af524dfe-a89e-4527-908d-eabdb09a3c71";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/6d1d7bfa-676a-4b81-ba92-5ba110375814"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens33.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/machines/productivity-vm/configuration.nix
+++ b/machines/productivity-vm/configuration.nix
@ -0,0 +1,71 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+  # Sops setup for this machine
+  sops.secrets = {
+    # "borg-ssh-key" = {
+    #   sopsFile = ../../secrets/productivity-vm/borg.yaml;
+    #   format = "yaml";
+    # };
+    # "borg-password" = {
+    #   sopsFile = ../../secrets/productivity-vm/borg.yaml;
+    #   format = "yaml";
+    # };
+    # "windows-bitlocker-key" = {
+    #   sopsFile = ../../secrets/productivity-vm/windows.yaml;
+    #   format = "yaml";
+    # };
+    # "last.fm" = {
+    #   sopsFile = ../../secrets/productivity-vm/last.fm;
+    #   format = "binary";
+    #   owner = "nathan";
+    #   mode = "0400";
+    # };
+  };
+  # Setup system configuration
+  nathan = {
+    programs = { games = false; };
+    services = {
+      borg = {
+        # TODO: Enable
+        enable = false;
+        extraExcludes = [
+          "/home/${config.nathan.config.user}/Music"
+          "/var/lib/docker"
+          "/var/log"
+        ];
+        passwordFile = config.sops.secrets."borg-password".path;
+        sshKey = config.sops.secrets."borg-ssh-key".path;
+      };
+      kubo = { enable = false; };
+    };
+    config = {
+      isDesktop = true;
+      setupGrub = true;
+      nix.autoUpdate = false;
+      harden = false;
+    };
+  };
+  # Configure networking
+  networking = {
+    domain = "mccarty.io";
+    useDHCP = false;
+    interfaces.ens33.useDHCP = true;
+    nat.externalInterface = "ens33";
+    # Open ports for soulseek
+    firewall = {
+      allowedTCPPorts = [ 61377 ];
+      allowedUDPPorts = [ 61377 ];
+    };
+  };
+
+  # Setup home manager
+  home-manager.users.nathan = import ./home.nix;
+
+  # Configure nix build
+  nix.settings = {
+    cores = 8;
+    max-jobs = 4;
+  };
+
+}
--- a/machines/productivity-vm/home.nix
+++ b/machines/productivity-vm/home.nix
@ -0,0 +1,61 @@
+{ config, lib, pkgs, ... }:
+
+{
+  nathan = {
+    # services = { email = { enable = true; }; };
+    config = { isDesktop = true; };
+    programs = {
+      media.enable = false;
+      util = { wine = true; };
+      # games = { launcher = true; };
+      # media.nicotineService = true;
+    };
+  };
+
+  home.packages = with pkgs; [ gammastep ];
+
+  # Sway outputs
+  wayland.windowManager.sway.config = {
+    output = {
+      # DP-1 = {
+      #   scale = "1.25";
+      #   subpixel = "rgb";
+      #   max_render_time = "6";
+      #   adaptive_sync = "on";
+      #   render_bit_depth = "10";
+      # };
+    };
+    input = { "type:pointer" = { pointer_accel = "-0.3"; }; };
+    startup = [ ];
+  };
+
+  # Sway background
+
+  # Spin up glpaper as a user service so we can have it restart on failure (liable due to kvm switch
+  # disconnecting input)
+  systemd.user.services.glpaper-dp1 = {
+    Unit = {
+      Description = "glpaper (DP-1)";
+      After = [ "graphical-session.target" ];
+    };
+    Service = {
+      Type = "simple";
+      ExecStart = ''
+        /etc/profiles/per-user/nathan/bin/glpaper DP-1 ${
+          ../../custom-files/sway/selen.frag
+        }
+      '';
+      Restart = "always";
+    };
+    Install = { WantedBy = [ "graphical-session.target" ]; };
+  };
+
+  # System specific autoruns
+  systemd.user.services = { };
+
+  # Mako output configuration
+  programs.mako = {
+    # Lock mako notifs to main display
+    output = "DP-1";
+  };
+}