Basic secureboot and khas (laptop) config
parent
3f1548eb17
commit
e5529fbc37
82
flake.lock
82
flake.lock
|
@ -7,11 +7,11 @@
|
|||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694793763,
|
||||
"narHash": "sha256-y6gTE1C9mIoSkymRYyzCmv62PFgy+hbZ5j8fuiQK5KI=",
|
||||
"lastModified": 1696767924,
|
||||
"narHash": "sha256-NHw92vrUAZXbtow2iiQsbfwXcDhSElYovXgw9ISocdw=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "572baca9b0c592f71982fca0790db4ce311e3c75",
|
||||
"rev": "e2f339274d806014a6bbf29f643a71da847fa1d6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -23,11 +23,11 @@
|
|||
"base16-schemes": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1680729003,
|
||||
"narHash": "sha256-M9LHTL24/W4oqgbYRkz0B2qpNrkefTs98pfj3MxIXnU=",
|
||||
"lastModified": 1689473676,
|
||||
"narHash": "sha256-L0RhUr9+W5EPWBpLcmkKpUeCEWRs/kLzVMF3Vao2ZU0=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-schemes",
|
||||
"rev": "dc048afa066287a719ddbab62b3e19e4b5110cf0",
|
||||
"rev": "d95123ca6377cd849cfdce92c0a24406b0c6a789",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -36,6 +36,27 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"bootspec-secureboot": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1690452988,
|
||||
"narHash": "sha256-E2Ons6JxrThaHq1SYJKvddeoANiqmjgKEpPiT9tuPQI=",
|
||||
"owner": "DeterminateSystems",
|
||||
"repo": "bootspec-secureboot",
|
||||
"rev": "cff36b9eff8b4cc4abe77c87ad2eedb9919b6cd5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "DeterminateSystems",
|
||||
"ref": "main",
|
||||
"repo": "bootspec-secureboot",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"deploy-rs": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
|
@ -43,11 +64,11 @@
|
|||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694513707,
|
||||
"narHash": "sha256-wE5kHco3+FQjc+MwTPwLVqYz4hM7uno2CgXDXUFMCpc=",
|
||||
"lastModified": 1695052866,
|
||||
"narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"rev": "31c32fb2959103a796e07bbe47e0a5e287c343a8",
|
||||
"rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -98,11 +119,11 @@
|
|||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694643239,
|
||||
"narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=",
|
||||
"lastModified": 1696737557,
|
||||
"narHash": "sha256-YD/pjDjj/BNmisEvRdM/vspkCU3xyyeGVAUWhvVSi5Y=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "d9b88b43524db1591fb3d9410a21428198d75d49",
|
||||
"rev": "3c1d8758ac3f55ab96dcaf4d271c39da4b6e836d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -117,11 +138,11 @@
|
|||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682108218,
|
||||
"narHash": "sha256-tMr7BbxualFQlN+XopS8rMMgf2XR9ZfRuwIZtjsWmfI=",
|
||||
"lastModified": 1695388192,
|
||||
"narHash": "sha256-2jelpE7xK+4M7jZNyWL7QYOYegQLYBDQS5bvdo8XRUQ=",
|
||||
"owner": "misterio77",
|
||||
"repo": "nix-colors",
|
||||
"rev": "b92df8f5eb1fa20d8e09810c03c9dc0d94ef2820",
|
||||
"rev": "37227f274b34a3b51649166deb94ce7fec2c6a4c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -155,11 +176,11 @@
|
|||
"nixpkgs": "nixpkgs_5"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694921880,
|
||||
"narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=",
|
||||
"lastModified": 1696736548,
|
||||
"narHash": "sha256-Dg0gJ9xVXud55sAbXspMapFYZOpVAldQQo7MFp91Vb0=",
|
||||
"owner": "Mic92",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2",
|
||||
"rev": "2902dc66f64f733bfb45754e984e958e9fe7faf9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -186,11 +207,11 @@
|
|||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1680397293,
|
||||
"narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=",
|
||||
"lastModified": 1694911725,
|
||||
"narHash": "sha256-8YqI+YU1DGclEjHsnrrGfqsQg3Wyga1DfTbJrN3Ud0c=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a",
|
||||
"rev": "819180647f428a3826bfc917a54449da1e532ce0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -217,11 +238,11 @@
|
|||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1694422566,
|
||||
"narHash": "sha256-lHJ+A9esOz9vln/3CJG23FV6Wd2OoOFbDeEs4cMGMqc=",
|
||||
"lastModified": 1696604326,
|
||||
"narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "3a2786eea085f040a66ecde1bc3ddc7099f6dbeb",
|
||||
"rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -249,11 +270,11 @@
|
|||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1694767346,
|
||||
"narHash": "sha256-5uH27SiVFUwsTsqC5rs3kS7pBoNhtoy9QfTP9BmknGk=",
|
||||
"lastModified": 1696604326,
|
||||
"narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ace5093e36ab1e95cb9463863491bee90d5a4183",
|
||||
"rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -265,11 +286,11 @@
|
|||
},
|
||||
"nixpkgs_6": {
|
||||
"locked": {
|
||||
"lastModified": 1694978972,
|
||||
"narHash": "sha256-DkVh+UNzPvd7x2r/FO3Q59Pj30vEiWu57nvpJkzbpiU=",
|
||||
"lastModified": 1696604326,
|
||||
"narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=",
|
||||
"owner": "arachnist",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d6e32b32aa4d891b580e3367509da2d3949df006",
|
||||
"rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -314,6 +335,7 @@
|
|||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"bootspec-secureboot": "bootspec-secureboot",
|
||||
"deploy-rs": "deploy-rs",
|
||||
"home-manager": "home-manager_2",
|
||||
"nix-colors": "nix-colors",
|
||||
|
|
66
flake.nix
66
flake.nix
|
@ -3,6 +3,10 @@
|
|||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:arachnist/nixpkgs/ar-patchset-unstable";
|
||||
bootspec-secureboot = {
|
||||
url = "github:DeterminateSystems/bootspec-secureboot/main";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
home-manager.url = "github:nix-community/home-manager";
|
||||
nix-colors.url = "github:misterio77/nix-colors";
|
||||
nix-formatter-pack.url = "github:Gerschtli/nix-formatter-pack";
|
||||
|
@ -14,8 +18,8 @@
|
|||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nix-formatter-pack, nix-index-database, deploy-rs
|
||||
, agenix, ... }:
|
||||
outputs = { self, nixpkgs, bootspec-secureboot, nix-formatter-pack
|
||||
, nix-index-database, deploy-rs, agenix, ... }:
|
||||
let forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ];
|
||||
in {
|
||||
# forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt);
|
||||
|
@ -36,13 +40,63 @@
|
|||
};
|
||||
});
|
||||
|
||||
nixosConfigurations = {
|
||||
nixosModules = with self.nixosModules; {
|
||||
nibylandia-boot.imports = [ ./modules/boot.nix ];
|
||||
|
||||
nibylandia-secureboot.imports = [
|
||||
bootspec-secureboot.nixosModules.bootspec-secureboot
|
||||
|
||||
({ config, lib, ... }: {
|
||||
age.secrets = {
|
||||
secureboot-cert.file = ./secrets/secureboot-cert.age;
|
||||
secureboot-key.file = ./secrets/secureboot-key.age;
|
||||
};
|
||||
|
||||
boot.loader.secureboot = {
|
||||
enable = true;
|
||||
signingKeyPath = "${config.age.secrets.secureboot-key.path}";
|
||||
signingCertPath = "${config.age.secrets.secureboot-cert.path}";
|
||||
};
|
||||
nibylandia-boot.uefi.enable = lib.mkForce false;
|
||||
})
|
||||
];
|
||||
|
||||
nibylandia-common.imports = [
|
||||
nix-index-database.nixosModules.nix-index
|
||||
agenix.nixosModules.default
|
||||
|
||||
nibylandia-boot
|
||||
|
||||
./modules/common.nix
|
||||
];
|
||||
|
||||
nibylandia-graphical.imports = [
|
||||
nibylandia-common
|
||||
|
||||
./modules/graphical.nix
|
||||
];
|
||||
|
||||
nibylandia-laptop.imports = [ ./modules/laptop.nix ];
|
||||
};
|
||||
|
||||
nixosConfigurations = with self.nixosModules; {
|
||||
scylla = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
nix-index-database.nixosModules.nix-index
|
||||
agenix.nixosModules.default
|
||||
./nixos/scylla/configuration.nix
|
||||
nibylandia-common
|
||||
|
||||
./nixos/scylla
|
||||
];
|
||||
};
|
||||
|
||||
khas = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
nibylandia-graphical
|
||||
nibylandia-laptop
|
||||
nibylandia-secureboot
|
||||
|
||||
./nixos/khas
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let cfg = config.nibylandia-boot;
|
||||
in {
|
||||
options.nibylandia-boot = {
|
||||
uefi.enable = lib.mkEnableOption "Boot via UEFI";
|
||||
ryzen.enable = lib.mkEnableOption "Enable AMD Ryzen-specific options";
|
||||
};
|
||||
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf cfg.uefi.enable {
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
})
|
||||
(lib.mkIf cfg.ryzen.enable {
|
||||
boot = {
|
||||
extraModulePackages = with config.boot.kernelPackages; [ zenpower ];
|
||||
blacklistedKernelModules = [ "k10temp" ];
|
||||
kernelModules = [ "zenpower" "kvm-amd" ];
|
||||
};
|
||||
})
|
||||
{ boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; }
|
||||
];
|
||||
}
|
|
@ -0,0 +1,86 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
config = {
|
||||
programs.command-not-found.enable = false;
|
||||
system.stateVersion = "23.11";
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
settings.PasswordAuthentication = false;
|
||||
};
|
||||
programs = {
|
||||
mtr.enable = true;
|
||||
neovim = {
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
viAlias = true;
|
||||
vimAlias = true;
|
||||
};
|
||||
zsh = {
|
||||
enable = true;
|
||||
enableBashCompletion = true;
|
||||
autosuggestions.enable = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
ohMyZsh.enable = true;
|
||||
};
|
||||
tmux = {
|
||||
enable = true;
|
||||
terminal = "screen256-color";
|
||||
clock24 = true;
|
||||
};
|
||||
bash.enableCompletion = true;
|
||||
mosh.enable = true;
|
||||
};
|
||||
|
||||
nix = {
|
||||
package = pkgs.nixUnstable;
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
nixpkgs.config.allowBroken = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
deploy-rs
|
||||
file
|
||||
git
|
||||
go
|
||||
libarchive
|
||||
lm_sensors
|
||||
lshw
|
||||
lsof
|
||||
pciutils
|
||||
pry
|
||||
pv
|
||||
strace
|
||||
usbutils
|
||||
wget
|
||||
zip
|
||||
config.boot.kernelPackages.perf
|
||||
age
|
||||
sshfs
|
||||
dig
|
||||
dstat
|
||||
htop
|
||||
iperf
|
||||
whois
|
||||
xxd
|
||||
tcpdump
|
||||
traceroute
|
||||
age
|
||||
cfssl
|
||||
gomuks
|
||||
];
|
||||
|
||||
documentation = {
|
||||
man.enable = true;
|
||||
doc.enable = true;
|
||||
dev.enable = true;
|
||||
info.enable = true;
|
||||
nixos.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,194 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
boot = {
|
||||
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
|
||||
extraModprobeConfig = ''
|
||||
options v4l2loopback devices=4 exclusive_caps=1
|
||||
'';
|
||||
kernel.sysctl = { "vm.swappiness" = 160; };
|
||||
};
|
||||
|
||||
zramSwap.enable = true;
|
||||
|
||||
sound.enable = true;
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa = {
|
||||
enable = true;
|
||||
support32Bit = true;
|
||||
};
|
||||
jack.enable = true;
|
||||
pulse.enable = true;
|
||||
};
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
networking.networkmanager.wifi.backend = "wpa_supplicant";
|
||||
hardware.glasgow.enable = true;
|
||||
hardware.nitrokey.enable = true;
|
||||
hardware.steam-hardware.enable = true;
|
||||
hardware.bluetooth = {
|
||||
enable = true;
|
||||
package = pkgs.bluez;
|
||||
};
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
desktopManager.plasma5 = {
|
||||
enable = true;
|
||||
runUsingSystemd = true;
|
||||
};
|
||||
displayManager = {
|
||||
sddm = {
|
||||
enable = true;
|
||||
wayland.enable = true;
|
||||
settings.Wayland.SessionDir =
|
||||
"/run/current-system/sw/share/wayland-sessions";
|
||||
settings.X11.SessionDir = lib.mkForce "";
|
||||
};
|
||||
defaultSession = "plasmawayland";
|
||||
};
|
||||
|
||||
layout = "pl";
|
||||
xkbOptions = "ctrl:nocaps";
|
||||
libinput.enable = true;
|
||||
};
|
||||
|
||||
fonts = {
|
||||
enableDefaultPackages = true;
|
||||
packages = with pkgs; [
|
||||
nerdfonts
|
||||
terminus_font
|
||||
terminus_font_ttf
|
||||
noto-fonts-cjk
|
||||
noto-fonts-emoji
|
||||
noto-fonts-emoji-blob-bin
|
||||
joypixels
|
||||
twemoji-color-font
|
||||
carlito
|
||||
meslo-lgs-nf
|
||||
fira-code
|
||||
fira-code-symbols
|
||||
];
|
||||
};
|
||||
|
||||
i18n.inputMethod = {
|
||||
enabled = "ibus";
|
||||
ibus.engines = with pkgs.ibus-engines; [ uniemoji ];
|
||||
};
|
||||
|
||||
services.printing = {
|
||||
enable = true;
|
||||
drivers = with pkgs; [ cups-dymo ];
|
||||
};
|
||||
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
nssmdns = true;
|
||||
};
|
||||
|
||||
services.flatpak.enable = true;
|
||||
|
||||
programs = {
|
||||
gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
adb.enable = true;
|
||||
fuse.userAllowOther = true;
|
||||
dconf.enable = true;
|
||||
mosh.enable = true;
|
||||
kdeconnect.enable = true;
|
||||
sway.enable = true;
|
||||
hyprland.enable = true;
|
||||
};
|
||||
|
||||
nixpkgs.config = {
|
||||
firefox = {
|
||||
enablePlasmaBrowserIntegration = true;
|
||||
enableBrowserpass = true;
|
||||
};
|
||||
joypixels.acceptLicense = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
chromium
|
||||
electrum
|
||||
ffmpeg-full
|
||||
firefox
|
||||
imagemagick
|
||||
inkscape
|
||||
kate
|
||||
keybase-gui
|
||||
kolourpaint
|
||||
nixfmt
|
||||
okular
|
||||
paprefs
|
||||
pavucontrol
|
||||
(signal-desktop.overrideAttrs (old: {
|
||||
preFixup = (old.preFixup or "")
|
||||
+ " gappsWrapperArgs+=(\n --add-flags --use-tray-icon\n )\n";
|
||||
}))
|
||||
solvespace
|
||||
spotify
|
||||
youtube-dl
|
||||
morph
|
||||
mpv
|
||||
gphoto2
|
||||
minicom
|
||||
maim
|
||||
thunderbird
|
||||
feh
|
||||
virt-manager
|
||||
cura
|
||||
ncdu
|
||||
nixos-option
|
||||
yt-dlp
|
||||
lsix
|
||||
element-desktop
|
||||
oneko
|
||||
cinny-desktop
|
||||
vagrant
|
||||
vokoscreen-ng
|
||||
appimage-run
|
||||
protonup-ng
|
||||
scrcpy
|
||||
krita
|
||||
vlc
|
||||
# mastodon-update-script
|
||||
libreoffice-qt
|
||||
tokodon
|
||||
|
||||
glasgow
|
||||
freecad
|
||||
|
||||
(vscode-with-extensions.override {
|
||||
vscodeExtensions = with vscode-extensions; [
|
||||
bbenoist.nix
|
||||
bierner.emojisense
|
||||
bierner.markdown-checkbox
|
||||
bierner.markdown-emoji
|
||||
bodil.file-browser
|
||||
golang.go
|
||||
ms-vscode.cpptools
|
||||
ms-vscode.cmake-tools
|
||||
ms-vscode.anycode
|
||||
ms-toolsai.jupyter
|
||||
ms-toolsai.jupyter-renderers
|
||||
ms-vscode.makefile-tools
|
||||
redhat.vscode-yaml
|
||||
rust-lang.rust-analyzer
|
||||
shardulm94.trailing-spaces
|
||||
arrterian.nix-env-selector
|
||||
jnoortheen.nix-ide
|
||||
];
|
||||
})
|
||||
|
||||
prusa-slicer
|
||||
];
|
||||
}
|
|
@ -0,0 +1,20 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
services.power-profiles-daemon.enable = true;
|
||||
services.upower.enable = true;
|
||||
powerManagement = {
|
||||
enable = true;
|
||||
powertop.enable = true;
|
||||
cpuFreqGovernor = "ondemand";
|
||||
};
|
||||
programs.light.enable = true;
|
||||
services.fwupd.enable = true;
|
||||
services.fwupd.extraRemotes = [ "lvfs-testing" "vendor" "vendor-directory" ];
|
||||
services.fwupd.daemonSettings.OnlyTrusted = false;
|
||||
#services.fwupd.package = (pkgs.fwupd.overrideAttrs (oldAttrs: {
|
||||
# patches = (oldAttrs.patches or []) ++ [
|
||||
# ./disable-secureboot-checks.patch
|
||||
# ];
|
||||
#}));
|
||||
}
|
|
@ -0,0 +1,11 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
nibylandia-boot.ryzen.enable = true;
|
||||
|
||||
virtualisation.docker = { enable = true; };
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8000 8080 ];
|
||||
}
|
|
@ -0,0 +1,83 @@
|
|||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
# imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "nvme" "ehci_pci" "xhci_pci" "rtsx_pci_sdmmc" ];
|
||||
|
||||
boot.initrd.luks.devices."nixos".device =
|
||||
"/dev/disk/by-uuid/f676b705-5ae7-4f71-abf9-b1aac0ac2363";
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/1FA4-9D1F";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "none";
|
||||
fsType = "tmpfs";
|
||||
options = [ "defaults" "size=8G" "mode=755" ];
|
||||
};
|
||||
|
||||
fileSystems."/tmp" = {
|
||||
device = "/dev/disk/by-uuid/364a4679-1512-4b57-9f31-a4dc4fd192b1";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=tmp" ];
|
||||
};
|
||||
|
||||
fileSystems."/nix" = {
|
||||
device = "/dev/disk/by-uuid/364a4679-1512-4b57-9f31-a4dc4fd192b1";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=nix" ];
|
||||
};
|
||||
|
||||
fileSystems."/home" = {
|
||||
device = "/dev/disk/by-uuid/364a4679-1512-4b57-9f31-a4dc4fd192b1";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=home" ];
|
||||
};
|
||||
|
||||
fileSystems."/etc/NetworkManager" = {
|
||||
device = "/dev/disk/by-uuid/364a4679-1512-4b57-9f31-a4dc4fd192b1";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=etc_NetworkManager" ];
|
||||
};
|
||||
|
||||
fileSystems."/var/log" = {
|
||||
device = "/dev/disk/by-uuid/364a4679-1512-4b57-9f31-a4dc4fd192b1";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=var_log" ];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/NetworkManager" = {
|
||||
device = "/dev/disk/by-uuid/364a4679-1512-4b57-9f31-a4dc4fd192b1";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=var_lib_NetworkManager" ];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/bluetooth" = {
|
||||
device = "/dev/disk/by-uuid/364a4679-1512-4b57-9f31-a4dc4fd192b1";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=var_lib_bluetooth" ];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/libvirt" = {
|
||||
device = "/dev/disk/by-uuid/364a4679-1512-4b57-9f31-a4dc4fd192b1";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=var_lib_libvirt" ];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/flatpak" = {
|
||||
device = "/dev/disk/by-uuid/364a4679-1512-4b57-9f31-a4dc4fd192b1";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=var_lib_flatpak" ];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/tpm" = {
|
||||
device = "/dev/disk/by-uuid/364a4679-1512-4b57-9f31-a4dc4fd192b1";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=var_lib_tpm" ];
|
||||
};
|
||||
|
||||
}
|
|
@ -22,8 +22,7 @@ let
|
|||
in {
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
nibylandia-boot.uefi.enable = true;
|
||||
|
||||
boot = {
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
@ -408,7 +407,9 @@ in {
|
|||
checkConfig = false;
|
||||
config = builtins.readFile ./bird/bird2.conf;
|
||||
};
|
||||
environment.etc."bird/peers/w1kl4s.conf" = { source = ./bird/peers_w1kl4s.conf; };
|
||||
environment.etc."bird/peers/w1kl4s.conf" = {
|
||||
source = ./bird/peers_w1kl4s.conf;
|
||||
};
|
||||
systemd.timers.dn42-roa = {
|
||||
description = "Trigger a ROA table update";
|
||||
|
||||
|
@ -466,36 +467,8 @@ in {
|
|||
config.boot.kernelPackages.perf
|
||||
];
|
||||
|
||||
programs = {
|
||||
mtr.enable = true;
|
||||
mosh.enable = true;
|
||||
neovim = {
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
viAlias = true;
|
||||
vimAlias = true;
|
||||
};
|
||||
zsh = {
|
||||
enable = true;
|
||||
enableBashCompletion = true;
|
||||
autosuggestions.enable = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
};
|
||||
command-not-found.enable = false;
|
||||
};
|
||||
|
||||
nix = {
|
||||
package = pkgs.nixUnstable;
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
};
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfIRe1nH6vwjQTjqHNnkKAdr1VYqGEeQnqInmf3A6UN ar@khas"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6rEwERSm/Fj4KO4SxFIo0BUvi9YNyf8PSL1FteMcMt arachnist@monolith"
|
||||
];
|
||||
|
||||
services.openssh.enable = true;
|
||||
system.stateVersion = "23.11";
|
||||
}
|
|
@ -7,12 +7,16 @@ let
|
|||
|
||||
scylla =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1X7EaPNfLhWH32IAyaZj2dhJz+QLnyGuXPCZUYRTjg";
|
||||
khas =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6VxPqJHYKmVB5d7bd6vuRqBNKXV1fo2R/WvdSF77xa";
|
||||
zorigami =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/7CsIWlJH2F0VQpgsGgZOQeAd7Zh98WpCvmTyXCTty";
|
||||
stereolith =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVuDOcKE8ANKGjd6kfFH1qLLzLwg91o0exJ0isIEw4O";
|
||||
in {
|
||||
|
||||
"secrets/secureboot-key.age".publicKeys = ar ++ [ khas ];
|
||||
"secrets/secureboot-cert.age".publicKeys = ar ++ [ khas ];
|
||||
"secrets/wg/nibylandia_scylla.age".publicKeys = ar ++ [ scylla ];
|
||||
"secrets/wg/dn42_w1kl4s_scylla.age".publicKeys = ar ++ [ scylla ];
|
||||
"secrets/lan/nibylandia-ddns-kea.age".publicKeys = ar ++ [ scylla ];
|
||||
|
|
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue