nixos-config/decoysnail.nix

{ config, pkgs, ... }:

{
  imports =
    [
      ./common-headless.nix
      ./sway.nix
      ./large-sw.nix
      ./uefi.nix
      ./fstrim.nix
      ./atmega.nix
      ./v4l2loopback.nix
      ./huion.nix
      ./nvim05.nix
    ];

  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

  fileSystems."/" =
    { device = "/dev/disk/by-uuid/a16ae3f7-11df-47fc-a8df-f22c474ec1c1";
      fsType = "ext4";
    };

  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/3C5C-049B";
      fsType = "vfat";
    };

  #swapDevices = [
  #  { device = "/dev/disk/by-uuid/b7274abd-58a5-4acc-8481-30e105e94eec"; }
  #];

  nix.maxJobs = pkgs.lib.mkDefault 6;
  powerManagement.cpuFreqGovernor = pkgs.lib.mkDefault "powersave";

  environment.etc."lvm/lvm.conf".text = ''
    devices {
      issue_discards = 1
    }
  '';
  boot.initrd.luks.devices = {
    sda_crypt = {
      device = "/dev/disk/by-partuuid/00292928-0088-4887-9e5d-2f2eccb4816f";
      preLVM = true;
      allowDiscards = true;
    };
  };

  networking = {
    hostName = "decoysnail";
    hostId = "cf04f682";
  };

  services.openssh.enable = true;

  hardware.cpu.intel.updateMicrocode = true;

  services.thermald.enable = true;

  hardware.opengl = {
    extraPackages = with pkgs; [ beignet ];
    driSupport32Bit = true;
  };

  #services.avahi.nssmdns = true;
  #services.nscd.enable = pkgs.lib.mkOverride 10 true;

  services.openssh.forwardX11 = true;

  system.stateVersion = "19.09";

  networking.wireguard.interfaces.wg0 = {
    ips = ["10.59.0.4/16"];
    privateKeyFile = "/etc/wgkeys/decoysnail";
    allowedIPsAsRoutes = true;
    postSetup = ''
      ${pkgs.systemd}/bin/resolvectl domain wg0 '~htdf.gebner.org' '~mtlaa.gebner.org' '~ams.gebner.org'
      ${pkgs.systemd}/bin/resolvectl dns wg0 10.57.0.1
    '';
    peers = [{
      publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";
      allowedIPs = ["10.56.0.0/14" "10.60.1.1"];
      # endpoint = "mtlaa-gw.gebner.org:35869";
      # endpoint = "84.112.114.160:35869";
      endpoint = "127.0.0.1:35869";
      persistentKeepalive = 25;
    }];
  };

  systemd.services.wstunnel = {
    path = [ pkgs.wstunnel ];
    wantedBy = [ "wireguard-wg0.service" ];
    after = [ "network.target" ];
    script = ''
      wstunnel -L 35869:htdf-gw.gebner.org:35869 -u wss://gebner.org
    '';
  };

  services.resolved = {
    domains = [];
    enable = true;
  };

  services.xserver = {
    videoDrivers = [ "intel" ];
  };

  fonts.fontconfig = {
    subpixel.rgba = "none";
  };

  systemd.services.NetworkManager.restartIfChanged = false;
  systemd.services.NetworkManager-dispatcher.restartIfChanged = false;
}
decoysnail 2017-08-24 12:18:58 +00:00			`{ config, pkgs, ... }:`

			`{`
			`imports =`
			`[`
Reorganize configuration. 2020-07-14 14:47:09 +00:00			`./common-headless.nix`
decoysnail: switch to sway 2020-08-17 09:02:36 +00:00			`./sway.nix`
decoysnail 2017-08-24 12:18:58 +00:00			`./large-sw.nix`
			`./uefi.nix`
decoysnail: enable fstrim 2018-11-05 17:06:19 +00:00			`./fstrim.nix`
decoysnail: add udev rules for keyboard 2019-02-27 10:16:49 +00:00			`./atmega.nix`
fix typo 2020-12-01 12:01:26 +00:00			`./v4l2loopback.nix`
refactor 2020-11-21 10:28:14 +00:00			`./huion.nix`
decoysnail: use modern nvim 2021-05-27 10:22:40 +00:00			`./nvim05.nix`
decoysnail 2017-08-24 12:18:58 +00:00			`];`

decoysnail: flakify 2021-05-27 10:20:25 +00:00			`boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];`
			`boot.initrd.kernelModules = [ "dm-snapshot" ];`
			`boot.kernelModules = [ "kvm-intel" ];`
			`boot.extraModulePackages = [ ];`

			`fileSystems."/" =`
			`{ device = "/dev/disk/by-uuid/a16ae3f7-11df-47fc-a8df-f22c474ec1c1";`
			`fsType = "ext4";`
			`};`

			`fileSystems."/boot" =`
			`{ device = "/dev/disk/by-uuid/3C5C-049B";`
			`fsType = "vfat";`
			`};`

			`#swapDevices = [`
			`# { device = "/dev/disk/by-uuid/b7274abd-58a5-4acc-8481-30e105e94eec"; }`
			`#];`

			`nix.maxJobs = pkgs.lib.mkDefault 6;`
			`powerManagement.cpuFreqGovernor = pkgs.lib.mkDefault "powersave";`

decoysnail: allow discards 2018-11-05 17:13:27 +00:00			`environment.etc."lvm/lvm.conf".text = ''`
			`devices {`
			`issue_discards = 1`
			`}`
			`'';`
decoysnail: use new luks.devices syntax 2020-06-15 07:23:25 +00:00			`boot.initrd.luks.devices = {`
			`sda_crypt = {`
New decoysnail. 2019-10-15 11:56:13 +00:00			`device = "/dev/disk/by-partuuid/00292928-0088-4887-9e5d-2f2eccb4816f";`
decoysnail: add ssd 2018-10-09 08:40:33 +00:00			`preLVM = true;`
decoysnail: allow discards 2018-11-05 17:13:27 +00:00			`allowDiscards = true;`
decoysnail: use new luks.devices syntax 2020-06-15 07:23:25 +00:00			`};`
			`};`
decoysnail 2017-08-24 12:18:58 +00:00
			`networking = {`
			`hostName = "decoysnail";`
			`hostId = "cf04f682";`
			`};`

			`services.openssh.enable = true;`

			`hardware.cpu.intel.updateMicrocode = true;`

			`services.thermald.enable = true;`

decoysnail: add beignet 2018-12-18 10:07:01 +00:00			`hardware.opengl = {`
			`extraPackages = with pkgs; [ beignet ];`
			`driSupport32Bit = true;`
			`};`
decoysnail 2017-08-24 12:18:58 +00:00
New decoysnail. 2019-10-15 11:56:13 +00:00			`#services.avahi.nssmdns = true;`
			`#services.nscd.enable = pkgs.lib.mkOverride 10 true;`
decoysnail: enable avahi 2019-01-02 12:57:47 +00:00
decoysnail: enable ssh x11 forwarding 2018-02-19 09:31:12 +00:00			`services.openssh.forwardX11 = true;`

New decoysnail. 2019-10-15 11:56:13 +00:00			`system.stateVersion = "19.09";`
decoysnail: add wireguard tunnel 2018-10-08 09:50:19 +00:00
			`networking.wireguard.interfaces.wg0 = {`
			`ips = ["10.59.0.4/16"];`
			`privateKeyFile = "/etc/wgkeys/decoysnail";`
			`allowedIPsAsRoutes = true;`
			`postSetup = ''`
Move computers around europe. 2019-10-14 09:03:14 +00:00			`${pkgs.systemd}/bin/resolvectl domain wg0 '~htdf.gebner.org' '~mtlaa.gebner.org' '~ams.gebner.org'`
decoysnail: use superior systemd-resolved 2019-02-19 12:12:08 +00:00			`${pkgs.systemd}/bin/resolvectl dns wg0 10.57.0.1`
decoysnail: add wireguard tunnel 2018-10-08 09:50:19 +00:00			`'';`
			`peers = [{`
			`publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";`
			`allowedIPs = ["10.56.0.0/14" "10.60.1.1"];`
decoysnail: use intel driver 2019-03-08 11:37:04 +00:00			`# endpoint = "mtlaa-gw.gebner.org:35869";`
decoysnail: use wstunnel 2019-10-16 08:37:16 +00:00			`# endpoint = "84.112.114.160:35869";`
			`endpoint = "127.0.0.1:35869";`
decoysnail: add keepalive for wireguard 2018-11-15 09:06:48 +00:00			`persistentKeepalive = 25;`
decoysnail: add wireguard tunnel 2018-10-08 09:50:19 +00:00			`}];`
			`};`
decoysnail: add stateVersion 2018-06-11 11:20:18 +00:00
decoysnail: use wstunnel 2019-10-16 08:37:16 +00:00			`systemd.services.wstunnel = {`
			`path = [ pkgs.wstunnel ];`
			`wantedBy = [ "wireguard-wg0.service" ];`
			`after = [ "network.target" ];`
			`script = ''`
			`wstunnel -L 35869:htdf-gw.gebner.org:35869 -u wss://gebner.org`
			`'';`
			`};`

decoysnail: use superior systemd-resolved 2019-02-19 12:12:08 +00:00			`services.resolved = {`
			`domains = [];`
			`enable = true;`
			`};`

decoysnail: use intel driver 2019-03-08 11:37:04 +00:00			`services.xserver = {`
			`videoDrivers = [ "intel" ];`
			`};`

decoysnail: disable subpixel hinting 2019-12-20 09:00:28 +00:00			`fonts.fontconfig = {`
			`subpixel.rgba = "none";`
			`};`
decoysnail: dont restart networkmanager 2021-04-28 09:10:23 +00:00
			`systemd.services.NetworkManager.restartIfChanged = false;`
			`systemd.services.NetworkManager-dispatcher.restartIfChanged = false;`
decoysnail 2017-08-24 12:18:58 +00:00			`}`