summaryrefslogtreecommitdiffstats
path: root/makefu/1systems
diff options
context:
space:
mode:
Diffstat (limited to 'makefu/1systems')
-rw-r--r--makefu/1systems/tsp.nix90
1 files changed, 90 insertions, 0 deletions
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
new file mode 100644
index 000000000..3de2d300c
--- /dev/null
+++ b/makefu/1systems/tsp.nix
@@ -0,0 +1,90 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ ../2configs/base.nix
+ ../2configs/base-gui.nix
+ ];
+ services.xserver = {
+ videoDriver = "intel";
+ };
+ krebs.build.host = config.krebs.hosts.tsp;
+ krebs.build.user = config.krebs.users.makefu;
+ krebs.build.target = "root@tsp";
+
+ krebs.build.deps = {
+ nixpkgs = {
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
+ };
+ # TODO generalize in base.nix
+ secrets = {
+ url = "/home/makefu/secrets/${config.krebs.build.host.name}";
+ };
+ # TODO generalize in base.nix
+ stockholm = {
+ url = toString ../..;
+ };
+ };
+
+ krebs.retiolum = {
+ enable = true;
+ hosts = ../../Zhosts;
+ connectTo = [
+ "gum"
+ "pigstarter"
+ "fastpoke"
+ ];
+ };
+
+ boot = {
+ #x200 specifics
+ kernelModules = [ "tp_smapi" "msr" ];
+ extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
+
+ loader.grub.enable =true;
+ loader.grub.version =2;
+ loader.grub.device = "/dev/sda";
+
+ # crypto boot
+ # TODO: use UUID
+ initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}];
+ initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/luksroot";
+ fsType = "ext4";
+ };
+ "/boot" = {
+ device = "/dev/disk/by-label/nixboot";
+ fsType = "ext4";
+ };
+ };
+
+ # hardware specifics
+ networking.wireless.enable = true;
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+
+ # TODO: generalize to numCPU + 1
+ nix.maxJobs = 3;
+
+
+ networking.firewall.rejectPackets = true;
+ networking.firewall.allowPing = true;
+
+
+ # $ nix-env -qaP | grep wget
+ environment.systemPackages = with pkgs; [
+ vim
+ jq
+ ];
+}