hermes: Make build for bare-metal

After more than a year later, I've moved back to NixOS on bare-metal. WSL is fine and all, but it has enough warts that get really annoying, especially as a Java developer.
2023-08-20 14:11:06 +05:30 · 2023-08-20 14:11:06 +05:30 · 54acf430c7
commit 54acf430c7
parent 2a6a1f83f2
7 changed files with 116 additions and 29 deletions
--- a/flake.nix
+++ b/flake.nix
@ -50,11 +50,12 @@
            # Modules and module config
            ./modules/users.nix
            ./modules/fonts.nix
+            ./modules/plasma-desktop.nix

            # Host-specific config
            ./hosts/hermes/configuration.nix
-            nixos-wsl.nixosModules.wsl
-            ./hosts/hermes/wsl.nix
+            # nixos-wsl.nixosModules.wsl
+            # ./hosts/hermes/wsl.nix
            ./hosts/hermes/syncthing.nix
            # ./hosts/hermes/backup.nix
            agenix.nixosModules.age
--- a/hosts/hermes/configuration.nix
+++ b/hosts/hermes/configuration.nix
@ -1,6 +1,9 @@
 { pkgs, modulesPath, ... }:

 {
+
+  imports = [ ./hardware-configuration.nix ];
+
  nixpkgs.config.allowUnfree = true;

  system.stateVersion = "22.05";
@ -25,6 +28,56 @@

  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

+  # ----
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  boot.supportedFilesystems = [ "ntfs" ];
+
+  # Setup keyfile
+  boot.initrd.secrets = {
+    "/crypto_keyfile.bin" = null;
+  };
+
+  # Enable swap on luks
+  boot.initrd.luks.devices."luks-8271922a-e889-4f04-8e87-07f0bcde890d".device = "/dev/disk/by-uuid/8271922a-e889-4f04-8e87-07f0bcde890d";
+  boot.initrd.luks.devices."luks-8271922a-e889-4f04-8e87-07f0bcde890d".keyFile = "/crypto_keyfile.bin";
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound with pipewire.
+  sound.enable = true;
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    #jack.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+  };
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  services.xserver.libinput.enable = true;
+  services.xserver.libinput.touchpad.naturalScrolling = true;
+  services.xserver.libinput.touchpad.middleEmulation = true;
+  services.xserver.libinput.touchpad.tapping = true;
+
+  # ----
+
  environment = {
    etc = with pkgs; {
      "jdk".source = jdk;
@ -45,7 +98,6 @@
    nix-ld = {
      enable = true;
      libraries = with pkgs; [
-        # stdenv.cc.cc
        zlib
        fuse3
        icu
--- a/hosts/hermes/doom/config.org
+++ b/hosts/hermes/doom/config.org
@ -294,7 +294,7 @@ Customize Modus-themes a little to make it more peppy and vibrant.
 #+begin_src emacs-lisp :lexical t
 (use-package! doom-ui
  :config
-  (setq! doom-font (font-spec :family "IBM Plex Mono" :size 28)
+  (setq! doom-font (font-spec :family "IBM Plex Mono" :size 24)
         doom-theme 'modus-vivendi
         which-key-idle-delay 0.1))
 #+end_src
--- a/hosts/hermes/emacs.nix
+++ b/hosts/hermes/emacs.nix
@ -76,7 +76,7 @@ in

    tectonic # munging TeX better than texlive
    texlive.combined.scheme-full # because org-babel cannot use tectonic
-    lua53Packages.digestif # luajit version is broken
+    # lua53Packages.digestif # luajit version is broken
    pandoc # convert doc formats
    # ghostscript # munging pfds
    pdftk # munging pdfs in less incantation-y way
--- a/hosts/hermes/hardware-configuration.nix
+++ b/hosts/hermes/hardware-configuration.nix
@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/60ecaddb-c2ab-45c5-901c-ab32901f38b4";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."luks-c5092273-6dc8-4576-aca5-f01731b040d4".device = "/dev/disk/by-uuid/c5092273-6dc8-4576-aca5-f01731b040d4";
+
+  fileSystems."/boot/efi" =
+    { device = "/dev/disk/by-uuid/FF55-F106";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/f8758c82-d53d-4e6e-91d9-906e957f8661"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/hermes/home.nix
+++ b/hosts/hermes/home.nix
@ -13,14 +13,14 @@
    # anki

    # security
-    # keepassxc # password management
+    keepassxc # password management
    rage # secrets management

    # apps
-    # vlc
-    # strawberry
-    # picard # tag music tracks
-    # firefox-wayland
+    vlc
+    strawberry
+    picard # tag music tracks
+    firefox-wayland
    # soulseekqt
    # appimage-run # for soulseek-qt

@ -29,18 +29,18 @@
    # nheko

    # utilities
-    # youtube-dl
-    # qbittorrent
-    # digikam
-    # okular
-    # kcalc
-    # ark # munging archives
-    # unrar # So ark can open .rar files
-    # spectacle
-    # gwenview
-    # kate
+    youtube-dl
+    qbittorrent
+    digikam
+    okular
+    kcalc
+    ark # munging archives
+    unrar # So ark can open .rar files
+    spectacle
+    gwenview
+    kate

-    # libreoffice # thoroughly average grown up stuff
+    libreoffice # thoroughly average grown up stuff

    hugo
    qpdf
--- a/modules/plasma-desktop.nix
+++ b/modules/plasma-desktop.nix
@ -17,18 +17,10 @@
      desktopManager.plasma5 = {
        enable = true;
        runUsingSystemd = true;
-        # Enable experimental option to adjust brigheness of external monitor
-        # Might not work for all external displays, remove if problematic
-        # Not necessary for internal monitor
-        # Disabled for now because it is experimental. When external monitor is connected,
-        # there is no straightforward way to change brightness of built-in laptop screen
-        supportDDC = false;
      };
      # Enable touchpad support.
      libinput.enable = true;
    };
-    # Enable tlp for power/battery management
-    tlp.enable = true;
    fwupd = {
      enable = true;
      package = pkgs.fwupd;