config/hosts/fwminex/configuration.nix

{
  config,
  pkgs,
  myData,
  ...
}: let
  randr = import ./randr.nix;
in {
  zfs-root = {
    boot = {
      enable = true;
      devNodes = "/dev/disk/by-id/";
      bootDevices = ["nvme-Samsung_SSD_970_EVO_Plus_2TB_S6P1NS0TA01331A"];
      immutable = false;
      forceNoDev2305 = true;
      availableKernelModules = ["usb_storage" "sd_mod" "xhci_pci" "thunderbolt" "nvme" "usbhid"];
      removableEfi = true;
      partitionScheme = {
        efiBoot = "-part1";
        bootPool = "-part2";
        rootPool = "-part4";
      };
    };
  };

  powerManagement.cpuFreqGovernor = "powersave";
  hardware.cpu.intel.updateMicrocode = true;
  nixpkgs.hostPlatform = "x86_64-linux";

  boot.binfmt.emulatedSystems = ["aarch64-linux"];

  #swapDevices = [];

  boot.loader.grub.extraEntries = ''
    menuentry "Debian via bpool label" {
      search --set=bpool --label bpool
      configfile "$(bpool)/@/BOOT/debian@/grub/grub.cfg"
    }
    menuentry "Debian 3915eee7610a7d61" {
      search --set=root 3915eee7610a7d61
      configfile "/BOOT/debian@/grub/grub.cfg"
    }
    menuentry "Debian 4113456512205749601" {
      search --set=root 4113456512205749601
      configfile "/BOOT/debian@/grub/grub.cfg"
    }
  '';

  systemd.services.zfs-mount.enable = false;

  mj = {
    stateVersion = "23.05";
    timeZone = "Europe/Vilnius";

    base = {
      zfs.enable = true;
      users = {
        devEnvironment = true;
        passwd = {
          root.passwordFile = config.age.secrets.root-passwd-hash.path;
          motiejus.passwordFile = config.age.secrets.motiejus-passwd-hash.path;
        };
      };

      snapshot = {
        enable = true;
        mountpoints = ["/home" "/var/lib" "/var/log"];
      };

      unitstatus = {
        enable = true;
        email = "motiejus+alerts@jakstys.lt";
      };
    };

    services = {
      node_exporter.enable = true;
      sshguard.enable = false;
      tailscale = {
        enable = true;
        silenceLogs = true;
      };

      deployerbot = {
        follower = {
          enable = true;
          uidgid = myData.uidgid.updaterbot-deployee;
          publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey;
        };
      };

      postfix = {
        enable = true;
        saslPasswdPath = config.age.secrets.sasl-passwd.path;
      };

      syncthing = {
        enable = false;
        dataDir = "/home/motiejus/";
        user = "motiejus";
        group = "users";
      };
    };
  };

  home-manager.users.motiejus = {pkgs, ...}: {
    programs.autorandr.profiles = {
      dualhome = {
        fingerprint = {inherit (randr) DP-3 DP-4;};
        config = {
          eDP-1.enable = false;
          DP-4 = {
            enable = true;
            mode = "2560x1440";
            pos = "2560x0";
            primary = true;
          };
          DP-3 = {
            enable = true;
            mode = "2560x1440";
            position = "0x0";
            crtc = 2;
          };
        };
      };
    };
  };

  environment.systemPackages = with pkgs; [
    iw
    texlive.combined.scheme-medium
  ];

  networking = {
    hostId = "3a54afcd";
    hostName = "fwminex";
    domain = "motiejus.jakst";
  };
}
add fwminex 2023-09-13 12:17:43 +03:00			`{`
			`config,`
			`pkgs,`
			`myData,`
			`...`
some autorandr 2023-09-17 07:06:19 +03:00			`}: let`
			`randr = import ./randr.nix;`
			`in {`
add fwminex 2023-09-13 12:17:43 +03:00			`zfs-root = {`
			`boot = {`
			`enable = true;`
			`devNodes = "/dev/disk/by-id/";`
			`bootDevices = ["nvme-Samsung_SSD_970_EVO_Plus_2TB_S6P1NS0TA01331A"];`
			`immutable = false;`
force no legacy grub (now) 2023-09-13 14:14:25 +03:00			`forceNoDev2305 = true;`
fwminex: remove iwlwifi from early-early boot 2023-09-16 23:05:01 +03:00			`availableKernelModules = ["usb_storage" "sd_mod" "xhci_pci" "thunderbolt" "nvme" "usbhid"];`
add fwminex 2023-09-13 12:17:43 +03:00			`removableEfi = true;`
fwminex: update partition scheme 2023-09-13 13:54:22 +03:00			`partitionScheme = {`
			`efiBoot = "-part1";`
			`bootPool = "-part2";`
			`rootPool = "-part4";`
			`};`
add fwminex 2023-09-13 12:17:43 +03:00			`};`
			`};`

fwminex: some hardware updates 2023-09-14 12:40:16 +03:00			`powerManagement.cpuFreqGovernor = "powersave";`
			`hardware.cpu.intel.updateMicrocode = true;`
			`nixpkgs.hostPlatform = "x86_64-linux";`

add fwminex 2023-09-13 12:17:43 +03:00			`boot.binfmt.emulatedSystems = ["aarch64-linux"];`

fwminex: firewall and swap devices 2023-09-14 06:41:37 +03:00			`#swapDevices = [];`
another fix for swap devices 2023-09-13 15:18:25 +03:00
add fwminex 2023-09-13 12:17:43 +03:00			`boot.loader.grub.extraEntries = ''`
			`menuentry "Debian via bpool label" {`
			`search --set=bpool --label bpool`
			`configfile "$(bpool)/@/BOOT/debian@/grub/grub.cfg"`
			`}`
			`menuentry "Debian 3915eee7610a7d61" {`
			`search --set=root 3915eee7610a7d61`
			`configfile "/BOOT/debian@/grub/grub.cfg"`
			`}`
			`menuentry "Debian 4113456512205749601" {`
			`search --set=root 4113456512205749601`
			`configfile "/BOOT/debian@/grub/grub.cfg"`
			`}`
			`'';`

disable zfs-mount 2023-09-14 15:26:16 +03:00			`systemd.services.zfs-mount.enable = false;`

add fwminex 2023-09-13 12:17:43 +03:00			`mj = {`
			`stateVersion = "23.05";`
			`timeZone = "Europe/Vilnius";`

			`base = {`
			`zfs.enable = true;`
			`users = {`
			`devEnvironment = true;`
			`passwd = {`
secrets for fwminex 2023-09-15 13:23:52 +03:00			`root.passwordFile = config.age.secrets.root-passwd-hash.path;`
			`motiejus.passwordFile = config.age.secrets.motiejus-passwd-hash.path;`
add fwminex 2023-09-13 12:17:43 +03:00			`};`
			`};`

			`snapshot = {`
			`enable = true;`
			`mountpoints = ["/home" "/var/lib" "/var/log"];`
			`};`

			`unitstatus = {`
			`enable = true;`
			`email = "motiejus+alerts@jakstys.lt";`
			`};`
			`};`

			`services = {`
			`node_exporter.enable = true;`
tailscale: silence logs on some machines 2023-09-14 14:37:55 +03:00			`sshguard.enable = false;`
			`tailscale = {`
			`enable = true;`
			`silenceLogs = true;`
			`};`
add fwminex 2023-09-13 12:17:43 +03:00
			`deployerbot = {`
			`follower = {`
			`enable = true;`
			`uidgid = myData.uidgid.updaterbot-deployee;`
			`publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey;`
			`};`
			`};`

secrets for fwminex 2023-09-15 13:23:52 +03:00			`postfix = {`
			`enable = true;`
			`saslPasswdPath = config.age.secrets.sasl-passwd.path;`
			`};`
add fwminex 2023-09-13 12:17:43 +03:00
			`syncthing = {`
disable syncthing temporarily 2023-09-15 13:29:55 +03:00			`enable = false;`
add fwminex 2023-09-13 12:17:43 +03:00			`dataDir = "/home/motiejus/";`
			`user = "motiejus";`
			`group = "users";`
			`};`
			`};`
			`};`

some autorandr 2023-09-17 07:06:19 +03:00			`home-manager.users.motiejus = {pkgs, ...}: {`
			`programs.autorandr.profiles = {`
			`dualhome = {`
			`fingerprint = {inherit (randr) DP-3 DP-4;};`
			`config = {`
			`eDP-1.enable = false;`
			`DP-4 = {`
			`enable = true;`
			`mode = "2560x1440";`
			`pos = "2560x0";`
			`primary = true;`
			`};`
			`DP-3 = {`
			`enable = true;`
			`mode = "2560x1440";`
			`position = "0x0";`
			`crtc = 2;`
			`};`
			`};`
			`};`
			`};`
			`};`

add some packages 2023-09-15 13:01:20 +03:00			`environment.systemPackages = with pkgs; [`
hardware observability 2023-09-16 08:53:23 +03:00			`iw`
add some packages 2023-09-15 13:01:20 +03:00			`texlive.combined.scheme-medium`
			`];`

add fwminex 2023-09-13 12:17:43 +03:00			`networking = {`
fwminex: set hostid 2023-09-13 14:46:58 +03:00			`hostId = "3a54afcd";`
add fwminex 2023-09-13 12:17:43 +03:00			`hostName = "fwminex";`
			`domain = "motiejus.jakst";`
			`};`
			`}`