Home Explore Help
Sign In
badbayan
/
nix-config
Watch 1
Star 0
Fork 0
Files
Tree: b5b5b6757e
Branches Tags
nix-config
/
hosts
/
makai
/
default.nix

default.nix 2.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105 
  1. { config, lib, pkgs, inputs, ... }:
    2. 

  2. 

  3. {
    4. 

  4.   imports = with inputs.self.modules; [
    5. 

  5.     ./hardware-configuration.nix
    6. 

  6. 

  7.     users.aya
    8. 

  8.   ];
    9. 

  9. 

  10.   roles.desktop = "gnome";
    11. 

  11. 

  12.   nix.gc.automatic = lib.mkForce false;
    13. 

  13. 

  14.   boot = {
    15. 

  15.     loader = {
    16. 

  16.       grub = {
    17. 

  17.         enable = true;
    18. 

  18.         device = "/dev/sda";
    19. 

  19.       };
    20. 

  20.       timeout = 2;
    21. 

  21.     };
    22. 

  22.     kernelPackages = pkgs.linuxPackages_6_6;
    23. 

  23.     kernelParams = [ "acpi_backlight=native" "mem_sleep_default=s2idle" ];
    24. 

  24.   };
    25. 

  25. 

  26.   environment.persistence."/system/persist" = {
    27. 

  27.     directories = [
    28. 

  28.       "/etc/NetworkManager"
    29. 

  29.       "/var/db/sudo"
    30. 

  30.       "/var/lib"
    31. 

  31.       "/var/log"
    32. 

  32.     ];
    33. 

  33.     files = [
    34. 

  34.       "/etc/machine-id"
    35. 

  35.       { file = "/root/.ssh/id_ed25519";
    36. 

  36.         parentDirectory = {
    37. 

  37.           defaultPerms.mode = "0700";
    38. 

  38.           mode = "0700";
    39. 

  39.         };
    40. 

  40.       }
    41. 

  41.     ];
    42. 

  42.   };
    43. 

  43. 

  44.   fileSystems = {
    45. 

  45.     "/".options = [ "size=256M" "mode=755" ];
    46. 

  46.     "/home".options = [ "compress=zstd" ];
    47. 

  47.     "/nix".options = [ "compress=zstd" "noatime" ];
    48. 

  48.     "/system" = {
    49. 

  49.       neededForBoot = true;
    50. 

  50.       options = [ "compress=zstd" ];
    51. 

  51.     };
    52. 

  52.   };
    53. 

  53. 

  54.   age = {
    55. 

  55.     identityPaths = [ "/system/persist/root/.ssh/id_ed25519" ];
    56. 

  56.     secrets = with inputs.self.modules; {
    57. 

  57.       makai-wg0.file = secrets.makai-wg0;
    58. 

  58.       yama-wg0-makai.file = secrets.yama-wg0-makai;
    59. 

  59.     };
    60. 

  60.   };
    61. 

  61. 

  62.   networking = {
    63. 

  63.     hostName = "makai";
    64. 

  64.     networkmanager.enable = true;
    65. 

  65. 

  66.     wireguard.interfaces = {
    67. 

  67.       wg0 = {
    68. 

  68.         ips = [ "10.0.0.2/24" ];
    69. 

  69.         listenPort = 51820;
    70. 

  70.         privateKeyFile = config.age.secrets.makai-wg0.path;
    71. 

  71.         peers = [
    72. 

  72.           { # yama
    73. 

  73.             publicKey = "Tan9IHvGvzeHFBSg3ZnhqNuJFYtAB+hfybbh9SPWRwk=";
    74. 

  74.             presharedKeyFile = config.age.secrets.yama-wg0-makai.path;
    75. 

  75.             endpoint = "notbad.dynv6.net:51820";
    76. 

  76.             allowedIPs = [ "10.0.0.1/32" ];
    77. 

  77.             dynamicEndpointRefreshSeconds = 10;
    78. 

  78.           }
    79. 

  79.         ];
    80. 

  80.       };
    81. 

  81.     };
    82. 

  82.   };
    83. 

  83. 

  84.   environment.sessionVariables = {
    85. 

  85.     LIBVA_DRIVER_NAME = "i965";
    86. 

  86.   };
    87. 

  87. 

  88.   services = {
    89. 

  89.     # btrfs.autoScrub = {
    90. 

  90.     #   enable = true;
    91. 

  91.     #   fileSystems = [ "/system" ];
    92. 

  92.     # };
    93. 

  93.     dnsmasq.enable = true;
    94. 

  94.     logind.lidSwitch = "suspend-then-hibernate";
    95. 

  95.     yggdrasil.enable = true;
    96. 

  96.   };
    97. 

  97. 

  98.   systemd.sleep.extraConfig = ''
    99. 

  99.     SuspendState=freeze
    100. 

  100.     HibernateDelaySec=20m
    101. 

  101.   '';
    102. 

  102. 

  103.   zramSwap.enable = true;
    104. 

  104. }
    105. 

  105.