Compare commits
No commits in common. "502407e3c19d9aabd91f55427faa43bdec912c10" and "e158bfd27da0af14de6b422587c7ac3a17f4ae56" have entirely different histories.
502407e3c1
...
e158bfd27d
32
.forgejo/workflows/update.yaml
Normal file
32
.forgejo/workflows/update.yaml
Normal file
|
@ -0,0 +1,32 @@
|
|||
on: [push]
|
||||
|
||||
jobs:
|
||||
# Source: https://github.com/isabelroses/dotfiles/tree/main/.github/workflows
|
||||
update-lockfile:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@main
|
||||
with:
|
||||
logger: pretty
|
||||
|
||||
# - name: Update Lockfile
|
||||
# uses: DeterminateSystems/update-flake-lock@main
|
||||
# id: update
|
||||
# with:
|
||||
# pr-title: "chore(deps): flake inputs"
|
||||
# commit-msg: "chore(deps): flake inputs"
|
||||
# token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
# build:
|
||||
# runs-on: nix
|
||||
# steps:
|
||||
# - run: nix-env -iA nixpkgs.nodejs_20
|
||||
# - uses: actions/checkout@v4
|
||||
# - run: nix --experimental-features 'nix-command flakes' flake update
|
||||
# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven
|
||||
# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda
|
47
hosts/Dimaga/default.nix
Normal file
47
hosts/Dimaga/default.nix
Normal file
|
@ -0,0 +1,47 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
aux.system = {
|
||||
role = "workstation";
|
||||
apps = {
|
||||
development.enable = true;
|
||||
media.enable = true;
|
||||
office.enable = true;
|
||||
writing.enable = true;
|
||||
};
|
||||
ui = {
|
||||
flatpak.enable = true;
|
||||
gnome.enable = true;
|
||||
};
|
||||
users = {
|
||||
aires = {
|
||||
enable = true;
|
||||
autologin = true;
|
||||
services = {
|
||||
syncthing = {
|
||||
enable = true;
|
||||
autostart = true;
|
||||
enableTray = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
aux.system.services.autoUpgrade = {
|
||||
enable = true;
|
||||
configDir = config.secrets.nixConfigFolder;
|
||||
onCalendar = "daily";
|
||||
user = config.users.users.aires.name;
|
||||
push = false;
|
||||
};
|
||||
|
||||
# Configure the virtual machine created by nixos-rebuild build-vm
|
||||
virtualisation.vmVariant.virtualisation = {
|
||||
memorySize = 2048;
|
||||
cores = 2;
|
||||
};
|
||||
}
|
62
hosts/Dimaga/hardware-configuration.nix
Normal file
62
hosts/Dimaga/hardware-configuration.nix
Normal file
|
@ -0,0 +1,62 @@
|
|||
# Surface Laptop Go 1st gen
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"nvme"
|
||||
"usb_storage"
|
||||
"usbhid"
|
||||
"sd_mod"
|
||||
];
|
||||
kernelModules = [ ];
|
||||
luks.devices."luks-5a91100b-8ed9-4090-b1d8-d8291000fe38".device = "/dev/disk/by-uuid/5a91100b-8ed9-4090-b1d8-d8291000fe38";
|
||||
};
|
||||
|
||||
kernelModules = [ "kvm-intel" ];
|
||||
extraModulePackages = [ ];
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-uuid/76d67291-5aed-4f2a-b71f-1c2871cefe24";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@,compress=zstd,discard" ];
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-uuid/0C53-A645";
|
||||
fsType = "vfat";
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{
|
||||
device = "/swapfile";
|
||||
size = 4096;
|
||||
}
|
||||
];
|
||||
|
||||
networking = {
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
|
||||
|
||||
# Set the hostname.
|
||||
hostName = "Dimaga";
|
||||
};
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
|
@ -24,7 +24,6 @@ in
|
|||
|
||||
aux.system = {
|
||||
apps.tmux.enable = true;
|
||||
gpu.amd.enable = true;
|
||||
packages = [ start-haven ];
|
||||
services = {
|
||||
acme = {
|
||||
|
|
|
@ -12,6 +12,7 @@
|
|||
boot = {
|
||||
supportedFilesystems = [ "btrfs" ];
|
||||
kernelModules = [ "kvm-amd" ];
|
||||
extraModulePackages = [ ];
|
||||
|
||||
initrd = {
|
||||
supportedFilesystems = [ "btrfs" ];
|
||||
|
|
|
@ -26,39 +26,14 @@ in
|
|||
# https://nixos.org/manual/nixpkgs/stable/#sec-allow-unfree
|
||||
allowUnfree = true;
|
||||
|
||||
apps = {
|
||||
development.enable = true;
|
||||
media.enable = true;
|
||||
office.enable = true;
|
||||
recording.enable = true;
|
||||
social.enable = true;
|
||||
writing = {
|
||||
enable = true;
|
||||
languagetool.enable = false;
|
||||
};
|
||||
};
|
||||
|
||||
# Enable Secure Boot support.
|
||||
bootloader = {
|
||||
enable = true;
|
||||
secureboot.enable = true;
|
||||
tpm2.enable = true;
|
||||
};
|
||||
# IMPORTANT: Read the README before enabling this option!
|
||||
bootloader.secureboot.enable = true;
|
||||
|
||||
# Change the default text editor. Options are "emacs", "nano", or "vim".
|
||||
editor = "nano";
|
||||
|
||||
# Enable GPU support.
|
||||
gpu.intel.enable = true;
|
||||
|
||||
# Change how long old generations are kept for.
|
||||
retentionPeriod = "14d";
|
||||
|
||||
services.autoUpgrade.enable = false;
|
||||
|
||||
ui = {
|
||||
desktops.gnome.enable = true;
|
||||
flatpak = {
|
||||
ui.flatpak = {
|
||||
# Enable Flatpak support.
|
||||
enable = true;
|
||||
|
||||
|
@ -71,7 +46,16 @@ in
|
|||
"org.keepassxc.KeePassXC"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# Change how long old generations are kept for.
|
||||
retentionPeriod = "14d";
|
||||
|
||||
# Enable GPU support.
|
||||
gpu.intel.enable = true;
|
||||
|
||||
ui.desktops.gnome.enable = true;
|
||||
|
||||
services.autoUpgrade.enable = false;
|
||||
|
||||
users.aires = {
|
||||
enable = true;
|
||||
|
|
|
@ -11,6 +11,9 @@
|
|||
|
||||
boot = {
|
||||
initrd = {
|
||||
# Enable systemd for TPM auto-unlocking
|
||||
systemd.enable = true;
|
||||
|
||||
availableKernelModules = [
|
||||
"surface_aggregator"
|
||||
"surface_aggregator_registry"
|
||||
|
@ -20,6 +23,7 @@
|
|||
"8250_dw"
|
||||
"intel_lpss"
|
||||
"intel_lpss_pci"
|
||||
"tpm_crb"
|
||||
"xhci_pci"
|
||||
"thunderbolt"
|
||||
"nvme"
|
||||
|
@ -29,6 +33,7 @@
|
|||
"pinctrl_tigerlake"
|
||||
];
|
||||
kernelModules = [
|
||||
"tpm_crb"
|
||||
"surface_aggregator"
|
||||
"surface_aggregator_registry"
|
||||
"surface_aggregator_hub"
|
||||
|
@ -55,6 +60,7 @@
|
|||
|
||||
kernelModules = [
|
||||
"kvm-intel"
|
||||
"tpm_crb"
|
||||
"surface_aggregator"
|
||||
"surface_aggregator_registry"
|
||||
"surface_aggregator_hub"
|
||||
|
@ -67,6 +73,7 @@
|
|||
"surface_kbd"
|
||||
"pinctrl_tigerlake"
|
||||
];
|
||||
extraModulePackages = [ ];
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
|
@ -106,5 +113,5 @@
|
|||
environment.systemPackages = with pkgs; [ libwacom-surface ];
|
||||
|
||||
# NOTE: Use a default kernel to skip full kernel rebuilds
|
||||
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
||||
# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
||||
}
|
||||
|
|
|
@ -12,30 +12,28 @@
|
|||
|
||||
aux.system = {
|
||||
apps.tmux.enable = true;
|
||||
boot = {
|
||||
users.aires.enable = true;
|
||||
boot.enable = false;
|
||||
services.ssh = {
|
||||
enable = true;
|
||||
secureboot.enable = false;
|
||||
ports = [ config.secrets.hosts.haven.ssh.port ];
|
||||
};
|
||||
packages = with pkgs; [
|
||||
};
|
||||
|
||||
nix.distributedBuilds = true;
|
||||
|
||||
networking.hostName = "Pihole";
|
||||
time.timeZone = "America/New_York";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
libraspberrypi
|
||||
raspberrypifw
|
||||
raspberrypi-eeprom
|
||||
linuxKernel.kernels.linux_rpi4
|
||||
];
|
||||
services.ssh = {
|
||||
enable = true;
|
||||
ports = [ config.secrets.hosts.haven.ssh.port ];
|
||||
};
|
||||
users.aires.enable = true;
|
||||
};
|
||||
|
||||
nix.distributedBuilds = true;
|
||||
|
||||
time.timeZone = "America/New_York";
|
||||
|
||||
# Connect to the network automagically
|
||||
networking = {
|
||||
hostName = "Pihole";
|
||||
networkmanager.enable = lib.mkForce false;
|
||||
wireless.networks = {
|
||||
"${config.secrets.networking.networks.home.SSID}" = {
|
||||
|
|
|
@ -42,9 +42,7 @@ in
|
|||
languagetool.enable = true;
|
||||
};
|
||||
};
|
||||
gpu.amd.enable = true;
|
||||
packages = with pkgs; [ boinc ];
|
||||
retentionPeriod = "7d";
|
||||
packages = with pkgs; [boinc];
|
||||
services.autoUpgrade = {
|
||||
enable = true;
|
||||
configDir = config.secrets.nixConfigFolder;
|
||||
|
|
|
@ -16,6 +16,12 @@
|
|||
|
||||
# Hardware defaults detected by nixos-generate-configuration
|
||||
initrd = {
|
||||
# SystemD in the initrd is required for TPM auto-unlocking.
|
||||
# See https://discourse.nixos.org/t/full-disk-encryption-tpm2/29454/2
|
||||
# If the LUKS volume is recently created, run this command to bind it to the TPM:
|
||||
# sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/<device>
|
||||
systemd.enable = true;
|
||||
|
||||
availableKernelModules = [
|
||||
"nvme"
|
||||
"xhci_pci"
|
||||
|
@ -23,6 +29,11 @@
|
|||
"usb_storage"
|
||||
"sd_mod"
|
||||
"rtsx_pci_sdmmc"
|
||||
"tpm_crb"
|
||||
];
|
||||
kernelModules = [
|
||||
"amdgpu"
|
||||
"tpm_crb"
|
||||
];
|
||||
luks.devices."luks-bcf67e34-339e-40b9-8ffd-bec8f7f55248" = {
|
||||
device = "/dev/disk/by-uuid/bcf67e34-339e-40b9-8ffd-bec8f7f55248";
|
||||
|
|
|
@ -16,6 +16,7 @@ let
|
|||
|
||||
# Search all files and folders within and below the current directory.
|
||||
# Filters out directories that belong to home-manager, and don't end with .nix or are this file.
|
||||
# Also, make the strings absolute
|
||||
validFiles =
|
||||
dir:
|
||||
map (file: ./. + "/${file}") (
|
||||
|
|
|
@ -45,13 +45,6 @@ in
|
|||
|
||||
# Set up TPM if enabled. See https://nixos.wiki/wiki/TPM
|
||||
(lib.mkIf (cfg.tpm2.enable) {
|
||||
boot.initrd = {
|
||||
# Enable systemd for TPM auto-unlocking
|
||||
systemd.enable = true;
|
||||
|
||||
availableKernelModules = [ "tpm_crb" ];
|
||||
kernelModules = [ "tpm_crb" ];
|
||||
};
|
||||
# After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module
|
||||
environment.systemPackages = with pkgs; [ tpm2-tss ];
|
||||
security.tpm2 = {
|
||||
|
|
|
@ -15,7 +15,10 @@ in
|
|||
|
||||
config = lib.mkIf cfg.enable {
|
||||
boot.initrd.kernelModules = [ "amdgpu" ];
|
||||
services.xserver.videoDrivers = [ "amdgpu" ];
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
videoDrivers = [ "amdgpu" ];
|
||||
};
|
||||
|
||||
hardware.graphics = {
|
||||
extraPackages = [ pkgs.amdvlk ];
|
||||
|
|
Loading…
Reference in a new issue