dotfiles/hosts/tempest/default.nix

143 lines
4.3 KiB
Nix
Raw Normal View History

2023-02-11 14:35:38 +00:00
# The Tempest
# System configuration for my desktop
2024-04-13 13:03:44 +00:00
{
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem {
2022-05-08 20:02:13 +00:00
system = "x86_64-linux";
modules = [
globals
inputs.home-manager.nixosModules.home-manager
2023-04-16 00:55:56 +00:00
../../modules/common
../../modules/nixos
2022-05-08 20:02:13 +00:00
{
nixpkgs.overlays = overlays;
2023-04-16 00:55:56 +00:00
# Hardware
2022-12-21 21:18:03 +00:00
physical = true;
2023-02-11 14:35:38 +00:00
networking.hostName = "tempest";
2023-04-16 00:55:56 +00:00
2023-08-05 21:14:26 +00:00
# Not sure what's necessary but too afraid to remove anything
2024-04-13 13:03:44 +00:00
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
2023-08-05 21:14:26 +00:00
# Graphics and VMs
2023-04-16 00:55:56 +00:00
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
services.xserver.videoDrivers = [ "amdgpu" ];
2023-08-05 21:14:26 +00:00
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
2023-08-05 21:14:26 +00:00
# Prioritize performance over efficiency
2023-04-16 00:55:56 +00:00
powerManagement.cpuFreqGovernor = "performance";
2023-08-05 21:14:26 +00:00
# Allow firmware updates
2023-04-16 00:55:56 +00:00
hardware.cpu.amd.updateMicrocode = true;
2023-08-05 21:14:26 +00:00
# Helps reduce GPU fan noise under idle loads
2023-04-16 00:55:56 +00:00
hardware.fancontrol.enable = true;
hardware.fancontrol.config = ''
# Configuration file generated by pwmconfig, changes will be lost
INTERVAL=10
DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
DEVNAME=hwmon0=amdgpu
FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
FCFANS= hwmon0/pwm1=hwmon0/fan1_input
MINTEMP=hwmon0/pwm1=50
MAXTEMP=hwmon0/pwm1=70
MINSTART=hwmon0/pwm1=100
MINSTOP=hwmon0/pwm1=10
MINPWM=hwmon0/pwm1=10
MAXPWM=hwmon0/pwm1=240
'';
2023-08-05 21:14:26 +00:00
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
2023-04-16 00:55:56 +00:00
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
2023-08-05 21:14:26 +00:00
# This is the boot filesystem for Grub
2023-04-16 00:55:56 +00:00
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
2023-08-05 21:14:26 +00:00
# Secrets must be prepared ahead before deploying
passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
# Theming
2023-08-05 21:14:26 +00:00
# Turn on all features related to desktop and graphical applications
2023-04-16 00:55:56 +00:00
gui.enable = true;
2023-08-05 21:14:26 +00:00
# Set the system-wide theme, also used for non-graphical programs
theme = {
colors = (import ../../colorscheme/gruvbox-dark).dark;
2022-11-05 23:38:43 +00:00
dark = true;
2022-06-20 03:44:29 +00:00
};
wallpaper = "${inputs.wallpapers}/gruvbox/road.jpg";
gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
2022-12-21 21:18:03 +00:00
# Programs and services
atuin.enable = true;
2023-02-21 03:42:22 +00:00
charm.enable = true;
2023-01-21 14:29:03 +00:00
neovim.enable = true;
2022-12-21 21:18:03 +00:00
media.enable = true;
dotfiles.enable = true;
2022-12-21 21:18:03 +00:00
firefox.enable = true;
kitty.enable = true;
_1password.enable = true;
2022-12-21 21:18:03 +00:00
discord.enable = true;
nautilus.enable = true;
obsidian.enable = true;
2022-12-22 00:31:25 +00:00
mail.enable = true;
2022-12-21 21:18:03 +00:00
mail.aerc.enable = true;
mail.himalaya.enable = true;
keybase.enable = true;
mullvad.enable = false;
2022-12-21 21:18:03 +00:00
nixlang.enable = true;
2023-11-02 02:13:49 +00:00
rust.enable = true;
2024-03-24 17:59:36 +00:00
terraform.enable = true;
2023-03-09 03:56:07 +00:00
yt-dlp.enable = true;
2023-02-05 22:16:20 +00:00
gaming = {
2023-04-19 23:50:10 +00:00
dwarf-fortress.enable = true;
2023-02-05 22:16:20 +00:00
enable = true;
steam.enable = true;
2024-01-07 23:48:40 +00:00
legendary.enable = true;
2023-02-05 22:16:20 +00:00
lutris.enable = true;
2023-06-02 02:39:05 +00:00
ryujinx.enable = true;
2023-02-05 22:16:20 +00:00
};
2023-08-05 21:14:26 +00:00
services.vmagent.enable = true; # Enables Prometheus metrics
2024-04-13 13:03:44 +00:00
services.openssh.enable = true; # Required for Cloudflare tunnel and identity file
2023-08-05 21:14:26 +00:00
# Allows private remote access over the internet
2023-07-05 20:18:59 +00:00
cloudflareTunnel = {
enable = true;
id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
credentialsFile = ../../private/cloudflared-tempest.age;
2024-04-13 13:03:44 +00:00
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
2023-07-05 20:18:59 +00:00
};
2023-07-21 01:06:44 +00:00
# Allows requests to force machine to wake up
2023-08-05 21:14:26 +00:00
# This network interface might change, needs to be set specifically for each machine.
# Or set usePredictableInterfaceNames = false
2023-07-21 01:06:44 +00:00
networking.interfaces.enp5s0.wakeOnLan.enable = true;
2022-05-08 20:02:13 +00:00
}
];
}