From 5d3a58e739c3b99f682390719ce3659acf9e3e38 Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kj@orbekk.com>
Date: Fri, 2 Jun 2023 06:56:44 -0400
Subject: Update dex config

---
 machines/dex.nix       | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++
 machines/x1-pincer.nix |  2 ++
 2 files changed, 71 insertions(+)
 create mode 100644 machines/dex.nix

(limited to 'machines')

diff --git a/machines/dex.nix b/machines/dex.nix
new file mode 100644
index 0000000..6330a22
--- /dev/null
+++ b/machines/dex.nix
@@ -0,0 +1,69 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+{
+  orbekk.simple-firewall.enable = lib.mkForce false;
+  networking.firewall.enable = true;
+  orbekk.gaming.enable = true;
+  orbekk.desktop.enable = true;
+  orbekk.development.enable = true;
+  services.printing.enable = true;
+  services.printing.drivers = with pkgs; [ gutenprint brlaser ];
+  services.openssh.enable = true;
+
+  networking.networkmanager.enable = true;
+  networking.hostName = "dex";
+  programs.xwayland.enable = true;
+  programs.dconf.enable = true;
+  environment.systemPackages = with pkgs; [ river ];
+  system.autoUpgrade.enable = mkForce false;
+
+  security.pam.enableFscrypt = true;
+
+  system.activationScripts.fix = ''
+    chown root /
+  '';
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = false;
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sdhci" "sdhci_pci" "cqhci" "mmc_block" ];
+  boot.initrd.kernelModules = [ "amdgpu" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+  boot.kernelPackages = pkgs.unstable.linuxPackages_latest;
+  boot.kernelParams = [
+    "amd_iommu=off"
+    "amdgpu.gttsize=8128"
+    "spi_amd.speed_dev=1"
+    "audit=0"
+  ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/52d3077e-d1be-4976-a2ca-f2d879a808c1";
+      fsType = "ext4";
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-label/home";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/D381-BD0D";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  system.stateVersion = "23.05"; # Did you read the comment?
+}
+
diff --git a/machines/x1-pincer.nix b/machines/x1-pincer.nix
index 2a899bc..a879e2a 100644
--- a/machines/x1-pincer.nix
+++ b/machines/x1-pincer.nix
@@ -21,6 +21,8 @@ let ports = {
   services.printing.drivers = with pkgs; [ gutenprint brlaser ];
   services.openssh.enable = true;
 
+  system.autoUpgrade.enable = lib.mkForce false;
+
   # For bridge development.
   services.postgresql = {
     enable = true;
-- 
cgit v1.2.3