Template integration final touches
This commit is contained in:
parent
44af742046
commit
502407e3c1
|
@ -1,32 +0,0 @@
|
||||||
on: [push]
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
# Source: https://github.com/isabelroses/dotfiles/tree/main/.github/workflows
|
|
||||||
update-lockfile:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: Install Nix
|
|
||||||
uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
with:
|
|
||||||
logger: pretty
|
|
||||||
|
|
||||||
# - name: Update Lockfile
|
|
||||||
# uses: DeterminateSystems/update-flake-lock@main
|
|
||||||
# id: update
|
|
||||||
# with:
|
|
||||||
# pr-title: "chore(deps): flake inputs"
|
|
||||||
# commit-msg: "chore(deps): flake inputs"
|
|
||||||
# token: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
|
|
||||||
# build:
|
|
||||||
# runs-on: nix
|
|
||||||
# steps:
|
|
||||||
# - run: nix-env -iA nixpkgs.nodejs_20
|
|
||||||
# - uses: actions/checkout@v4
|
|
||||||
# - run: nix --experimental-features 'nix-command flakes' flake update
|
|
||||||
# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven
|
|
||||||
# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda
|
|
|
@ -12,7 +12,6 @@
|
||||||
boot = {
|
boot = {
|
||||||
supportedFilesystems = [ "btrfs" ];
|
supportedFilesystems = [ "btrfs" ];
|
||||||
kernelModules = [ "kvm-amd" ];
|
kernelModules = [ "kvm-amd" ];
|
||||||
extraModulePackages = [ ];
|
|
||||||
|
|
||||||
initrd = {
|
initrd = {
|
||||||
supportedFilesystems = [ "btrfs" ];
|
supportedFilesystems = [ "btrfs" ];
|
||||||
|
|
|
@ -26,14 +26,39 @@ in
|
||||||
# https://nixos.org/manual/nixpkgs/stable/#sec-allow-unfree
|
# https://nixos.org/manual/nixpkgs/stable/#sec-allow-unfree
|
||||||
allowUnfree = true;
|
allowUnfree = true;
|
||||||
|
|
||||||
|
apps = {
|
||||||
|
development.enable = true;
|
||||||
|
media.enable = true;
|
||||||
|
office.enable = true;
|
||||||
|
recording.enable = true;
|
||||||
|
social.enable = true;
|
||||||
|
writing = {
|
||||||
|
enable = true;
|
||||||
|
languagetool.enable = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Enable Secure Boot support.
|
# Enable Secure Boot support.
|
||||||
# IMPORTANT: Read the README before enabling this option!
|
bootloader = {
|
||||||
bootloader.secureboot.enable = true;
|
enable = true;
|
||||||
|
secureboot.enable = true;
|
||||||
|
tpm2.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
# Change the default text editor. Options are "emacs", "nano", or "vim".
|
# Change the default text editor. Options are "emacs", "nano", or "vim".
|
||||||
editor = "nano";
|
editor = "nano";
|
||||||
|
|
||||||
ui.flatpak = {
|
# Enable GPU support.
|
||||||
|
gpu.intel.enable = true;
|
||||||
|
|
||||||
|
# Change how long old generations are kept for.
|
||||||
|
retentionPeriod = "14d";
|
||||||
|
|
||||||
|
services.autoUpgrade.enable = false;
|
||||||
|
|
||||||
|
ui = {
|
||||||
|
desktops.gnome.enable = true;
|
||||||
|
flatpak = {
|
||||||
# Enable Flatpak support.
|
# Enable Flatpak support.
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
|
@ -46,16 +71,7 @@ in
|
||||||
"org.keepassxc.KeePassXC"
|
"org.keepassxc.KeePassXC"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
};
|
||||||
# Change how long old generations are kept for.
|
|
||||||
retentionPeriod = "14d";
|
|
||||||
|
|
||||||
# Enable GPU support.
|
|
||||||
gpu.intel.enable = true;
|
|
||||||
|
|
||||||
ui.desktops.gnome.enable = true;
|
|
||||||
|
|
||||||
services.autoUpgrade.enable = false;
|
|
||||||
|
|
||||||
users.aires = {
|
users.aires = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -12,28 +12,30 @@
|
||||||
|
|
||||||
aux.system = {
|
aux.system = {
|
||||||
apps.tmux.enable = true;
|
apps.tmux.enable = true;
|
||||||
users.aires.enable = true;
|
boot = {
|
||||||
boot.enable = false;
|
|
||||||
services.ssh = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
ports = [ config.secrets.hosts.haven.ssh.port ];
|
secureboot.enable = false;
|
||||||
};
|
};
|
||||||
};
|
packages = with pkgs; [
|
||||||
|
|
||||||
nix.distributedBuilds = true;
|
|
||||||
|
|
||||||
networking.hostName = "Pihole";
|
|
||||||
time.timeZone = "America/New_York";
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
libraspberrypi
|
libraspberrypi
|
||||||
raspberrypifw
|
raspberrypifw
|
||||||
raspberrypi-eeprom
|
raspberrypi-eeprom
|
||||||
linuxKernel.kernels.linux_rpi4
|
linuxKernel.kernels.linux_rpi4
|
||||||
];
|
];
|
||||||
|
services.ssh = {
|
||||||
|
enable = true;
|
||||||
|
ports = [ config.secrets.hosts.haven.ssh.port ];
|
||||||
|
};
|
||||||
|
users.aires.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
nix.distributedBuilds = true;
|
||||||
|
|
||||||
|
time.timeZone = "America/New_York";
|
||||||
|
|
||||||
# Connect to the network automagically
|
# Connect to the network automagically
|
||||||
networking = {
|
networking = {
|
||||||
|
hostName = "Pihole";
|
||||||
networkmanager.enable = lib.mkForce false;
|
networkmanager.enable = lib.mkForce false;
|
||||||
wireless.networks = {
|
wireless.networks = {
|
||||||
"${config.secrets.networking.networks.home.SSID}" = {
|
"${config.secrets.networking.networks.home.SSID}" = {
|
||||||
|
|
|
@ -44,6 +44,7 @@ in
|
||||||
};
|
};
|
||||||
gpu.amd.enable = true;
|
gpu.amd.enable = true;
|
||||||
packages = with pkgs; [ boinc ];
|
packages = with pkgs; [ boinc ];
|
||||||
|
retentionPeriod = "7d";
|
||||||
services.autoUpgrade = {
|
services.autoUpgrade = {
|
||||||
enable = true;
|
enable = true;
|
||||||
configDir = config.secrets.nixConfigFolder;
|
configDir = config.secrets.nixConfigFolder;
|
||||||
|
|
|
@ -16,12 +16,6 @@
|
||||||
|
|
||||||
# Hardware defaults detected by nixos-generate-configuration
|
# Hardware defaults detected by nixos-generate-configuration
|
||||||
initrd = {
|
initrd = {
|
||||||
# SystemD in the initrd is required for TPM auto-unlocking.
|
|
||||||
# See https://discourse.nixos.org/t/full-disk-encryption-tpm2/29454/2
|
|
||||||
# If the LUKS volume is recently created, run this command to bind it to the TPM:
|
|
||||||
# sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/<device>
|
|
||||||
systemd.enable = true;
|
|
||||||
|
|
||||||
availableKernelModules = [
|
availableKernelModules = [
|
||||||
"nvme"
|
"nvme"
|
||||||
"xhci_pci"
|
"xhci_pci"
|
||||||
|
|
|
@ -16,7 +16,6 @@ let
|
||||||
|
|
||||||
# Search all files and folders within and below the current directory.
|
# Search all files and folders within and below the current directory.
|
||||||
# Filters out directories that belong to home-manager, and don't end with .nix or are this file.
|
# Filters out directories that belong to home-manager, and don't end with .nix or are this file.
|
||||||
# Also, make the strings absolute
|
|
||||||
validFiles =
|
validFiles =
|
||||||
dir:
|
dir:
|
||||||
map (file: ./. + "/${file}") (
|
map (file: ./. + "/${file}") (
|
||||||
|
|
Loading…
Reference in a new issue