diff --git a/flake.nix b/flake.nix index 185ce5c..65a0fb2 100644 --- a/flake.nix +++ b/flake.nix @@ -169,6 +169,26 @@ specialArgs = {inherit myData;} // inputs; }; + mtworx = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + {nixpkgs.overlays = overlays;} + ./hosts/mtworx/configuration.nix + home-manager.nixosModules.home-manager + + #agenix.nixosModules.default + #{ + # age.secrets = { + # motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age; + # root-passwd-hash.file = ./secrets/root_passwd_hash.age; + # sasl-passwd.file = ./secrets/postfix_sasl_passwd.age; + # }; + #} + ]; + + specialArgs = {inherit myData;} // inputs; + }; + vno1-oh2 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ diff --git a/hosts/mtworx/configuration.nix b/hosts/mtworx/configuration.nix new file mode 100644 index 0000000..ebcbe40 --- /dev/null +++ b/hosts/mtworx/configuration.nix @@ -0,0 +1,140 @@ +{ + pkgs, + #config, + myData, + ... +}: let + nvme = "nvme-WD_PC_SN810_SDCQNRY-1T00-1201_23234W800017"; +in { + imports = [ + ../../modules + ../../modules/profiles/desktop + ]; + + boot = { + kernelPackages = pkgs.linuxPackages_latest; + kernelModules = ["kvm-intel"]; + supportedFilesystems = ["bcachefs"]; + loader.systemd-boot.enable = true; + initrd = { + availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usbhid"]; + luks.devices = { + luksroot = { + device = "${nvme}-part3"; + allowDiscards = true; + }; + }; + }; + }; + + swapDevices = [ + { + device = "${nvme}-part2"; + randomEncryption.enable = true; + } + ]; + + fileSystems = { + "/" = { + device = "/dev/mapper/luksroot"; + fsType = "bcachefs"; + }; + "/boot" = { + device = "${nvme}-part1"; + fsType = "ext4"; + }; + }; + + powerManagement.cpuFreqGovernor = "powersave"; + + hardware.cpu.intel.updateMicrocode = true; + nixpkgs.hostPlatform = "x86_64-linux"; + + boot.binfmt.emulatedSystems = ["aarch64-linux"]; + + systemd.services.zfs-mount.enable = false; + + mj = { + stateVersion = "23.11"; + timeZone = "Europe/Vilnius"; + username = "motiejus"; + + base.users = { + enable = true; + root.initialPassword = "live"; + user.initialPassword = "live"; + #root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; + #user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; + }; + + services = { + sshguard.enable = false; + tailscale = { + enable = true; + verboseLogs = true; + }; + + node_exporter = { + enable = true; + extraSubnets = [myData.subnets.vno1.cidr]; + }; + + deployerbot = { + follower = { + inherit (myData.hosts."vno1-oh2.servers.jakst") publicKey; + + enable = true; + uidgid = myData.uidgid.updaterbot-deployee; + sshAllowSubnets = with myData.subnets; [tailscale.sshPattern]; + }; + }; + + #postfix = { + # enable = true; + # saslPasswdPath = config.age.secrets.sasl-passwd.path; + #}; + + syncthing = { + enable = true; + dataDir = "/home/motiejus/"; + user = "motiejus"; + group = "users"; + }; + + #remote-builder.client = let + # host = myData.hosts."fra1-a.servers.jakst"; + #in { + # enable = true; + # inherit (host) system supportedFeatures; + # hostName = host.jakstIP; + # sshKey = "/etc/ssh/ssh_host_ed25519_key"; + #}; + }; + }; + + virtualisation.virtualbox.host.enable = true; + users.extraGroups.vboxusers.members = ["motiejus"]; + + networking = { + hostId = "b14a02aa"; + hostName = "mtworx"; + domain = "motiejus.jakst"; + firewall.rejectPackets = true; + }; + + services.tlp = { + enable = true; + settings = { + CPU_BOOST_ON_BAT = 0; + CPU_HWP_DYN_BOOST_ON_BAT = 0; + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; + CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; + PLATFORM_PROFILE_ON_BAT = "low-power"; + START_CHARGE_THRESH_BAT1 = 80; + STOP_CHARGE_THRESH_BAT1 = 87; + RUNTIME_PM_ON_BAT = "auto"; + }; + }; +}