diff --git a/flake.nix b/flake.nix index f76a09d2..161c6e01 100644 --- a/flake.nix +++ b/flake.nix @@ -95,6 +95,21 @@ ]; }; + t480 = nixpkgs.lib.nixosSystem { + specialArgs = specialArgs // { + hostname = "t480"; + stateVersion = "22.11"; + }; + + modules = [ + agenix.nixosModules.default + nixos-hardware.nixosModules.common-gpu-intel + nixos-hardware.nixosModules.lenovo-thinkpad-t480 + + ./nix/hosts/t480/configuration.nix + ]; + }; + t490 = nixpkgs.lib.nixosSystem { specialArgs = specialArgs // { hostname = "t490"; diff --git a/nix/home/opdavies/hosts/t480.nix b/nix/home/opdavies/hosts/t480.nix new file mode 100644 index 00000000..2447eb4d --- /dev/null +++ b/nix/home/opdavies/hosts/t480.nix @@ -0,0 +1,42 @@ +{ pkgs, ... }: + +{ + homeManagerModules = { + bluetuith.enable = true; + brave.enable = true; + copyq.enable = true; + direnv.enable = true; + discord.enable = true; + dwm.enable = true; + flameshot.enable = true; + gimp.enable = true; + gtk.enable = true; + handbrake.enable = true; + kdenlive.enable = true; + mpv.enable = true; + neovim.enable = true; + + notes = { + enable = true; + directory = "$HOME/Documents/wiki/notes"; + }; + + pocket-casts.enable = true; + slack.enable = true; + tmux.enable = true; + tmux-sessionizer.enable = true; + zoom.enable = true; + }; + + home.packages = with pkgs; [ + displayselect + isync + upload-to-files + ]; + + programs.neomutt = { + enable = true; + + vimKeys = true; + }; +} diff --git a/nix/hosts/t480/configuration.nix b/nix/hosts/t480/configuration.nix new file mode 100644 index 00000000..d2d2b0c7 --- /dev/null +++ b/nix/hosts/t480/configuration.nix @@ -0,0 +1,69 @@ +{ inputs, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./hardware.nix + ./programs.nix + ./secrets.nix + ./services + ./users.nix + + ./modules/docker.nix + + ../common + ../../users/opdavies + ]; + + nixosModules = { + dwm.enable = true; + gaming.enable = true; + redshift.enable = true; + st.enable = true; + thunar.enable = true; + peek.enable = true; + }; + + nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + + boot = { + loader = { + systemd-boot = { + enable = true; + configurationLimit = 10; + }; + + efi = { + canTouchEfiVariables = true; + }; + }; + }; + + systemd.extraConfig = '' + DefaultTimeoutStopSec=10s + ''; + + networking.networkmanager.enable = true; + + security = { + polkit.enable = true; + rtkit.enable = true; + }; + + environment.systemPackages = with pkgs; [ + gtypist + newsboat + pam_gnupg + rclone + rclone-browser + sxiv + ttyper + yt-dlp + ]; + + zramSwap.enable = true; + + networking.hosts = { + "192.168.1.116" = [ "nixedo" ]; + }; +} diff --git a/nix/hosts/t480/hardware-configuration.nix b/nix/hosts/t480/hardware-configuration.nix new file mode 100644 index 00000000..49b636eb --- /dev/null +++ b/nix/hosts/t480/hardware-configuration.nix @@ -0,0 +1,53 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/34bd5f2e-8ccf-4d5f-876c-9d7ea84c44f0"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/B8BC-688D"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nix/hosts/t480/hardware.nix b/nix/hosts/t480/hardware.nix new file mode 100644 index 00000000..3798ca48 --- /dev/null +++ b/nix/hosts/t480/hardware.nix @@ -0,0 +1,5 @@ +{ + hardware = { + bluetooth.enable = true; + }; +} diff --git a/nix/hosts/t480/modules/docker.nix b/nix/hosts/t480/modules/docker.nix new file mode 100644 index 00000000..a8780150 --- /dev/null +++ b/nix/hosts/t480/modules/docker.nix @@ -0,0 +1,3 @@ +{ + virtualisation.docker.enable = true; +} diff --git a/nix/hosts/t480/programs.nix b/nix/hosts/t480/programs.nix new file mode 100644 index 00000000..f3cfe26d --- /dev/null +++ b/nix/hosts/t480/programs.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + programs = { + dconf.enable = true; + }; +} diff --git a/nix/hosts/t480/secrets.nix b/nix/hosts/t480/secrets.nix new file mode 100644 index 00000000..e2032222 --- /dev/null +++ b/nix/hosts/t480/secrets.nix @@ -0,0 +1,5 @@ +{ + age.secrets = { + cloudflare.file = ../../secrets/cloudflare.age; + }; +} diff --git a/nix/hosts/t480/services/cron.nix b/nix/hosts/t480/services/cron.nix new file mode 100644 index 00000000..f9b961c3 --- /dev/null +++ b/nix/hosts/t480/services/cron.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: + +{ + services.cron = { + enable = true; + + systemCronJobs = [ + "*/15 * * * * opdavies ${pkgs.imapfilter}/bin/imapfilter -c ~/Code/email-filters/config.lua" + "0 8,20 * * * opdavies ${pkgs.isync}/bin/mbsync -a" + ]; + }; +} diff --git a/nix/hosts/t480/services/default.nix b/nix/hosts/t480/services/default.nix new file mode 100644 index 00000000..ef7c3c7b --- /dev/null +++ b/nix/hosts/t480/services/default.nix @@ -0,0 +1,31 @@ +{ + imports = [ + ./cron.nix + ./interception-tools.nix + ./redshift.nix + ./sound.nix + ./udev.nix + ./xserver.nix + ]; + + services = { + auto-cpufreq.enable = true; + + avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + + blueman.enable = true; + + gvfs.enable = true; + openssh.enable = true; + power-profiles-daemon.enable = false; + printing.enable = true; + pulseaudio.enable = false; + throttled.enable = true; + thermald.enable = true; + upower.enable = true; + }; +} diff --git a/nix/hosts/t480/services/interception-tools.nix b/nix/hosts/t480/services/interception-tools.nix new file mode 100644 index 00000000..96e43b85 --- /dev/null +++ b/nix/hosts/t480/services/interception-tools.nix @@ -0,0 +1,25 @@ +{ pkgs, ... }: + +{ + # Make Caps lock work as an Escape key on press and Ctrl on hold. + services.interception-tools = + let + dfkConfig = pkgs.writeText "dual-function-keys.yaml" '' + MAPPINGS: + - KEY: KEY_CAPSLOCK + TAP: KEY_ESC + HOLD: KEY_LEFTCTRL + ''; + in + { + enable = true; + plugins = pkgs.lib.mkForce [ pkgs.interception-tools-plugins.dual-function-keys ]; + udevmonConfig = '' + - JOB: "${pkgs.interception-tools}/bin/intercept -g $DEVNODE | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dfkConfig} | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE" + DEVICE: + NAME: "AT Translated Set 2 keyboard" + EVENTS: + EV_KEY: [[KEY_CAPSLOCK, KEY_ESC, KEY_LEFTCTRL]] + ''; + }; +} diff --git a/nix/hosts/t480/services/redshift.nix b/nix/hosts/t480/services/redshift.nix new file mode 100644 index 00000000..3fcfdf4f --- /dev/null +++ b/nix/hosts/t480/services/redshift.nix @@ -0,0 +1,31 @@ +{ config, lib, ... }: + +with lib; + +let + cfg = config.nixosModules.redshift; +in +{ + options.nixosModules.redshift.enable = mkEnableOption "Enable redshift"; + + config = mkIf cfg.enable { + location = { + latitude = 51.48; + longitude = -3.17; + }; + + services.redshift = { + enable = true; + + brightness = { + day = "1"; + night = "1"; + }; + + temperature = { + day = 5500; + night = 3700; + }; + }; + }; +} diff --git a/nix/hosts/t480/services/sound.nix b/nix/hosts/t480/services/sound.nix new file mode 100644 index 00000000..03ff2376 --- /dev/null +++ b/nix/hosts/t480/services/sound.nix @@ -0,0 +1,12 @@ +{ + services.pipewire = { + enable = true; + + alsa = { + enable = true; + support32Bit = true; + }; + + pulse.enable = true; + }; +} diff --git a/nix/hosts/t480/services/udev.nix b/nix/hosts/t480/services/udev.nix new file mode 100644 index 00000000..732ca1d6 --- /dev/null +++ b/nix/hosts/t480/services/udev.nix @@ -0,0 +1,9 @@ +{ + services.udev = { + enable = true; + + extraRules = '' + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl" + ''; + }; +} diff --git a/nix/hosts/t480/services/xserver.nix b/nix/hosts/t480/services/xserver.nix new file mode 100644 index 00000000..4120a2cf --- /dev/null +++ b/nix/hosts/t480/services/xserver.nix @@ -0,0 +1,10 @@ +{ + services.xserver = { + enable = true; + + xkb = { + layout = "gb"; + variant = ""; + }; + }; +} diff --git a/nix/hosts/t480/users.nix b/nix/hosts/t480/users.nix new file mode 100644 index 00000000..f663ad5c --- /dev/null +++ b/nix/hosts/t480/users.nix @@ -0,0 +1,15 @@ +{ pkgs, username, ... }: + +{ + users.users.${username} = { + extraGroups = [ "media" ]; + + packages = with pkgs; [ + abook + android-tools + via + ]; + }; + + users.groups.media = { }; +} diff --git a/nix/secrets.nix b/nix/secrets.nix index 63c35bf3..95ab9a04 100644 --- a/nix/secrets.nix +++ b/nix/secrets.nix @@ -4,6 +4,7 @@ let lemp11 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZ+ljJKd6uqdAk+fqxwtObI4Stab2N9Bjo4QFHY/v8n"; mail = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDop//jfN3Hj5yRQLzPwy/A1StdJ2krxIbI8LUWPX7ht"; nixedo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage"; + t480 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage"; t490 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage"; }; @@ -16,6 +17,7 @@ in hosts.hetznix hosts.mail hosts.nixedo + hosts.t480 hosts.t490 ] ++ users;