diff options
| author | tv <tv@krebsco.de> | 2023-09-11 18:24:28 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2023-09-13 18:07:11 +0200 |
| commit | 0c4f3acb281be6290c55a6e96bc29fab5b5c7a11 (patch) | |
| tree | dadaec00477a095273475ac345b2066b4748c399 /systems/mu | |
| parent | ab1d0479e90f11806d4703ec6fffed3d5f782914 (diff) | |
stockholm -> hrm
Diffstat (limited to 'systems/mu')
| -rw-r--r-- | systems/mu/config.nix | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/systems/mu/config.nix b/systems/mu/config.nix new file mode 100644 index 0000000..dc9ea0f --- /dev/null +++ b/systems/mu/config.nix @@ -0,0 +1,125 @@ +{ config, lib, pkgs, ... }: { + imports = [ + ../../configs/br.nix + ../../configs/exim-retiolum.nix + ../../configs/hw/x220.nix + ../../configs/retiolum.nix + ]; + + krebs.build.host = config.krebs.hosts.mu; + krebs.build.user = lib.mkForce config.krebs.users.vv; + + tv.x0vncserver.enable = true; + + boot.initrd.luks.devices.muca.device = "/dev/sda2"; + boot.initrd.availableKernelModules = [ "ahci" ]; + boot.kernelModules = [ "fbcon" "kvm-intel" ]; + boot.kernelParams = [ "fsck.repair=yes" ]; + boot.extraModulePackages = [ ]; + + fileSystems = { + "/" = { + device = "/dev/mapper/muvga-root"; + fsType = "ext4"; + options = [ "defaults" "discard" ]; + }; + "/home" = { + device = "/dev/mapper/muvga-home"; + fsType = "ext4"; + options = [ "defaults" "discard" ]; + }; + "/boot" = { + device = "/dev/sda1"; + fsType = "vfat"; + }; + }; + + nixpkgs.config.allowUnfree = true; + hardware.opengl.driSupport32Bit = true; + + hardware.pulseaudio.enable = true; + + hardware.enableRedistributableFirmware = true; + + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; + + networking.networkmanager.enable = true; + + # XXX reload to work around occasional "Failed to load firmware chunk!" + # TODO only do this if firmware is actually broken(?) + system.activationScripts.reload-iwlwifi = /* sh */ '' + ${pkgs.kmod}/bin/modprobe -vr iwlwifi + ${pkgs.kmod}/bin/modprobe -v iwlwifi + ''; + + environment.systemPackages = [ + pkgs.chromium + pkgs.firefox + pkgs.gimp + pkgs.iptables + pkgs.libreoffice + pkgs.plasma-pa + (pkgs.pidgin.override { + plugins = [ pkgs.pidgin-otr ]; + }) + pkgs.skypeforlinux + pkgs.slock + pkgs.tinc_pre + pkgs.vim + pkgs.xsane + + #pkgs.foomatic_filters + #pkgs.gutenprint + #pkgs.cups_pdf_filter + #pkgs.ghostscript + ]; + + + i18n.defaultLocale = "de_DE.UTF-8"; + + programs.ssh.startAgent = false; + + krebs.setuid = { + slock = { + filename = "${pkgs.slock}/bin/slock"; + mode = "4111"; + }; + }; + + security.pam.loginLimits = [ + # for jack + { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; } + { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; } + ]; + + fonts.fonts = [ + pkgs.xorg.fontschumachermisc + ]; + + services.xserver.enable = true; + services.xserver.layout = "de"; + services.xserver.xkbOptions = "eurosign:e"; + + # TODO this is host specific + services.xserver.libinput.enable = false; + services.xserver.synaptics = { + enable = true; + twoFingerScroll = true; + }; + + services.xserver.desktopManager.plasma5.enable = true; + + services.xserver.displayManager.autoLogin.enable = true; + services.xserver.displayManager.autoLogin.user = "vv"; + + users.users.vv = { + inherit (config.krebs.users.vv) home uid; + isNormalUser = true; + extraGroups = [ + "audio" + "video" + "networkmanager" + ]; + }; +} |