os/hosts/dumpyourvms/dumpyourvms.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

195 lines
7.2 KiB
Nix
Raw Normal View History

{
config,
pkgs,
lib,
self,
...
}:
with lib; let
2021-06-14 19:44:38 +00:00
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
2021-06-14 19:44:38 +00:00
imports = [
./hardware-configuration.nix
];
config = {
2021-10-23 23:14:04 +00:00
age.secrets.environment-secrets = {
file = "${self}/secrets/environment-secrets.age";
mode = "700";
owner = "teutat3s";
};
pub-solar = {
audio.mopidy.enable = lib.mkForce false;
core.hibernation = {
enable = true;
resumeDevice = "/dev/mapper/cryptroot";
resumeOffset = 47366144;
};
virtualisation.enable = true;
};
2021-06-14 19:44:38 +00:00
# Fix backlight for keyboard and brightness, adjust function key binding,
# intel_pstate for cpu schedutil
# For now, the radeon driver seems to work better than amdgpu with Radeon R9 M370X
# Explicitly set amdgpu support in place of radeon
# Source: https://github.com/NixOS/nixos-hardware/blob/master/common/gpu/amd/southern-islands/default.nix
# Try again after https://lists.freedesktop.org/archives/amd-gfx/2023-March/090096.html lands
# Maybe linux kernel 6.3?
#boot.kernelParams = ["acpi_backlight=video" "hid_apple.fnmode=2" "intel_pstate=passive" "radeon.si_support=0" "amdgpu.si_support=1"];
boot.kernelParams = ["acpi_backlight=video" "hid_apple.fnmode=2" "intel_pstate=passive"];
2021-06-14 19:44:38 +00:00
boot.loader.efi.canTouchEfiVariables = true;
# Fix for Error switching console mode to 1: unsupported on startup
boot.loader.systemd-boot.consoleMode = mkForce "0";
boot.binfmt.emulatedSystems = ["aarch64-linux"];
2022-01-19 00:13:15 +00:00
systemd.sleep.extraConfig = ''
HibernateMode=shutdown
'';
2021-06-14 19:44:38 +00:00
hardware = {
cpu.intel.updateMicrocode = true;
facetimehd.enable = true;
};
services.resolved = {
enable = true;
# DNSSEC=false because of random SERVFAIL responses with Greenbaum DNS
# when using allow-downgrade, see https://github.com/systemd/systemd/issues/10579
extraConfig = ''
DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 5.9.164.112#dns3.digitalcourage.de 89.233.43.71#unicast.censurfridns.dk 185.49.141.37#getdnsapi.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net 2a01:4f8:251:554::2#dns3.digitalcourage.de 2a01:3a0:53:53::0#unicast.censurfridns.dk 2a04:b900:0:100::38#getdnsapi.net
FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
Domains=~.
DNSOverTLS=yes
DNSSEC=false
MulticastDNS=no
'';
};
services.mozillavpn.enable = true;
2021-06-14 19:44:38 +00:00
networking = import ./networking.nix;
2023-03-05 13:45:09 +00:00
services.tailscale.enable = true;
services.openvpn.servers = {
catVPN = {config = ''config /home/teutat3s/.local/share/openvpn/catVPN.conf '';};
};
2021-06-14 19:44:38 +00:00
security.pki.certificateFiles = [./consul-agent-ca.pem];
2021-06-14 19:44:38 +00:00
services.unbound = import ./unbound.nix;
2023-04-20 12:45:24 +00:00
environment = {
systemPackages = with pkgs; [
networkmanager-fortisslvpn
openfortivpn
];
};
# Set default brightness to 50%
# https://ubuntuforums.org/showthread.php?t=2409856
services.cron.systemCronJobs = [
"@reboot root ${pkgs.util-linux}/bin/rfkill block bluetooth"
2022-01-19 00:13:15 +00:00
"@reboot root ${pkgs.coreutils}/bin/sleep 11; ${pkgs.coreutils}/bin/echo 510 > /sys/class/backlight/gmux_backlight/brightness"
];
# Disable dedicated GPU, use integrated Intel GPU to save battery
# https://github.com/NixOS/nixpkgs/pull/33915
systemd.services."amd-hybrid-graphics" = {
path = [pkgs.bash];
description = "Disable AMD Card";
after = ["sys-kernel-debug.mount"];
before = ["systemd-vconsole-setup.service" "display-manager.service"];
requires = ["sys-kernel-debug.mount" "vgaswitcheroo.path"];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.bash}/bin/sh -c 'echo -e \"IGD\\nOFF\" > /sys/kernel/debug/vgaswitcheroo/switch'";
ExecStop = "${pkgs.bash}/bin/sh -c 'echo ON >/sys/kernel/debug/vgaswitcheroo/switch'";
};
};
systemd.paths."vgaswitcheroo" = {
pathConfig = {
PathExists = "/sys/kernel/debug/vgaswitcheroo/switch";
Unit = "amd-hybrid-graphics.service";
};
wantedBy = ["multi-user.target"];
};
# Increase console font size for HiDPI display
console = {
earlySetup = true;
font = lib.mkForce "ter-i32b";
packages = [pkgs.terminus_font];
};
2021-06-14 19:44:38 +00:00
# Thunderbolt tools
services.hardware.bolt.enable = true;
powerManagement = {
# Use new schedutil govenor
# https://github.com/NixOS/nixpkgs/pull/42330
# https://www.kernel.org/doc/html/v5.10/admin-guide/pm/cpufreq.html#schedutil
cpuFreqGovernor = lib.mkDefault "schedutil";
# brcmfmac being loaded during hibernation would inhibit a successful resume
# https://bugzilla.kernel.org/show_bug.cgi?id=101681#c116.
# Also brcmfmac could randomly crash on resume from sleep.
powerUpCommands = lib.mkBefore "${pkgs.kmod}/bin/modprobe brcmfmac_wcc brcmfmac";
powerDownCommands = lib.mkBefore "${pkgs.kmod}/bin/rmmod brcmfmac_wcc brcmfmac";
};
# Change lid switch behaviour
services.logind.lidSwitch = "hibernate";
2021-06-20 13:38:01 +00:00
# TLP for power management
services.tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_AC = "performance";
CPU_SCALING_GOVERNOR_ON_BAT = "schedutil";
2021-06-20 13:38:01 +00:00
CPU_BOOST_ON_AC = 1;
CPU_BOOST_ON_BAT = 0;
};
};
2021-06-14 19:44:38 +00:00
services.udev.extraRules =
# Disable XHC1 wakeup signal to avoid resume getting triggered some time
# after suspend. Reboot required for this to take effect.
lib.optionalString
(lib.versionAtLeast config.boot.kernelPackages.kernel.version "3.13")
''SUBSYSTEM=="pci", KERNEL=="0000:00:14.0", ATTR{power/wakeup}="disabled"'';
2021-06-14 19:44:38 +00:00
services.printing.enable = true;
home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
2021-06-14 19:44:38 +00:00
# Custom device sway configs
xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf;
"sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
"sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf;
};
};
users.users.teutat3s = {
extraGroups = ["unbound"];
2021-06-14 19:44:38 +00:00
};
# WLAN frequency compliance (e.g. check for radar with DFS)
hardware.firmware = with pkgs; [wireless-regdb];
2021-06-14 19:44:38 +00:00
boot.extraModprobeConfig = ''
options cfg80211 ieee80211_regdom="DE"
'';
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
};
}