summaryrefslogtreecommitdiffstats
path: root/makefu/1systems/tsp.nix
blob: 3de2d300ccf396c3d7dd2fa25dbf248497a46be1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ../2configs/base.nix
      ../2configs/base-gui.nix
    ];
  services.xserver = {
    videoDriver = "intel";
  };
  krebs.build.host = config.krebs.hosts.tsp;
  krebs.build.user = config.krebs.users.makefu;
  krebs.build.target = "root@tsp";

  krebs.build.deps = {
    nixpkgs = {
      url = https://github.com/NixOS/nixpkgs;
      rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
    };
    # TODO generalize in base.nix
    secrets = {
      url = "/home/makefu/secrets/${config.krebs.build.host.name}";
    };
    # TODO generalize in base.nix
    stockholm = {
      url = toString ../..;
    };
  };

  krebs.retiolum = {
    enable = true;
    hosts = ../../Zhosts;
    connectTo = [
      "gum"
      "pigstarter"
      "fastpoke"
    ];
  };

  boot = {
    #x200 specifics
    kernelModules = [ "tp_smapi" "msr" ];
    extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];

    loader.grub.enable =true;
    loader.grub.version =2;
    loader.grub.device = "/dev/sda";

    # crypto boot
    # TODO: use UUID
    initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}];
    initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
    initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
  };
  fileSystems = {
    "/" = {
      device = "/dev/mapper/luksroot";
      fsType = "ext4";
    };
    "/boot" = {
      device = "/dev/disk/by-label/nixboot";
      fsType = "ext4";
    };
  };

  # hardware specifics
  networking.wireless.enable = true;

  hardware.enableAllFirmware = true;
  nixpkgs.config.allowUnfree = true;

  # TODO: generalize to numCPU + 1
  nix.maxJobs = 3;


  networking.firewall.rejectPackets = true;
  networking.firewall.allowPing = true;


  # $ nix-env -qaP | grep wget
  environment.systemPackages = with pkgs; [
    vim
    jq
  ];
}