Template integration final touches
This commit is contained in:
parent
44af742046
commit
502407e3c1
|
|
@ -1,32 +0,0 @@
|
|||
on: [push]
|
||||
|
||||
jobs:
|
||||
# Source: https://github.com/isabelroses/dotfiles/tree/main/.github/workflows
|
||||
update-lockfile:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@main
|
||||
with:
|
||||
logger: pretty
|
||||
|
||||
# - name: Update Lockfile
|
||||
# uses: DeterminateSystems/update-flake-lock@main
|
||||
# id: update
|
||||
# with:
|
||||
# pr-title: "chore(deps): flake inputs"
|
||||
# commit-msg: "chore(deps): flake inputs"
|
||||
# token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
# build:
|
||||
# runs-on: nix
|
||||
# steps:
|
||||
# - run: nix-env -iA nixpkgs.nodejs_20
|
||||
# - uses: actions/checkout@v4
|
||||
# - run: nix --experimental-features 'nix-command flakes' flake update
|
||||
# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven
|
||||
# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda
|
||||
|
|
@ -12,7 +12,6 @@
|
|||
boot = {
|
||||
supportedFilesystems = [ "btrfs" ];
|
||||
kernelModules = [ "kvm-amd" ];
|
||||
extraModulePackages = [ ];
|
||||
|
||||
initrd = {
|
||||
supportedFilesystems = [ "btrfs" ];
|
||||
|
|
|
|||
|
|
@ -26,14 +26,39 @@ in
|
|||
# https://nixos.org/manual/nixpkgs/stable/#sec-allow-unfree
|
||||
allowUnfree = true;
|
||||
|
||||
apps = {
|
||||
development.enable = true;
|
||||
media.enable = true;
|
||||
office.enable = true;
|
||||
recording.enable = true;
|
||||
social.enable = true;
|
||||
writing = {
|
||||
enable = true;
|
||||
languagetool.enable = false;
|
||||
};
|
||||
};
|
||||
|
||||
# Enable Secure Boot support.
|
||||
# IMPORTANT: Read the README before enabling this option!
|
||||
bootloader.secureboot.enable = true;
|
||||
bootloader = {
|
||||
enable = true;
|
||||
secureboot.enable = true;
|
||||
tpm2.enable = true;
|
||||
};
|
||||
|
||||
# Change the default text editor. Options are "emacs", "nano", or "vim".
|
||||
editor = "nano";
|
||||
|
||||
ui.flatpak = {
|
||||
# Enable GPU support.
|
||||
gpu.intel.enable = true;
|
||||
|
||||
# Change how long old generations are kept for.
|
||||
retentionPeriod = "14d";
|
||||
|
||||
services.autoUpgrade.enable = false;
|
||||
|
||||
ui = {
|
||||
desktops.gnome.enable = true;
|
||||
flatpak = {
|
||||
# Enable Flatpak support.
|
||||
enable = true;
|
||||
|
||||
|
|
@ -46,16 +71,7 @@ in
|
|||
"org.keepassxc.KeePassXC"
|
||||
];
|
||||
};
|
||||
|
||||
# Change how long old generations are kept for.
|
||||
retentionPeriod = "14d";
|
||||
|
||||
# Enable GPU support.
|
||||
gpu.intel.enable = true;
|
||||
|
||||
ui.desktops.gnome.enable = true;
|
||||
|
||||
services.autoUpgrade.enable = false;
|
||||
};
|
||||
|
||||
users.aires = {
|
||||
enable = true;
|
||||
|
|
|
|||
|
|
@ -12,28 +12,30 @@
|
|||
|
||||
aux.system = {
|
||||
apps.tmux.enable = true;
|
||||
users.aires.enable = true;
|
||||
boot.enable = false;
|
||||
services.ssh = {
|
||||
boot = {
|
||||
enable = true;
|
||||
ports = [ config.secrets.hosts.haven.ssh.port ];
|
||||
secureboot.enable = false;
|
||||
};
|
||||
};
|
||||
|
||||
nix.distributedBuilds = true;
|
||||
|
||||
networking.hostName = "Pihole";
|
||||
time.timeZone = "America/New_York";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
packages = with pkgs; [
|
||||
libraspberrypi
|
||||
raspberrypifw
|
||||
raspberrypi-eeprom
|
||||
linuxKernel.kernels.linux_rpi4
|
||||
];
|
||||
services.ssh = {
|
||||
enable = true;
|
||||
ports = [ config.secrets.hosts.haven.ssh.port ];
|
||||
};
|
||||
users.aires.enable = true;
|
||||
};
|
||||
|
||||
nix.distributedBuilds = true;
|
||||
|
||||
time.timeZone = "America/New_York";
|
||||
|
||||
# Connect to the network automagically
|
||||
networking = {
|
||||
hostName = "Pihole";
|
||||
networkmanager.enable = lib.mkForce false;
|
||||
wireless.networks = {
|
||||
"${config.secrets.networking.networks.home.SSID}" = {
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ in
|
|||
};
|
||||
gpu.amd.enable = true;
|
||||
packages = with pkgs; [ boinc ];
|
||||
retentionPeriod = "7d";
|
||||
services.autoUpgrade = {
|
||||
enable = true;
|
||||
configDir = config.secrets.nixConfigFolder;
|
||||
|
|
|
|||
|
|
@ -16,12 +16,6 @@
|
|||
|
||||
# Hardware defaults detected by nixos-generate-configuration
|
||||
initrd = {
|
||||
# SystemD in the initrd is required for TPM auto-unlocking.
|
||||
# See https://discourse.nixos.org/t/full-disk-encryption-tpm2/29454/2
|
||||
# If the LUKS volume is recently created, run this command to bind it to the TPM:
|
||||
# sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/<device>
|
||||
systemd.enable = true;
|
||||
|
||||
availableKernelModules = [
|
||||
"nvme"
|
||||
"xhci_pci"
|
||||
|
|
|
|||
|
|
@ -16,7 +16,6 @@ let
|
|||
|
||||
# Search all files and folders within and below the current directory.
|
||||
# Filters out directories that belong to home-manager, and don't end with .nix or are this file.
|
||||
# Also, make the strings absolute
|
||||
validFiles =
|
||||
dir:
|
||||
map (file: ./. + "/${file}") (
|
||||
|
|
|
|||
Loading…
Reference in a new issue