This is the configuration for my work notebook. Similarly to my home desktop, it is named after a ship in the tv show, Expanse.
nixosModules.tachi = {
networking.hostName = "tachi";
imports = [
<<tachi-modules>>
];
};
nixosConfigurations.tachi = self.lib.mkNixOS {
modules = [ self.nixosModules.tachi ];
};Hardware configuration generated using nixos-generate-config:
(let ((out (shell-command-to-string
(concat "2>/dev/null "
"nixos-generate-config --no-filesystems --show-hardware-config"
"| nixfmt"))))
(concat "#+caption: hosts/tachi/hardware-configuration.nix\n"
"#+begin_src nix :mkdirp yes :tangle out/hosts/tachi/hardware-configuration.nix\n"
out
"#+end_src")){
disko.devices = {
disk = {
nvme = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypt-root";
extraOpenArgs = [ "--allow-discards" ];
content = {
type = "lvm_pv";
vg = "mainpool";
};
};
};
};
};
};
};
lvm_vg = {
mainpool = {
type = "lvm_vg";
lvs = {
thinpool = {
size = "128G";
lvm_type = "thin-pool";
};
swap = {
size = "48G";
content = {
type = "swap";
};
};
root = {
size = "64G";
lvm_type = "thinlv";
pool = "thinpool";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/";
mountOptions = [ "defaults" ];
postCreateHook = "lvcreate -s mainpool/root --name root-blank";
};
};
nix = {
size = "128G";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/nix";
mountOptions = [ "defaults" ];
};
};
persist = {
size = "512G";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/persist";
mountOptions = [ "defaults" ];
};
};
};
};
};
};
}./hosts/tachi/disko-config.nix{
lib,
pkgs,
config,
...
}:
{
boot.initrd.systemd = {
enable = true;
emergencyAccess = true;
services.revert-root = {
after = [
"cryptsetup.target"
"systemd-udev-settle.service"
"systemd-modules-load.service"
];
wants = ["systemd-udev-settle.service"];
before = [
"sysroot.mount"
];
wantedBy = [ "initrd.target" ];
path = with pkgs; [
lvm2
];
unitConfig = {
DefaultDependencies = "no";
ConditionKernelCommandLine = [ "!no_rollback" ];
};
serviceConfig.Type = "oneshot";
script = ''
lvconvert --mergethin mainpool/root-blank || true
lvcreate -s mainpool/root --name root-blank
'';
};
services.create-needed-for-boot-dirs = {
after = lib.mkForce [ "revert-root.service" ];
};
};
}{
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
}{
networking.networkmanager.enable = true;
hardware.enableRedistributableFirmware = true; # wifi
_.persist.directories = [ "/etc/NetworkManager/system-connections" ];
}{
boot.tmp = {
useTmpfs = true;
tmpfsSize = "100%";
};
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
system.stateVersion = "24.11";
home-manager.sharedModules = [
<<tachi-home-manager-modules>>
];
}I need docker with access to git contexts through SSH:
{ pkgs, ... }:
{
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
extraPackages = [ pkgs.openssh ];
};
environment.systemPackages = with pkgs; [
docker-compose
];
services.printing.enable = true;
_.persist.directories = ["/var/lib/docker"];
_.persist.users.vlaci.files = [ ".docker/config.json" ];
}Also, Slack:
{ pkgs, ... }:
{
home.packages = with pkgs; [
slack
];
programs.foot.enable = true;
}{
_.persist.users.vlaci.directories = [ ".config/slack" ];
}{ pkgs, ... }:
{
home.packages = with pkgs; [
(vivaldi.overrideAttrs (super: {
postFixup =
(super.postFixup or "")
+ ''
substituteInPlace $out/share/applications/vivaldi-stable.desktop \
--replace "Exec=$out/bin/vivaldi" "Exec=$out/bin/vivaldi --ozone-platform-hint=auto" \
'';
}))
];
}{
_.persist.users.vlaci.directories = [ ".config/vivaldi" ".cache/vivaldi" ];
}{
hardware.brillo.enable = true;
}{
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
};
services.blueman.enable = true;
_.persist.directories = [ "/var/lib/bluetooth" ];
}