Refactoring config preparing for server

2025-10-04 14:59:18 +02:00 · 2025-10-04 14:59:18 +02:00 · 6992836cfe
commit 6992836cfe
parent 2bffc8d711
18 changed files with 165 additions and 10 deletions
--- a/hosts/piaf/default.nix
+++ b/hosts/piaf/default.nix
@ -0,0 +1,39 @@
+{ nix-flatpak, nixos-hardware, disko, agenix, ... }:
+
+{
+  imports =
+    [
+      # Hosts
+      ./hardware-configuration.nix
+      ./hardware.nix
+      ./disko-config.nix
+
+      ../../users/lyes
+      ../../users/lyes/desktop
+
+      ../../modules
+      ../../modules/desktop
+      ../../modules/desktop/gaming
+      ../../modules/desktop/gnome
+      ../../modules/desktop/sway
+
+      nix-flatpak.nixosModules.nix-flatpak
+      nixos-hardware.nixosModules.framework-16-7040-amd
+      disko.nixosModules.disko
+      agenix.nixosModules.default
+    ];
+
+  # Networking
+  networking = {
+    hostName = "piaf";
+    hostId = "ed183b8f";
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.11"; # Did you read the comment?
+}
--- a/hosts/piaf/disko-config.nix
+++ b/hosts/piaf/disko-config.nix
@ -0,0 +1,71 @@
+{ disks ? [ "/dev/nvme0n1" ], ... }: {
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = builtins.elemAt disks 0;
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "1G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "nofail" ];
+              };
+            };
+            zfs = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "zroot";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      zroot = {
+        type = "zpool";
+        rootFsOptions = {
+          mountpoint = "none";
+          compression = "zstd";
+          acltype = "posixacl";
+          xattr = "sa";
+          "com.sun:auto-snapshot" = "false";
+        };
+        options.ashift = "12";
+        datasets = {
+          "root" = {
+            type = "zfs_fs";
+            options = {
+              encryption = "aes-256-gcm";
+              keyformat = "passphrase";
+              keylocation = "prompt";
+            };
+            mountpoint = "/";
+
+          };
+          "root/home" = {
+            type = "zfs_fs";
+            options."com.sun:auto-snapshot" = "true";
+            mountpoint = "/home";
+          };
+          "root/var" = {
+            type = "zfs_fs";
+            mountpoint = "/var";
+          };
+          "root/nix" = {
+            type = "zfs_fs";
+            options.mountpoint = "/nix";
+            mountpoint = "/nix";
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/piaf/hardware-configuration.nix
+++ b/hosts/piaf/hardware-configuration.nix
@ -0,0 +1,25 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/piaf/hardware.nix
+++ b/hosts/piaf/hardware.nix
@ -0,0 +1,111 @@
+{ pkgs, ... }:
+
+{
+  # Kernel
+  boot.kernelPackages = pkgs.linuxPackages_6_16;
+
+  # Boot
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.systemd-boot.configurationLimit = 10;
+  # boot.loader.efi.canTouchEfiVariables = true;
+  # boot.kernelParams = [ "quiet" ];
+  boot.initrd.systemd = {
+    enable = true;
+    # network.enable = true;
+  };
+
+  # Reboot Timeout
+  systemd.settings.Manager.DefaultTimeoutStopSec = "10s";
+
+  # Swap
+  zramSwap.enable = true;
+
+  # Wake Up issues
+  services.udev.extraRules =
+    ''
+      ACTION=="add", SUBSYSTEM=="acpi", DRIVERS=="button", ATTRS{hid}=="PNP0C0D", ATTR{power/wakeup}="disabled"
+      ACTION=="add", SUBSYSTEM=="i2c", DRIVERS=="i2c_hid_acpi", ATTRS{name}=="PIXA3854:00", ATTR{power/wakeup}="disabled"
+
+      ACTION=="add", SUBSYSTEM=="usb", DRIVERS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0018", ATTR{power/wakeup}="disabled", ATTR{driver/1-1.1.1.4/power/wakeup}="disabled"
+      ACTION=="add", SUBSYSTEM=="usb", DRIVERS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled", ATTR{driver/1-1.1.1.4/power/wakeup}="disabled"
+    '';
+
+  # Optimisation
+
+  # nixpkgs.hostPlatform = {
+  #   gcc.arch = "tigerlake";
+  #   gcc.tune = "tigerlake";
+  #   system = "x86_64-linux";
+  # };
+
+  # nix.settings.system-features = [ "gccarch-tigerlake" "nixos-test" "benchmark" "big-parallel" "kvm" ];
+
+  # # Increasing the limit of files to help with compilation
+  # security.pam.loginLimits = [{
+  #   domain = "*";
+  #   type = "soft";
+  #   item = "nofile";
+  #   value = "8192";
+  # }];
+
+  # # Resources Limit
+  # nix.settings = {
+  #   max-jobs = 7;
+  #   cores = 2;
+  # };
+
+  # # OOM configuration
+  # systemd = {
+  #   # Create a separate slice for nix-daemon that is
+  #   # memory-managed by the userspace systemd-oomd killer
+  #   slices."nix-daemon".sliceConfig = {
+  #     ManagedOOMMemoryPressure = "kill";
+  #     ManagedOOMMemoryPressureLimit = "50%";
+  #   };
+  #   services."nix-daemon".serviceConfig.Slice = "nix-daemon.slice";
+
+  #   # If a kernel-level OOM event does occur anyway,
+  #   # strongly prefer killing nix-daemon child processes
+  #   services."nix-daemon".serviceConfig.OOMScoreAdjust = 1000;
+
+  #   services."nix-daemon".serviceConfig.MemoryHigh = "16G";
+  #   services."nix-daemon".serviceConfig.MemoryMax = "20G";
+  # };
+
+  # Disabling failing test
+  nixpkgs.overlays = [ (final: prev: {
+    upower = prev.upower.overrideAttrs (_: { doCheck = false; });
+    gxml = prev.gxml.overrideAttrs (_: { doCheck = false; });
+  # #   orc = prev.orc.overrideAttrs (_: { doCheck = false; });
+  # #   gsl = prev.gsl.overrideAttrs (_: { doCheck = false; });
+  #   fprintd = prev.fprintd.overrideAttrs (super: {
+  #     # doCheck = false;
+  #     # buildInputs = super.buildInputs or [ ] ++ (with pkgs; [ libpam-wrapper (pkgs.python3.withPackages (python-pkgs: [ python-pkgs.pycairo python-pkgs.dbus-python python-pkgs.python-dbusmock ])) ]);
+  #     mesonCheckFlags = [
+  #       # PAM related checks are timing out
+  #       "--no-suite" "fprintd"
+  #     ];
+  #   });
+  #   libsrtp = prev.libsrtp.overrideAttrs (_: {
+  #     mesonFlags = [
+  #       "-Dcrypto-library=openssl"
+  #       "-Dcrypto-library-kdf=disabled"
+  #       "-Ddoc=disabled"
+  #       "-Dtests=disabled"
+  #     ];
+  #   });
+  # #   # haskellPackages.crypton = pkgs.haskell.lib.overrideCabal prev.crypton (_: { doCheck = false; });
+  # #   # haskellPackages.cryptonite = pkgs.haskell.lib.overrideCabal prev.cryptonite (_: { doCheck = false; });
+  }) ];
+
+  # nixpkgs.config.packageOverrides = pkgs: {
+  #   haskellPackages = pkgs.haskellPackages.override {
+  #     overrides = hsSelf: hsSuper: {
+  #       crypton = pkgs.haskell.lib.overrideCabal hsSuper.crypton (_: { doCheck = false; });
+  #       cryptonite = pkgs.haskell.lib.overrideCabal hsSuper.cryptonite (_: { doCheck = false; });
+  #       crypton-x509-validation = pkgs.haskell.lib.overrideCabal hsSuper.crypton-x509-validation (oa: { doCheck = false; });
+  #       tls = pkgs.haskell.lib.overrideCabal hsSuper.tls (oa: { doCheck = false; });
+  #     };
+  #   };
+  # };
+}