nix-files/hosts/by-name/desko/default.nix

{ config, pkgs, ... }:
{
  imports = [
    ./fs.nix
  ];

  # sane.guest.enable = true;

  # services.distccd.enable = true;
  # sane.programs.distcc.enableFor.user.guest = true;

  sops.secrets.colin-passwd.neededForUsers = true;

  sane.roles.build-machine.enable = true;
  sane.roles.ac = true;
  sane.roles.client = true;
  sane.roles.dev-machine = true;
  sane.services.wg-home.enable = true;
  sane.services.wg-home.ip = config.sane.hosts.by-name."desko".wg-home.ip;
  sane.services.duplicity.enable = true;
  sane.services.nixserve.secretKeyFile = config.sops.secrets.nix_serve_privkey.path;

  sane.gui.sway.enable = true;
  sane.programs.iphoneUtils.enableFor.user.colin = true;

  sane.programs.guiApps.suggestedPrograms = [ "desktopGuiApps" ];
  sane.programs.consoleUtils.suggestedPrograms = [ "consoleMediaUtils" ];
  # sane.programs.devPkgs.enableFor.user.colin = true;

  boot.loader.efi.canTouchEfiVariables = false;
  sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];

  # needed to use libimobiledevice/ifuse, for iphone sync
  services.usbmuxd.enable = true;

  # don't enable wifi by default: it messes with connectivity.
  systemd.services.iwd.enable = false;

  # default config: https://man.archlinux.org/man/snapper-configs.5
  # defaults to something like:
  #   - hourly snapshots
  #   - auto cleanup; keep the last 10 hourlies, last 10 daylies, last 10 monthlys.
  services.snapper.configs.nix = {
    # TODO: for the impermanent setup, we'd prefer to just do /nix/persist,
    # but that also requires setting up the persist dir as a subvol
    SUBVOLUME = "/nix";
    # TODO: ALLOW_USERS doesn't seem to work. still need `sudo snapper -c nix list`
    ALLOW_USERS = [ "colin" ];
  };

  programs.steam = {
    enable = true;
    # not sure if needed: stole this whole snippet from the wiki
    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
    dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
  };
  sane.user.persist.plaintext = [
    ".steam"
    ".local/share/Steam"
  ];

  # docs: https://nixos.org/manual/nixos/stable/options.html#opt-system.stateVersion
  system.stateVersion = "21.05";
}
introduce an 'allocations' systems for things like uids/gids 2022-07-15 06:58:27 +00:00			`{ config, pkgs, ... }:`
create a machine for my desktop it's a clone of lappy, except with different fs uuids. i'll work to fold some of these in a bit. 2022-05-22 08:27:02 +00:00			`{`
desko/lappy: factor out some easy commonalities i'm sure this will change as i mess with the rpi image 2022-05-22 08:59:04 +00:00			`imports = [`
desko/lappy: factor out common hardware 2022-05-22 09:03:25 +00:00			`./fs.nix`
desko/lappy: factor out some easy commonalities i'm sure this will change as i mess with the rpi image 2022-05-22 08:59:04 +00:00			`];`
machines: lappy/desko: port to use the new homes helper 2022-05-23 07:07:08 +00:00
desko: disable guest account 2023-07-09 18:49:36 +00:00			`# sane.guest.enable = true;`
guest: enable access to shelvacu 2023-06-28 03:57:57 +00:00
desko: disable guest account 2023-07-09 18:49:36 +00:00			`# services.distccd.enable = true;`
			`# sane.programs.distcc.enableFor.user.guest = true;`
desko: enable distccd 2023-06-28 04:04:45 +00:00
secrets: define these by crawling the repo to decrease duplication 2023-05-14 09:50:01 +00:00			`sops.secrets.colin-passwd.neededForUsers = true;`
secrets: split desko.yaml into one-secret-per-file 2023-05-14 02:29:30 +00:00
make it so servo doesn't do binfmt emulation, nor fetch cache from desko 2023-03-11 13:45:45 +00:00			`sane.roles.build-machine.enable = true;`
i2p/yggdrasil: factor out and only enable for desko/servo especially this means i no longer run them on moby, improving battery life & such 2023-05-17 01:53:17 +00:00			`sane.roles.ac = true;`
desko: enable wg-home 2023-01-20 07:59:11 +00:00			`sane.roles.client = true;`
zeal/docsets: ship on desko too 2023-05-10 21:23:42 +00:00			`sane.roles.dev-machine = true;`
desko: enable wg-home 2023-01-20 07:59:11 +00:00			`sane.services.wg-home.enable = true;`
			`sane.services.wg-home.ip = config.sane.hosts.by-name."desko".wg-home.ip;`
rename `config.{colinsane -> sane}` 2022-08-01 07:23:49 +00:00			`sane.services.duplicity.enable = true;`
secrets: split desko.yaml into one-secret-per-file 2023-05-14 02:29:30 +00:00			`sane.services.nixserve.secretKeyFile = config.sops.secrets.nix_serve_privkey.path;`
rebuild desko and flash it haven't booted into it yet (we'll see!) 2022-06-24 09:07:40 +00:00
desko: enable wg-home 2023-01-20 07:59:11 +00:00			`sane.gui.sway.enable = true;`
desko: enable iphone utils 2023-02-21 01:11:42 +00:00			`sane.programs.iphoneUtils.enableFor.user.colin = true;`
desko: enable wg-home 2023-01-20 07:59:11 +00:00
programs: split the guiApps category into slightly smaller bits 2023-02-10 00:47:10 +00:00			`sane.programs.guiApps.suggestedPrograms = [ "desktopGuiApps" ];`
programs: factor ffmpeg/yt-dlp & friends out of consoleUtils 2023-06-09 00:57:53 +00:00			`sane.programs.consoleUtils.suggestedPrograms = [ "consoleMediaUtils" ];`
desko: disable devPkgs 2023-07-07 06:30:19 +00:00			`# sane.programs.devPkgs.enableFor.user.colin = true;`
programs: split the guiApps category into slightly smaller bits 2023-02-10 00:47:10 +00:00
rebuild desko and flash it haven't booted into it yet (we'll see!) 2022-06-24 09:07:40 +00:00			`boot.loader.efi.canTouchEfiVariables = false;`
rename `config.{colinsane -> sane}` 2022-08-01 07:23:49 +00:00			`sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];`
desko: enable duplicity backups 2022-06-10 08:43:48 +00:00
enable stuff needed for ifuse/iphone photo syncing 2022-06-16 00:22:27 +00:00			`# needed to use libimobiledevice/ifuse, for iphone sync`
			`services.usbmuxd.enable = true;`

desko: disable wifi 2022-12-10 12:27:02 +00:00			`# don't enable wifi by default: it messes with connectivity.`
			`systemd.services.iwd.enable = false;`

desko: enable snapper for testing 2022-06-29 10:58:11 +00:00			`# default config: https://man.archlinux.org/man/snapper-configs.5`
			`# defaults to something like:`
			`# - hourly snapshots`
			`# - auto cleanup; keep the last 10 hourlies, last 10 daylies, last 10 monthlys.`
			`services.snapper.configs.nix = {`
			`# TODO: for the impermanent setup, we'd prefer to just do /nix/persist,`
			`# but that also requires setting up the persist dir as a subvol`
flake/nixpkgs 2023-05-14 -> 2023-05-18; nix-serve -> 2023-05-17 ``` • Updated input 'nix-serve': 'github:edolstra/nix-serve/3b6d30016d910a43e0e16f94170440a3e0b8fa8d' (2023-03-07) → 'github:edolstra/nix-serve/e6e3d09438e803daa5374ad8edf1271289348456' (2023-05-17) • Updated input 'nixpkgs-unpatched': 'github:nixos/nixpkgs/0470f36b02ef01d4f43c641bbf07020bcab71bf1' (2023-05-14) → 'github:nixos/nixpkgs/48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a' (2023-05-18) ``` 2023-05-19 17:58:32 +00:00			`SUBVOLUME = "/nix";`
desko: enable snapper for testing 2022-06-29 10:58:11 +00:00			# TODO: ALLOW_USERS doesn't seem to work. still need `sudo snapper -c nix list`
flake/nixpkgs 2023-05-14 -> 2023-05-18; nix-serve -> 2023-05-17 ``` • Updated input 'nix-serve': 'github:edolstra/nix-serve/3b6d30016d910a43e0e16f94170440a3e0b8fa8d' (2023-03-07) → 'github:edolstra/nix-serve/e6e3d09438e803daa5374ad8edf1271289348456' (2023-05-17) • Updated input 'nixpkgs-unpatched': 'github:nixos/nixpkgs/0470f36b02ef01d4f43c641bbf07020bcab71bf1' (2023-05-14) → 'github:nixos/nixpkgs/48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a' (2023-05-18) ``` 2023-05-19 17:58:32 +00:00			`ALLOW_USERS = [ "colin" ];`
desko: enable snapper for testing 2022-06-29 10:58:11 +00:00			`};`

desko: add steam 2022-07-16 10:10:57 +00:00			`programs.steam = {`
desko: re-enable steam 2023-03-04 07:48:22 +00:00			`enable = true;`
desko: add steam 2022-07-16 10:10:57 +00:00			`# not sure if needed: stole this whole snippet from the wiki`
			`remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play`
			`dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server`
			`};`
use sane.user.persist instead of sane.persist.home 2023-01-30 10:35:03 +00:00			`sane.user.persist.plaintext = [`
desko: add steam 2022-07-16 10:10:57 +00:00			`".steam"`
			`".local/share/Steam"`
			`];`

desko/lappy: explicitly set system.stateVersion 2022-05-28 20:14:48 +00:00			`# docs: https://nixos.org/manual/nixos/stable/options.html#opt-system.stateVersion`
			`system.stateVersion = "21.05";`
create a machine for my desktop it's a clone of lappy, except with different fs uuids. i'll work to fold some of these in a bit. 2022-05-22 08:27:02 +00:00			`}`