about summary refs log tree commit diff
path: root/configurations/melian/default.nix
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2022-08-12 22:53:53 +0300
committerAzat Bahawi <azat@bahawi.net>2022-08-12 22:53:53 +0300
commit61b94f0dd06cac0f7dcd38cce80f2a7ab8376098 (patch)
treeb703a9fe11eae6c4cae4e4682f02caf0caa171d0 /configurations/melian/default.nix
2022-08-12
Diffstat (limited to '')
-rw-r--r--configurations/melian/default.nix288
1 files changed, 288 insertions, 0 deletions
diff --git a/configurations/melian/default.nix b/configurations/melian/default.nix
new file mode 100644
index 0000000..2f3da98
--- /dev/null
+++ b/configurations/melian/default.nix
@@ -0,0 +1,288 @@
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
+  secrets = {
+    wireguard-private-key-melian.file = "${inputs.self}/secrets/wireguard-private-key-melian";
+
+    syncthing-cert-melian = with config.services.syncthing; {
+      file = "${inputs.self}/secrets/syncthing-cert-melian";
+      owner = user;
+      inherit group;
+    };
+
+    syncthing-key-melian = with config.services.syncthing; {
+      file = "${inputs.self}/secrets/syncthing-key-melian";
+      owner = user;
+      inherit group;
+    };
+  };
+
+  nixfiles.modules = {
+    profiles.dev = {
+      containers.enable = true;
+      sql.enable = true;
+    };
+
+    games = {
+      lutris.enable = true;
+      steam.enable = true;
+    };
+
+    wireguard = {
+      privateKeyFile = config.secrets.wireguard-private-key-melian.path;
+      client.enable = true;
+    };
+
+    syncthing = with config.secrets; {
+      enable = true;
+      key = syncthing-key-melian.path;
+      cert = syncthing-cert-melian.path;
+    };
+    # ipfs.enable = true; # High CPU usage is really anoying.
+
+    beets.enable = true;
+    bluetooth.enable = true;
+    chromium.enable = true;
+    libvirtd.enable = true;
+    mpd.enable = true;
+    qutebrowser.enable = true;
+
+    throttled.enable = true;
+  };
+
+  hm = {
+    home.packages = with pkgs; [
+      (aspellWithDicts (p: with p; [en ru]))
+      calibre
+      iaito
+      kotatogram-desktop
+      nheko
+      tor-browser
+    ];
+
+    accounts.email = {
+      maildirBasePath = "${config.my.home}/mail";
+
+      # TODO Move to my.nix.
+      accounts = let
+        base = {
+          mbsync = {
+            enable = true;
+            create = "both";
+            expunge = "both";
+            patterns = ["*"];
+          };
+          msmtp.enable = true;
+          mu.enable = true;
+        };
+
+        pass = path: "${pkgs.pass}/bin/pass show ${path}";
+      in {
+        shire =
+          base
+          // {
+            address = my.email;
+            gpg = {
+              inherit (my.pgp) key;
+              signByDefault = true;
+              encryptByDefault = false;
+            };
+
+            primary = true;
+
+            imap.host = "shire.me";
+            smtp.host = "shire.me";
+            userName = "azahi@shire.me";
+            passwordCommand = pass "email/shire.me/azahi";
+          };
+
+        yahoo =
+          base
+          // {
+            address = "a.gondor@yahoo.com";
+
+            imap.host = "imap.yahoo.com";
+            smtp.host = "smtp.yahoo.com";
+            userName = "a.gondor@yahoo.com";
+            passwordCommand = pass "email/yahoo.com/a.gondor";
+          };
+      };
+    };
+
+    programs = {
+      mbsync.enable = true;
+      msmtp.enable = true;
+      mu.enable = true;
+
+      ssh.matchBlocks = let
+        mkBlock = {
+          hostname,
+          port ? 22022,
+          user ? "azahi",
+        }: {
+          inherit hostname port user;
+          identityFile = "${config.my.home}/.ssh/id_ed25519";
+        };
+        mkInternalHostname = hostname: "${hostname}.${my.domain.shire}";
+      in
+        with my.configurations; {
+          # TODO Wrap this.
+          manwe = mkBlock {hostname = mkInternalHostname "manwe";};
+          manwe-init = mkBlock {hostname = manwe.ipv4.address;};
+          varda = mkBlock {hostname = mkInternalHostname "varda";};
+          varda-init = mkBlock {hostname = varda.ipv4.address;};
+          yavanna = mkBlock {hostname = mkInternalHostname "yavanna";};
+          yavanna-init = mkBlock {hostname = yavanna.ipv4.address;};
+        };
+    };
+  };
+
+  networking = {
+    interfaces = {
+      eth0.useDHCP = true;
+      wlan0.useDHCP = true;
+    };
+
+    wireless = {
+      enable = false;
+      iwd.enable = true;
+      userControlled.enable = true;
+      allowAuxiliaryImperativeNetworks = true;
+    };
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/bb8b09dc-cc67-47e5-8280-532b17a9e62a";
+      fsType = "xfs";
+      options = ["noatime"];
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/1083-C8A0";
+      fsType = "vfat";
+    };
+  };
+
+  # Hibernation is not enabled because I don't use it.
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 8 * 1024;
+    }
+  ];
+
+  boot = {
+    kernelPackages = mkForce pkgs.linuxPackages_xanmod_latest;
+
+    # https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11
+    kernelParams = ["mitigations=off"];
+
+    # Just to make Lutris/Wine logs happy.
+    kernel.sysctl."dev.i915.perf_stream_paranoid" = 0;
+
+    extraModprobeConfig = ''
+      options iwlwifi 11n_disable=1
+    '';
+
+    initrd = {
+      kernelModules = [];
+      availableKernelModules = ["ahci" "nvme" "sd_mod" "usb_storage" "usbhid" "xhci_pci"];
+
+      luks.devices."root" = {
+        device = "/dev/disk/by-uuid/c1b46f24-eec0-47d2-a142-75ddfd7bb218";
+        allowDiscards = true;
+        bypassWorkqueues = true;
+      };
+    };
+    kernelModules = ["kvm-intel"];
+
+    loader = {
+      efi.canTouchEfiVariables = true;
+
+      systemd-boot = {
+        enable = true;
+        configurationLimit = 10;
+      };
+    };
+  };
+
+  hardware = {
+    trackpoint = {
+      enable = true;
+      speed = 500;
+      sensitivity = 250;
+    };
+
+    opengl.extraPackages = with pkgs; [
+      intel-media-driver
+      libvdpau-va-gl
+      vaapiIntel
+      vaapiVdpau
+    ];
+  };
+
+  powerManagement = let
+    modprobe = "${pkgs.kmod}/bin/modprobe";
+  in {
+    enable = true;
+
+    # This fixes an issue with not being able to suspend or wake up from suspend
+    # due to a kernel bug[1].
+    #
+    # [1]: https://bbs.archlinux.org/viewtopic.php?id=270964
+    # [1]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/522998
+    # [1]: https://bugs.launchpad.net/ubuntu/+source/pm-utils/+bug/562484/comments/3
+    # [1]: https://gist.github.com/ioggstream/8f380d398aef989ac455b93b92d42048
+    powerDownCommands = "${modprobe} -r xhci_pci";
+    powerUpCommands = "${modprobe} xhci_pci";
+  };
+
+  services = {
+    tlp = {
+      enable = false;
+      settings = {
+        START_CHARGE_THRESH_BAT0 = 75;
+        STOP_CHARGE_THRESH_BAT0 = 80;
+        RESTORE_THRESHOLDS_ON_BAT = 1;
+      };
+    };
+
+    throttled.enable = mkForce false;
+
+    thinkfan = {
+      enable = true;
+
+      # Old-style configuration should be nullified because it does not support
+      # hwmon search and appends to valid configuration resulting in conflicts
+      # and crash. I probably should make a PR to remove what was introduced[1]
+      # before.
+      #
+      # [1]: https://github.com/NixOS/nixpkgs/commit/02b872310d6a6503639f5a71a14f00441f961bc9
+      sensors = mkForce null;
+      fans = mkForce null;
+      levels = mkForce null;
+
+      settings = {
+        sensors = [
+          {
+            hwmon = "/sys/class/hwmon";
+            name = "coretemp";
+            indices = [1];
+          }
+        ];
+        fans = [{tpacpi = "/proc/acpi/ibm/fan";}];
+        levels = [["level auto" 0 50] ["level disengaged" 50 32767]];
+      };
+    };
+
+    xserver.videoDrivers = ["intel" "modesetting"];
+  };
+
+  system.stateVersion = "22.05";
+}

Consider giving Nix/NixOS a try! <3