diff --git a/SwarselSystems.org b/SwarselSystems.org index 2bfd13f..809d5f0 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -2071,17 +2071,18 @@ This is basically just adjusted to the core count, path to the =hwmon= (this was #+begin_src nix :tangle profiles/fourside/default.nix - { inputs, outputs, config, ... }: + { inputs, outputs, config, pkgs, ... }: { imports = [ inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 ./hardware-configuration.nix - ./nixos.nix ../optional/nixos/steam.nix ../optional/nixos/virtualbox.nix + ../optional/nixos/autologin.nix + ../optional/nixos/nswitch-rcm.nix inputs.home-manager.nixosModules.home-manager { @@ -2089,7 +2090,7 @@ This is basically just adjusted to the core count, path to the =hwmon= (this was ../optional/home/gaming.nix ] ++ (builtins.attrValues outputs.homeManagerModules); } - ]++ (builtins.attrValues outputs.nixosModules); + ] ++ (builtins.attrValues outputs.nixosModules); nixpkgs = { @@ -2099,12 +2100,37 @@ This is basically just adjusted to the core count, path to the =hwmon= (this was }; }; - # ------ ----- - # | DP-4 | |eDP-1| - # ------ ----- + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + kernelPackages = pkgs.linuxPackages_latest; + }; + + + networking = { + hostName = "fourside"; + firewall.enable = true; + }; + + hardware.graphics.extraPackages = with pkgs; [ + vulkan-loader + vulkan-validation-layers + vulkan-extension-layer + ]; + + services = { + thinkfan.enable = false; + fwupd.enable = true; + }; swarselsystems = { wallpaper = ../../wallpaper/lenovowp.png; + hasBluetooth = true; + hasFingerprint = true; + trackpoint = { + isAvailable = true; + device = "TPPS/2 Elan TrackPoint"; + }; }; home-manager.users.swarsel.swarselsystems = { @@ -2115,6 +2141,9 @@ This is basically just adjusted to the core count, path to the =hwmon= (this was path = "/sys/devices/platform/thinkpad_hwmon/hwmon/"; input-filename = "temp1_input"; }; + # ------ ----- + # | DP-4 | |eDP-1| + # ------ ----- monitors = { main = { name = "California Institute of Technology 0x1407 Unknown"; @@ -2162,98 +2191,6 @@ This is basically just adjusted to the core count, path to the =hwmon= (this was #+end_src -***** NixOS -:PROPERTIES: -:CUSTOM_ID: h:ab6fefc4-aabd-456c-8a21-5fcb20c02869 -:END: - -Mostly just sets some opened ports for several games, enables virtualbox (which I do not want everywhere because of resource considerations) and enables thinkfan, which allows for better fan control on Lenovo Thinkpad machines. - -#+begin_src nix :noweb yes :tangle profiles/fourside/nixos.nix - { config, pkgs, ... }: - - { - - services = { - getty.autologinUser = "swarsel"; - greetd.settings.initial_session.user = "swarsel"; - }; - - boot = { - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - # kernelPackages = pkgs.linuxPackages_latest; - }; - - - networking = { - hostName = "fourside"; # Define your hostname. - nftables.enable = true; - enableIPv6 = false; - firewall.checkReversePath = false; - firewall = { - enable = true; - allowedUDPPorts = [ 4380 27036 14242 34197 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard - allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard - allowedTCPPortRanges = [ - { from = 27015; to = 27030; } # barotrauma - { from = 27036; to = 27037; } # barotrauma - ]; - allowedUDPPortRanges = [ - { from = 27000; to = 27031; } # barotrauma - { from = 58962; to = 58964; } # barotrauma - ]; - }; - }; - - - - hardware = { - graphics = { - enable = true; - enable32Bit = true; - extraPackages = with pkgs; [ - vulkan-loader - vulkan-validation-layers - vulkan-extension-layer - ]; - }; - bluetooth.enable = true; - trackpoint = { - enable = true; - device = "TPPS/2 Elan TrackPoint"; - }; - }; - - - # Configure keymap in X11 (only used for login) - - services.thinkfan = { - enable = false; - }; - services.power-profiles-daemon.enable = true; - services.fprintd.enable = true; - services.fwupd.enable = true; - - services.nswitch-rcm = { - enable = true; - package = pkgs.fetchurl { - url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin"; - hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI="; - }; - }; - - - environment.systemPackages = with pkgs; [ - ]; - - system.stateVersion = "23.05"; - - - } - -#+end_src - **** Winters (Framwork Laptop 16) :PROPERTIES: :CUSTOM_ID: h:6c6e9261-dfa1-42d8-ab2a-8b7c227be6d9 @@ -4389,6 +4326,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix :tangle modules/nixos/default.nix { wallpaper = import ./wallpaper.nix; + hardware = import ./hardware.nix; } #+end_src @@ -4407,6 +4345,22 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src +***** Hardware + +#+begin_src nix :tangle modules/nixos/hardware.nix + { lib, ... }: + + { + options.swarselsystems.hasBluetooth = lib.mkEnableOption "bluetooth availability"; + options.swarselsystems.hasFingerprint = lib.mkEnableOption "fingerprint sensor availability"; + options.swarselsystems.trackpoint.isAvailable = lib.mkEnableOption "trackpoint availability"; + options.swarselsystems.trackpoint.device = lib.mkOption { + type = lib.types.str; + default = ""; + }; + } +#+end_src + **** home-manager @@ -4566,7 +4520,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a default = { }; }; - } #+end_src @@ -4636,7 +4589,8 @@ in These are system-level settings specific to NixOS machines. All settings that are required on all machines go here. -**** Imports, enable home-manager module +**** Imports, enable home-manager module, stateVersion + :PROPERTIES: :CUSTOM_ID: h:45e4315b-0929-4c47-b65a-c8f0a685f4df :END: @@ -4645,7 +4599,7 @@ First, we enable the use of =home-manager= as a NixoS module #+begin_src nix :tangle profiles/common/nixos/default.nix - { ... }: + { lib, ... }: { imports = [ ./xserver.nix @@ -4671,6 +4625,7 @@ First, we enable the use of =home-manager= as a NixoS module ./hardwarecompatibility.nix ./login.nix ./stylix.nix + ./power-profiles-daemon.nix ]; @@ -4678,6 +4633,8 @@ First, we enable the use of =home-manager= as a NixoS module useGlobalPkgs = true; useUserPackages = true; }; + + system.stateVersion = lib.mkDefault "23.05"; } #+end_src @@ -4832,7 +4789,7 @@ There is a persistent bug over Linux kernels that makes the user wait 1m30s on s Enable OpenGL, Sound, Bluetooth and various drivers. #+begin_src nix :tangle profiles/common/nixos/hardware.nix - { pkgs, ...}: + { pkgs, config, lib, ...}: { hardware = { @@ -4841,6 +4798,11 @@ Enable OpenGL, Sound, Bluetooth and various drivers. enable32Bit = true; }; + trackpoint = lib.mkIf config.swarselsystems.trackpoint.isAvailable { + enable = true; + device = config.swarselsystems.trackpoint.device; + }; + pulseaudio= { enable = true; package = pkgs.pulseaudioFull; @@ -4848,7 +4810,7 @@ Enable OpenGL, Sound, Bluetooth and various drivers. enableAllFirmware = true; - bluetooth = { + bluetooth = lib.mkIf config.swarselsystems.hasBluetooth { powerOnBoot = true; settings = { General = { @@ -4857,6 +4819,8 @@ Enable OpenGL, Sound, Bluetooth and various drivers. }; }; }; + + services.fprintd.enable = lib.mkIf config.swarselsystems.hasFingerprint true; } #+end_src @@ -4868,9 +4832,18 @@ Enable OpenGL, Sound, Bluetooth and various drivers. Here I only enable =networkmanager=. Most of the 'real' network config is done in [[#h:88bf4b90-e94b-46fb-aaf1-a381a512860d][System specific configuration]]. #+begin_src nix :tangle profiles/common/nixos/network.nix - { config, ...}: + { lib, config, ...}: { - networking.networkmanager = { + networking = { + nftables.enable = lib.mkDefault true; + enableIPv6 = lib.mkDefault true; + firewall = { + checkReversePath = lib.mkDefault false; + enable = lib.mkDefault true; + allowedUDPPorts = [ 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard + }; + + networkmanager = { enable = true; ensureProfiles = { environmentFiles = [ @@ -5072,6 +5045,7 @@ Here I only enable =networkmanager=. Most of the 'real' network config is done i }; }; }; + }; systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; } @@ -5488,6 +5462,15 @@ This is a super-convenient package that lets my remap my =CAPS= key to =ESC= if } #+end_src +***** power-profiles-daemon + +#+begin_src nix :tangle profiles/common/nixos/power-profiles-daemon.nix + { ... }: + { + services.power-profiles-daemon.enable = true; + } +#+end_src + **** Hardware compatibility settings (Yubikey, Ledger) - udev rules :PROPERTIES: :CUSTOM_ID: h:7a89b5e3-b700-4167-8b14-2b8172f33936 @@ -5550,11 +5533,25 @@ This section houses the greetd related settings. I do not really want to use a d #+end_src *** Optional -**** steam +**** gaming -#+begin_src nix :tangle profiles/optional/nixos/steam.nix +#+begin_src nix :tangle profiles/optional/nixos/gaming.nix { pkgs, ... }: { + networking = { + firewall = { + allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma; + allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard + allowedTCPPortRanges = [ + { from = 27015; to = 27030; } # barotrauma + { from = 27036; to = 27037; } # barotrauma + ]; + allowedUDPPortRanges = [ + { from = 27000; to = 27031; } # barotrauma + { from = 58962; to = 58964; } # barotrauma + ]; + }; + }; programs.steam = { enable = true; @@ -5585,6 +5582,33 @@ This section houses the greetd related settings. I do not really want to use a d } #+end_src +**** Auto-login + +#+begin_src nix :tangle profiles/optional/nixos/autologin.nix + { ... }: + { + services = { + getty.autologinUser = "swarsel"; + greetd.settings.initial_session.user = "swarsel"; + }; + } +#+end_src + +**** nswitch-rcm + +#+begin_src nix :tangle profiles/optional/nixos/nswitch-rcm.nix + { pkgs, ... }: + { + services.nswitch-rcm = { + enable = true; + package = pkgs.fetchurl { + url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin"; + hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI="; + }; + }; + } +#+end_src + ** Home-manager *** Common :PROPERTIES: @@ -8181,7 +8205,7 @@ We set a hook that runs everytime we save the file. It would be a bit more effic swarsel-swarsel-org-filepath) ;; Dynamic scoping to the rescue (let ((org-confirm-babel-evaluate nil)) - (org-html-export-to-html) + ;; (org-html-export-to-html) (org-babel-tangle) (swarsel/run-formatting)))) diff --git a/index.html b/index.html index 3e5e2f7..3bb32c2 100644 --- a/index.html +++ b/index.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + SwarselSystems: NixOS + Emacs Configuration @@ -223,7 +223,7 @@ -
  • 3.2. Overlays, packages, and modules +
  • 3.2. Overlays, packages, and modules
    • -
  • 3.3. NixOS +
  • 3.3. NixOS
    • -
  • 3.4. Home-manager +
  • 3.4. Home-manager
  • 3.5. flake.nix template @@ -310,7 +310,7 @@ @@ -1030,8 +1030,8 @@ mixedModules = [ -
    -

    2.3.3. General (outputs)

    +
    +

    2.3.3. General (outputs)

    @@ -2410,7 +2410,7 @@ in
    • -
  • Home-manager only
    +
  • Home-manager only
    1. Home manager
      @@ -2828,7 +2828,7 @@ This is basically just adjusted to the core count, path to the hwmon
      -
      -

      3.2. Overlays, packages, and modules

      +
      +

      3.2. Overlays, packages, and modules

      In this section I define packages that I manually want to nixpkgs. This can be useful for packages that are currently awaiting a PR or public packages that I do not want to maintain. @@ -5395,8 +5391,8 @@ These are for packages that are on nixpkgs, but do not fit my usecase, meaning I This is simply a mirror of the most recent stable branch of nixpkgs. Useful for packages that are broken on nixpkgs, but do not need to be on bleeding edge anyways.

    -
    -

    3.2.1. Packages

    +
    +

    3.2.1. Packages

    @@ -5406,8 +5402,8 @@ _ : rec { }
    -
    -

    3.2.2. Overlays

    +
    +

    3.2.2. Overlays

    @@ -5440,15 +5436,15 @@ _ : rec { }
    -
    -

    3.2.3. Modules

    +
    +

    3.2.3. Modules

    In this section I define custom modules under the swarsel attribute. These are mostly used to define settings specific to a host. I keep these settings confined to either home-manager or nixos to maintain compatibility with non-NixOS machines.

      -
    1. NixOS
      +
    2. NixOS

      Modules that need to be loaded on the NixOS level. Note that these will not be available on systems that are not running NixOS @@ -5462,7 +5458,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a

      -
    1. Wallpaper
      +
    2. Wallpaper
      { lib, ... }:
@@ -5480,7 +5476,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
    • -
  • home-manager
    +
  • home-manager
    {
@@ -5497,7 +5493,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
      -
    1. Laptop
      +
    2. Laptop
      { lib, config, ... }:
@@ -5532,7 +5528,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
      3. -
    3. Hardware
      +
    4. Hardware
      { lib, ... }:
@@ -5556,7 +5552,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
      5. -
    5. Waybar
      +
    6. Waybar
        { lib, config, ... }:
@@ -5596,7 +5592,7 @@ in
      7. -
    7. Monitors
      +
    8. Monitors
      { lib, config, ... }:
@@ -5613,7 +5609,7 @@ in
      9. -
    9. Input
      +
    10. Input
      { lib, config, ... }:
@@ -5654,7 +5650,7 @@ in
      11. -
    11. Nixos
      +
    12. Nixos
      { lib, config, ... }:
@@ -5676,7 +5672,7 @@ in
      13. -
    13. System startup
      +
    14. System startup
      { lib, config, ... }:
@@ -5701,7 +5697,7 @@ in
      15. -
    15. Wallpaper
      +
    16. Wallpaper
      { lib, ... }:
@@ -5722,8 +5718,8 @@ in
    -
    -

    3.3. NixOS

    +
    +

    3.3. NixOS

    @@ -6270,7 +6266,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at
    • -
  • Theme (stylix)
    +
  • Theme (stylix)

    By default, stylix wants to style GRUB as well. However, I think that looks horrible. @@ -6453,7 +6449,7 @@ Some programs profit from being installed through dedicated NixOS settings on sy

      -
    1. zsh
      +
    2. zsh

      Do not touch this. @@ -6471,7 +6467,7 @@ Do not touch this.

      3. -
    3. syncthing
      +
    4. syncthing
      @@ -6548,7 +6544,7 @@ Enables the blueman service including the nice system tray icon.
      5. -
    5. Network devices
      +
    6. Network devices

      In this section we enable compatibility with several network devices I have at home, mainly printers and scanners. @@ -6600,7 +6596,7 @@ services.printing = {

      7. -
    7. Avahi (device discovery)
      +
    8. Avahi (device discovery)

      Avahi is the service used for the network discovery. @@ -6749,12 +6745,12 @@ This section houses the greetd related settings. I do not really want to use a d

    -
    -

    3.3.2. Optional

    +
    +

    3.3.2. Optional

      -
    1. steam
      +
    2. steam
      { pkgs, ... }:
@@ -6773,7 +6769,7 @@ This section houses the greetd related settings. I do not really want to use a d
      3. -
    3. VirtualBox
      +
    4. VirtualBox
        { ... }:
@@ -6793,11 +6789,12 @@ This section houses the greetd related settings. I do not really want to use a d
      5. +
    5. Auto-login
    -
    -

    3.4. Home-manager

    +
    +

    3.4. Home-manager

    @@ -6805,7 +6802,7 @@ This section houses the greetd related settings. I do not really want to use a d
      -
    1. Imports
      +
    2. Imports

      This section sets up all the imports that are used in the home-manager section. @@ -7594,7 +7591,7 @@ This section is for programs that require no further configuration. zsh Integrat

    • -
  • nix-index
    +
  • nix-index

    nix-index provides a way to find out which packages are provided by which derivations. By default it also comes with a replacement for command-not-found.sh, however, the implementation is based on a channel based setup. I like consistency, so I replace the command with one that provides a flakes-based output. @@ -8921,7 +8918,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se

    • -
  • gpg-agent
    +
  • gpg-agent
    { pkgs, ... }:
@@ -8945,12 +8942,12 @@ services.gpg-agent = {
    • -
    -

    3.4.2. Optional

    +
    +

    3.4.2. Optional

      -
    1. Gaming
      +
    2. Gaming
      @@ -10001,7 +9998,7 @@ The standard Emacs behaviour for the Python process shell is a bit annoying. Thi
      3. -
    3. Nix common prefix bracketer
      +
    4. Nix common prefix bracketer

      This function searches for common delimiters in region and removes them, summarizing all captured lines by it. @@ -10034,7 +10031,7 @@ This function searches for common delimiters in region and removes them, summari

    -
  • Nix formatters
    +
  • Nix formatters

    This formats the org code block at point in accordance to the nixpkgs-fmt formatter @@ -11607,8 +11604,8 @@ This adds a rudimentary nix-mode to Emacs. I have not really tried this out, as

    • -
    -

    4.4.3. nixpkgs-fmt

    +
    +

    4.4.3. nixpkgs-fmt

    Adds functions for formatting nix code. @@ -13623,7 +13620,7 @@ My laptop, sadly soon to be replaced by a new one, since most basic functions ar

    Author: Leon Schwarzäugl

    -

    Created: 2024-07-25 Do 16:53

    +

    Created: 2024-07-25 Do 17:05

    Validate

    diff --git a/modules/home/input.nix b/modules/home/input.nix index 63f523c..a35e6b0 100644 --- a/modules/home/input.nix +++ b/modules/home/input.nix @@ -30,5 +30,4 @@ in default = { }; }; - } diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 09de9cb..a580653 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1,3 +1,4 @@ { wallpaper = import ./wallpaper.nix; + hardware = import ./hardware.nix; } diff --git a/modules/nixos/hardware.nix b/modules/nixos/hardware.nix new file mode 100644 index 0000000..61a24de --- /dev/null +++ b/modules/nixos/hardware.nix @@ -0,0 +1,11 @@ +{ lib, ... }: + +{ + options.swarselsystems.hasBluetooth = lib.mkEnableOption "bluetooth availability"; + options.swarselsystems.hasFingerprint = lib.mkEnableOption "fingerprint sensor availability"; + options.swarselsystems.trackpoint.isAvailable = lib.mkEnableOption "trackpoint availability"; + options.swarselsystems.trackpoint.device = lib.mkOption { + type = lib.types.str; + default = ""; + }; +} diff --git a/profiles/common/nixos/default.nix b/profiles/common/nixos/default.nix index 753f0af..0dc82de 100644 --- a/profiles/common/nixos/default.nix +++ b/profiles/common/nixos/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, ... }: { imports = [ ./xserver.nix @@ -24,6 +24,7 @@ ./hardwarecompatibility.nix ./login.nix ./stylix.nix + ./power-profiles-daemon.nix ]; @@ -31,4 +32,6 @@ useGlobalPkgs = true; useUserPackages = true; }; + + system.stateVersion = lib.mkDefault "23.05"; } diff --git a/profiles/common/nixos/hardware.nix b/profiles/common/nixos/hardware.nix index 4263901..a0908ba 100644 --- a/profiles/common/nixos/hardware.nix +++ b/profiles/common/nixos/hardware.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, config, lib, ... }: { hardware = { @@ -7,6 +7,11 @@ enable32Bit = true; }; + trackpoint = lib.mkIf config.swarselsystems.trackpoint.isAvailable { + enable = true; + device = config.swarselsystems.trackpoint.device; + }; + pulseaudio = { enable = true; package = pkgs.pulseaudioFull; @@ -14,7 +19,7 @@ enableAllFirmware = true; - bluetooth = { + bluetooth = lib.mkIf config.swarselsystems.hasBluetooth { powerOnBoot = true; settings = { General = { @@ -23,4 +28,6 @@ }; }; }; + + services.fprintd.enable = lib.mkIf config.swarselsystems.hasFingerprint true; } diff --git a/profiles/common/nixos/network.nix b/profiles/common/nixos/network.nix index 6c09c2d..a5242ed 100644 --- a/profiles/common/nixos/network.nix +++ b/profiles/common/nixos/network.nix @@ -1,204 +1,214 @@ -{ config, ... }: +{ lib, config, ... }: { - networking.networkmanager = { - enable = true; - ensureProfiles = { - environmentFiles = [ - "${config.sops.templates."network-manager.env".path}" - ]; - profiles = { - "Ernest Routerford" = { - connection = { - id = "Ernest Routerford"; - permissions = ""; - type = "wifi"; - }; - ipv4 = { - dns-search = ""; - method = "auto"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - dns-search = ""; - method = "auto"; - }; - wifi = { - mac-address-blacklist = ""; - mode = "infrastructure"; - ssid = "Ernest Routerford"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$ERNEST"; - }; - }; + networking = { + nftables.enable = lib.mkDefault true; + enableIPv6 = lib.mkDefault true; + firewall = { + checkReversePath = lib.mkDefault false; + enable = lib.mkDefault true; + allowedUDPPorts = [ 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard + }; - LAN-Party = { - connection = { - autoconnect = "false"; - id = "LAN-Party"; - type = "ethernet"; + networkmanager = { + enable = true; + ensureProfiles = { + environmentFiles = [ + "${config.sops.templates."network-manager.env".path}" + ]; + profiles = { + "Ernest Routerford" = { + connection = { + id = "Ernest Routerford"; + permissions = ""; + type = "wifi"; + }; + ipv4 = { + dns-search = ""; + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + dns-search = ""; + method = "auto"; + }; + wifi = { + mac-address-blacklist = ""; + mode = "infrastructure"; + ssid = "Ernest Routerford"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$ERNEST"; + }; }; - ethernet = { - auto-negotiate = "true"; - cloned-mac-address = "preserve"; - mac-address = "90:2E:16:D0:A1:87"; - }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - eduroam = { - "802-1x" = { - eap = "ttls;"; - identity = "$EDUID"; - password = "$EDUPASS"; - phase2-auth = "mschapv2"; + LAN-Party = { + connection = { + autoconnect = "false"; + id = "LAN-Party"; + type = "ethernet"; + }; + ethernet = { + auto-negotiate = "true"; + cloned-mac-address = "preserve"; + mac-address = "90:2E:16:D0:A1:87"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; }; - connection = { - id = "eduroam"; - type = "wifi"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = "eduroam"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-eap"; - }; - }; - local = { - connection = { - autoconnect = "false"; - id = "local"; - type = "ethernet"; + eduroam = { + "802-1x" = { + eap = "ttls;"; + identity = "$EDUID"; + password = "$EDUPASS"; + phase2-auth = "mschapv2"; + }; + connection = { + id = "eduroam"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "eduroam"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-eap"; + }; }; - ethernet = { }; - ipv4 = { - address1 = "10.42.1.1/24"; - method = "shared"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - HH40V_39F5 = { - connection = { - id = "HH40V_39F5"; - type = "wifi"; + local = { + connection = { + autoconnect = "false"; + id = "local"; + type = "ethernet"; + }; + ethernet = { }; + ipv4 = { + address1 = "10.42.1.1/24"; + method = "shared"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - wifi = { - band = "bg"; - mode = "infrastructure"; - ssid = "HH40V_39F5"; - }; - wifi-security = { - key-mgmt = "wpa-psk"; - psk = "$FRAUNS"; - }; - }; - magicant = { - connection = { - id = "magicant"; - type = "wifi"; + HH40V_39F5 = { + connection = { + id = "HH40V_39F5"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + wifi = { + band = "bg"; + mode = "infrastructure"; + ssid = "HH40V_39F5"; + }; + wifi-security = { + key-mgmt = "wpa-psk"; + psk = "$FRAUNS"; + }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = "magicant"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$HANDYHOTSPOT"; - }; - }; - "sweden-aes-128-cbc-udp-dns" = { - connection = { - autoconnect = "false"; - id = "PIA Sweden"; - type = "vpn"; + magicant = { + connection = { + id = "magicant"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "magicant"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$HANDYHOTSPOT"; + }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - vpn = { - auth = "sha1"; - ca = - "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem"; - challenge-response-flags = "2"; - cipher = "aes-128-cbc"; - compress = "yes"; - connection-type = "password"; - crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem"; - dev = "tun"; - password-flags = "0"; - remote = "sweden.privacy.network:1198"; - remote-cert-tls = "server"; - reneg-seconds = "0"; - service-type = "org.freedesktop.NetworkManager.openvpn"; - username = "$VPNUSER"; - }; - vpn-secrets = { password = "$VPNPASS"; }; - }; - Hotspot = { - connection = { - autoconnect = "false"; - id = "Hotspot"; - type = "wifi"; + "sweden-aes-128-cbc-udp-dns" = { + connection = { + autoconnect = "false"; + id = "PIA Sweden"; + type = "vpn"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + vpn = { + auth = "sha1"; + ca = + "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem"; + challenge-response-flags = "2"; + cipher = "aes-128-cbc"; + compress = "yes"; + connection-type = "password"; + crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem"; + dev = "tun"; + password-flags = "0"; + remote = "sweden.privacy.network:1198"; + remote-cert-tls = "server"; + reneg-seconds = "0"; + service-type = "org.freedesktop.NetworkManager.openvpn"; + username = "$VPNUSER"; + }; + vpn-secrets = { password = "$VPNPASS"; }; }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "ignore"; - }; - proxy = { }; - wifi = { - mode = "ap"; - ssid = "Hotspot-fourside"; - }; - wifi-security = { - group = "ccmp;"; - key-mgmt = "wpa-psk"; - pairwise = "ccmp;"; - proto = "rsn;"; - psk = "$HOTSPOT"; - }; - }; + Hotspot = { + connection = { + autoconnect = "false"; + id = "Hotspot"; + type = "wifi"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "ignore"; + }; + proxy = { }; + wifi = { + mode = "ap"; + ssid = "Hotspot-fourside"; + }; + wifi-security = { + group = "ccmp;"; + key-mgmt = "wpa-psk"; + pairwise = "ccmp;"; + proto = "rsn;"; + psk = "$HOTSPOT"; + }; + }; + + }; }; }; }; diff --git a/profiles/common/nixos/power-profiles-daemon.nix b/profiles/common/nixos/power-profiles-daemon.nix new file mode 100644 index 0000000..fb22812 --- /dev/null +++ b/profiles/common/nixos/power-profiles-daemon.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + services.power-profiles-daemon.enable = true; +} diff --git a/profiles/fourside/default.nix b/profiles/fourside/default.nix index 12b61d2..9412040 100644 --- a/profiles/fourside/default.nix +++ b/profiles/fourside/default.nix @@ -1,14 +1,15 @@ -{ inputs, outputs, config, ... }: +{ inputs, outputs, config, pkgs, ... }: { imports = [ inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 ./hardware-configuration.nix - ./nixos.nix ../optional/nixos/steam.nix ../optional/nixos/virtualbox.nix + ../optional/nixos/autologin.nix + ../optional/nixos/nswitch-rcm.nix inputs.home-manager.nixosModules.home-manager { @@ -26,12 +27,37 @@ }; }; - # ------ ----- - # | DP-4 | |eDP-1| - # ------ ----- + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + kernelPackages = pkgs.linuxPackages_latest; + }; + + + networking = { + hostName = "fourside"; + firewall.enable = true; + }; + + hardware.graphics.extraPackages = with pkgs; [ + vulkan-loader + vulkan-validation-layers + vulkan-extension-layer + ]; + + services = { + thinkfan.enable = false; + fwupd.enable = true; + }; swarselsystems = { wallpaper = ../../wallpaper/lenovowp.png; + hasBluetooth = true; + hasFingerprint = true; + trackpoint = { + isAvailable = true; + device = "TPPS/2 Elan TrackPoint"; + }; }; home-manager.users.swarsel.swarselsystems = { @@ -42,6 +68,9 @@ path = "/sys/devices/platform/thinkpad_hwmon/hwmon/"; input-filename = "temp1_input"; }; + # ------ ----- + # | DP-4 | |eDP-1| + # ------ ----- monitors = { main = { name = "California Institute of Technology 0x1407 Unknown"; diff --git a/profiles/fourside/nixos.nix b/profiles/fourside/nixos.nix index e3b4f8e..0990207 100644 --- a/profiles/fourside/nixos.nix +++ b/profiles/fourside/nixos.nix @@ -2,10 +2,6 @@ { - services = { - getty.autologinUser = "swarsel"; - greetd.settings.initial_session.user = "swarsel"; - }; boot = { loader.systemd-boot.enable = true; @@ -14,53 +10,10 @@ }; - networking = { - hostName = "fourside"; # Define your hostname. - nftables.enable = true; - enableIPv6 = false; - firewall.checkReversePath = false; - firewall = { - enable = true; - allowedUDPPorts = [ 4380 27036 14242 34197 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard - allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard - allowedTCPPortRanges = [ - { from = 27015; to = 27030; } # barotrauma - { from = 27036; to = 27037; } # barotrauma - ]; - allowedUDPPortRanges = [ - { from = 27000; to = 27031; } # barotrauma - { from = 58962; to = 58964; } # barotrauma - ]; - }; - }; - - - - hardware = { - graphics = { - enable = true; - enable32Bit = true; - extraPackages = with pkgs; [ - vulkan-loader - vulkan-validation-layers - vulkan-extension-layer - ]; - }; - bluetooth.enable = true; - trackpoint = { - enable = true; - device = "TPPS/2 Elan TrackPoint"; - }; - }; - - - # Configure keymap in X11 (only used for login) - services.thinkfan = { enable = false; }; services.power-profiles-daemon.enable = true; - services.fprintd.enable = true; services.fwupd.enable = true; services.nswitch-rcm = { @@ -72,10 +25,6 @@ }; - environment.systemPackages = with pkgs; [ - ]; - - system.stateVersion = "23.05"; } diff --git a/profiles/optional/nixos/autologin.nix b/profiles/optional/nixos/autologin.nix new file mode 100644 index 0000000..34a5d8a --- /dev/null +++ b/profiles/optional/nixos/autologin.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + services = { + getty.autologinUser = "swarsel"; + greetd.settings.initial_session.user = "swarsel"; + }; +} diff --git a/profiles/optional/nixos/gaming.nix b/profiles/optional/nixos/gaming.nix new file mode 100644 index 0000000..aa65116 --- /dev/null +++ b/profiles/optional/nixos/gaming.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: +{ + networking = { + firewall = { + allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma; + allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard + allowedTCPPortRanges = [ + { from = 27015; to = 27030; } # barotrauma + { from = 27036; to = 27037; } # barotrauma + ]; + allowedUDPPortRanges = [ + { from = 27000; to = 27031; } # barotrauma + { from = 58962; to = 58964; } # barotrauma + ]; + }; + }; + + programs.steam = { + enable = true; + extraCompatPackages = [ + pkgs.proton-ge-bin + ]; + }; +} diff --git a/profiles/optional/nixos/nswitch-rcm.nix b/profiles/optional/nixos/nswitch-rcm.nix new file mode 100644 index 0000000..6af5a91 --- /dev/null +++ b/profiles/optional/nixos/nswitch-rcm.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +{ + services.nswitch-rcm = { + enable = true; + package = pkgs.fetchurl { + url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin"; + hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI="; + }; + }; +} diff --git a/programs/emacs/init.el b/programs/emacs/init.el index bb475bc..5d05c68 100644 --- a/programs/emacs/init.el +++ b/programs/emacs/init.el @@ -184,7 +184,7 @@ create a new one." swarsel-swarsel-org-filepath) ;; Dynamic scoping to the rescue (let ((org-confirm-babel-evaluate nil)) - (org-html-export-to-html) + ;; (org-html-export-to-html) (org-babel-tangle) (swarsel/run-formatting))))