1
0
Fork 0

Compare commits

..

2 commits

Author SHA1 Message Date
Aires 502407e3c1 Template integration final touches 2024-06-24 14:01:51 -04:00
Aires 44af742046 Update hardware configs 2024-06-24 13:08:18 -04:00
13 changed files with 63 additions and 199 deletions

View file

@ -1,32 +0,0 @@
on: [push]
jobs:
# Source: https://github.com/isabelroses/dotfiles/tree/main/.github/workflows
update-lockfile:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
with:
logger: pretty
# - name: Update Lockfile
# uses: DeterminateSystems/update-flake-lock@main
# id: update
# with:
# pr-title: "chore(deps): flake inputs"
# commit-msg: "chore(deps): flake inputs"
# token: ${{ secrets.GITHUB_TOKEN }}
# build:
# runs-on: nix
# steps:
# - run: nix-env -iA nixpkgs.nodejs_20
# - uses: actions/checkout@v4
# - run: nix --experimental-features 'nix-command flakes' flake update
# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven
# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda

View file

@ -1,47 +0,0 @@
{ pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ];
system.stateVersion = "24.05";
aux.system = {
role = "workstation";
apps = {
development.enable = true;
media.enable = true;
office.enable = true;
writing.enable = true;
};
ui = {
flatpak.enable = true;
gnome.enable = true;
};
users = {
aires = {
enable = true;
autologin = true;
services = {
syncthing = {
enable = true;
autostart = true;
enableTray = false;
};
};
};
};
};
aux.system.services.autoUpgrade = {
enable = true;
configDir = config.secrets.nixConfigFolder;
onCalendar = "daily";
user = config.users.users.aires.name;
push = false;
};
# Configure the virtual machine created by nixos-rebuild build-vm
virtualisation.vmVariant.virtualisation = {
memorySize = 2048;
cores = 2;
};
}

View file

@ -1,62 +0,0 @@
# Surface Laptop Go 1st gen
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = [ ];
luks.devices."luks-5a91100b-8ed9-4090-b1d8-d8291000fe38".device = "/dev/disk/by-uuid/5a91100b-8ed9-4090-b1d8-d8291000fe38";
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/76d67291-5aed-4f2a-b71f-1c2871cefe24";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd,discard" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/0C53-A645";
fsType = "vfat";
};
};
swapDevices = [
{
device = "/swapfile";
size = 4096;
}
];
networking = {
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
# Set the hostname.
hostName = "Dimaga";
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -24,6 +24,7 @@ in
aux.system = { aux.system = {
apps.tmux.enable = true; apps.tmux.enable = true;
gpu.amd.enable = true;
packages = [ start-haven ]; packages = [ start-haven ];
services = { services = {
acme = { acme = {

View file

@ -12,7 +12,6 @@
boot = { boot = {
supportedFilesystems = [ "btrfs" ]; supportedFilesystems = [ "btrfs" ];
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
initrd = { initrd = {
supportedFilesystems = [ "btrfs" ]; supportedFilesystems = [ "btrfs" ];

View file

@ -26,14 +26,39 @@ in
# https://nixos.org/manual/nixpkgs/stable/#sec-allow-unfree # https://nixos.org/manual/nixpkgs/stable/#sec-allow-unfree
allowUnfree = true; allowUnfree = true;
apps = {
development.enable = true;
media.enable = true;
office.enable = true;
recording.enable = true;
social.enable = true;
writing = {
enable = true;
languagetool.enable = false;
};
};
# Enable Secure Boot support. # Enable Secure Boot support.
# IMPORTANT: Read the README before enabling this option! bootloader = {
bootloader.secureboot.enable = true; enable = true;
secureboot.enable = true;
tpm2.enable = true;
};
# Change the default text editor. Options are "emacs", "nano", or "vim". # Change the default text editor. Options are "emacs", "nano", or "vim".
editor = "nano"; editor = "nano";
ui.flatpak = { # Enable GPU support.
gpu.intel.enable = true;
# Change how long old generations are kept for.
retentionPeriod = "14d";
services.autoUpgrade.enable = false;
ui = {
desktops.gnome.enable = true;
flatpak = {
# Enable Flatpak support. # Enable Flatpak support.
enable = true; enable = true;
@ -46,16 +71,7 @@ in
"org.keepassxc.KeePassXC" "org.keepassxc.KeePassXC"
]; ];
}; };
};
# Change how long old generations are kept for.
retentionPeriod = "14d";
# Enable GPU support.
gpu.intel.enable = true;
ui.desktops.gnome.enable = true;
services.autoUpgrade.enable = false;
users.aires = { users.aires = {
enable = true; enable = true;

View file

@ -11,9 +11,6 @@
boot = { boot = {
initrd = { initrd = {
# Enable systemd for TPM auto-unlocking
systemd.enable = true;
availableKernelModules = [ availableKernelModules = [
"surface_aggregator" "surface_aggregator"
"surface_aggregator_registry" "surface_aggregator_registry"
@ -23,7 +20,6 @@
"8250_dw" "8250_dw"
"intel_lpss" "intel_lpss"
"intel_lpss_pci" "intel_lpss_pci"
"tpm_crb"
"xhci_pci" "xhci_pci"
"thunderbolt" "thunderbolt"
"nvme" "nvme"
@ -33,7 +29,6 @@
"pinctrl_tigerlake" "pinctrl_tigerlake"
]; ];
kernelModules = [ kernelModules = [
"tpm_crb"
"surface_aggregator" "surface_aggregator"
"surface_aggregator_registry" "surface_aggregator_registry"
"surface_aggregator_hub" "surface_aggregator_hub"
@ -60,7 +55,6 @@
kernelModules = [ kernelModules = [
"kvm-intel" "kvm-intel"
"tpm_crb"
"surface_aggregator" "surface_aggregator"
"surface_aggregator_registry" "surface_aggregator_registry"
"surface_aggregator_hub" "surface_aggregator_hub"
@ -73,7 +67,6 @@
"surface_kbd" "surface_kbd"
"pinctrl_tigerlake" "pinctrl_tigerlake"
]; ];
extraModulePackages = [ ];
}; };
fileSystems = { fileSystems = {
@ -113,5 +106,5 @@
environment.systemPackages = with pkgs; [ libwacom-surface ]; environment.systemPackages = with pkgs; [ libwacom-surface ];
# NOTE: Use a default kernel to skip full kernel rebuilds # NOTE: Use a default kernel to skip full kernel rebuilds
# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
} }

View file

@ -12,28 +12,30 @@
aux.system = { aux.system = {
apps.tmux.enable = true; apps.tmux.enable = true;
users.aires.enable = true; boot = {
boot.enable = false;
services.ssh = {
enable = true; enable = true;
ports = [ config.secrets.hosts.haven.ssh.port ]; secureboot.enable = false;
}; };
}; packages = with pkgs; [
nix.distributedBuilds = true;
networking.hostName = "Pihole";
time.timeZone = "America/New_York";
environment.systemPackages = with pkgs; [
libraspberrypi libraspberrypi
raspberrypifw raspberrypifw
raspberrypi-eeprom raspberrypi-eeprom
linuxKernel.kernels.linux_rpi4 linuxKernel.kernels.linux_rpi4
]; ];
services.ssh = {
enable = true;
ports = [ config.secrets.hosts.haven.ssh.port ];
};
users.aires.enable = true;
};
nix.distributedBuilds = true;
time.timeZone = "America/New_York";
# Connect to the network automagically # Connect to the network automagically
networking = { networking = {
hostName = "Pihole";
networkmanager.enable = lib.mkForce false; networkmanager.enable = lib.mkForce false;
wireless.networks = { wireless.networks = {
"${config.secrets.networking.networks.home.SSID}" = { "${config.secrets.networking.networks.home.SSID}" = {

View file

@ -42,7 +42,9 @@ in
languagetool.enable = true; languagetool.enable = true;
}; };
}; };
packages = with pkgs; [boinc]; gpu.amd.enable = true;
packages = with pkgs; [ boinc ];
retentionPeriod = "7d";
services.autoUpgrade = { services.autoUpgrade = {
enable = true; enable = true;
configDir = config.secrets.nixConfigFolder; configDir = config.secrets.nixConfigFolder;

View file

@ -16,12 +16,6 @@
# Hardware defaults detected by nixos-generate-configuration # Hardware defaults detected by nixos-generate-configuration
initrd = { initrd = {
# SystemD in the initrd is required for TPM auto-unlocking.
# See https://discourse.nixos.org/t/full-disk-encryption-tpm2/29454/2
# If the LUKS volume is recently created, run this command to bind it to the TPM:
# sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/<device>
systemd.enable = true;
availableKernelModules = [ availableKernelModules = [
"nvme" "nvme"
"xhci_pci" "xhci_pci"
@ -29,11 +23,6 @@
"usb_storage" "usb_storage"
"sd_mod" "sd_mod"
"rtsx_pci_sdmmc" "rtsx_pci_sdmmc"
"tpm_crb"
];
kernelModules = [
"amdgpu"
"tpm_crb"
]; ];
luks.devices."luks-bcf67e34-339e-40b9-8ffd-bec8f7f55248" = { luks.devices."luks-bcf67e34-339e-40b9-8ffd-bec8f7f55248" = {
device = "/dev/disk/by-uuid/bcf67e34-339e-40b9-8ffd-bec8f7f55248"; device = "/dev/disk/by-uuid/bcf67e34-339e-40b9-8ffd-bec8f7f55248";

View file

@ -16,7 +16,6 @@ let
# Search all files and folders within and below the current directory. # Search all files and folders within and below the current directory.
# Filters out directories that belong to home-manager, and don't end with .nix or are this file. # Filters out directories that belong to home-manager, and don't end with .nix or are this file.
# Also, make the strings absolute
validFiles = validFiles =
dir: dir:
map (file: ./. + "/${file}") ( map (file: ./. + "/${file}") (

View file

@ -45,6 +45,13 @@ in
# Set up TPM if enabled. See https://nixos.wiki/wiki/TPM # Set up TPM if enabled. See https://nixos.wiki/wiki/TPM
(lib.mkIf (cfg.tpm2.enable) { (lib.mkIf (cfg.tpm2.enable) {
boot.initrd = {
# Enable systemd for TPM auto-unlocking
systemd.enable = true;
availableKernelModules = [ "tpm_crb" ];
kernelModules = [ "tpm_crb" ];
};
# After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module # After installing and rebooting, set it up via https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module
environment.systemPackages = with pkgs; [ tpm2-tss ]; environment.systemPackages = with pkgs; [ tpm2-tss ];
security.tpm2 = { security.tpm2 = {

View file

@ -15,10 +15,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
services.xserver = { services.xserver.videoDrivers = [ "amdgpu" ];
enable = true;
videoDrivers = [ "amdgpu" ];
};
hardware.graphics = { hardware.graphics = {
extraPackages = [ pkgs.amdvlk ]; extraPackages = [ pkgs.amdvlk ];