Update dex config

author: Kjetil Orbekk <kj@orbekk.com> 2023-06-02 06:56:44 -0400
committer: Kjetil Orbekk <kj@orbekk.com> 2023-08-13 13:38:44 -0400
commit: 5d3a58e739c3b99f682390719ce3659acf9e3e38 (patch)
tree: 7882bc8794965a1e6e1dae7def964c1ff358fc3b
parent: 8211279e983c5c9112add25e08b45eba4085e6a5 (diff)
5 files changed, 83 insertions, 11 deletions
diff --git a/flake.nix b/flake.nix
index 3f03ed5..6c5b917 100644
--- a/flake.nix
+++ b/flake.nix
@@ -88,12 +88,7 @@
             { hostName = "dragon"; }
             { hostName = "firelink"; }
             { hostName = "tiny1"; }
-            # {
-            #   hostName = "minideck";
-            # }
-            # { hostName = "testvm"; module = {
-              #     users.users.orbekk.initialHashedPassword = "";
-              #   }; }
+            { hostName = "dex"; }
           ];
         in builtins.listToAttrs (map mkConfig myMachines);
     };
diff --git a/machines/dex.nix b/machines/dex.nix
new file mode 100644
index 0000000..6330a22
--- /dev/null
+++ b/machines/dex.nix
@@ -0,0 +1,69 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+{
+  orbekk.simple-firewall.enable = lib.mkForce false;
+  networking.firewall.enable = true;
+  orbekk.gaming.enable = true;
+  orbekk.desktop.enable = true;
+  orbekk.development.enable = true;
+  services.printing.enable = true;
+  services.printing.drivers = with pkgs; [ gutenprint brlaser ];
+  services.openssh.enable = true;
+
+  networking.networkmanager.enable = true;
+  networking.hostName = "dex";
+  programs.xwayland.enable = true;
+  programs.dconf.enable = true;
+  environment.systemPackages = with pkgs; [ river ];
+  system.autoUpgrade.enable = mkForce false;
+
+  security.pam.enableFscrypt = true;
+
+  system.activationScripts.fix = ''
+    chown root /
+  '';
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = false;
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sdhci" "sdhci_pci" "cqhci" "mmc_block" ];
+  boot.initrd.kernelModules = [ "amdgpu" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+  boot.kernelPackages = pkgs.unstable.linuxPackages_latest;
+  boot.kernelParams = [
+    "amd_iommu=off"
+    "amdgpu.gttsize=8128"
+    "spi_amd.speed_dev=1"
+    "audit=0"
+  ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/52d3077e-d1be-4976-a2ca-f2d879a808c1";
+      fsType = "ext4";
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-label/home";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/D381-BD0D";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  system.stateVersion = "23.05"; # Did you read the comment?
+}
+
diff --git a/machines/x1-pincer.nix b/machines/x1-pincer.nix
index 2a899bc..a879e2a 100644
--- a/machines/x1-pincer.nix
+++ b/machines/x1-pincer.nix
@@ -21,6 +21,8 @@ let ports = {
   services.printing.drivers = with pkgs; [ gutenprint brlaser ];
   services.openssh.enable = true;
 
+  system.autoUpgrade.enable = lib.mkForce false;
+
   # For bridge development.
   services.postgresql = {
     enable = true;
diff --git a/modules/desktop.nix b/modules/desktop.nix
index 472ec22..cf671c0 100644
--- a/modules/desktop.nix
+++ b/modules/desktop.nix
@@ -12,11 +12,14 @@ in {
     orbekk.simple-firewall.enable = true;
 
     programs.kdeconnect.enable = true;
+    # Performs some setup needed by river.
+    programs.sway.enable = true;
 
     xdg.portal.enable = true;
     xdg.portal.wlr.enable = true;
     xdg.portal.extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-kde];
     services.dbus.enable = true;
+    services.udisks2.enable = true;
 
     location.latitude = 40.0;
     location.longitude = -74.0;
@@ -52,6 +55,7 @@ in {
     };
 
     security.rtkit.enable = true;
+    security.pam.services.swaylock = {};
     hardware.pulseaudio.enable = false;
     services.printing.enable = true;
 
@@ -67,8 +71,7 @@ in {
       fonts = with pkgs; [
         fira-code
         dejavu_fonts
-        # Do these no longer exist?
-        # steamPackages.steam-fonts
+        jetbrains-mono
         wqy_microhei
       ];
       fontconfig = {
@@ -90,12 +93,14 @@ in {
       swaylock
       swayidle
       grim
-      wlopm
+      wlr-randr
       wev
       lswt
+      foot
+      kanshi
+      wlopm
+      wl-clipboard
 
-      # (conky.override { pulseSupport = true; })
-      # anki
       wezterm
       autorandr
       chromium
diff --git a/modules/users.nix b/modules/users.nix
index 8520fdb..22e593a 100644
--- a/modules/users.nix
+++ b/modules/users.nix
@@ -92,6 +92,7 @@ in {
         openssh.authorizedKeys.keys = [
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhRj4eYL01OAboBynL05+YRrYeglZoagbqkGzgX2uJq kagee"
         ];
+	isSystemUser = true;
       };
       builder = lib.mkIf enableBuilder {
         isSystemUser = true;
author	Kjetil Orbekk <kj@orbekk.com>	2023-06-02 06:56:44 -0400
committer	Kjetil Orbekk <kj@orbekk.com>	2023-08-13 13:38:44 -0400
commit	5d3a58e739c3b99f682390719ce3659acf9e3e38 (patch)
tree	7882bc8794965a1e6e1dae7def964c1ff358fc3b
parent	8211279e983c5c9112add25e08b45eba4085e6a5 (diff)