Add t14 config

2021-10-26 22:10:20 +02:00 · 2021-10-26 22:10:20 +02:00 · 3e3cc42c33
commit 3e3cc42c33
parent ffb17be89e
3 changed files with 284 additions and 0 deletions
--- a/hardware/t14.nix
+++ b/hardware/t14.nix
@ -0,0 +1,4 @@
+{ config, lib, pkgs, ... }:
+
+{
+}
--- a/machines/t14/configuration.nix
+++ b/machines/t14/configuration.nix
@ -0,0 +1,236 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+      ../../hardware/t14.nix
+      ../../sway.nix
+      ../../unstable.nix
+      ../../fish.nix
+      ../../autologin.nix
+      ../../obs.nix
+      ../../lxc.nix
+      ../../pulseaudio.nix
+    ];
+
+  nix.autoOptimiseStore = true;
+  nix.useSandbox = true;
+
+  # Use the systemd-boot EFI boot loader.
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi = {
+        efiSysMountPoint = "/boot/efi";
+        canTouchEfiVariables = true;
+      };
+    };
+  };
+
+  networking = {
+    hostName = "hafnium";
+    networkmanager = {
+      enable = true;
+    };
+    useDHCP = false;
+    interfaces = {
+      enp2s0f0.useDHCP = false;
+      enp5s0.useDHCP = false;
+      wlp3s0.useDHCP = false;
+    };
+    firewall = {
+      allowedUDPPorts = [
+        53
+      ];
+      allowedTCPPorts = [
+        53
+      ];
+    };
+    extraHosts = ''
+    #10.10.10.10 example.com
+    #10.158.228.70 support.demo.core.tradebyte.com 
+    #10.158.228.28 demo.core.tradebyte.com
+    #10.158.227.210 supporttest.tradebyte.com
+    #10.158.227.132 test.tradebyte.com
+    #10.158.227.23 sandbox.tradebyte.com
+    #10.158.227.89 supportsandbox.tradebyte.com
+    10.158.226.157 staging.tradebyte.com
+    10.158.226.209 supportstaging.tradebyte.com
+    '';
+  };
+
+  i18n.defaultLocale = "de_DE.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "neo";
+  };
+
+  time.timeZone = "Europe/Berlin";
+
+  environment.systemPackages = with pkgs; [
+    brightnessctl
+    file
+    firefox-wayland
+    fzf
+    git
+    htop
+    ike
+    jq
+    neovim
+    openconnect
+    pavucontrol
+    redir
+    ripgrep
+    spice-gtk
+    tcpdump
+    usbutils
+    virt-manager
+  ];
+
+  fonts.fonts = with pkgs; [
+    powerline-fonts
+    roboto
+    font-awesome
+  ];
+
+  environment.variables.EDITOR = "nvim";
+
+  nixpkgs.overlays = [
+    (self: super: {
+      neovim = super.neovim.override {
+        viAlias = true;
+        vimAlias = true;
+      };
+    })
+  ];
+
+  programs.mtr.enable = true;
+  
+  programs.gnupg.agent = {
+     enable = true;
+     pinentryFlavor = "gnome3";
+  };
+
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+  hardware.pulseaudio.extraModules = [
+    pkgs.pulseaudio-modules-bt
+  ];
+
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+  services.ofono.enable = true;
+
+  services.udisks2.enable = true;
+  
+  services.openssh.enable = true;
+
+  services.udev.extraRules = ''
+    # mute indicator
+    SUBSYSTEM=="tty", ATTRS{idVendor}=="1eaf", ATTRS{idProduct}=="6d75", SYMLINK+="mute-indicator"
+  '';
+
+  virtualisation = {
+    docker.enable = true;
+    libvirtd = {
+      enable = true;
+      qemuOvmf = true;
+      onBoot = "ignore";
+      onShutdown = "shutdown";
+    };
+  };
+
+  #virtualisation.docker.extraOptions = "--dns 172.17.0.1";
+
+  # https://github.com/NixOS/nixpkgs/issues/60594
+  security.wrappers.spice-client-glib-usb-acl-helper.source = "${pkgs.spice-gtk}/bin/spice-client-glib-usb-acl-helper";
+
+  security.polkit.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.jal = {
+    isNormalUser = true;
+    extraGroups = [
+      "dialout"
+      "docker"
+      "libvirtd"
+      "networkmanager"
+      "video"
+      "wheel"
+    ]; # Enable ‘sudo’ for the user.
+    shell = pkgs.fish;
+  };
+
+  autologin.username = "jal";
+
+  networking.wg-quick.interfaces.tbcore = {
+    address = [
+      "172.27.27.16/32"
+    ];
+    privateKeyFile = "/root/wireguard-keys/tradebyte-core";
+    listenPort = 51930;
+
+    peers = [
+      {
+        publicKey = "K5vF/yTag6NnWjZsMug63DERdCFRfHoqxVkgKH55oFE=";
+        endpoint = "194.33.184.175:51930";
+        #endpoint = "ccs-emergency-vpn.core.tradebyte.com:51930";
+        persistentKeepalive = 25;
+        allowedIPs = [
+          "10.18.0.0/16"
+          "10.158.128.0/23"
+          "10.158.224.0/20"
+        ];
+      }
+    ];
+  };
+
+  services.dnsmasq = {
+    enable = true;
+    resolveLocalQueries = true;
+    servers = [
+      "194.150.168.168" # dns.as250.net Berlin/Frankfurt
+      "195.160.173.53" # dnscache.berlin.ccc.de
+      "46.182.19.48" # digitalcourage
+      "/sys.tradebyte.com/10.10.7.64"
+      "/core.tradebyte.com/10.170.254.30"
+      "/instance.tradebyte.com/10.170.254.30"
+      "/corp.ad.zalando.net/10.160.19.100"
+      "/7.10.10.in-addr.arpa/10.10.7.64"
+      "/develop.sys.tradebyte.com/10.0.3.1"
+      "/internal.production.core.tradebyte.com/10.158.224.2"
+    ];
+    extraConfig = ''
+      no-resolv
+      interface=lo
+      listen-address=::1
+      listen-address=127.0.0.1
+      bind-interfaces
+      dns-loop-detect
+      neg-ttl=5
+    '';
+  };
+
+  services.actkbd = {
+    enable = true;
+    bindings = [
+      { keys = [ 232 ]; events = [ "key" ]; command = "/run/current-system/sw/bin/brightnessctl s -5%"; }
+      { keys = [ 233 ]; events = [ "key" ]; command = "/run/current-system/sw/bin/brightnessctl s +5%"; }
+    ];
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.05"; # Did you read the comment?
+
+}
+
--- a/machines/t14/hardware-configuration.nix
+++ b/machines/t14/hardware-configuration.nix
@ -0,0 +1,44 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/b86310f5-fe3d-4b4d-bc02-ab0d7e9297cf";
+      fsType = "btrfs";
+      options = [
+        "discard=async"
+        "noatime"
+        "subvol=/nixos"
+        "compress=zstd:12"
+      ];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/f4be9071-2532-4272-b1f0-c54e868c0ba2";
+      fsType = "ext2";
+    };
+    "/boot/efi" = {
+      device = "/dev/disk/by-uuid/529D-EB74";
+      fsType = "vfat";
+    };
+  };
+
+  boot.initrd.luks.devices.cryptroot = {
+    device = "/dev/disk/by-uuid/d9b120c1-5e80-4893-92fe-497e5b44c25b";
+    allowDiscards = true;
+  };
+  
+  swapDevices = [ ];
+
+}