os/hosts/chocolatebar/configuration.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

118 lines
3.2 KiB
Nix
Raw Normal View History

2021-06-01 08:55:02 +00:00
{
2023-01-28 21:27:52 +00:00
config,
pkgs,
2023-10-03 11:08:10 +00:00
flake,
lib,
2023-01-28 21:27:52 +00:00
...
2023-09-12 20:07:05 +00:00
}:
with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
2023-09-29 20:01:03 +00:00
pub-solar.graphical.enable = true;
pub-solar.sway.enable = true;
pub-solar.virtualisation.enable = true;
2023-09-12 20:07:05 +00:00
hardware.cpu.amd.updateMicrocode = true;
hardware.opengl.extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
2023-01-28 21:27:52 +00:00
];
2021-06-01 08:55:02 +00:00
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
2023-09-12 20:07:05 +00:00
pub-solar.paranoia.enable = true;
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
pub-solar.core.hibernation.resumeOffset = 115075072;
pub-solar.paperless.sync.masterNode = true;
age.secrets."drone-runner-exec-config" = {
2023-10-03 11:08:10 +00:00
file = "${flake.self}/secrets/drone-runner-exec-config";
2023-09-12 20:07:05 +00:00
mode = "400";
owner = psCfg.user.name;
};
pub-solar.docker-ci-runner = {
enable = true;
runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
};
pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004";
services.openssh.openFirewall = true;
networking.firewall.allowedTCPPorts =
[443]
++ (
if psCfg.sway.vnc.enable
then [5901]
else []
);
networking.firewall.allowedUDPPorts = [43050];
environment.systemPackages = with pkgs; [
wayvnc
drone-docker-runner
stdenv.cc.cc.lib
pkgs.hplip
];
age.secrets."vnc-key.pem" = {
2023-10-03 11:08:10 +00:00
file = "${flake.self}/secrets/vnc-key-chocolatebar.pem";
2023-09-12 20:07:05 +00:00
mode = "400";
owner = psCfg.user.name;
};
age.secrets."vnc-cert.pem" = {
2023-10-03 11:08:10 +00:00
file = "${flake.self}/secrets/vnc-cert-chocolatebar.pem";
2023-09-12 20:07:05 +00:00
mode = "400";
owner = psCfg.user.name;
};
pub-solar.sway.vnc.enable = true;
services.printing.drivers = [
pkgs.cups-brother-hl3140cw
];
services.udev.extraRules = ''
SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0"
'';
home-manager.users."${psCfg.user.name}" = {
xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
};
home.sessionVariables = {
NIX_CC = "${pkgs.stdenv.cc}";
};
home.packages = with pkgs; [
lmms
audacity
];
};
musnix = {
enable = true;
kernel.realtime = true;
};
# For OpenProject development with https
security.pki.certificates = [
(builtins.readFile ./step-roots.pem)
];
2021-06-01 08:55:02 +00:00
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
2021-09-04 13:56:44 +00:00
system.stateVersion = "20.09"; # Did you read the comment?
2021-06-01 08:55:02 +00:00
}