1
0
Fork 0

Compare commits

..

No commits in common. "502407e3c19d9aabd91f55427faa43bdec912c10" and "e158bfd27da0af14de6b422587c7ac3a17f4ae56" have entirely different histories.

13 changed files with 199 additions and 63 deletions

View file

@ -0,0 +1,32 @@
on: [push]
jobs:
# Source: https://github.com/isabelroses/dotfiles/tree/main/.github/workflows
update-lockfile:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
with:
logger: pretty
# - name: Update Lockfile
# uses: DeterminateSystems/update-flake-lock@main
# id: update
# with:
# pr-title: "chore(deps): flake inputs"
# commit-msg: "chore(deps): flake inputs"
# token: ${{ secrets.GITHUB_TOKEN }}
# build:
# runs-on: nix
# steps:
# - run: nix-env -iA nixpkgs.nodejs_20
# - uses: actions/checkout@v4
# - run: nix --experimental-features 'nix-command flakes' flake update
# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven
# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda

47
hosts/Dimaga/default.nix Normal file
View file

@ -0,0 +1,47 @@
{ pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ];
system.stateVersion = "24.05";
aux.system = {
role = "workstation";
apps = {
development.enable = true;
media.enable = true;
office.enable = true;
writing.enable = true;
};
ui = {
flatpak.enable = true;
gnome.enable = true;
};
users = {
aires = {
enable = true;
autologin = true;
services = {
syncthing = {
enable = true;
autostart = true;
enableTray = false;
};
};
};
};
};
aux.system.services.autoUpgrade = {
enable = true;
configDir = config.secrets.nixConfigFolder;
onCalendar = "daily";
user = config.users.users.aires.name;
push = false;
};
# Configure the virtual machine created by nixos-rebuild build-vm
virtualisation.vmVariant.virtualisation = {
memorySize = 2048;
cores = 2;
};
}

View file

@ -0,0 +1,62 @@
# Surface Laptop Go 1st gen
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = [ ];
luks.devices."luks-5a91100b-8ed9-4090-b1d8-d8291000fe38".device = "/dev/disk/by-uuid/5a91100b-8ed9-4090-b1d8-d8291000fe38";
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/76d67291-5aed-4f2a-b71f-1c2871cefe24";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd,discard" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/0C53-A645";
fsType = "vfat";
};
};
swapDevices = [
{
device = "/swapfile";
size = 4096;
}
];
networking = {
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
# Set the hostname.
hostName = "Dimaga";
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -24,7 +24,6 @@ in
aux.system = {
apps.tmux.enable = true;
gpu.amd.enable = true;
packages = [ start-haven ];
services = {
acme = {

View file

@ -12,6 +12,7 @@
boot = {
supportedFilesystems = [ "btrfs" ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
initrd = {
supportedFilesystems = [ "btrfs" ];

View file

@ -26,39 +26,14 @@ in
# https://nixos.org/manual/nixpkgs/stable/#sec-allow-unfree
allowUnfree = true;
apps = {
development.enable = true;
media.enable = true;
office.enable = true;
recording.enable = true;
social.enable = true;
writing = {
enable = true;
languagetool.enable = false;
};
};
# Enable Secure Boot support.
bootloader = {
enable = true;
secureboot.enable = true;
tpm2.enable = true;
};
# IMPORTANT: Read the README before enabling this option!
bootloader.secureboot.enable = true;
# Change the default text editor. Options are "emacs", "nano", or "vim".
editor = "nano";
# Enable GPU support.
gpu.intel.enable = true;
# Change how long old generations are kept for.
retentionPeriod = "14d";
services.autoUpgrade.enable = false;
ui = {
desktops.gnome.enable = true;
flatpak = {
ui.flatpak = {
# Enable Flatpak support.
enable = true;
@ -71,7 +46,16 @@ in
"org.keepassxc.KeePassXC"
];
};
};
# Change how long old generations are kept for.
retentionPeriod = "14d";
# Enable GPU support.
gpu.intel.enable = true;
ui.desktops.gnome.enable = true;
services.autoUpgrade.enable = false;
users.aires = {
enable = true;

View file

@ -11,6 +11,9 @@
boot = {
initrd = {
# Enable systemd for TPM auto-unlocking
systemd.enable = true;
availableKernelModules = [
"surface_aggregator"
"surface_aggregator_registry"
@ -20,6 +23,7 @@
"8250_dw"
"intel_lpss"
"intel_lpss_pci"
"tpm_crb"
"xhci_pci"
"thunderbolt"
"nvme"
@ -29,6 +33,7 @@
"pinctrl_tigerlake"
];
kernelModules = [
"tpm_crb"
"surface_aggregator"
"surface_aggregator_registry"
"surface_aggregator_hub"
@ -55,6 +60,7 @@
kernelModules = [
"kvm-intel"
"tpm_crb"
"surface_aggregator"
"surface_aggregator_registry"
"surface_aggregator_hub"
@ -67,6 +73,7 @@
"surface_kbd"
"pinctrl_tigerlake"
];
extraModulePackages = [ ];
};
fileSystems = {
@ -106,5 +113,5 @@
environment.systemPackages = with pkgs; [ libwacom-surface ];
# NOTE: Use a default kernel to skip full kernel rebuilds
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}

View file

@ -12,30 +12,28 @@
aux.system = {
apps.tmux.enable = true;
boot = {
users.aires.enable = true;
boot.enable = false;
services.ssh = {
enable = true;
secureboot.enable = false;
ports = [ config.secrets.hosts.haven.ssh.port ];
};
packages = with pkgs; [
};
nix.distributedBuilds = true;
networking.hostName = "Pihole";
time.timeZone = "America/New_York";
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypifw
raspberrypi-eeprom
linuxKernel.kernels.linux_rpi4
];
services.ssh = {
enable = true;
ports = [ config.secrets.hosts.haven.ssh.port ];
};
users.aires.enable = true;
};
nix.distributedBuilds = true;
time.timeZone = "America/New_York";
# Connect to the network automagically
networking = {
hostName = "Pihole";
networkmanager.enable = lib.mkForce false;
wireless.networks = {
"${config.secrets.networking.networks.home.SSID}" = {

View file

@ -42,9 +42,7 @@ in
languagetool.enable = true;
};
};
gpu.amd.enable = true;
packages = with pkgs; [ boinc ];
retentionPeriod = "7d";
packages = with pkgs; [boinc];
services.autoUpgrade = {
enable = true;
configDir = config.secrets.nixConfigFolder;

View file

@ -16,6 +16,12 @@
# Hardware defaults detected by nixos-generate-configuration
initrd = {
# SystemD in the initrd is required for TPM auto-unlocking.
# See https://discourse.nixos.org/t/full-disk-encryption-tpm2/29454/2
# If the LUKS volume is recently created, run this command to bind it to the TPM:
# sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/<device>
systemd.enable = true;
availableKernelModules = [
"nvme"
"xhci_pci"
@ -23,6 +29,11 @@
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
"tpm_crb"
];
kernelModules = [
"amdgpu"
"tpm_crb"
];
luks.devices."luks-bcf67e34-339e-40b9-8ffd-bec8f7f55248" = {
device = "/dev/disk/by-uuid/bcf67e34-339e-40b9-8ffd-bec8f7f55248";

View file

@ -16,6 +16,7 @@ let
# Search all files and folders within and below the current directory.
# Filters out directories that belong to home-manager, and don't end with .nix or are this file.
# Also, make the strings absolute
validFiles =
dir:
map (file: ./. + "/${file}") (

View file

@ -45,13 +45,6 @@ in
# Set up TPM if enabled. See https://nixos.wiki/wiki/TPM
(lib.mkIf (cfg.tpm2.enable) {
boot.initrd = {
# Enable systemd for TPM auto-unlocking
systemd.enable = true;
availableKernelModules = [ "tpm_crb" ];
kernelModules = [ "tpm_crb" ];
};
# After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module
environment.systemPackages = with pkgs; [ tpm2-tss ];
security.tpm2 = {

View file

@ -15,7 +15,10 @@ in
config = lib.mkIf cfg.enable {
boot.initrd.kernelModules = [ "amdgpu" ];
services.xserver.videoDrivers = [ "amdgpu" ];
services.xserver = {
enable = true;
videoDrivers = [ "amdgpu" ];
};
hardware.graphics = {
extraPackages = [ pkgs.amdvlk ];