init elysium (gamle sancturary)

base.nix

@@ -67,6 +67,7 @@
     wget
 
     kitty.terminfo
+    foot.terminfo
   ];
 
   programs.zsh.enable = true;

flake.nix

@@ -108,6 +108,8 @@
       ildkule = stableNixosConfig "ildkule" { };
       #ildkule-unstable = unstableNixosConfig "ildkule" { };
       shark = stableNixosConfig "shark" { };
+      
+      elysium = stableNixosConfig "elysium" { };
 
       brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" {
         modules = [

hosts/elysium/base.nix

@@ -0,0 +1,133 @@
+{ config, lib, pkgs, inputs, values, ... }:
+
+{
+  imports = [
+    ./modules/snakeoil-certs.nix
+  ];
+
+  networking.domain = "pvv.ntnu.no";
+  networking.useDHCP = false;
+  # networking.search = [ "pvv.ntnu.no" "pvv.org" ];
+  # networking.nameservers = lib.mkDefault [ "129.241.0.200" "129.241.0.201" ];
+  # networking.tempAddresses = lib.mkDefault "disabled";
+  # networking.defaultGateway = values.hosts.gateway;
+
+  systemd.network.enable = true;
+
+  services.resolved = {
+    enable = lib.mkDefault true;
+    dnssec = "false"; # Supposdly this keeps breaking and the default is to allow downgrades anyways...
+  };
+
+  time.timeZone = "Europe/Oslo";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "no";
+  };
+
+  system.autoUpgrade = {
+    enable = true;
+    flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git";
+    flags = [
+      "--update-input" "nixpkgs"
+      "--update-input" "nixpkgs-unstable"
+      "--no-write-lock-file"
+    ];
+  };
+  nix.gc.automatic = true;
+  nix.gc.options = "--delete-older-than 2d";
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  /* This makes commandline tools like
+  ** nix run nixpkgs#hello
+  ** and nix-shell -p hello
+  ** use the same channel the system
+  ** was built with
+  */
+  nix.registry = {
+    nixpkgs.flake = inputs.nixpkgs;
+  };
+  nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
+
+  environment.systemPackages = with pkgs; [
+    file
+    git
+    gnupg
+    htop
+    nano
+    ripgrep
+    rsync
+    screen
+    tmux
+    vim
+    wget
+
+    kitty.terminfo
+    foot.terminfo
+  ];
+
+  programs.zsh.enable = true;
+
+  users.groups."drift".name = "drift";
+
+  # Trusted users on the nix builder machines
+  users.groups."nix-builder-users".name = "nix-builder-users";
+
+  services.openssh = {
+    enable = true;
+    extraConfig = ''
+      PubkeyAcceptedAlgorithms=+ssh-rsa
+    '';
+    settings.PermitRootLogin = "yes";
+  };
+
+  # nginx return 444 for all nonexistent virtualhosts
+
+  systemd.services.nginx.after = [ "generate-snakeoil-certs.service" ];
+
+  environment.snakeoil-certs = lib.mkIf config.services.nginx.enable {
+    "/etc/certs/nginx" = {
+      owner = "nginx";
+      group = "nginx";
+    };
+  };
+
+  services.nginx = {
+    recommendedTlsSettings = true;
+    recommendedProxySettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+
+    appendConfig = ''
+      pcre_jit on;
+      worker_processes auto;
+      worker_rlimit_nofile 100000;
+    '';
+    eventsConfig = ''
+      worker_connections 2048;
+      use epoll;
+      multi_accept on;
+    '';
+  };
+
+  systemd.services.nginx.serviceConfig = lib.mkIf config.services.nginx.enable {
+    LimitNOFILE = 65536;
+  };
+
+  services.nginx.virtualHosts."_" = lib.mkIf config.services.nginx.enable {
+    sslCertificate = "/etc/certs/nginx.crt";
+    sslCertificateKey = "/etc/certs/nginx.key";
+    addSSL = true;
+    extraConfig = "return 444;";
+  };
+
+  networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ 80 443 ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "drift@pvv.ntnu.no";
+  };
+}

hosts/elysium/configuration.nix

@@ -0,0 +1,167 @@
+{ config, pkgs, values, ... }:
+{
+  imports = [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ./nvidia.nix
+      ./base.nix
+      ../../misc/metrics-exporters.nix
+    ];
+
+  sops.defaultSopsFile = ../../secrets/elysium/elysium.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  sops.age.generateKey = true;
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "elysium"; # Define your hostname.
+
+  #update this to actual network card.
+  systemd.network.networks."30-ens18" = values.defaultNetworkConfig // {
+    matchConfig.Name = "ens18";
+    address = with values.hosts.elysium; [ (ipv4 + "/25") (ipv6 + "/64") ];
+  };
+
+  # List packages installed in system profile
+  environment.systemPackages = with pkgs; [
+          zsh
+          bash
+          fish
+          tcsh
+
+          alpine
+          mutt
+          mutt-ics
+          mutt-wizard
+          notmuch
+          mailutils
+          procmail
+
+          irssi
+          weechat
+          weechatScripts.edit
+
+          coreutils-full
+          diffutils
+          findutils
+          ripgrep
+          cvs
+          gawk
+          git
+          gnupg
+          gnused
+          groff
+          less
+          p7zip
+          rcs
+          screen
+          tmux
+          tree
+          unzip
+          zip
+
+          emacs
+          helix
+          joe
+          micro
+          nano
+          neovim
+
+          autossh
+          inetutils
+          lynx
+          mosh
+          rsync
+          w3m
+
+          clang
+          gcc
+          guile
+          lua
+          perl
+          php
+          python3
+          (python3.withPackages (ps: with ps; [
+            numpy
+            sympy
+            scipy
+            requests
+            imageio
+            pillow
+            httpx
+            pycryptodome
+            pandas
+            matplotlib
+          ]))
+          ruby
+          tcl
+
+
+          openscad
+          cura
+          where-is-my-sddm-theme
+          firefox
+
+  ];
+
+
+
+
+  fonts.packages = with pkgs; [
+    noto-fonts
+    noto-fonts-cjk
+    noto-fonts-emoji
+    liberation_ttf
+    fira-code
+    fira-code-symbols
+    mplus-outline-fonts.githubRelease
+    dina-font
+    proggyfonts
+    nerdfonts
+    ubuntu_font_family
+
+  ];
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  security.polkit.enable = true;
+  
+  services.displayManager = {
+    enable = true;
+    sessionPackages = with pkgs; [ sway ];
+    sddm = {
+      enable = true;
+      theme = "${pkgs.where-is-my-sddm-theme}";
+      wayland.enable = true;
+      wayland.compositor = "kwin";
+      autoNumlock = true;
+      enableHidpi = true;
+    };
+  };
+
+  services.desktopManager.plasma6.enable = true;
+  services.desktopManager.plasma6.enableQt5Integration = true;
+
+  qt.platformTheme = "kde";
+
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "us,no";
+    variant = ",";
+  };
+
+
+  # List services that you want to enable:
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+}

hosts/elysium/hardware-configuration.nix

@@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  #imports =
+  #  [ (modulesPath + "/profiles/qemu-guest.nix")
+  #  ];
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/224c45db-9fdc-45d4-b3ad-aaf20b3efa8a";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/CC37-F5FE";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/a1ce3234-78b1-4565-9643-f4a05004424f"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

hosts/elysium/nvidia.nix

@@ -0,0 +1,52 @@
+{ config, lib, pkgs, ... }:
+{
+  # Enable OpenGL
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+  };
+  
+  # Load nvidia driver for Xorg and Wayland
+  services.xserver.videoDrivers = ["nvidia"];
+  #boot with nvidia kernel module
+  boot.initrd.kernelModules = [ "nvidia" ];
+  hardware.nvidia = {
+    # Modesetting is required.
+    modesetting.enable = true;
+      # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
+      #powerManagement.enable = true;
+      # Fine-grained power management. Turns off GPU when not in use.
+      # Experimental and only works on modern Nvidia GPUs (Turing or newer).
+      #powerManagement.finegrained = true;
+
+      # Use the NVidia open source kernel module (not to be confused with the
+      # independent third-party "nouveau" open source driver).
+      # Support is limited to the Turing and later architectures. Full list of 
+      # supported GPUs is at: 
+      # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 
+      # Only available from driver 515.43.04+
+      # Currently alpha-quality/buggy, so false is currently the recommended setting.
+      open = false;
+
+      # Enable the Nvidia settings menu,
+      # accessible via `nvidia-settings`.
+      nvidiaSettings = true;
+
+      # Optionally, you may need to select the appropriate driver version for your specific GPU.
+      package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
+    };
+
+
+    # Enable the CUDA toolkit
+    #install packages 
+    environment.systemPackages = with pkgs; [
+      #cudaPackages.cudnn
+      #cudaPackages.cudatoolkit
+      
+      nvtopPackages.nvidia
+      
+    ];
+
+
+  }