diff options
| -rw-r--r-- | machines/x1-pincer.nix | 126 | 
1 files changed, 18 insertions, 108 deletions
| diff --git a/machines/x1-pincer.nix b/machines/x1-pincer.nix index 3242987..e5dcc9d 100644 --- a/machines/x1-pincer.nix +++ b/machines/x1-pincer.nix @@ -1,130 +1,40 @@  { config, lib, pkgs, ... }: -let ports = { -  minecraft = 25565; -}; in  { -  age.secrets.test-secret.file = ../secrets/test-secret.age; -  age.secrets.test-secret.owner = "orbekk"; -    orbekk.gaming.enable = true;    orbekk.desktop.enable = true;    orbekk.thinkpad.enable = true; -  orbekk.simple-firewall.allowedTCPPorts = [ ports.minecraft 631 5353 ]; # socks proxy +  orbekk.simple-firewall.allowedTCPPorts = [ 631 5353 ]; # socks proxy    orbekk.development.enable = true; -  orbekk.vpn.enable = true; -    system.autoUpgrade.enable = lib.mkForce false;    services.printing.enable = true;    services.printing.drivers = with pkgs; [ gutenprint brlaser ];    services.openssh.enable = true; -  # Keycloak config -  # age.secrets."dragon-keycloak.age".file = ../secrets/dragon-keycloak.age; -  # services.postgresql.enable = true; -  # services.keycloak = { -  #   enable = true; -  #   settings.hostname = "localhost:11118"; -  #   settings.log-level = "INFO"; -  #   settings.http-port = (import ../data/aliases.nix).services.keycloak.http-port; -  #   settings.hostname-strict-https = false; -  #   settings.proxy = "edge"; -  #   database.type = "postgresql"; -  #   database.passwordFile = config.age.secrets."dragon-keycloak.age".path; -  # }; -    networking.networkmanager.enable = true; +  networking.hostName = "pincer"; -  networking = { -    hostName = "pincer"; -  }; - -  programs.xwayland.enable = true; -  programs.dconf.enable = true; -  # environment.systemPackages = with pkgs; [ river ]; - -  programs.sway = { -    enable = true; -    wrapperFeatures.gtk = true; # so that gtk works properly -    extraPackages = with pkgs; [ -      grim -      swaylock -      swayidle -      wl-clipboard -      mako # notification daemon -      alacritty # Alacritty is the default terminal in the config -      dmenu # Dmenu is the default in the config but i recommend wofi since its wayland native -      foot -    ]; -  }; -  # services.displayManager.slim.enable = lib.mkForce false; -  # services.xserver.desktopManager.kodi.enable = true; - -  boot = { -    loader.grub = { -      enable = true; -      device = "nodev"; -      efiSupport = true; -      ipxe = { -        test = '' -              #!ipxe -        ''; -        demo = '' -              #!ipxe -              dhcp -              chain http://boot.ipxe.org/demo/boot.php -        ''; -      }; -    }; -    loader.efi.canTouchEfiVariables = true; -    # 6.4 is broken: https://github.com/NixOS/nixpkgs/issues/243830 -    # kernelPackages = pkgs.linuxPackages_latest; -    kernelModules = ["xpad" "kvm-intel" ]; +  # hardware-configuration.nix +  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" ]; +  hardware.enableRedistributableFirmware = lib.mkDefault true; +  boot.kernelModules = [ "kvm-intel" ]; -    initrd.luks.devices = { -      cryptroot = { -        device = "/dev/sda6"; -        allowDiscards = true; -      }; +  fileSystems."/" = +    { device = "/dev/disk/by-uuid/13de8c13-4f2f-4495-b1aa-6bae3f2d7979"; +      fsType = "ext4";      }; -    extraModprobeConfig = '' -      # option iwlwifi swcrypto=1 -      options iwlmvm power_scheme=1 -    ''; -  }; - -  fileSystems = { -    "/boot" = { -      mountPoint = "/boot"; -      device = "/dev/sda1"; +  fileSystems."/boot" = +    { device = "/dev/disk/by-uuid/ADFD-B161";        fsType = "vfat"; +      options = [ "fmask=0077" "dmask=0077" ];      }; -    "/" = { -      mountPoint = "/"; -      device = "/dev/mapper/cryptroot"; -      fsType = "btrfs"; -      options = ["subvol=active/nixos-root" "discard" "compress=lzo"]; -    }; -    "/btrfs" = { -      mountPoint = "/btrfs"; -      device = "/dev/mapper/cryptroot"; -      fsType = "btrfs"; -      options = ["discard" "compress=lzo"]; -    }; -  }; -   -  systemd.extraConfig = "DefaultLimitNOFILE=1048576"; -   -  security.pam.loginLimits = [{ -      domain = "*"; -      type = "hard"; -      item = "nofile"; -      value = "1048576"; -  }]; -  # hardware-configuration.nix -  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" ]; -  hardware.enableRedistributableFirmware = lib.mkDefault true; +  swapDevices = +    [ { device = "/dev/disk/by-uuid/7f4492ff-bdd4-41b0-a81d-f190781add9d"; } +    ]; +    system.stateVersion = "17.04"; +  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;  } | 
