diff options
| -rw-r--r-- | flake.nix | 6 | ||||
| -rw-r--r-- | machines/wolfram/default.nix | 10 | ||||
| -rw-r--r-- | machines/wolfram/devices.nix | 53 | ||||
| -rw-r--r-- | machines/wolfram/hardware.nix | 55 | ||||
| -rw-r--r-- | machines/wolfram/home.nix | 9 | ||||
| -rw-r--r-- | roles/remote-server.nix | 35 |
6 files changed, 168 insertions, 0 deletions
diff --git a/flake.nix b/flake.nix index be8f54f..d8e9e30 100644 --- a/flake.nix +++ b/flake.nix @@ -59,6 +59,7 @@ roles = lib.genAttrs [ "desktop" "development-server" + "remote-server" ] lib.id; machines = with systems; with roles; [ @@ -82,6 +83,11 @@ system = x86; role = development-server; } + { + name = "wolfram"; + system = x86; + role = remote-server; + } ]; overlays = [ diff --git a/machines/wolfram/default.nix b/machines/wolfram/default.nix new file mode 100644 index 0000000..fc99002 --- /dev/null +++ b/machines/wolfram/default.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + imports = [ + ./hardware.nix + ./devices.nix + ]; + + system.stateVersion = "25.05"; +} diff --git a/machines/wolfram/devices.nix b/machines/wolfram/devices.nix new file mode 100644 index 0000000..88a9a2b --- /dev/null +++ b/machines/wolfram/devices.nix @@ -0,0 +1,53 @@ +{ config, pkgs, ... }: + +{ + # boot settings + boot = { + kernelPackages = pkgs.linuxPackages_latest; + + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + initrd.systemd.enable = true; + }; + + # hardware settings + hardware = { + enableRedistributableFirmware = true; + enableAllFirmware = true; + + graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + vpl-gpu-rt + intel-media-driver + intel-vaapi-driver + intel-compute-runtime + intel-ocl + ]; + }; + }; + + # swap alternative + zramSwap = { + enable = true; + algorithm = "zstd"; + swapDevices = 1; + memoryPercent = 50; + }; + + # sound + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa = { + enable = true; + support32Bit = true; + }; + pulse.enable = true; + jack.enable = true; + }; +} diff --git a/machines/wolfram/hardware.nix b/machines/wolfram/hardware.nix new file mode 100644 index 0000000..ee9d233 --- /dev/null +++ b/machines/wolfram/hardware.nix @@ -0,0 +1,55 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "ahci" + "xhci_pci" + "usbhid" + "usb_storage" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/26028e3a-764f-4378-9c28-66ea9ed877c4"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/C734-568D"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true; + # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/wolfram/home.nix b/machines/wolfram/home.nix new file mode 100644 index 0000000..8f27ed2 --- /dev/null +++ b/machines/wolfram/home.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: + +{ + imports = [ + ../../modules/home/common.nix + ]; + + home.stateVersion = "25.05"; +} diff --git a/roles/remote-server.nix b/roles/remote-server.nix new file mode 100644 index 0000000..599ca73 --- /dev/null +++ b/roles/remote-server.nix @@ -0,0 +1,35 @@ +{ + ... +}: +{ + imports = [ + # we inherit from desktop + ./desktop.nix + ]; + + virtualisation = { + docker = { + enable = true; + daemon.settings.dns = [ + "1.1.1.1" + "1.0.0.1" + ]; + }; + }; + + programs.steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + }; + + services.openssh = { + enable = true; + openFirewall = true; + }; + + # override desktop configuration, because we do run SSH + # on remote-servers. + age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; +} |