tundra/default.nix at main · auri.ee/nix-config

auri.ee / nix-config
fork
my terrible dotfiles
fork
nix-config / tundra / default.nix
at main 107 lines 2.4 kB view raw
wrap content
auri.ee add hibernation 6d ago
0acb1be4
  1{
  2  lib,
  3  pkgs,
  4  config,
  5  modulesPath,
  6  ...
  7}:
  8{
  9  imports = lib.fileset.toList (lib.fileset.fileFilter (file: file.hasExt "nix") ../modules/core) ++ [
 10    ./programs.nix
 11    ./disk-config.nix
 12    ./specialisation.nix
 13    (modulesPath + "/installer/scan/not-detected.nix")
 14  ];
 15
 16  sops = {
 17    defaultSopsFile = ../secrets/tundra.yaml;
 18    age.keyFile = "/var/lib/sops-nix/tundra.txt";
 19    secrets = {
 20      "passwords/root".neededForUsers = true;
 21      "passwords/monke".neededForUsers = true;
 22    };
 23  };
 24
 25  networking.hostName = "tundra";
 26  networking.hostId = "b9a8fced";
 27  networking.networkmanager.enable = true;
 28
 29  users.defaultUserShell = pkgs.zsh;
 30  users.users = {
 31    root.hashedPasswordFile = config.sops.secrets."passwords/root".path;
 32    monke = {
 33      isNormalUser = true;
 34      extraGroups = [
 35        "audio"
 36        "disk"
 37        "input"
 38        "libvirtd"
 39        "lp"
 40        "plugdev"
 41        "dialout"
 42        "render"
 43        "video"
 44        "wheel"
 45      ];
 46      hashedPasswordFile = config.sops.secrets."passwords/monke".path;
 47    };
 48  };
 49  home-manager.users.monke = import ./home.nix;
 50
 51  virtualisation = {
 52    spiceUSBRedirection.enable = true;
 53    libvirtd = {
 54      enable = true;
 55      qemu = {
 56        package = pkgs.qemu_kvm;
 57        runAsRoot = true;
 58        swtpm.enable = true;
 59        vhostUserPackages = with pkgs; [
 60          virtiofsd
 61        ];
 62      };
 63    };
 64    kvmgt = {
 65      enable = true;
 66      vgpus = {
 67        "i915-GVTg_V5_4" = {
 68          uuid = [ "182a5376-ace2-47aa-bc00-ab50df01f774" ];
 69        };
 70      };
 71    };
 72  };
 73
 74  services."06cb-009a-fingerprint-sensor" = {
 75    enable = true;
 76    backend = "libfprint-tod";
 77    calib-data-file = ../files/calib-data.bin;
 78  };
 79
 80  boot = {
 81    zfs = {
 82      allowHibernation = true;
 83      forceImportRoot = false;
 84    };
 85    initrd.availableKernelModules = [
 86      "xhci_pci"
 87      "nvme"
 88      "usb_storage"
 89      "sd_mod"
 90    ];
 91    loader.grub = {
 92      enable = true;
 93      device = "nodev";
 94    };
 95    kernelModules = [
 96      "kvm-intel"
 97      "thinkpad_acpi"
 98    ];
 99    extraModprobeConfig = ''
100      		options thinkpad_acpi force_load=1 fan_control=1
101      		'';
102  };
103
104  system.stateVersion = "25.11";
105  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
106  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
107}
Configure Feed

Configure Feed
