nixos-configs/nixosConfigurations/muede-lpt2/default.nix

{ self, ... }:
{
  imports = [
    ./hardware.nix
  ];

  config = {
    my = {
      # keep-sorted start
      intelGraphics.enable = true;
      muedeDesktopSettings.enable = true;
      podman.enable = true;
      secureBoot.enable = true;
      steam.enable = true;
      users.muede.enable = true;
      wineGaming.enable = true;
      # keep-sorted end
    };

    nix.settings.extra-platforms = [
      "aarch64-linux"
      "i686-linux"
    ];

    services.xserver.xkb = {
      # Configure keymap in X11
      layout = "de";
      variant = "";
    };

    # Configure console keymap
    console.keyMap = "de";

    users.users.muede.openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming"
    ];

    programs = {
      adb.enable = true;
      light = {
        enable = true;
        brightnessKeys = {
          enable = true;
          step = 5;
        };
      };
    };

    networking.firewall.allowedTCPPorts = [
      8776
      1337
    ];

    services.servicepoint-tanks = {
      enable = false;
      urls = [
        "http://localhost:5666"
        "http://localhost:5667"
      ];
    };
    nixpkgs.config.permittedInsecurePackages = [
      "mbedtls-2.28.10"
    ];

    boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

    containers.damocles = {
      autoStart = false;
      privateNetwork = false;
      path = self.nixosConfigurations.damocles.config.system.build.toplevel;
      bindMounts."/etc/nix/distributed-build-key" = {
        hostPath = "/etc/nix/distributed-build-key";
        isReadOnly = true;
      };
      bindMounts."/persist/damocles-ssh" = {
        hostPath = "/persist/damocles-ssh";
        isReadOnly = true;
      };
      bindMounts."/persist/damocles-lab" = {
        hostPath = "/persist/damocles-lab";
        isReadOnly = false;
      };
    };

    containers.damocles-lab = {
      autoStart = false;
      privateNetwork = false;
      path = self.nixosConfigurations.damocles-lab.config.system.build.toplevel;
      bindMounts."/etc/nix/distributed-build-key" = {
        hostPath = "/etc/nix/distributed-build-key";
        isReadOnly = true;
      };
      bindMounts."/workspace" = {
        hostPath = "/persist/damocles-lab";
        isReadOnly = false;
      };
      bindMounts."/persist/damocles-ssh" = {
        hostPath = "/persist/damocles-ssh";
        isReadOnly = true;
      };
    };

    # Global DefaultTimeoutStopSec is 10s (modern-desktop.nix), which kills systemd-nspawn
    # before it finishes halting, leaving cgroups busy and breaking restarts.
    systemd.services."container@damocles".serviceConfig = {
      TimeoutStopSec = "60s";
      # After a SIGKILL of nspawn, the kernel needs a moment to reap its cgroups.
      # Without this, the immediate restart attempt fails with "Device or resource busy".
      RestartSec = "5s";
    };

    systemd.services."container@damocles-lab".serviceConfig = {
      TimeoutStopSec = "60s";
      RestartSec = "5s";
    };

    boot.enableContainers = true;
    virtualisation.containers.enable = true;
  };
}
move more stuf out of flake.nix 2025-12-11 22:13:32 +01:00			`{ self, ... }:`
restructure flake, remove ona-book partially based on https://codeberg.org/kiara/cfg 2025-03-15 11:03:03 +01:00			`{`
			`imports = [`
default.nix for hosts 2025-09-14 13:09:37 +02:00			`./hardware.nix`
restructure flake, remove ona-book partially based on https://codeberg.org/kiara/cfg 2025-03-15 11:03:03 +01:00			`];`
merge default.nix and configuration.nix 2025-09-15 19:05:04 +02:00
			`config = {`
group options in my namespace 2026-05-03 16:33:56 +02:00			`my = {`
			`# keep-sorted start`
			`intelGraphics.enable = true;`
			`muedeDesktopSettings.enable = true;`
			`podman.enable = true;`
			`secureBoot.enable = true;`
			`steam.enable = true;`
			`users.muede.enable = true;`
			`wineGaming.enable = true;`
			`# keep-sorted end`
			`};`
refactor: import nixosModules unconditionally, add enable options 2026-05-01 22:39:21 +02:00
merge default.nix and configuration.nix 2025-09-15 19:05:04 +02:00			`nix.settings.extra-platforms = [`
			`"aarch64-linux"`
			`"i686-linux"`
			`];`

			`services.xserver.xkb = {`
			`# Configure keymap in X11`
			`layout = "de";`
			`variant = "";`
			`};`

			`# Configure console keymap`
			`console.keyMap = "de";`

user rename 2026-02-01 12:23:07 +01:00			`users.users.muede.openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming"`
merge default.nix and configuration.nix 2025-09-15 19:05:04 +02:00			`];`

			`programs = {`
			`adb.enable = true;`
			`light = {`
			`enable = true;`
			`brightnessKeys = {`
			`enable = true;`
			`step = 5;`
			`};`
			`};`
			`};`

			`networking.firewall.allowedTCPPorts = [`
			`8776`
			`1337`
			`];`
add servicepoint-tanks service 2025-10-12 15:16:44 +02:00
			`services.servicepoint-tanks = {`
disable servicepoint-tanks 2025-10-23 21:17:58 +02:00			`enable = false;`
add servicepoint-tanks service 2025-10-12 15:16:44 +02:00			`urls = [`
			`"http://localhost:5666"`
			`"http://localhost:5667"`
			`];`
			`};`
switch dotnet version for vscodium 2025-10-23 21:36:15 +02:00			`nixpkgs.config.permittedInsecurePackages = [`
			`"mbedtls-2.28.10"`
			`];`
generate pxvirt lxc template tar 2026-01-03 18:45:55 +01:00
			`boot.binfmt.emulatedSystems = [ "aarch64-linux" ];`
add damocles container 2026-04-10 11:49:11 +02:00
			`containers.damocles = {`
			`autoStart = false;`
			`privateNetwork = false;`
			`path = self.nixosConfigurations.damocles.config.system.build.toplevel;`
distributed builds - infra and lpt2 2026-05-01 21:17:51 +02:00			`bindMounts."/etc/nix/distributed-build-key" = {`
			`hostPath = "/etc/nix/distributed-build-key";`
			`isReadOnly = true;`
			`};`
add damocles-lab container 2026-04-29 21:38:40 +02:00			`bindMounts."/persist/damocles-ssh" = {`
			`hostPath = "/persist/damocles-ssh";`
			`isReadOnly = true;`
			`};`
			`bindMounts."/persist/damocles-lab" = {`
			`hostPath = "/persist/damocles-lab";`
			`isReadOnly = false;`
			`};`
			`};`

			`containers.damocles-lab = {`
			`autoStart = false;`
			`privateNetwork = false;`
			`path = self.nixosConfigurations.damocles-lab.config.system.build.toplevel;`
distributed builds - infra and lpt2 2026-05-01 21:17:51 +02:00			`bindMounts."/etc/nix/distributed-build-key" = {`
			`hostPath = "/etc/nix/distributed-build-key";`
			`isReadOnly = true;`
			`};`
add damocles-lab container 2026-04-29 21:38:40 +02:00			`bindMounts."/workspace" = {`
			`hostPath = "/persist/damocles-lab";`
			`isReadOnly = false;`
			`};`
			`bindMounts."/persist/damocles-ssh" = {`
			`hostPath = "/persist/damocles-ssh";`
			`isReadOnly = true;`
			`};`
add damocles container 2026-04-10 11:49:11 +02:00			`};`
nix fmt, explicit container enable 2026-04-12 21:39:52 +02:00
damocles: longer timeout to prevent namespace breakage 2026-04-17 12:39:45 +02:00			`# Global DefaultTimeoutStopSec is 10s (modern-desktop.nix), which kills systemd-nspawn`
			`# before it finishes halting, leaving cgroups busy and breaking restarts.`
fix damocles cgroup broken after sleep with network switch 2026-04-24 20:55:18 +02:00			`systemd.services."container@damocles".serviceConfig = {`
			`TimeoutStopSec = "60s";`
			`# After a SIGKILL of nspawn, the kernel needs a moment to reap its cgroups.`
			`# Without this, the immediate restart attempt fails with "Device or resource busy".`
			`RestartSec = "5s";`
			`};`
damocles: longer timeout to prevent namespace breakage 2026-04-17 12:39:45 +02:00
add damocles-lab container 2026-04-29 21:38:40 +02:00			`systemd.services."container@damocles-lab".serviceConfig = {`
			`TimeoutStopSec = "60s";`
			`RestartSec = "5s";`
			`};`

nix fmt, explicit container enable 2026-04-12 21:39:52 +02:00			`boot.enableContainers = true;`
			`virtualisation.containers.enable = true;`
merge default.nix and configuration.nix 2025-09-15 19:05:04 +02:00			`};`
restructure flake, remove ona-book partially based on https://codeberg.org/kiara/cfg 2025-03-15 11:03:03 +01:00			`}`