dot

NixOS dotfiles
git clone https://git.echoz.io/dot.git
Log | Files | Refs

default.nix (2770B)

      1 {
      2   pkgs,
      3   config,
      4   modulesPath,
      5 
      6   sec,
      7   user,
      8   ...
      9 }:
     10 {
     11   imports = [
     12     sec.nixosModules.dot
     13 
     14     (modulesPath + "/installer/scan/not-detected.nix")
     15   ];
     16 
     17   disko.devices.disk.system.device =
     18     "/dev/disk/by-id/nvme-nvme.144d-533637564e463154413134303934-53414d53554e47204d5a564c3435313248424c552d3030424c37-00000001";
     19 
     20   networking = {
     21     hostName = "tp";
     22     hostId = "4a2e8151";
     23 
     24     networkmanager = {
     25       enable = true;
     26       ensureProfiles = {
     27         profiles = {
     28           "fw01.isx.inl1.echoz.io" = {
     29             connection = {
     30               id = "fw01.isx.inl1.echoz.io";
     31               type = "wireguard";
     32               autoconnect = true;
     33               interface-name = "wg0";
     34             };
     35 
     36             "wireguard-peer.uoeLveuevSLe6pkIvMryLOr2RVM3qcarSNn0OfNcIUA=" = {
     37               endpoint = "fw01.isx.inl1.echoz.io:51820";
     38               presistent-keepalive = 25;
     39               allowed-ips = "0.0.0.0/0";
     40             };
     41 
     42             ipv4 = {
     43               method = "manual";
     44               address1 = "10.200.100.104/24";
     45               dns = "10.120.120.101";
     46               dns-search = "lan.inl1.echoz.io";
     47             };
     48 
     49             ipv6.method = "disabled";
     50           };
     51 
     52           wwan = {
     53             connection = {
     54               id = "wwan";
     55               type = "gsm";
     56               interface-name = "cdc-wdm0";
     57             };
     58             gsm.apn = "internet";
     59             ipv4.method = "auto";
     60             ipv6 = {
     61               method = "auto";
     62               addr-gen-mode = "stable-privacy";
     63             };
     64           };
     65         };
     66 
     67         secrets.entries = [
     68           {
     69             file = config.sops.secrets."wireguard.key".path;
     70             key = "private-key";
     71             matchIface = "wg0";
     72             matchSetting = "wireguard";
     73           }
     74         ];
     75       };
     76     };
     77 
     78     modemmanager = {
     79       enable = true;
     80       fccUnlockScripts = [
     81         {
     82           id = "2c7c:030a";
     83           path = "${pkgs.modemmanager}/share/ModemManager/fcc-unlock.available.d/2c7c:030a";
     84         }
     85       ];
     86     };
     87   };
     88 
     89   sops.secrets."wireguard.key" = { };
     90 
     91   systemd.services.ModemManager = {
     92     enable = true;
     93     wantedBy = [
     94       "multi-user.target"
     95       "network.target"
     96     ];
     97   };
     98 
     99   boot = {
    100     initrd.availableKernelModules = [
    101       "xhci_pci"
    102       "thunderbolt"
    103       "nvme"
    104       "uas"
    105       "sd_mod"
    106     ];
    107     kernelModules = [ "kvm-intel" ];
    108   };
    109 
    110   hardware = {
    111     enableAllFirmware = true;
    112     cpu.intel.updateMicrocode = true;
    113   };
    114 
    115   home-manager.users.${user} = {
    116     services.hypridle.brightnessDevice = "intel_backlight";
    117   };
    118 
    119   powerManagement.powertop.enable = true;
    120   services.tlp = {
    121     enable = true;
    122     settings = {
    123       START_CHARGE_THRESH_BAT0 = 75;
    124       STOP_CHARGE_THRESH_BAT0 = 80;
    125     };
    126   };
    127 }