dotfiles/nixos/systems/omen.nix

195 lines
5.2 KiB
Nix
Raw Normal View History

# SPDX-FileCopyrightText: 2022 Richard Brežák <richard@brezak.sk>
#
# SPDX-License-Identifier: LGPL-3.0-or-later
{
system = "x86_64-linux";
name = "omen";
module = {
pkgs,
lib,
config,
secret,
roots,
inputs,
...
}:
with lib; {
imports = [
(roots.nixos + "/profiles/workstation.nix")
];
_module.args.nixinate = {
host = "10.64.0.8";
sshUser = "main";
buildOn = "local";
substituteOnTarget = true;
hermetic = false;
nixOptions = [
"--override-input secret path://$HOME/dotfiles/secret"
];
};
home-manager.users."main" = {...}: {
magic_rb = {
optimisation.march = "skylake";
};
home.stateVersion = "20.09";
};
specialisation.nvidia-sync = {
configuration = {
magic_rb.xserver.nvidia = {
primeSync = true;
primeOffload = lib.mkForce false;
};
};
inheritParentConfig = true;
};
magic_rb = {
optimisation.march = "skylake";
grub = {
enable = true;
efi.enable = true;
};
xserver = {
gpu = "nvidia";
nvidia = {
primeOffload = true;
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
};
};
gaming.enable = true;
hardware.omen = true;
networking = {
bluetooth = true;
networkManager = true;
};
};
# Pinning
nix.registry =
flip mapAttrs inputs
(
n: flake: {inherit flake;}
);
# Networking
networking = {
hostName = "omen";
useDHCP = false;
interfaces.eno1.useDHCP = true;
hostId = "10c7ffc5";
networkmanager.dns = "none";
nameservers = [ "10.64.2.1" ];
firewall.allowedTCPPorts = [22000];
wireguard.interfaces."wg0" =
{} // config.magic_rb.secret.wireguard."omen" or { privateKey = ""; };
};
networking.networkmanager.dispatcherScripts = [
{
source = pkgs.writeShellScript "udp2tcp.sh"
''
export PATH=${makeBinPath [ pkgs.wireguard-tools ]}:$PATH
_interface="$1"
_action="$2"
echo "action: $_action interface: $_interface id: $CONNECTION_ID"
case "$_action" in
up)
case "$_interface" in
wlo1)
case "$CONNECTION_ID" in
VU-Campusnet)
wg set wg0 \
peer h4g6vWjOB6RS0NbrP/Kvb2CZeutm/F+ZfDbJmEd1Dgk= \
endpoint 127.0.0.1:6665
systemctl restart udp2tcp.service
;;
*)
wg set wg0 \
peer h4g6vWjOB6RS0NbrP/Kvb2CZeutm/F+ZfDbJmEd1Dgk= \
endpoint 64.225.104.221:6666
systemctl stop udp2tcp.service
;;
esac
;;
*)
;;
esac
;;
down)
wg set wg0 \
peer h4g6vWjOB6RS0NbrP/Kvb2CZeutm/F+ZfDbJmEd1Dgk= \
endpoint 64.225.104.221:6666
systemctl stop udp2tcp.service
;;
*)
;;
esac
'';
}
{
source = pkgs.writeShellScript "nfs-mounts.sh"
''
export PATH=${makeBinPath [ pkgs.iputils ]}:$PATH
ping -c 1 -W 0.7 8.8.4.4 # > /dev/null 2>&1
if [ $? -eq 0 ] ; then
echo "Mounting network drives"
systemctl start mnt-net-kyle.mount \
mnt-net-cartman.mount \
mnt-net-stan.mount \
mnt-net-getmail.d.mount \
mnt-net-mail\\x2dconfiguration &
else
echo "Unmounting network drives"
umount -ql \
/mnt/net/kyle \
/mnt/net/cartman \
/mnt/net/stan \
/mnt/net/getmail.d \
/mnt/net/mail-configuration &
fi
'';
}
];
systemd.services.udp2tcp = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
path = with pkgs; [ dig.host ];
restartIfChanged = true;
script = ''
${pkgs.udp-over-tcp}/bin/udp2tcp\
--udp-listen 127.0.0.1:6665 \
--tcp-forward "64.225.104.221:6001"
'';
};
systemd.services.udp2tcp-wake-restart = {
wantedBy = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" "suspend-then-hibernate.target" ];
after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" "suspend-then-hibernate.target" ];
script = ''
systemctl restart udp2tcp.service
'';
};
# System
system.stateVersion = "20.09";
};
}