Add cadmium

2020-11-05 09:19:24 +01:00 · 2020-11-05 09:19:24 +01:00 · fd19b9b513
commit fd19b9b513
parent c78b42b9b9
3 changed files with 276 additions and 0 deletions
--- a/hardware/cadmium.nix
+++ b/hardware/cadmium.nix
@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+{
+  boot.initrd.availableKernelModules = [
+    "i915"
+  ];
+
+  environment.systemPackages = with pkgs; [
+    intel-media-driver
+    libva
+    libva-utils
+    libva1
+  ];
+  hardware.opengl.extraPackages = lib.singleton pkgs.vaapiIntel;
+}
--- a/machines/cadmium/configuration.nix
+++ b/machines/cadmium/configuration.nix
@ -0,0 +1,232 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+      ../../hardware/cadmium.nix
+      ../../sway.nix
+      ../../unstable.nix
+      ../../fish.nix
+      ../../autologin.nix
+      ../../lxc.nix
+      ../../obs.nix
+    ];
+
+  # Use the GRUB 2 boot loader.
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.efiSysMountPoint = "/boot";
+      efi.canTouchEfiVariables = true;
+    };
+    initrd = {
+      availableKernelModules = [
+        "aes_x86_64"
+        "aesni_intel"
+        "cryptd"
+      ];
+      luks.devices = {
+        pvcrypt = {
+          device = "/dev/disk/by-uuid/8b7b67c8-d985-4431-8041-3bf31cc915c8";
+          preLVM = true;
+        };
+      };
+    };
+  };
+
+  networking = {
+    hostName = "cadmium";
+    interfaces.enp3s0.useDHCP = true;
+    networkmanager = {
+      enable = true;
+    };
+    useDHCP = false;
+
+    firewall = {
+      allowedUDPPorts = [
+        53
+        33580 # wireguard
+      ];
+      allowedTCPPorts = [
+        53
+      ];
+    };
+    extraHosts = ''
+      10.10.7.105 staging-transfer-reverseproxy-01-01.sys.tradebyte.com
+      185.11.253.218 reststaging.tradebyte.com clientmediastaging.tradebyte.com sftpstaging.tradebyte.com ftpstaging.tradebyte.com ftpsstaging.tradebyte.com rc.staging.tradebyte.com c3p0.staging.tradebyte.com c3p2.staging.tradebyte.com c3p4.staging.tradebyte.com staging.tradebyte.com
+10.10.7.30 supportstaging.tradebyte.com
+    '';
+  };
+
+  i18n.defaultLocale = "de_DE.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "neo";
+  };
+
+  time.timeZone = "Europe/Berlin";
+
+  environment.systemPackages = with pkgs; [
+    file
+    firefox-wayland
+    fzf
+    git
+    htop
+    ike
+    jq
+    neovim
+    openconnect
+    pavucontrol
+    redir
+    ripgrep
+    spice-gtk
+    tcpdump
+    usbutils
+    virt-manager
+  ];
+
+  fonts.fonts = with pkgs; [
+    powerline-fonts
+    roboto
+    font-awesome
+  ];
+
+  environment.variables.EDITOR = "nvim";
+
+  nixpkgs.overlays = [
+    (self: super: {
+      neovim = super.neovim.override {
+        viAlias = true;
+        vimAlias = true;
+      };
+    })
+  ];
+
+  programs.mtr.enable = true;
+  
+  programs.gnupg.agent = {
+     enable = true;
+     pinentryFlavor = "gnome3";
+  };
+
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+  hardware.pulseaudio.extraModules = [
+    pkgs.pulseaudio-modules-bt
+  ];
+
+  #hardware.pulseaudio.extraConfig = ''
+  #        load-module module-echo-cancel source_name=noechosource sink_name=noechosink
+  #'';
+  #load-module module-loopback
+  #set-default-source noechosource
+  #set-default-sink noechosink
+
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+  services.ofono.enable = true;
+
+  services.udisks2.enable = true;
+  
+  services.openssh.enable = true;
+
+  services.udev.extraRules = ''
+    SUBSYSTEM=="video4linux", BUS=="usb", ATTRS{vendor}=="0x046d", ATTRS{device}=="0x085c", NAME="video1"
+  '';
+
+  virtualisation = {
+    docker.enable = true;
+    libvirtd.enable = true;
+  };
+
+  # https://github.com/NixOS/nixpkgs/issues/60594
+  security.wrappers.spice-client-glib-usb-acl-helper.source = "${pkgs.spice-gtk}/bin/spice-client-glib-usb-acl-helper";
+
+  security.polkit.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.jal = {
+    isNormalUser = true;
+    extraGroups = [
+      "dialout"
+      "docker"
+      "libvirtd"
+      "networkmanager"
+      "video"
+      "wheel"
+    ]; # Enable ‘sudo’ for the user.
+    shell = pkgs.fish;
+  };
+
+  autologin.username = "jal";
+
+  networking.wg-quick.interfaces.wgawsjal = {
+    address = [ "10.254.254.6/30" ];
+    privateKeyFile = "/root/wireguard-keys/wgawsjal";
+    listenPort = 33580;
+    #mtu = 1419
+    #mtu = 1408
+    mtu = 1358;
+
+    peers = [
+      {
+        publicKey = "5B5Ad+C05saQZaVXw7nc9/htshzcPV5Suj2I8P4Ndik=";
+        endpoint = "3.121.44.55:2048";
+        persistentKeepalive = 10;
+        allowedIPs = [
+          "10.254.254.4/30" # tunnel transport
+          "10.10.7.0/24"    # NETWAYS
+          "10.158.128.0/23" # Approvals (instance.tradebyte.com)
+          "10.158.224.0/20" # TB.Shift production
+          "10.158.240.0/20" # TB.Shift development
+          "10.18.0.0/16"    # AWS IT
+          "10.250.0.0/16"   # AWS CCS
+          #10.10.7.6/32
+          #10.10.7.52/32
+          #10.10.7.218/32
+          #10.10.7.248/32
+        ];
+      }
+    ];
+  };
+
+  services.dnsmasq = {
+    enable = true;
+    resolveLocalQueries = true;
+    servers = [
+      "194.150.168.168" # dns.as250.net Berlin/Frankfurt
+      "195.160.173.53" # dnscache.berlin.ccc.de
+      "46.182.19.48" # digitalcourage
+      "/sv.tb/192.168.99.17"
+      "/abc.tb/192.168.99.44"
+      "/sys.tradebyte.com/10.10.7.64"
+      "/core.tradebyte.com/10.10.7.64"
+      "/corp.ad.zalando.net/10.160.19.100"
+      "/7.10.10.in-addr.arpa/10.10.7.64"
+      "/develop.sys.tradebyte.com/10.0.3.1"
+    ];
+    extraConfig = ''
+      no-resolv
+      interface=lo
+      listen-address=::1
+      listen-address=127.0.0.1
+      bind-interfaces
+      dns-loop-detect
+      neg-ttl=5
+    '';
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.03"; # Did you read the comment?
+
+}
--- a/machines/cadmium/hardware-configuration.nix
+++ b/machines/cadmium/hardware-configuration.nix
@ -0,0 +1,29 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/d6302c3c-1100-4cc4-86d7-fc3a84db9a37";
+      fsType = "ext4";
+    };
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/BBF2-C8B1";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 8;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}