Consolidate common PC config

Update to NixOS 24.05
2024-06-03 21:07:53 -06:00 · 2024-06-02 21:12:07 -06:00
10 changed files with 82 additions and 223 deletions
--- a/common/pc/default.nix
+++ b/common/pc/default.nix
@ -6,19 +6,20 @@ in
 {
  imports = [
    ./kde.nix
-    # ./xfce.nix
+    #    ./xfce.nix
    ./yubikey.nix
    ./chromium.nix
    #    ./firefox.nix
    ./audio.nix
    #    ./torbrowser.nix
    ./pithos.nix
-    ./spotify.nix
    ./vscodium.nix
    ./discord.nix
    ./steam.nix
    ./touchpad.nix
    ./mount-samba.nix
+    ./udev.nix
+    ./virtualisation.nix
  ];

  options.de = {
@ -44,8 +45,7 @@ in
      gparted
      libreoffice-fresh
      thunderbird
-      spotifyd
-      spotify-qt
+      spotify
      arduino
      yt-dlp
      jellyfin-media-player
@ -76,5 +76,18 @@ in
    # Security
    services.gnome.gnome-keyring.enable = true;
    security.pam.services.googlebot.enableGnomeKeyring = true;
+
+    # Android dev
+    programs.adb.enable = true;
+
+    # Mount personal SMB stores
+    services.mount-samba.enable = true;
+
+    # allow building ARM derivations
+    boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+    # for luks onlock over tor
+    services.tor.enable = true;
+    services.tor.client.enable = true;
  };
 }
--- a/common/pc/spotify.nix
+++ b/common/pc/spotify.nix
@ -1,85 +0,0 @@
-{ lib, config, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.spotifyd;
-  toml = pkgs.formats.toml { };
-  spotifydConf = toml.generate "spotify.conf" cfg.settings;
-in
-{
-  disabledModules = [
-    "services/audio/spotifyd.nix"
-  ];
-
-  options = {
-    services.spotifyd = {
-      enable = mkEnableOption "spotifyd, a Spotify playing daemon";
-
-      settings = mkOption {
-        default = { };
-        type = toml.type;
-        example = { global.bitrate = 320; };
-        description = ''
-          Configuration for Spotifyd. For syntax and directives, see
-          <link xlink:href="https://github.com/Spotifyd/spotifyd#Configuration"/>.
-        '';
-      };
-
-      users = mkOption {
-        type = with types; listOf str;
-        default = [ ];
-        description = ''
-          Usernames to be added to the "spotifyd" group, so that they
-          can start and interact with the userspace daemon.
-        '';
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-
-    # username specific stuff because i'm lazy...
-    services.spotifyd.users = [ "googlebot" ];
-    users.users.googlebot.packages = with pkgs; [
-      spotify
-    ];
-
-    users.groups.spotifyd = {
-      members = cfg.users;
-    };
-
-    age.secrets.spotifyd = {
-      file = ../../secrets/spotifyd.age;
-      group = "spotifyd";
-      mode = "0440"; # group can read
-    };
-
-    # spotifyd to read secrets and run as user service
-    services.spotifyd = {
-      settings.global = {
-        username_cmd = "sed '1q;d' /run/agenix/spotifyd";
-        password_cmd = "sed '2q;d' /run/agenix/spotifyd";
-        bitrate = 320;
-        backend = "pulseaudio";
-        device_name = config.networking.hostName;
-        device_type = "computer";
-        # on_song_change_hook = "command_to_run_on_playback_events"
-        autoplay = true;
-      };
-    };
-
-    systemd.user.services.spotifyd-daemon = {
-      enable = true;
-      wantedBy = [ "graphical-session.target" ];
-      partOf = [ "graphical-session.target" ];
-      description = "spotifyd, a Spotify playing daemon";
-      environment.SHELL = "/bin/sh";
-      serviceConfig = {
-        ExecStart = "${pkgs.spotifyd}/bin/spotifyd --no-daemon --config-path ${spotifydConf}";
-        Restart = "always";
-        CacheDirectory = "spotifyd";
-      };
-    };
-  };
-}
--- a/common/pc/udev.nix
+++ b/common/pc/udev.nix
@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.de;
+in
+{
+  config = lib.mkIf cfg.enable {
+    services.udev.extraRules = ''
+      # depthai
+      SUBSYSTEM=="usb", ATTRS{idVendor}=="03e7", MODE="0666"
+
+      # Moonlander
+      # Rules for Oryx web flashing and live training
+      KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"
+      KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"
+      # Wally Flashing rules for the Moonlander and Planck EZ
+      SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"
+    '';
+    services.udev.packages = [ pkgs.platformio ];
+
+    users.groups.plugdev = {
+      members = [ "googlebot" ];
+    };
+  };
+}
--- a/common/pc/use-meson-v57.patch
+++ b/common/pc/use-meson-v57.patch
@ -1,22 +0,0 @@
-diff --git a/meson.build b/meson.build
-index dace367..8c0e290 100644
--- a/meson.build
-+++ b/meson.build
-@@ -8,7 +8,7 @@ project(
-         'warning_level=0',
-     ],
-     license: 'MIT',
-    meson_version: '>= 0.58.0',
-+    meson_version: '>= 0.57.0',
- )
- 
- cc = meson.get_compiler('c')
-@@ -47,8 +47,3 @@ shared_library(
-     gnu_symbol_visibility: 'hidden',
- )
- 
-meson.add_devenv(environment({
-    'NVD_LOG': '1',
-    'LIBVA_DRIVER_NAME': 'nvidia',
-    'LIBVA_DRIVERS_PATH': meson.project_build_root(),
-}))
--- a/common/pc/virtualisation.nix
+++ b/common/pc/virtualisation.nix
@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.de;
+in
+{
+  config = lib.mkIf cfg.enable {
+    # AppVMs
+    virtualisation.appvm.enable = true;
+    virtualisation.appvm.user = "googlebot";
+
+    # Use podman instead of docker
+    virtualisation.podman.enable = true;
+    virtualisation.podman.dockerCompat = true;
+
+    # virt-manager
+    virtualisation.libvirtd.enable = true;
+    programs.dconf.enable = true;
+    virtualisation.spiceUSBRedirection.enable = true;
+    environment.systemPackages = with pkgs; [ virt-manager ];
+    users.users.googlebot.extraGroups = [ "libvirtd" "adbusers" ];
+  };
+}
--- a/machines/howl/default.nix
+++ b/machines/howl/default.nix
@ -1,68 +1,13 @@
-{ config, pkgs, lib, nixos-hardware, ... }:
+{ config, pkgs, lib, ... }:

 {
  imports = [
    ./hardware-configuration.nix
-    nixos-hardware.nixosModules.framework-13-7040-amd
  ];

-
-  # for luks onlock over tor
-  services.tor.enable = true;
-  services.tor.client.enable = true;
-
  # don't use remote builders
  nix.distributedBuilds = lib.mkForce false;

-  services.udev.extraRules = ''
-    # depthai
-    SUBSYSTEM=="usb", ATTRS{idVendor}=="03e7", MODE="0666"
-
-    # Moonlander
-    # Rules for Oryx web flashing and live training
-    KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"
-    KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"
-    # Wally Flashing rules for the Moonlander and Planck EZ
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"
-  '';
-  services.udev.packages = [ pkgs.platformio ];
-  users.groups.plugdev = {
-    members = [ "googlebot" ];
-  };
-
-  # virt-manager
-  virtualisation.libvirtd.enable = true;
-  programs.dconf.enable = true;
-  virtualisation.spiceUSBRedirection.enable = true;
-  environment.systemPackages = with pkgs; [ virt-manager ];
-  users.users.googlebot.extraGroups = [ "libvirtd" "adbusers" ];
-
-  # allow building ARM derivations
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
-  services.spotifyd.enable = true;
-
-  virtualisation.podman.enable = true;
-  virtualisation.podman.dockerCompat = true;
-
-  virtualisation.appvm.enable = true;
-  virtualisation.appvm.user = "googlebot";
-
-  services.mount-samba.enable = true;
-
  de.enable = true;
  de.touchpad.enable = true;
-
-  networking.firewall.allowedTCPPorts = [
-    # barrier
-    24800
-  ];
-
-  programs.adb.enable = true;
-
-  services.fwupd.enable = true;
-
-  # fingerprint reader has initially shown to be more of a nuisance than a help
-  # it makes sddm log in fail most of the time and take several minutes to finish
-  services.fprintd.enable = false;
 }
--- a/machines/howl/hardware-configuration.nix
+++ b/machines/howl/hardware-configuration.nix
@ -1,12 +1,19 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, pkgs, modulesPath, nixos-hardware, ... }:

 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    nixos-hardware.nixosModules.framework-13-7040-amd
+  ];

  boot.kernelPackages = pkgs.linuxPackages_latest;

+  hardware.framework.amd-7040.preventWakeOnAC = true;
+  services.fwupd.enable = true;
+  # fingerprint reader has initially shown to be more of a nuisance than a help
+  # it makes sddm log in fail most of the time and take several minutes to finish
+  services.fprintd.enable = false;
+
  # boot
  boot.loader.systemd-boot.enable = true;
  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
@ -27,17 +34,18 @@
    allowDiscards = true;
  };
  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/95db6950-a7bc-46cf-9765-3ea675ccf014";
+    {
+      device = "/dev/disk/by-uuid/95db6950-a7bc-46cf-9765-3ea675ccf014";
      fsType = "btrfs";
    };
  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/B087-2C20";
+    {
+      device = "/dev/disk/by-uuid/B087-2C20";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
  swapDevices =
-    [ { device = "/dev/disk/by-uuid/49fbdf62-eef4-421b-aac3-c93494afd23c"; }
-    ];
+    [{ device = "/dev/disk/by-uuid/49fbdf62-eef4-421b-aac3-c93494afd23c"; }];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/machines/ray/default.nix
+++ b/machines/ray/default.nix
@ -7,10 +7,6 @@

  nixpkgs.config.cudaSupport = true;

-  # for luks onlock over tor
-  services.tor.enable = true;
-  services.tor.client.enable = true;
-
  # don't use remote builders
  nix.distributedBuilds = lib.mkForce false;

@ -21,49 +17,6 @@
  hardware.openrazer.devicesOffOnScreensaver = false;
  users.users.googlebot.packages = [ pkgs.polychromatic ];

-  services.udev.extraRules = ''
-    # depthai
-    SUBSYSTEM=="usb", ATTRS{idVendor}=="03e7", MODE="0666"
-
-    # Moonlander
-    # Rules for Oryx web flashing and live training
-    KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"
-    KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"
-    # Wally Flashing rules for the Moonlander and Planck EZ
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"
-  '';
-  services.udev.packages = [ pkgs.platformio ];
-  users.groups.plugdev = {
-    members = [ "googlebot" ];
-  };
-
-  # virt-manager
-  virtualisation.libvirtd.enable = true;
-  programs.dconf.enable = true;
-  virtualisation.spiceUSBRedirection.enable = true;
-  environment.systemPackages = with pkgs; [ virt-manager ];
-  users.users.googlebot.extraGroups = [ "libvirtd" "adbusers" ];
-
-  # allow building ARM derivations
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
-  services.spotifyd.enable = true;
-
-  virtualisation.podman.enable = true;
-  virtualisation.podman.dockerCompat = true;
-
-  virtualisation.appvm.enable = true;
-  virtualisation.appvm.user = "googlebot";
-
-  services.mount-samba.enable = true;
-
  de.enable = true;
  de.touchpad.enable = true;
-
-  networking.firewall.allowedTCPPorts = [
-    # barrier
-    24800
-  ];
-
-  programs.adb.enable = true;
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -36,7 +36,6 @@ with roles;

  # services
  "searx.age".publicKeys = nobody;
-  "spotifyd.age".publicKeys = personal;
  "wolframalpha.age".publicKeys = dailybot;

  # hostapd
--- a/secrets/spotifyd.age
+++ b/secrets/spotifyd.age
Author	SHA1	Message	Date
Zuckerberg	b7f82f2d44	Consolidate common PC config All checks were successful Check Flake / check-flake (push) Successful in 1m14s Details	2024-06-03 21:07:53 -06:00
Zuckerberg	588e94dcf4	Update to NixOS 24.05 All checks were successful Check Flake / check-flake (push) Successful in 1m11s Details	2024-06-02 21:12:07 -06:00