Compare commits
No commits in common. "502407e3c19d9aabd91f55427faa43bdec912c10" and "e158bfd27da0af14de6b422587c7ac3a17f4ae56" have entirely different histories.
502407e3c1
...
e158bfd27d
32
.forgejo/workflows/update.yaml
Normal file
32
.forgejo/workflows/update.yaml
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
on: [push]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
# Source: https://github.com/isabelroses/dotfiles/tree/main/.github/workflows
|
||||||
|
update-lockfile:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Install Nix
|
||||||
|
uses: DeterminateSystems/nix-installer-action@main
|
||||||
|
with:
|
||||||
|
logger: pretty
|
||||||
|
|
||||||
|
# - name: Update Lockfile
|
||||||
|
# uses: DeterminateSystems/update-flake-lock@main
|
||||||
|
# id: update
|
||||||
|
# with:
|
||||||
|
# pr-title: "chore(deps): flake inputs"
|
||||||
|
# commit-msg: "chore(deps): flake inputs"
|
||||||
|
# token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
|
# build:
|
||||||
|
# runs-on: nix
|
||||||
|
# steps:
|
||||||
|
# - run: nix-env -iA nixpkgs.nodejs_20
|
||||||
|
# - uses: actions/checkout@v4
|
||||||
|
# - run: nix --experimental-features 'nix-command flakes' flake update
|
||||||
|
# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven
|
||||||
|
# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda
|
47
hosts/Dimaga/default.nix
Normal file
47
hosts/Dimaga/default.nix
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [ ./hardware-configuration.nix ];
|
||||||
|
|
||||||
|
system.stateVersion = "24.05";
|
||||||
|
|
||||||
|
aux.system = {
|
||||||
|
role = "workstation";
|
||||||
|
apps = {
|
||||||
|
development.enable = true;
|
||||||
|
media.enable = true;
|
||||||
|
office.enable = true;
|
||||||
|
writing.enable = true;
|
||||||
|
};
|
||||||
|
ui = {
|
||||||
|
flatpak.enable = true;
|
||||||
|
gnome.enable = true;
|
||||||
|
};
|
||||||
|
users = {
|
||||||
|
aires = {
|
||||||
|
enable = true;
|
||||||
|
autologin = true;
|
||||||
|
services = {
|
||||||
|
syncthing = {
|
||||||
|
enable = true;
|
||||||
|
autostart = true;
|
||||||
|
enableTray = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
aux.system.services.autoUpgrade = {
|
||||||
|
enable = true;
|
||||||
|
configDir = config.secrets.nixConfigFolder;
|
||||||
|
onCalendar = "daily";
|
||||||
|
user = config.users.users.aires.name;
|
||||||
|
push = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Configure the virtual machine created by nixos-rebuild build-vm
|
||||||
|
virtualisation.vmVariant.virtualisation = {
|
||||||
|
memorySize = 2048;
|
||||||
|
cores = 2;
|
||||||
|
};
|
||||||
|
}
|
62
hosts/Dimaga/hardware-configuration.nix
Normal file
62
hosts/Dimaga/hardware-configuration.nix
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
# Surface Laptop Go 1st gen
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
initrd = {
|
||||||
|
availableKernelModules = [
|
||||||
|
"xhci_pci"
|
||||||
|
"nvme"
|
||||||
|
"usb_storage"
|
||||||
|
"usbhid"
|
||||||
|
"sd_mod"
|
||||||
|
];
|
||||||
|
kernelModules = [ ];
|
||||||
|
luks.devices."luks-5a91100b-8ed9-4090-b1d8-d8291000fe38".device = "/dev/disk/by-uuid/5a91100b-8ed9-4090-b1d8-d8291000fe38";
|
||||||
|
};
|
||||||
|
|
||||||
|
kernelModules = [ "kvm-intel" ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/disk/by-uuid/76d67291-5aed-4f2a-b71f-1c2871cefe24";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=@,compress=zstd,discard" ];
|
||||||
|
};
|
||||||
|
"/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/0C53-A645";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [
|
||||||
|
{
|
||||||
|
device = "/swapfile";
|
||||||
|
size = 4096;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
# Set the hostname.
|
||||||
|
hostName = "Dimaga";
|
||||||
|
};
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
|
@ -24,7 +24,6 @@ in
|
||||||
|
|
||||||
aux.system = {
|
aux.system = {
|
||||||
apps.tmux.enable = true;
|
apps.tmux.enable = true;
|
||||||
gpu.amd.enable = true;
|
|
||||||
packages = [ start-haven ];
|
packages = [ start-haven ];
|
||||||
services = {
|
services = {
|
||||||
acme = {
|
acme = {
|
||||||
|
|
|
@ -12,6 +12,7 @@
|
||||||
boot = {
|
boot = {
|
||||||
supportedFilesystems = [ "btrfs" ];
|
supportedFilesystems = [ "btrfs" ];
|
||||||
kernelModules = [ "kvm-amd" ];
|
kernelModules = [ "kvm-amd" ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
|
||||||
initrd = {
|
initrd = {
|
||||||
supportedFilesystems = [ "btrfs" ];
|
supportedFilesystems = [ "btrfs" ];
|
||||||
|
|
|
@ -26,53 +26,37 @@ in
|
||||||
# https://nixos.org/manual/nixpkgs/stable/#sec-allow-unfree
|
# https://nixos.org/manual/nixpkgs/stable/#sec-allow-unfree
|
||||||
allowUnfree = true;
|
allowUnfree = true;
|
||||||
|
|
||||||
apps = {
|
|
||||||
development.enable = true;
|
|
||||||
media.enable = true;
|
|
||||||
office.enable = true;
|
|
||||||
recording.enable = true;
|
|
||||||
social.enable = true;
|
|
||||||
writing = {
|
|
||||||
enable = true;
|
|
||||||
languagetool.enable = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Enable Secure Boot support.
|
# Enable Secure Boot support.
|
||||||
bootloader = {
|
# IMPORTANT: Read the README before enabling this option!
|
||||||
enable = true;
|
bootloader.secureboot.enable = true;
|
||||||
secureboot.enable = true;
|
|
||||||
tpm2.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Change the default text editor. Options are "emacs", "nano", or "vim".
|
# Change the default text editor. Options are "emacs", "nano", or "vim".
|
||||||
editor = "nano";
|
editor = "nano";
|
||||||
|
|
||||||
# Enable GPU support.
|
ui.flatpak = {
|
||||||
gpu.intel.enable = true;
|
# Enable Flatpak support.
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
# Define Flatpak packages to install.
|
||||||
|
packages = [
|
||||||
|
"com.github.tchx84.Flatseal"
|
||||||
|
"com.github.wwmm.easyeffects"
|
||||||
|
"md.obsidian.Obsidian"
|
||||||
|
"net.waterfox.waterfox"
|
||||||
|
"org.keepassxc.KeePassXC"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
# Change how long old generations are kept for.
|
# Change how long old generations are kept for.
|
||||||
retentionPeriod = "14d";
|
retentionPeriod = "14d";
|
||||||
|
|
||||||
|
# Enable GPU support.
|
||||||
|
gpu.intel.enable = true;
|
||||||
|
|
||||||
|
ui.desktops.gnome.enable = true;
|
||||||
|
|
||||||
services.autoUpgrade.enable = false;
|
services.autoUpgrade.enable = false;
|
||||||
|
|
||||||
ui = {
|
|
||||||
desktops.gnome.enable = true;
|
|
||||||
flatpak = {
|
|
||||||
# Enable Flatpak support.
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
# Define Flatpak packages to install.
|
|
||||||
packages = [
|
|
||||||
"com.github.tchx84.Flatseal"
|
|
||||||
"com.github.wwmm.easyeffects"
|
|
||||||
"md.obsidian.Obsidian"
|
|
||||||
"net.waterfox.waterfox"
|
|
||||||
"org.keepassxc.KeePassXC"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
users.aires = {
|
users.aires = {
|
||||||
enable = true;
|
enable = true;
|
||||||
services = {
|
services = {
|
||||||
|
|
|
@ -11,6 +11,9 @@
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd = {
|
initrd = {
|
||||||
|
# Enable systemd for TPM auto-unlocking
|
||||||
|
systemd.enable = true;
|
||||||
|
|
||||||
availableKernelModules = [
|
availableKernelModules = [
|
||||||
"surface_aggregator"
|
"surface_aggregator"
|
||||||
"surface_aggregator_registry"
|
"surface_aggregator_registry"
|
||||||
|
@ -20,6 +23,7 @@
|
||||||
"8250_dw"
|
"8250_dw"
|
||||||
"intel_lpss"
|
"intel_lpss"
|
||||||
"intel_lpss_pci"
|
"intel_lpss_pci"
|
||||||
|
"tpm_crb"
|
||||||
"xhci_pci"
|
"xhci_pci"
|
||||||
"thunderbolt"
|
"thunderbolt"
|
||||||
"nvme"
|
"nvme"
|
||||||
|
@ -29,6 +33,7 @@
|
||||||
"pinctrl_tigerlake"
|
"pinctrl_tigerlake"
|
||||||
];
|
];
|
||||||
kernelModules = [
|
kernelModules = [
|
||||||
|
"tpm_crb"
|
||||||
"surface_aggregator"
|
"surface_aggregator"
|
||||||
"surface_aggregator_registry"
|
"surface_aggregator_registry"
|
||||||
"surface_aggregator_hub"
|
"surface_aggregator_hub"
|
||||||
|
@ -55,6 +60,7 @@
|
||||||
|
|
||||||
kernelModules = [
|
kernelModules = [
|
||||||
"kvm-intel"
|
"kvm-intel"
|
||||||
|
"tpm_crb"
|
||||||
"surface_aggregator"
|
"surface_aggregator"
|
||||||
"surface_aggregator_registry"
|
"surface_aggregator_registry"
|
||||||
"surface_aggregator_hub"
|
"surface_aggregator_hub"
|
||||||
|
@ -67,6 +73,7 @@
|
||||||
"surface_kbd"
|
"surface_kbd"
|
||||||
"pinctrl_tigerlake"
|
"pinctrl_tigerlake"
|
||||||
];
|
];
|
||||||
|
extraModulePackages = [ ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems = {
|
fileSystems = {
|
||||||
|
@ -106,5 +113,5 @@
|
||||||
environment.systemPackages = with pkgs; [ libwacom-surface ];
|
environment.systemPackages = with pkgs; [ libwacom-surface ];
|
||||||
|
|
||||||
# NOTE: Use a default kernel to skip full kernel rebuilds
|
# NOTE: Use a default kernel to skip full kernel rebuilds
|
||||||
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,30 +12,28 @@
|
||||||
|
|
||||||
aux.system = {
|
aux.system = {
|
||||||
apps.tmux.enable = true;
|
apps.tmux.enable = true;
|
||||||
boot = {
|
users.aires.enable = true;
|
||||||
|
boot.enable = false;
|
||||||
|
services.ssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
secureboot.enable = false;
|
ports = [ config.secrets.hosts.haven.ssh.port ];
|
||||||
};
|
};
|
||||||
packages = with pkgs; [
|
};
|
||||||
|
|
||||||
|
nix.distributedBuilds = true;
|
||||||
|
|
||||||
|
networking.hostName = "Pihole";
|
||||||
|
time.timeZone = "America/New_York";
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
libraspberrypi
|
libraspberrypi
|
||||||
raspberrypifw
|
raspberrypifw
|
||||||
raspberrypi-eeprom
|
raspberrypi-eeprom
|
||||||
linuxKernel.kernels.linux_rpi4
|
linuxKernel.kernels.linux_rpi4
|
||||||
];
|
];
|
||||||
services.ssh = {
|
|
||||||
enable = true;
|
|
||||||
ports = [ config.secrets.hosts.haven.ssh.port ];
|
|
||||||
};
|
|
||||||
users.aires.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
nix.distributedBuilds = true;
|
|
||||||
|
|
||||||
time.timeZone = "America/New_York";
|
|
||||||
|
|
||||||
# Connect to the network automagically
|
# Connect to the network automagically
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "Pihole";
|
|
||||||
networkmanager.enable = lib.mkForce false;
|
networkmanager.enable = lib.mkForce false;
|
||||||
wireless.networks = {
|
wireless.networks = {
|
||||||
"${config.secrets.networking.networks.home.SSID}" = {
|
"${config.secrets.networking.networks.home.SSID}" = {
|
||||||
|
|
|
@ -42,9 +42,7 @@ in
|
||||||
languagetool.enable = true;
|
languagetool.enable = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
gpu.amd.enable = true;
|
packages = with pkgs; [boinc];
|
||||||
packages = with pkgs; [ boinc ];
|
|
||||||
retentionPeriod = "7d";
|
|
||||||
services.autoUpgrade = {
|
services.autoUpgrade = {
|
||||||
enable = true;
|
enable = true;
|
||||||
configDir = config.secrets.nixConfigFolder;
|
configDir = config.secrets.nixConfigFolder;
|
||||||
|
|
|
@ -16,6 +16,12 @@
|
||||||
|
|
||||||
# Hardware defaults detected by nixos-generate-configuration
|
# Hardware defaults detected by nixos-generate-configuration
|
||||||
initrd = {
|
initrd = {
|
||||||
|
# SystemD in the initrd is required for TPM auto-unlocking.
|
||||||
|
# See https://discourse.nixos.org/t/full-disk-encryption-tpm2/29454/2
|
||||||
|
# If the LUKS volume is recently created, run this command to bind it to the TPM:
|
||||||
|
# sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/<device>
|
||||||
|
systemd.enable = true;
|
||||||
|
|
||||||
availableKernelModules = [
|
availableKernelModules = [
|
||||||
"nvme"
|
"nvme"
|
||||||
"xhci_pci"
|
"xhci_pci"
|
||||||
|
@ -23,6 +29,11 @@
|
||||||
"usb_storage"
|
"usb_storage"
|
||||||
"sd_mod"
|
"sd_mod"
|
||||||
"rtsx_pci_sdmmc"
|
"rtsx_pci_sdmmc"
|
||||||
|
"tpm_crb"
|
||||||
|
];
|
||||||
|
kernelModules = [
|
||||||
|
"amdgpu"
|
||||||
|
"tpm_crb"
|
||||||
];
|
];
|
||||||
luks.devices."luks-bcf67e34-339e-40b9-8ffd-bec8f7f55248" = {
|
luks.devices."luks-bcf67e34-339e-40b9-8ffd-bec8f7f55248" = {
|
||||||
device = "/dev/disk/by-uuid/bcf67e34-339e-40b9-8ffd-bec8f7f55248";
|
device = "/dev/disk/by-uuid/bcf67e34-339e-40b9-8ffd-bec8f7f55248";
|
||||||
|
|
|
@ -16,6 +16,7 @@ let
|
||||||
|
|
||||||
# Search all files and folders within and below the current directory.
|
# Search all files and folders within and below the current directory.
|
||||||
# Filters out directories that belong to home-manager, and don't end with .nix or are this file.
|
# Filters out directories that belong to home-manager, and don't end with .nix or are this file.
|
||||||
|
# Also, make the strings absolute
|
||||||
validFiles =
|
validFiles =
|
||||||
dir:
|
dir:
|
||||||
map (file: ./. + "/${file}") (
|
map (file: ./. + "/${file}") (
|
||||||
|
|
|
@ -45,13 +45,6 @@ in
|
||||||
|
|
||||||
# Set up TPM if enabled. See https://nixos.wiki/wiki/TPM
|
# Set up TPM if enabled. See https://nixos.wiki/wiki/TPM
|
||||||
(lib.mkIf (cfg.tpm2.enable) {
|
(lib.mkIf (cfg.tpm2.enable) {
|
||||||
boot.initrd = {
|
|
||||||
# Enable systemd for TPM auto-unlocking
|
|
||||||
systemd.enable = true;
|
|
||||||
|
|
||||||
availableKernelModules = [ "tpm_crb" ];
|
|
||||||
kernelModules = [ "tpm_crb" ];
|
|
||||||
};
|
|
||||||
# After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module
|
# After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module
|
||||||
environment.systemPackages = with pkgs; [ tpm2-tss ];
|
environment.systemPackages = with pkgs; [ tpm2-tss ];
|
||||||
security.tpm2 = {
|
security.tpm2 = {
|
||||||
|
|
|
@ -15,7 +15,10 @@ in
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
boot.initrd.kernelModules = [ "amdgpu" ];
|
boot.initrd.kernelModules = [ "amdgpu" ];
|
||||||
services.xserver.videoDrivers = [ "amdgpu" ];
|
services.xserver = {
|
||||||
|
enable = true;
|
||||||
|
videoDrivers = [ "amdgpu" ];
|
||||||
|
};
|
||||||
|
|
||||||
hardware.graphics = {
|
hardware.graphics = {
|
||||||
extraPackages = [ pkgs.amdvlk ];
|
extraPackages = [ pkgs.amdvlk ];
|
||||||
|
|
Loading…
Reference in a new issue