diff --git a/config/hosts/imxyy-nix-x16/default.nix b/config/hosts/imxyy-nix-x16/default.nix new file mode 100644 index 0000000..3ea75a0 --- /dev/null +++ b/config/hosts/imxyy-nix-x16/default.nix @@ -0,0 +1,9 @@ +{ + imports = [ + ./nixos.nix + ./hardware.nix + ./home.nix + ./virt.nix + ./net.nix + ]; +} diff --git a/config/hosts/imxyy-nix-x16/hardware.nix b/config/hosts/imxyy-nix-x16/hardware.nix new file mode 100644 index 0000000..16b5fec --- /dev/null +++ b/config/hosts/imxyy-nix-x16/hardware.nix @@ -0,0 +1,162 @@ +{ + config, + lib, + pkgs, + username, + ... +}: +let + btrfs = "/dev/disk/by-uuid/0404de0a-9c4d-4c98-b3e5-b8ff8115f36c"; +in +{ + boot = { + initrd = { + kernelModules = [ "amdgpu" ]; + availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; + verbose = false; + }; + + kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos; + kernelModules = [ "kvm-amd" ]; + + tmp.useTmpfs = true; + kernel.sysctl = { + "fs.file-max" = 9223372036854775807; + }; + + resumeDevice = btrfs; + kernelParams = [ + "resume_offset=6444127" + ]; + }; + services.scx.enable = true; + + fileSystems."/" = { + device = btrfs; + fsType = "btrfs"; + options = [ + "compress=zstd" + "subvol=root" + ]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/843c36ae-f6d0-46a1-b5c7-8ab569e1e63f"; + fsType = "btrfs"; + options = [ "compress=zstd" ]; + }; + + my.persist.location = "/nix/persist"; + fileSystems."/nix/persist" = { + device = btrfs; + fsType = "btrfs"; + options = [ + "compress=zstd" + "subvol=persistent" + ]; + neededForBoot = true; + }; + + fileSystems."/swap" = { + device = btrfs; + fsType = "btrfs"; + options = [ + "compress=zstd" + "subvol=swap" + ]; + neededForBoot = true; + }; + + boot.initrd.postDeviceCommands = lib.mkAfter '' + mkdir /btrfs_tmp + mount ${btrfs} /btrfs_tmp + mkdir -p /btrfs_tmp/old_roots + if [[ -e /btrfs_tmp/root ]]; then + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +14); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + umount /btrfs_tmp + ''; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/B7DC-E9AC"; + fsType = "vfat"; + options = [ + "uid=0" + "gid=0" + "fmask=0077" + "dmask=0077" + ]; + }; + + fileSystems."/home/${username}/Documents" = { + device = "/dev/disk/by-uuid/a4e37dcd-764a-418c-aa1c-484f1fbd4bbe"; + fsType = "ext4"; + }; + + fileSystems."/home/${username}/Downloads" = { + device = "/dev/disk/by-uuid/18717cb4-49ac-40fa-95d4-29523a458dd0"; + fsType = "ext4"; + }; + + fileSystems."/home/${username}/Videos" = { + device = "/dev/disk/by-uuid/b67bbeab-58bc-4814-b5e3-08404e78b25e"; + fsType = "ext4"; + }; + + fileSystems."/home/${username}/Pictures" = { + device = "/dev/disk/by-uuid/a31bfe7e-cc17-4bd2-af74-ae5de9be35d3"; + fsType = "ext4"; + }; + + fileSystems."/home/${username}/Music" = { + device = "//192.168.3.2/share/imxyy_soope_/Music"; + fsType = "cifs"; + options = [ + "username=nas" + "password=nasshare" + "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s" + "nodev" + "nofail" + "uid=1000" + "gid=100" + "vers=3" + "rw" + ]; + }; + + swapDevices = [ + { + device = "/swap/swapfile"; + size = 32 * 1024; + } + ]; + + networking.useDHCP = lib.mkDefault false; + + hardware.enableRedistributableFirmware = lib.mkDefault true; + hardware.cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware; + + nixpkgs.hostPlatform = lib.mkForce "x86_64-linux"; +} diff --git a/config/hosts/imxyy-nix-x16/home.nix b/config/hosts/imxyy-nix-x16/home.nix new file mode 100644 index 0000000..3c219f8 --- /dev/null +++ b/config/hosts/imxyy-nix-x16/home.nix @@ -0,0 +1,185 @@ +{ + config, + lib, + pkgs, + username, + ... +}: +{ + my.home = { + home.packages = with pkgs; [ + localsend + + rclone + + wpsoffice-cn + wps-office-fonts + ttf-wps-fonts + evince + + anki + + ayugram-desktop + telegram-desktop + signal-desktop + discord + qq + wechat + + gnome-clocks + + wineWowPackages.waylandFull + + pavucontrol + pamixer + ]; + programs.zsh = { + shellAliases = { + cageterm = "cage -m DP-2 -s -- alacritty -o font.size=20"; + cagefoot = "cage -m DP-2 -s -- foot --font=monospace:size=20"; + cagekitty = "cage -m DP-2 -s -- kitty -o font_size=20"; + }; + sessionVariables = { + no_proxy = "192.168.3.0/24"; + PATH = "/home/${username}/bin:$PATH"; + }; + profileExtra = '' + if [ `tty` = "/dev/tty6" ]; then + clear + fi + ''; + }; + + programs.niri.settings = { + environment.STEAM_FORCE_DESKTOPUI_SCALING = "1.25"; + outputs = { + DP-2 = { + enable = true; + mode = { + width = 2560; + height = 1440; + refresh = 75.033; + }; + scale = 1.25; + position = { + x = 0; + y = 0; + }; + }; + DP-3 = { + enable = true; + mode = { + width = 2560; + height = 1440; + refresh = 75.033; + }; + scale = 1.25; + }; + }; + }; + }; + + my = { + autologin = { + enable = true; + user = username; + ttys = [ 6 ]; + }; + + gpg.enable = true; + cli.all.enable = true; + coding.all.enable = true; + desktop.all.enable = true; + + desktop.browser.librewolf.enable = lib.mkForce false; + + i18n.fcitx5.enable = true; + + xdg = { + enable = true; + defaultApplications = + let + browser = [ "zen-beta.desktop" ]; + editor = [ "codium.desktop" ]; + imageviewer = [ "org.gnome.Shotwell-Viewer.desktop" ]; + in + { + "inode/directory" = [ "nemo.desktop" ]; + + "application/pdf" = [ "org.gnome.Evince.desktop" ]; + + "text/*" = editor; + "application/json" = editor; + "text/html" = editor; + "text/xml" = editor; + "application/xml" = editor; + "application/xhtml+xml" = editor; + "application/xhtml_xml" = editor; + "application/rdf+xml" = editor; + "application/rss+xml" = editor; + "application/x-extension-htm" = editor; + "application/x-extension-html" = editor; + "application/x-extension-shtml" = editor; + "application/x-extension-xht" = editor; + "application/x-extension-xhtml" = editor; + + "x-scheme-handler/about" = browser; + "x-scheme-handler/ftp" = browser; + "x-scheme-handler/http" = browser; + "x-scheme-handler/https" = browser; + "x-scheme-handler/unknown" = browser; + + "audio/*" = imageviewer; + "video/*" = imageviewer; + "image/*" = imageviewer; + "image/gif" = imageviewer; + "image/jpeg" = imageviewer; + "image/png" = imageviewer; + "image/webp" = imageviewer; + }; + extraBookmarks = + let + homedir = config.my.home.home.homeDirectory; + in + [ + "file://${homedir}/Documents/%E7%8F%AD%E7%BA%A7%E4%BA%8B%E5%8A%A1 班级事务" + "file://${homedir}/NAS NAS" + "file://${homedir}/NAS/imxyy_soope_ NAS imxyy_soope_" + "file://${homedir}/NAS/imxyy_soope_/OS NAS OS" + ]; + }; + persist = { + enable = true; + homeDirs = [ + ".android" + "Android" + + "bin" + "workspace" + "Virt" + + ".cache" + ".local/state" + ".local/share/Anki2" + ".local/share/shotwell" + ".local/share/cheat.sh" + ".local/share/Kingsoft" + + ".local/share/AyuGramDesktop" + ".local/share/TelegramDesktop" + ".config/Signal" + ".config/discord" + ".config/QQ" + ".xwechat" + + ".config/Kingsoft" + ".config/dconf" + ".config/gh" + ".config/pulse" + ".config/pip" + ".config/libreoffice" + ".config/sunshine" + ]; + }; + }; +} diff --git a/config/hosts/imxyy-nix-x16/net.nix b/config/hosts/imxyy-nix-x16/net.nix new file mode 100644 index 0000000..6ef1de1 --- /dev/null +++ b/config/hosts/imxyy-nix-x16/net.nix @@ -0,0 +1,62 @@ +{ + config, + lib, + pkgs, + sopsRoot, + ... +}: +{ + boot.kernelParams = [ + "biosdevname=0" + "net.ifnames=0" + ]; + networking.wireless.enable = true; + networking.wireless.userControlled = true; + + sops.secrets.dae-imxyy-nix-x16 = { + sopsFile = sopsRoot + /dae-imxyy-nix-x16.dae; + format = "binary"; + }; + services.dae = { + enable = true; + configFile = config.sops.secrets.dae-imxyy-nix-x16.path; + }; + systemd.services.dae.after = [ "sops-nix.service" ]; + sops.secrets.mihomo = { + sopsFile = sopsRoot + /mihomo.yaml; + format = "yaml"; + key = ""; + }; + systemd.services.mihomo.after = [ "sops-nix.service" ]; + services.mihomo = { + enable = true; + configFile = config.sops.secrets.mihomo.path; + webui = pkgs.metacubexd; + }; + + sops.secrets.et-imxyy-nix-x16 = { + sopsFile = sopsRoot + /et-imxyy-nix-x16.toml; + format = "binary"; + }; + environment.systemPackages = with pkgs; [ + easytier + wpa_supplicant + wpa_supplicant_gui + ]; + systemd.services."easytier" = { + enable = true; + script = "${pkgs.easytier}/bin/easytier-core -c ${config.sops.secrets.et-imxyy-nix-x16.path}"; + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + RestartMaxDelaySec = lib.mkOverride 500 "1m"; + RestartSec = lib.mkOverride 500 "100ms"; + RestartSteps = lib.mkOverride 500 9; + User = "root"; + }; + wantedBy = [ "multi-user.target" ]; + after = [ + "network.target" + "sops-nix.service" + ]; + }; +} diff --git a/config/hosts/imxyy-nix-x16/nixos.nix b/config/hosts/imxyy-nix-x16/nixos.nix new file mode 100644 index 0000000..c8a2482 --- /dev/null +++ b/config/hosts/imxyy-nix-x16/nixos.nix @@ -0,0 +1,172 @@ +{ + lib, + pkgs, + config, + username, + sopsRoot, + ... +}: { + security.pam.loginLimits = [ + { + domain = "*"; + type = "soft"; + item = "nofile"; + value = "524288"; + } + ]; + + boot.kernelParams = [ + "usbcore.autosuspend=-1" # Avoid usb autosuspend (for usb bluetooth adapter) + ]; + + boot.loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + grub.enable = false; + timeout = 0; + }; + + hardware.graphics.enable = true; + hardware.graphics.enable32Bit = true; + + systemd.services.nix-daemon = { + environment.TMPDIR = "/var/cache/nix"; + serviceConfig.CacheDirectory = "nix"; + }; + environment.variables.NIX_REMOTE = "daemon"; + + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = false; + alsa.support32Bit = false; + pulse.enable = false; + audio.enable = false; + }; + services.pulseaudio = { + enable = true; + support32Bit = true; + package = pkgs.pulseaudioFull; + extraConfig = '' + load-module module-switch-on-connect + unload-module module-suspend-on-idle + ''; + }; + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + settings = { + General = { + Enable = "Source,Sink,Media,Socket"; + Disable = "HeadSet"; + MultiProfile = "multiple"; + }; + }; + }; + users.extraUsers.${username}.extraGroups = [ "audio" ]; + + fonts = { + enableDefaultPackages = false; + fontDir.enable = true; + + packages = with pkgs; [ + noto-fonts + noto-fonts-cjk-sans + noto-fonts-emoji + + jetbrains-mono + + nerd-fonts.symbols-only + ]; + + fontconfig.defaultFonts = { + serif = [ + "Noto Serif CJK SC" + "Noto Serif" + "Symbols Nerd Font" + ]; + sansSerif = [ + "Noto Sans CJK SC" + "Noto Sans" + "Symbols Nerd Font" + ]; + monospace = [ + "JetBrains Mono" + "Noto Sans Mono CJK SC" + "Symbols Nerd Font Mono" + ]; + emoji = [ "Noto Color Emoji" ]; + }; + }; + + services.printing.enable = true; + + services.keyd = { + enable = true; + keyboards.default.settings = { + main = { + capslock = "overload(control, esc)"; + home = "end"; + }; + shift = { + home = "home"; + }; + control = { + delete = "print"; + }; + }; + }; + + services.gvfs.enable = true; + + services.openssh = { + enable = true; + settings = { + # Forbid root login through SSH. + PermitRootLogin = null; + PasswordAuthentication = true; + }; + }; + + environment.systemPackages = [ + pkgs.rclone + ]; + + sops.secrets.imxyy-nix-rclone = { + sopsFile = sopsRoot + /imxyy-nix-rclone.conf; + format = "binary"; + }; + fileSystems = { + "/home/${username}/Nextcloud" = { + device = "Nextcloud:"; + fsType = "rclone"; + options = [ + "nodev" + "nofail" + "allow_other" + "args2env" + "config=${config.sops.secrets.imxyy-nix-rclone.path}" + "uid=1000" + "gid=100" + "rw" + "no-check-certificate" + "vfs-cache-mode=full" + ]; + }; + "/home/${username}/NAS" = { + device = "//10.0.0.1/share"; + fsType = "cifs"; + options = [ + "username=nas" + "password=nasshare" + "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s" + "nodev" + "nofail" + "uid=1000" + "gid=100" + "vers=3" + "rw" + ]; + }; + }; +}