update: viridian+fuchsia configuration

2024-08-11 16:15:30 +08:00 · 2024-08-11 16:15:30 +08:00 · 71639ed7ef
commit 71639ed7ef
parent 802e1c5289
5 changed files with 92 additions and 65 deletions
--- a/nixos/viridian/configuration.nix
+++ b/nixos/viridian/configuration.nix
@ -1,29 +1,19 @@
-{pkgs, ...}: {
+{...}: {
  imports = [
+    # Global configuration for all our systems
    ../common/global
+    # Our user configuration and optional user units
    ../common/users/sajenim
    ../common/users/spectre
-
+    # Programs and services
+    ./programs
    ./services
    ./containers
+    # Setup our hardware
    ./hardware-configuration.nix
  ];

-  boot.kernel.sysctl = {
-    "net.ipv4.ip_unprivileged_port_start" = 0;
-  };
-
-  hardware.opengl = {
-    enable = true;
-    extraPackages = with pkgs; [
-      intel-media-driver
-      vaapiIntel
-      vaapiVdpau
-      libvdpau-va-gl
-      intel-compute-runtime
-    ];
-  };
-
+  # Networking configuration
  networking = {
    hostName = "viridian";
    networkmanager.enable = true;
@ -42,16 +32,12 @@
        80 # traefik     (HTTP)
        443 # traefik     (HTTPS)
        32372 # qbittorrent
-        51820 # Wireguard
        6600 # mpd
      ];
    };
  };

-  programs = {
-    zsh.enable = true;
-  };
-
+  # Use docker instead of podman for our containers.
  virtualisation.docker = {
    enable = true;
    liveRestore = false;
--- a/nixos/viridian/hardware-configuration.nix
+++ b/nixos/viridian/hardware-configuration.nix
@ -1,28 +1,54 @@
 {
  config,
  lib,
+  pkgs,
  ...
 }: let
  hostname = config.networking.hostName;
 in {
  imports = [
+    # Our ephemeral system. Wipe root on reboot.
    ../common/optional/ephemeral-btrfs.nix
  ];

+  # Boot configuration
  boot = {
+    # Initial ramdisk
    initrd = {
+      # The modules listed here are available in the initrd, but are only loaded on demand.
      availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+      # List of modules that are always loaded by the initrd.
      kernelModules = ["kvm-intel"];
    };
+
+    # Runtime parameters of the Linux kernel
+    kernel.sysctl = {
+      "net.ipv4.ip_unprivileged_port_start" = 0;
+    };
+
+    # Our boot loader configuration
    loader = {
-      systemd-boot.enable = true;
      efi = {
-        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
+        canTouchEfiVariables = true;
      };
+      systemd-boot.enable = true;
    };
  };

+  # Hardware configuration
+  hardware.opengl = {
+    enable = true;
+    extraPackages = with pkgs; [
+      intel-media-driver
+      vaapiIntel
+      vaapiVdpau
+      libvdpau-va-gl
+      intel-compute-runtime
+    ];
+  };
+
+  # Setup our filesystems
  fileSystems."/boot" = {
    device = "/dev/disk/by-label/ESP";
    fsType = "vfat";
--- a/nixos/viridian/programs/default.nix
+++ b/nixos/viridian/programs/default.nix
@ -0,0 +1,5 @@
+{...}: {
+  programs = {
+    zsh.enable = true;
+  };
+}