From 81eb15d52a0332d46f09c7708840c015a7aeefa0 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Mon, 30 Nov 2020 16:23:45 +0100 Subject: [PATCH] Integrate hummelberg desktop configuration --- defaults/base/default.nix | 122 +++++++++++++--- defaults/base/unfree.nix | 35 +++++ defaults/cifs-auth-fix/default.nix | 37 +++++ defaults/desktop/applications.nix | 52 +++++++ defaults/desktop/default.nix | 15 ++ defaults/desktop/desktop-environment.nix | 53 +++++++ defaults/desktop/desktop-i3.nix | 36 +++++ defaults/desktop/hardware.nix | 18 +++ defaults/desktop/multimedia.nix | 56 +++++++ defaults/desktop/office-suite.nix | 177 +++++++++++++++++++++++ defaults/desktop/scripts.nix | 17 +++ defaults/desktop/security.nix | 15 ++ defaults/desktop/webapps.nix | 12 ++ defaults/development-tools/default.nix | 30 ++++ defaults/games/default.nix | 16 ++ defaults/printing/default.nix | 11 ++ hardware/apu.nix | 2 +- hardware/dell-precision-3530.nix | 20 +++ host/hummelberg/default.nix | 30 ++++ host/hummelberg/filesystems.nix | 64 ++++++++ host/hummelberg/networking.nix | 15 ++ host/hummelberg/printing.nix | 16 ++ 22 files changed, 824 insertions(+), 25 deletions(-) create mode 100644 defaults/base/unfree.nix create mode 100644 defaults/cifs-auth-fix/default.nix create mode 100644 defaults/desktop/applications.nix create mode 100644 defaults/desktop/default.nix create mode 100644 defaults/desktop/desktop-environment.nix create mode 100644 defaults/desktop/desktop-i3.nix create mode 100644 defaults/desktop/hardware.nix create mode 100644 defaults/desktop/multimedia.nix create mode 100644 defaults/desktop/office-suite.nix create mode 100644 defaults/desktop/scripts.nix create mode 100644 defaults/desktop/security.nix create mode 100644 defaults/desktop/webapps.nix create mode 100644 defaults/development-tools/default.nix create mode 100644 defaults/games/default.nix create mode 100644 defaults/printing/default.nix create mode 100644 hardware/dell-precision-3530.nix create mode 100644 host/hummelberg/default.nix create mode 100644 host/hummelberg/filesystems.nix create mode 100644 host/hummelberg/networking.nix create mode 100644 host/hummelberg/printing.nix diff --git a/defaults/base/default.nix b/defaults/base/default.nix index e491873..6099b51 100644 --- a/defaults/base/default.nix +++ b/defaults/base/default.nix @@ -2,7 +2,7 @@ { config, lib, pkgs, ... }: { - imports = [ ../../modules ]; + imports = [ ../../modules ./unfree.nix ]; nixpkgs.overlays = [ (import ../../overlays) ]; @@ -14,29 +14,80 @@ console = { font = "Lat2-Terminus16"; - keyMap = "sg-latin1"; + keyMap = "de_CH-latin1"; }; i18n.defaultLocale = "en_US.UTF-8"; - environment.systemPackages = with pkgs; [ - wget - curl - vim - tmux - git - ncat - bind - ack - fwupd - pciutils - dmidecode - smartmontools - parted - borgbackup - nixfmt - iw - ]; + environment.systemPackages = with pkgs; + [ + vim + tmux + fwupd + pciutils + dmidecode + smartmontools + borgbackup + iw + killall + bc + efibootmgr + efitools + efivar + mkpasswd + rename + wipe + gnupg + pass + pwgen + units + powertop + lm_sensors + ] ++ [ nixfmt nix-index nix-diff nixpkgs-review ] + ++ [ autojump powerline-go ] ++ [ # File Utilities + ack + unzip + unrar + perl530Packages.DigestSHA3 + borgbackup + iotop + cabextract + tree # p7zip + vim + vimPlugins.pathogen + vimPlugins.airline + git + git-lfs + ] ++ [ # Filesystem & Disk Utilities + fuse_exfat + cifs-utils + keyutils # required for cifs kerberos auth + smbclient + exfat-utils + sshfs-fuse + hdparm + mtpfs + ntfs3g + smartmontools + parted + ] ++ [ # Networking Utilities + nmap + bind + curl + wget + ncat + tor + tor-arm + mosh + whois + wol + rsync + sshuttle + iftop + mailutils # hash-slinger #TODO: hash-slinger has broken dependency pyunbound + imapsync + bluez-tools + ]; services.fwupd.enable = true; @@ -54,16 +105,24 @@ nix.trustedUsers = [ "root" "@wheel" ]; + users.groups = { + fhauser.gid = 1000; + das-g.gid = 1001; + empty0.gid = 1002; + }; + users.mutableUsers = false; - users.users = rec { + users.users = rec { # TODO: Migrate to meta root.openssh.authorizedKeys.keys = lib.flatten (map (u: u.openssh.authorizedKeys.keys) [ fhauser das-g ]); fhauser = { + uid = 1000; isNormalUser = true; description = "Fabian Hauser"; - extraGroups = [ "wheel" ]; - uid = 1000; + group = "fhauser"; + extraGroups = [ "wheel" "video" ] + ++ (if config.virtualisation.docker.enable then [ "docker" ] else [ ]); hashedPassword = "$6$rounds=20000$TYZ8CojfBLwejcwn$smEJe6/anL9NGf.Ytfny14nBfhr4TRPv2XK1lgHz7yg.zQow1HACePirEjsjxzFC6vTHGaT8t2NxobUsHbWLg1"; openssh.authorizedKeys.keys = [ @@ -72,16 +131,27 @@ }; das-g = { + uid = 1001; isNormalUser = true; description = "Raphael Das Gupta"; + group = "das-g"; extraGroups = [ "wheel" ]; - uid = 1001; hashedPassword = "$6$rounds=37000$omA92cfwup$Ri9FXHbeOUIIDKf83D6UNa5NWGac.G9A3voJmrivwkVtaDGVMGLIa5qdgkaDeCKoMkl8YRjJ7smEyrMwTnuRD0"; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRWDaUzbDyCNee/K8iCcXtoLrR0fZoGpXAV4f/CjB8kKb42lWKWXc67Juy0RnRVCZQc21ooApuQPJZ08Cawj9Okgz0j3vYdMnDBY1Ox9Ik12hzbpdLDHhOrIj3BOJuAKfFy5OM9Z2ZLwdvjXFk+1RQK1Qadd3PwtGjxLAgp5eBHj8TgUP8DXKGQQElphjfVLua4ufqoTldT1mrmDn/+GDgNY5HUTQb+YZ6AwjcemG+eAdG30Al1JRkOogke83hIXBVNCD9ObPtRv/KiAZv3TV8bgP2mzeeG2aDDb9qz8HXKvBlbN2ouz0cWTA5D5+Ua+wkOggEfhfPKBauF9sbQ8bRuknWm8VnuVXkikzdYZVGKdzvoHRdOfoTCL4JHzpGW6H3jVqdQuGTv5r28y/jxbDY95w6KmxLS+2u8SHVBh6hVAxf5i3P8aIHkOTEN//SyS/fa1uXHSQt0sVya2+4pTsCQfwWjE3TrQg6W6bmguVMjaICze5wWwckap+57jKbK9sPCuLFfYPwOvQ3nfb6wwNBhvNxmD9xGfk8/UzXsoq6OgPvF7GE5UWA04GHCnF4H0tEAQBK0vsjKxqC2lM8nK9msbqkSxadIFYqiG1+DAZyju3uZgkkInev8dh02yNsVJKYoCm60PWaMTLeVsrYZuvNDWXsXm7+nD02wWI0lxnkVw== das-g@x1carbon" ]; }; + + empty0 = { + uid = 1002; + isNormalUser = true; + description = "Testuser empty0"; + group = "empty0"; + extraGroups = [ "video" ]; + hashedPassword = + "$6$mlI7Au.EzmrL9uJj$vz8ujechSkx83tsFcRA8D04vh5.3ZwPlPmE.wsf2CTKvLio48a1eXtRxUHkkDfPlLAjqyJ55bSSw2lLazH9Ip/"; + }; }; nix.gc = { @@ -90,10 +160,14 @@ options = "--delete-older-than 30d"; }; + services.btrfs.autoScrub.enable = true; + environment.etc = { gitconfig.source = ./etc/gitconfig; vimrc.source = ./etc/vimrc; }; + programs.autojump.enable = true; + programs.vim.defaultEditor = true; security.acme = { acceptTerms = true; diff --git a/defaults/base/unfree.nix b/defaults/base/unfree.nix new file mode 100644 index 0000000..8004d27 --- /dev/null +++ b/defaults/base/unfree.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: + +{ + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "unrar" + + "hplip" + + "google-chrome" + "spotify" + "skypeforlinux" + "slack" + "teams" + "discord" + "teamviewer" + "unity-editor" + + "corefonts" + "camingo-code" + "helvetica-neue-lt-std" + #"kochi-substitute-naga10" + "ttf-envy-code-r" + "vista-fonts" + "vista-fonts-chs" + "xkcd-font-unstable" + "ricty" + + "pycharm-professional" + "idea-ultimate" + "android-studio-stable" + + "vmware-view" + ]; +} diff --git a/defaults/cifs-auth-fix/default.nix b/defaults/cifs-auth-fix/default.nix new file mode 100644 index 0000000..206a6f8 --- /dev/null +++ b/defaults/cifs-auth-fix/default.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +{ + + # Remove this once https://github.com/NixOS/nixpkgs/issues/34638 is resolved + # The TL;DR is: the kernel calls out to the hard-coded path of + # /sbin/request-key as part of its CIFS auth process, which of course does + # not exist on NixOS due to the usage of Nix store paths. + system.activationScripts.symlink-requestkey = '' + if [ ! -d /sbin ]; then + mkdir /sbin + fi + ln -sfn /run/current-system/sw/bin/request-key /sbin/request-key + ''; + # request-key expects a configuration file under /etc + environment.etc."request-key.conf" = { + text = let + upcall = "${pkgs.cifs-utils}/bin/cifs.upcall"; + keyctl = "${pkgs.keyutils}/bin/keyctl"; + in '' + #OP TYPE DESCRIPTION CALLOUT_INFO PROGRAM + # -t is required for DFS share servers... + create cifs.spnego * * ${upcall} -t %k + create dns_resolver * * ${upcall} %k + # Everything below this point is essentially the default configuration, + # modified minimally to work under NixOS. Notably, it provides debug + # logging. + create user debug:* negate ${keyctl} negate %k 30 %S + create user debug:* rejected ${keyctl} reject %k 30 %c %S + create user debug:* expired ${keyctl} reject %k 30 %c %S + create user debug:* revoked ${keyctl} reject %k 30 %c %S + create user debug:loop:* * |${pkgs.coreutils}/bin/cat + create user debug:* * ${pkgs.keyutils}/share/keyutils/request-key-debug.sh %k %d %c %S + negate * * * ${keyctl} negate %k 30 %S + ''; + }; +} diff --git a/defaults/desktop/applications.nix b/defaults/desktop/applications.nix new file mode 100644 index 0000000..9837d58 --- /dev/null +++ b/defaults/desktop/applications.nix @@ -0,0 +1,52 @@ +{ config, pkgs, lib, ... }: + +{ + + environment.systemPackages = with pkgs; + [ # Networking + unison + transmission # GUI Tools, maybe extract... + ] ++ [ # Desktop Environment Applications + firefox + google-chrome + chromium + midori + qutebrowser + gnome3.evolution # TODO: Evolution EWS + synergy + quicksynergy + simple-scan + nextcloud-client + owncloud-client + ] ++ [ # office # TODO: Migrate to office.nix + libreoffice-fresh # TODO: Dictionaries, nixos/nixpkgs#14430 + pdfgrep + pdftk + calibre + tectonic + texstudio + pandoc + system-config-printer + cups-pk-helper + cups-bjnp + gutenprint + gutenprintBin + hplipWithPlugin + gnome3.gnome-online-accounts + gnome3.gnome-control-center + ] ++ [ # Communication + signal-desktop + tdesktop + discord + mattermost-desktop + # pidgin pidgin-otr pidgin-with-plugins #TODO: Pidgin needed? + #TODO: ekiga? + skype + slack + teams + teamviewer + rdesktop + vmware-horizon-client + ]; + +} diff --git a/defaults/desktop/default.nix b/defaults/desktop/default.nix new file mode 100644 index 0000000..425c2a4 --- /dev/null +++ b/defaults/desktop/default.nix @@ -0,0 +1,15 @@ +{ config, pkgs, lib, ... }: { + + imports = [ + ./applications.nix + ./desktop-environment.nix + ./desktop-i3.nix + ./hardware.nix + ./multimedia.nix + ./office-suite.nix + ./scripts.nix + ./security.nix + ./webapps.nix + ]; + +} diff --git a/defaults/desktop/desktop-environment.nix b/defaults/desktop/desktop-environment.nix new file mode 100644 index 0000000..4b1525d --- /dev/null +++ b/defaults/desktop/desktop-environment.nix @@ -0,0 +1,53 @@ +{ config, pkgs, lib, ... }: { + + environment.systemPackages = with pkgs; + [ # Utilities + freetype + light + xorg.xbacklight + feh + redshift + numlockx # TODO: Does this work? + lxappearance + ] ++ [ # Networking + gnome3.networkmanager-openconnect + ] ++ [ # Various + xfce.thunar + xfce.thunar-archive-plugin + xfce.xfce4-appfinder # xfce.thunar-volman # needed? + xfce.terminal + gnome3.gnome-screenshot + pinentry-gtk2 # Required by gnupg + ]; + + programs = { + gnome-terminal.enable = false; + geary.enable = false; + light.enable = true; + + gnupg.agent.pinentryFlavor = "gtk2"; + + dconf.enable = true; + }; + + services.gnome3 = { + # TODO: Do this manually and not all at once. + core-utilities.enable = true; + + gnome-keyring.enable = true; + evolution-data-server.enable = true; + gnome-online-accounts.enable = true; + + sushi.enable = false; + }; + + services.gvfs.enable = true; + + services.flatpak.enable = true; + xdg.portal = { + enable = true; + gtkUsePortal = true; + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + }; + +} diff --git a/defaults/desktop/desktop-i3.nix b/defaults/desktop/desktop-i3.nix new file mode 100644 index 0000000..db25ff1 --- /dev/null +++ b/defaults/desktop/desktop-i3.nix @@ -0,0 +1,36 @@ +{ config, pkgs, lib, ... }: { + + services.xserver = { + enable = true; + desktopManager.xterm.enable = false; + displayManager = { + startx.enable = false; + lightdm.enable = true; + defaultSession = "none+i3"; + }; + windowManager.i3 = { + enable = true; + extraPackages = with pkgs; [ + xdotool # for passmenu + python37Packages.py3status + file # TODO: py3status dependencies that should be added to nixpkgs + i3status + i3lock + redshift + rofi # TODO: add themes to global shared + feh + gnome3.networkmanagerapplet + pulseaudioLight.out + gnome3.gnome-screenshot + ]; + }; + }; + + # Enable touchpad support. + services.xserver.libinput.enable = true; + + # i18n + services.xserver.layout = "ch,de"; + services.xserver.xkbOptions = "eurosign:e"; + +} diff --git a/defaults/desktop/hardware.nix b/defaults/desktop/hardware.nix new file mode 100644 index 0000000..b336235 --- /dev/null +++ b/defaults/desktop/hardware.nix @@ -0,0 +1,18 @@ +{ config, pkgs, lib, ... }: + +{ + + services.blueman.enable = true; + + # Enable sound. + sound.enable = true; + + hardware = { + pulseaudio.enable = true; + opengl.enable = true; + u2f.enable = true; + acpilight.enable = true; + bluetooth.enable = true; + }; + +} diff --git a/defaults/desktop/multimedia.nix b/defaults/desktop/multimedia.nix new file mode 100644 index 0000000..c901a9e --- /dev/null +++ b/defaults/desktop/multimedia.nix @@ -0,0 +1,56 @@ +{ config, pkgs, lib, ... }: + +{ + + environment.systemPackages = with pkgs; + [ vlc v4l-utils calibre blender openshot-qt playerctl youtube-dl ] + ++ [ # Audio + audacity + enblend-enfuse + ffmpeg + mplayer + sox # TODO: mencoder? + vorbis-tools + vorbisgain + opusTools + flac + lame + id3lib + id3v2 # TODO: icedax? + pasystray + pavucontrol + spotify + ] ++ [ # Imaging + gimp + hugin + lensfun + luminanceHDR + darktable + geeqie + gphoto2 + # ImageMagick-perl perl-File-Type perl-Term-ProgressBar #TODO: Support libraries for scripts + inkscape + ghostscript + stellarium + unity3d + ] ++ [ # Codecs for Audio and Video + vobcopy + libdv + libdvbpsi # TODO: librtmp? + xvidcore + x264 + gst-plugins-base + gst-plugins-bad + gst-plugins-good + gst-plugins-ugly + gst_all_1.gstreamer + gst_all_1.gst-vaapi + gst_all_1.gst-rtsp-server + gst_all_1.gst-libav + gst_all_1.gst-plugins-base + gst_all_1.gst-plugins-bad + gst_all_1.gst-plugins-good + gst_all_1.gst-plugins-ugly + ]; + +} diff --git a/defaults/desktop/office-suite.nix b/defaults/desktop/office-suite.nix new file mode 100644 index 0000000..a18611d --- /dev/null +++ b/defaults/desktop/office-suite.nix @@ -0,0 +1,177 @@ +{ config, pkgs, lib, ... }: + +{ + + # Hamster + environment.systemPackages = with pkgs; [ hamster ]; + programs.hamster.enable = true; + + # Fonts + fonts.fonts = with pkgs; [ + google-fonts + lalezar-fonts + nahid-fonts + fontconfig-penultimate + nika-fonts + agave + aileron + amiri + andagii + #andika # Breaks Font-Awesome + ankacoder + ankacoder-condensed + aurulent-sans + caladea + cantarell-fonts + carlito + cascadia-code + #charis-sil # Breaks Font-Awesome + cherry + cnstrokeorder + comfortaa + comic-neue + comic-relief + corefonts + culmus + clearlyU + creep + crimson + dejavu_fonts + dina-font + dina-font-pcf + #doulos-sil # Breaks Font-Awesome + cabin + camingo-code + cooper-hewitt + d2coding + dosis + dosemu_fonts + eb-garamond + eunomia + ferrum + fixedsys-excelsior + emacs-all-the-icons-fonts + emojione + encode-sans + envypn-font + fantasque-sans-mono + fira + fira-code + fira-code-symbols + fira-mono + #gentium + #gentium-book-basic + #gohufont + #go-font + #gubbi-font + #gyre-fonts + #hack-font + ##helvetica-neue-lt-std + #hanazono + #hermit + #hyperscrypt-font + #ia-writer-duospace + #inconsolata + #inconsolata-lgc + ##input-fonts + #inriafonts + #iosevka + #iosevka-bin + #ipafont + #ipaexfont + #iwona + #jetbrains-mono + #jost + #kanji-stroke-order-font + #latinmodern-math + #lato + #league-of-moveable-type + ##liberation-sans-narrow + #libertine + #libertinus + #libre-baskerville + #libre-bodoni + #libre-caslon + #libre-franklin + #lmmath + #lmodern + #luculent + #marathi-cursive + #manrope + #material-design-icons + #material-icons + #meslo-lg + #migmix + #migu + #medio + #mno16 + #monoid + #mononoki + #montserrat + #mph_2b_damase + #mplus-outline-fonts + #mro-unicode + #myrica + #nafees + #nanum-gothic-coding + #national-park-typeface + #office-code-pro + #oldstandard + #oldsindhi + #open-dyslexic + open-sans + orbitron + overpass + oxygenfonts + #pecita + paratype-pt-mono + paratype-pt-sans + paratype-pt-serif + penna + poly + powerline-fonts + profont + proggyfonts + public-sans + redhat-official-fonts + route159 + #sarasa-gothic + seshat + scheherazade + #signwriting + stix-otf + stix-two + quattrocento + quattrocento-sans + raleway + recursive + rhodium-libre + roboto + roboto-mono + roboto-slab + hasklig + siji + source-code-pro + source-sans-pro + source-serif-pro + tamsyn + theano + tenderness + terminus_font + tipa + twemoji-color-font + twitter-color-emoji + ubuntu_font_family + #ucs-fonts + ultimate-oldschool-pc-font-pack + victor-mono + work-sans + wqy_microhei + wqy_zenhei + xits-math + xkcd-font + yanone-kaffeesatz + norwester-font + font-awesome + ]; # Generated with `cd /home/fhauser/projects/nixos/nixpkgs/pkgs/data/fonts; echo *` +} diff --git a/defaults/desktop/scripts.nix b/defaults/desktop/scripts.nix new file mode 100644 index 0000000..761663d --- /dev/null +++ b/defaults/desktop/scripts.nix @@ -0,0 +1,17 @@ +{ config, pkgs, lib, ... }: + +let + locksuspend = pkgs.writeScriptBin "locksuspend" '' + #!${pkgs.stdenv.shell} + set -euo pipefail + IFS=$'\n\t' + i3lock --ignore-empty-password --show-failed-attempts --color=000000 + sleep 0.5 + exec systemctl suspend + ''; +in { + + environment.homeBinInPath = true; + + environment.systemPackages = [ locksuspend ]; +} diff --git a/defaults/desktop/security.nix b/defaults/desktop/security.nix new file mode 100644 index 0000000..d092f28 --- /dev/null +++ b/defaults/desktop/security.nix @@ -0,0 +1,15 @@ +{ config, pkgs, lib, ... }: + +{ + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + services.pcscd.enable = true; + + # Ignore Broadcom smartcard + # See https://ludovicrousseau.blogspot.com/2015/12/remove-andor-customize-pcsc-reader-names.html + systemd.services.pcscd.environment.PCSCLITE_FILTER_IGNORE_READER_NAMES = + "Broadcom"; +} diff --git a/defaults/desktop/webapps.nix b/defaults/desktop/webapps.nix new file mode 100644 index 0000000..6862d09 --- /dev/null +++ b/defaults/desktop/webapps.nix @@ -0,0 +1,12 @@ +{ config, pkgs, lib, ... }: + +let + web-app = name: url: + pkgs.writeScriptBin name '' + #!${pkgs.stdenv.shell} + exec ${pkgs.chromium}/bin/chromium --app="${url}" + ''; + whatsapp = web-app "whatsapp" "https://web.whatsapp.com/"; + threema = web-app "threema" "https://web.threema.ch/"; + netflix = web-app "netflix" "https://netflix.com/"; +in { environment.systemPackages = with pkgs; [ whatsapp netflix threema ]; } diff --git a/defaults/development-tools/default.nix b/defaults/development-tools/default.nix new file mode 100644 index 0000000..1315ade --- /dev/null +++ b/defaults/development-tools/default.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +{ + virtualisation = { # TODO: This should probably be somewhere else. + docker.enable = true; + libvirtd.enable = true; + }; + + environment.systemPackages = with pkgs; + [ + vscodium + jetbrains.webstorm + jetbrains.pycharm-professional + jetbrains.idea-ultimate + android-studio + #umlet + #hugo # TODO: Is this the extended version? + #kubernetes-helm # TODO: is this the client? + #wireshark # sslscan aircrack-ng # Network + pipenv # Python + yubikey-manager # cracklib genisoimage # Security + gitlab-runner + ] ++ [ # Virtualisation, Docker & Kubernetes # TODO: MOoe + virt-manager + docker-compose + kubectl + vagrant # TODO: Supports libvirtd? + ]; + +} diff --git a/defaults/games/default.nix b/defaults/games/default.nix new file mode 100644 index 0000000..4470bc6 --- /dev/null +++ b/defaults/games/default.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + neverball + wesnoth + pingus + superTux + superTuxKart + extremetuxracer + zeroad + #TODO: smc + ]; + + services.gnome3.games.enable = true; +} diff --git a/defaults/printing/default.nix b/defaults/printing/default.nix new file mode 100644 index 0000000..fac2719 --- /dev/null +++ b/defaults/printing/default.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: + +{ + services.printing = { + enable = true; + drivers = with pkgs; [ gutenprint hplip splix cups-googlecloudprint ]; + }; + + services.system-config-printer.enable = true; + programs.system-config-printer.enable = true; +} diff --git a/hardware/apu.nix b/hardware/apu.nix index 5a121e3..bc78636 100644 --- a/hardware/apu.nix +++ b/hardware/apu.nix @@ -22,7 +22,7 @@ boot.extraModulePackages = [ ]; boot.kernelParams = [ "console=ttyS0,115200n8" ]; + # CPU Configuration hardware.cpu.amd.updateMicrocode = true; - nix.maxJobs = lib.mkDefault 4; } diff --git a/hardware/dell-precision-3530.nix b/hardware/dell-precision-3530.nix new file mode 100644 index 0000000..197ea67 --- /dev/null +++ b/hardware/dell-precision-3530.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: { + + imports = [ ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usb_storage" + "usbhid" + "sd_mod" + "rtsx_pci_sdmmc" + ]; + boot.kernelModules = [ "kvm-intel" ]; + + # CPU Configuration + hardware.cpu.amd.updateMicrocode = true; + nix.maxJobs = lib.mkDefault 12; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; +} diff --git a/host/hummelberg/default.nix b/host/hummelberg/default.nix new file mode 100644 index 0000000..4b0817b --- /dev/null +++ b/host/hummelberg/default.nix @@ -0,0 +1,30 @@ +{ config, pkgs, ... }: { + + imports = [ + ./filesystems.nix + ./networking.nix + ./printing.nix + #./backup.nix #TODO: Extract applications from desktop role + + ../../hardware/dell-precision-3530.nix + + ../../defaults/base + ../../defaults/cifs-auth-fix + ../../defaults/desktop + ../../defaults/development-tools + ../../defaults/games + ../../defaults/printing + ]; + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "20.03"; # Did you read the comment? + +} diff --git a/host/hummelberg/filesystems.nix b/host/hummelberg/filesystems.nix new file mode 100644 index 0000000..2a89b97 --- /dev/null +++ b/host/hummelberg/filesystems.nix @@ -0,0 +1,64 @@ +{ config, pkgs, lib, ... }: +let + networkShares = let + hsr_options = [ + "defaults" + "noauto" + #"iocharset=utf8" + "soft" + "user=fhauser" + "domain=hsr.ch" + "uid=1000" + "gid=1000" + ]; + hsr_share = share_name: + { domain ? "hsr.ch/root", path ? share_name, extra_options ? [ ] }: + lib.nameValuePair "/mnt/hsr/${share_name}" { + device = "//${domain}/${path}"; + fsType = "cifs"; + options = hsr_options ++ extra_options; + noCheck = true; + }; + in lib.mapAttrs' hsr_share { + "skripte".path = "alg/skripte"; + "scratch".path = "alg/scratch"; + "fhauser".domain = "c101.hsr.ch"; + #"fabian.hauser".domain = "svm-c113.ost.ch"; # User! + "afe" = { }; + "auw" = { }; + "ebooks" = { + path = "alg/ebooks"; + extra_options = [ "ro" ]; + }; + }; + +in { + boot.initrd.luks.devices = { + "root".device = "/dev/disk/by-uuid/28d2914f-c053-40a8-ad90-f2743190c772"; + "swap".device = "/dev/disk/by-uuid/ed89158d-4460-4012-86d7-f8761127371c"; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/6396b6eb-a7e6-430c-8c97-970404f88b35"; + fsType = "btrfs"; + options = [ "subvol=nixos" ]; + }; + "/home" = { + device = "/dev/disk/by-uuid/6396b6eb-a7e6-430c-8c97-970404f88b35"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/E86E-3C6C"; + fsType = "vfat"; + }; + } // networkShares; + + swapDevices = [{ device = "/dev/mapper/swap"; }]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + +} diff --git a/host/hummelberg/networking.nix b/host/hummelberg/networking.nix new file mode 100644 index 0000000..3ebde6f --- /dev/null +++ b/host/hummelberg/networking.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: + +{ + + networking = { + networkmanager.enable = true; + useDHCP = false; + #wireless.enable = true; # Enables wireless support via wpa_supplicant. + hostName = "hummelberg"; + }; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; +} diff --git a/host/hummelberg/printing.nix b/host/hummelberg/printing.nix new file mode 100644 index 0000000..bb07603 --- /dev/null +++ b/host/hummelberg/printing.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + hardware.printers.ensureDefaultPrinter = "hsr-mfp-8261"; + hardware.printers.ensurePrinters = [{ + name = "hsr-mfp-8261"; + deviceUri = "smb://hsr.ch/printsrv-d.hsr.ch/d8261-a4mfp"; + location = "HSR 8.261"; + model = "HP/hp-color_laserjet_mfp_m577-ps.ppd.gz"; + ppdOptions = { + Duplex = "DuplexNoTumble"; + PageSize = "A4"; + auth-info-required = "username,password"; + }; + }]; +}