toph/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dotfiles/hosts/endurance/default.nix

303 lines
7.1 KiB
Nix
Raw Blame History

{
pkgs,
lib,
config,
inputs,
...
}: {
imports = [
inputs.flatpak.nixosModules.nix-flatpak
./hardware.nix
./disko.nix
];
bosun = {
profiles = {
graphical.enable = true;
docker.enable = true;
work.enable = true;
};
#quirks = ["avahi" "docker" "nix-ld"];
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPjqieS4GkYAa1WRYZpxjgYsj7VGZ9U+rTFCkX8M0umD";
secrets = {
nix-cache-privkey = "nix-cache-privkey.age";
nix-cache-s3-env = "nix-cache-s3.env.age";
};
};
# Sign builds and push to the S3 binary cache at s3.toph.so/nix-cache.
nix.settings = {
secret-key-files = [config.age.secrets.nix-cache-privkey.path];
post-build-hook = toString (pkgs.writeScript "nix-cache-upload" ''
#!/bin/sh
set -uf
. ${config.age.secrets.nix-cache-s3-env.path}
${config.nix.package}/bin/nix copy \
--to "s3://nix-cache?endpoint=https://s3.toph.so&region=us-east-1" \
$OUT_PATHS \
>> /tmp/nix-cache-upload.log 2>&1 &
'');
};
networking = {
firewall.enable = false;
interfaces.eno1.wakeOnLan.enable = true;
};
# Nomad client-only (no server) — joins the cluster for GPU/compute tasks
services.nomad = {
enable = true;
dropPrivileges = false;
extraSettingsPaths = [
(builtins.toFile "docker-plugin.hcl" ''
plugin "docker" {
config {
volumes {
enabled = true
}
}
}
'')
];
settings = {
datacenter = "home";
bind_addr = "{{ GetInterfaceIP \"tailscale0\" }}";
addresses = {
http = "0.0.0.0";
};
advertise = {
http = "{{ GetInterfaceIP \"tailscale0\" }}";
rpc = "{{ GetInterfaceIP \"tailscale0\" }}";
serf = "{{ GetInterfaceIP \"tailscale0\" }}";
};
client = {
enabled = true;
servers = ["alvin" "fram" "great-western"];
node_class = "workstation";
meta = {
has_gpu = "true";
has_display = "true";
location = "local";
};
};
};
};
# Make nomad CLI work with Tailscale-bound API
environment.etc."profile.d/nomad.sh".text = ''
export NOMAD_ADDR="http://$(tailscale ip -4):4646"
'';
programs = {
weylus.users = ["toph"];
gnupg.agent = {
enable = true;
pinentryPackage = pkgs.pinentry-gtk2;
enableSSHSupport = true;
};
dconf.enable = true;
steam = {
enable = true;
protontricks.enable = true;
remotePlay.openFirewall = true;
};
envision.enable = true;
gamemode.enable = true;
_1password.enable = true;
_1password-gui = {
enable = true;
# Certain features, including CLI integration and system authentication support,
# require enabling PolKit integration on some desktop environments (e.g. Plasma).
polkitPolicyOwners = ["toph"];
};
obs-studio = {
enable = true;
enableVirtualCamera = true;
plugins = with pkgs.obs-studio-plugins; [
wlrobs
obs-vaapi
obs-pipewire-audio-capture
obs-backgroundremoval
obs-move-transition
droidcam-obs
];
};
};
services = {
# ovos.enable = true; # message-bus only. remainder in hm
flatpak = {
enable = true;
packages = [
"com.bambulab.BambuStudio"
"im.riot.Riot"
];
};
hardware.openrgb.enable = true;
# Bluetooth manager
blueman.enable = true;
udev.extraRules = ''
# SpaceMouse Enterprise
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="256f", MODE="0666"
# Thrustmaster T.Flight Rudder Pedals
SUBSYSTEM=="input", ATTRS{idProduct}=="b679", ATTRS{idVendor}=="044f", MODE="0666", ENV{ID_INPUT_JOYSTICK}="1"
'';
udev.packages = [pkgs.platformio-core.udev];
elements.ollama.enable = true;
usbmuxd = {
enable = true;
package = pkgs.usbmuxd2;
};
gvfs.enable = true; # Mount/trash/...
tumbler.enable = true; # Thumbnail support in Thunar
gnome.gnome-keyring.enable = true;
# Enable CUPS to print documents.
printing = {
enable = true;
drivers = with pkgs; [
brlaser
];
};
# Smartcard support, necessary for Yubikey logins
pcscd.enable = true;
};
environment = {
# List packages installed in system profile. To search, run:
# $ nix search wget
systemPackages = with pkgs; [
# Global apps
vim
wget
htop
gnumake
libnotify
gtk3
openrgb-with-all-plugins
# lact # GPU tuning
libimobiledevice
ifuse
naps2 # Scanning
# Oxidized coreutils
uutils-coreutils-noprefix
wally-cli
keymapp
pavucontrol
nix-tree
nix-output-monitor
];
# Quirky workaround for this not being set in portals for some reason
sessionVariables.MOZ_ENABLE_WAYLAND = "1";
};
users.groups.pico = {};
# AMD GPU tooling
# systemd.packages = [pkgs.lact];
# systemd.services.lactd.wantedBy = ["multi-user.target"];
# Blue Yeti (046d:0ab7) initializes its audio endpoints in a broken state on cold boot
# because snd-usb-audio loads ~2s after the device enumerates. Toggling authorized
# forces a USB rebind on a clean device, mimicking unplug/replug.
systemd.services.blue-yeti-reset = {
description = "Reset Blue Yeti USB mic to fix cold-boot initialization";
after = ["systemd-udev-settle.service"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "blue-yeti-reset" ''
for dev in /sys/bus/usb/devices/*/; do
[ -f "$dev/idVendor" ] || continue
vendor=$(cat "$dev/idVendor" 2>/dev/null)
product=$(cat "$dev/idProduct" 2>/dev/null)
if [ "$vendor" = "046d" ] && [ "$product" = "0ab7" ]; then
echo 0 > "$dev/authorized"
sleep 0.5
echo 1 > "$dev/authorized"
break
fi
done
'';
};
};
hardware = {
amdgpu = {
opencl.enable = true;
overdrive.enable = true;
};
graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
mesa.opencl
];
};
bluetooth = {
enable = true;
powerOnBoot = true;
};
# SANE scanner support
sane = {
enable = true;
extraBackends = [pkgs.brscan4];
};
# 3DConnexion support
spacenavd.enable = true;
# Input emulation from userspace (see weylus).
uinput.enable = true;
# Enable zsa keyboard (Moonlander) support.
keyboard.zsa.enable = true;
};
# Do not change this value!
system.stateVersion = "23.05";
boot = {
# Set up our bootloader
loader = {
efi.canTouchEfiVariables = true;
grub = {
enable = true;
device = "nodev";
efiSupport = true;
};
};
extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];
kernelModules = ["v4l2loopback"];
extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
'';
};
}
Reference in a new issue View git blame Copy permalink