From 0457ae40fec44bb93884529a50f0d71615e0ead4 Mon Sep 17 00:00:00 2001 From: colin Date: Fri, 20 May 2022 21:14:19 -0700 Subject: [PATCH] migrate my nixos laptop to this flake --- flake.lock | 26 +++++++++- flake.nix | 33 +++++++++++-- lappy/colin.nix | 116 +++++++++++++++++++++++++++++++++++++++++++++ lappy/hardware.nix | 52 ++++++++++++++++++++ lappy/users.nix | 60 +++++++++++++++++++++++ 5 files changed, 280 insertions(+), 7 deletions(-) create mode 100644 lappy/colin.nix create mode 100644 lappy/hardware.nix create mode 100644 lappy/users.nix diff --git a/flake.lock b/flake.lock index e4c17cdc..69fe7713 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1651519540, + "narHash": "sha256-3k6p8VsTwwRPQjE8rrMh+o2AZACZn/eeYJ7ivdQ/Iro=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "d93d56ab8c1c6aa575854a79b9d2f69d491db7d0", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-21.11", + "repo": "home-manager", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1652975354, @@ -15,7 +36,7 @@ "type": "indirect" } }, - "pkgsUnstable": { + "pkgs-gitea": { "locked": { "lastModified": 1651726670, "narHash": "sha256-dSGdzB49SEvdOJvrQWfQYkAefewXraHIV08Vz6iDXWQ=", @@ -32,8 +53,9 @@ }, "root": { "inputs": { + "home-manager": "home-manager", "nixpkgs": "nixpkgs", - "pkgsUnstable": "pkgsUnstable" + "pkgs-gitea": "pkgs-gitea" } } }, diff --git a/flake.nix b/flake.nix index 14bd99ce..20d43ec1 100644 --- a/flake.nix +++ b/flake.nix @@ -5,17 +5,19 @@ { inputs = { nixpkgs.url = "nixpkgs/nixos-21.11"; - pkgsUnstable.url = "nixpkgs/c777cdf5c564015d5f63b09cc93bef4178b19b01"; + pkgs-gitea.url = "nixpkgs/c777cdf5c564015d5f63b09cc93bef4178b19b01"; + home-manager.url = "github:nix-community/home-manager/release-21.11"; + # XXX colin: is this right? + home-manager.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, pkgsUnstable, nixpkgs }: { + outputs = { self, nixpkgs, pkgs-gitea, home-manager }: { nixosConfigurations.uninsane = nixpkgs.lib.nixosSystem { - # inherit (self.packages.aarch64-linux) pkgs; pkgs = import nixpkgs { system = "aarch64-linux"; config.allowUnfree = true; overlays = [ (self: super: { - pkgsUnstable.system = "aarch64-linux"; # extraneous? + pkgs-gitea.system = "aarch64-linux"; # extraneous? #### customized packages # nixos-unstable pleroma is too far out-of-date for our db pleroma = super.callPackage ./pkgs/pleroma { }; @@ -28,7 +30,7 @@ # gitea: 1.16.5 contains a fix which makes manual user approval *actually* work. # https://github.com/go-gitea/gitea/pull/19119 # safe to remove after 1.16.5 (or 1.16.7 if we need db compat?) - gitea = pkgsUnstable.legacyPackages.aarch64-linux.gitea; + gitea = pkgs-gitea.legacyPackages.aarch64-linux.gitea; # try a newer rpi4 u-boot # ubootRaspberryPi4_64bit = pkgs.unstable.ubootRaspberryPi4_64bit; @@ -52,6 +54,27 @@ }) ]; }; + + nixosConfigurations.lappy = nixpkgs.lib.nixosSystem { + pkgs = import nixpkgs { + system = "x86_64-linux"; + config.allowUnfree = true; + }; + system = "x86_64-linux"; + modules = [ + ({ pkgs, ... }: { + nixpkgs.config.allowUnfree = true; + }) + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.colin.imports = [ ./lappy/colin.nix ]; + } + ./configuration.nix + ./lappy/users.nix + ./lappy/hardware.nix + ]; + }; # packages = nixpkgs.lib.genAttrs nixpkgs.lib.platforms.all (system: # { # pkgs = import nixpkgs { inherit system; config.allowUnfree = true; }; diff --git a/lappy/colin.nix b/lappy/colin.nix new file mode 100644 index 00000000..3dfa8989 --- /dev/null +++ b/lappy/colin.nix @@ -0,0 +1,116 @@ +# docs: +# https://rycee.gitlab.io/home-manager/ +# man home-configuration.nix + +{ config, pkgs, ... }: +{ + + home.stateVersion = "21.11"; + home.username = "colin"; + home.homeDirectory = "/home/colin"; + programs.home-manager.enable = true; + programs.zsh.enable = true; + programs.git = { + enable = true; + userName = "colin"; + userEmail = "colin@uninsane.org"; + }; + + programs.firefox = { + enable = true; + # profiles.default = { + # settings = { + # "browser.urlbar.placeholderName" = "DuckDuckGo"; + # }; + # }; + # extensions = [ + # ]; + }; + + programs.vim = { + enable = true; + extraConfig = '' + " wtf vim project: NOBODY LIKES MOUSE FOR VISUAL MODE + set mouse-=a + " copy/paste to system clipboard + set clipboard=unnamedplus + " completion menu settings + set wildmenu + set wildmode=longest,list,full + " highlight all matching searches (using / and ?) + set hlsearch + " allow backspace to delete empty lines in insert mode + set backspace=indent,eol,start + " built-in syntax highlighting + syntax enable + " show line/col number in bottom right + set ruler + " highlight trailing space & related syntax errors (does this work?) + let c_space_errors=1 + let python_space_errors=1 + ''; + }; + + dconf.settings = { + # control alt-tab behavior + "org/gnome/desktop/wm/keybindings" = { + switch-applications = [ "Tab" ]; + switch-applications-backward=[]; + switch-windows=["Tab"]; + switch-windows-backward=["Tab"]; + }; + # idle power savings + "org/gnome/settings-deamon/plugins/power" = { + idle-brigthness = 50; + sleep-inactive-ac-type = "nothing"; + sleep-inactive-battery-timeout = 5400; # seconds + }; + }; + + # xsession.enable = true; + # xsession.windowManager.command = "…"; + + + home.packages = [ + pkgs.gnumake + pkgs.dig + pkgs.duplicity + pkgs.fatresize + pkgs.fd + pkgs.file + pkgs.gptfdisk + pkgs.hdparm + pkgs.htop + pkgs.iftop + pkgs.iotop + pkgs.iptables + pkgs.jq + pkgs.killall + pkgs.lm_sensors # for sensors-detect + pkgs.lsof + pkgs.pciutils + pkgs.matrix-synapse + pkgs.mix2nix + pkgs.netcat + # pkgs.nettools + pkgs.nmap + pkgs.parted + pkgs.powertop + pkgs.python3 + pkgs.ripgrep + pkgs.smartmontools + pkgs.socat + pkgs.sudo + pkgs.telnet + pkgs.usbutils + pkgs.wireguard + pkgs.zola + + pkgs.clinfo + pkgs.discord + pkgs.element-desktop + pkgs.gnome.dconf-editor + pkgs.mesa-demos + pkgs.tdesktop + ]; +} diff --git a/lappy/hardware.nix b/lappy/hardware.nix new file mode 100644 index 00000000..1ff567e3 --- /dev/null +++ b/lappy/hardware.nix @@ -0,0 +1,52 @@ +{ config, pkgs, lib, ... }: + +{ + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + # find more of these with sensors-detect + boot.kernelModules = [ "coretemp" "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # enable cross compilation + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + powerManagement.cpuFreqGovernor = "powersave"; + hardware.enableRedistributableFirmware = true; + hardware.cpu.intel.updateMicrocode = true; + powerManagement.powertop.enable = true; + services.fwupd.enable = true; + + hardware.opengl.extraPackages = [ + pkgs.intel-compute-runtime + pkgs.intel-media-driver # new + pkgs.libvdpau-va-gl # new + pkgs.vaapiIntel + ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/75230e56-2c69-4e41-b03e-68475f119980"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/BD79-D6BB"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + time.timeZone = "America/Los_Angeles"; + + # start gnome/gdm on boot + services.xserver.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.displayManager.gdm.enable = true; + + networking.useDHCP = false; + networking.networkmanager.enable = true; + +} diff --git a/lappy/users.nix b/lappy/users.nix new file mode 100644 index 00000000..99e1ef83 --- /dev/null +++ b/lappy/users.nix @@ -0,0 +1,60 @@ +{ config, pkgs, lib, ... }: + +# installer docs: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix +{ + # Users are exactly these specified here; + # old ones will be deleted (from /etc/passwd, etc) upon upgrade. + users.mutableUsers = false; + + # docs: https://nixpkgs-manual-sphinx-markedown-example.netlify.app/generated/options-db.xml.html#users-users + users.users.colin = { + # sets group to "users" (?) + isNormalUser = true; + home = "/home/colin"; + uid = 1000; + # XXX colin: this is what the installer has, but is it necessary? + # group = "users"; + extraGroups = [ "wheel" "networkmanager" ]; + initialHashedPassword = ""; + # shell = pkgs.bashInteractive; + # XXX colin: create ssh key for THIS user by logging in and running: + # ssh-keygen -t ed25519 + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGSDe/y0e9PSeUwYlMPjzhW0UhNsGAGsW3lCG3apxrD5 colin@colin.desktop" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG+MZ/l5d8g5hbxMB9ed1uyvhV85jwNrSVNVxb5ujQjw colin@colin.laptop" + ]; + }; + + # automatically log in at the virtual consoles. + # using root here makes sure we always have an escape hatch + # services.getty.autologinUser = "root"; + + security.sudo = { + enable = true; + wheelNeedsPassword = false; + }; + + services.openssh = { + enable = true; + permitRootLogin = "no"; + passwordAuthentication = false; + }; + + programs.vim.defaultEditor = true; + + # gitea doesn't create the git user + # users.users.git = { + # description = "Gitea Service"; + # home = "/var/lib/gitea"; + # useDefaultShell = true; + # group = "gitea"; + # isSystemUser = true; + # # sendmail access (not 100% sure if this is necessary) + # extraGroups = [ "postdrop" ]; + # }; + + # # this is required to allow pleroma to send email. + # # raw `sendmail` works, but i think pleroma's passing it some funny flags or something, idk. + # # hack to fix that. + # users.users.pleroma.extraGroups = [ "postdrop" ]; +}