diff --git a/common/.sops.yaml b/common/.sops.yaml index ff3f948..38e79c1 100644 --- a/common/.sops.yaml +++ b/common/.sops.yaml @@ -1,9 +1,9 @@ keys: - &blitzar age1mc72my8whm2fm3wjg2ucvckx27dyp09urdgs9lpzqswl5pa5py8sfwszt9 - - &comet age18e4ttr7k6r7j662a6pvgrvsptuhsvffq70z4westqs3gfx7804fq0ewfaa - ¯onova age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra - &nebula age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33 - &protostar age1m5jnjmed343uwpgeta4nkxjhwescsa6dfswx30e4rwm0yxcf753qr0ljkw + - &quasar age19wmymljvrhwmrhtutj5f3vm32fhyhka5k5ecjx4zs8tnclrdeyxsq43jwn - &singularity age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu creation_rules: - path_regex: secrets.yaml$ @@ -12,10 +12,10 @@ creation_rules: - *blitzar - *macronova - *nebula + - *quasar - path_regex: auths.yaml$ key_groups: - age: - - *comet - *macronova - *protostar - *singularity diff --git a/common/auths.yaml b/common/auths.yaml index 8f795d2..ab51ae1 100644 --- a/common/auths.yaml +++ b/common/auths.yaml @@ -12,41 +12,32 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age18e4ttr7k6r7j662a6pvgrvsptuhsvffq70z4westqs3gfx7804fq0ewfaa - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVlNDQW5WVFppcEZJanc5 - VDlZMG5xWmoyalB0bzVrRGpHOGRkcmlETVMwCis2TjA0dUMycG9UNldQenZnUDhW - S0FGWnpuZXRMUjd0V2FMeXpiVjFMNWsKLS0tIHMzaG9wUEVEVm5UM0Rob09MNFJq - eEFicGFNajFiRXF6d2xEQjc0VGVsVDAK5wj9siWRiV7FD6bO5YATpOCidEOJGjO0 - fa98Sv/HNJdYXx4wR0yWgIdqVFs+2z+Q4aaOzKdySBcxJjqLAvnZlw== - -----END AGE ENCRYPTED FILE----- - recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRVpBb2p1dlhHNlVLKzYw - ck83MllqU2dYWEhEUVlFSGZhSEFaV284U0dnClRkUTRZbmJTN0ZrSmVBTXFtS3lh - aEhJQWJTc094aHNlT2x4M3F1SFl4ZWcKLS0tIGtWbDBURjRkbmQrT0NlVUZjbnl3 - M1NRbVdqbzZ3Sy9xdlArbExSMzBKSHcKvmimpsvrNL1ogQ3jROJgD7b8dFgNCvd5 - xWS2gbnTo3g+hhouHM4pko8nlT2BY3f0L4IiLfJZ0j7tWx0Kvaz/xA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSanJtZDBzR0NwVXArbm0w + aFpKWnRwZ3BNN1pXUENST0pnRmlVSEVmQUVvCnpwOFZZQm9mdTM2eTcwVW9UUTB3 + bzRYMGFyVDhXb3FzZmRMVDhBT3FsMWsKLS0tIE95c3hxTjRKRDYvNk82K3RUcjBt + bUViQmxOVXQrSjFNZjgxRFFFVVlFR1EKwwhkxgqtKE/sBJduXdMxOaTw2g8beGs7 + 4hIZLQg0ymUJA7qTBocIaka+TpByi9ikoQcNdxo61JO1L4ftiDmQAQ== -----END AGE ENCRYPTED FILE----- - recipient: age1m5jnjmed343uwpgeta4nkxjhwescsa6dfswx30e4rwm0yxcf753qr0ljkw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTDF0ZG1tVmF6YkxBUTJD - cnIzK0Q2WFJzZzNKLzZDM2VzOS9wOEw0OWprCnR4ZlpTdFc5YjRPdklYNzlHVTZY - bVFMRWhwVGJNN0Jwd0JlMjR2cHE4RUEKLS0tIHF1R2xFMFQrYm1wbXgwN29BLzZO - OFppTU5wdGJkRTN0cDRQK2VNelJwbnMKLuNccIhf2RbNbfYR+jTUdN/RAh1fQExS - Bqm4F3/PID+gdljxHDSS7mN7VZ+884nrInE8U5TCqREe5HSnwLStfg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxUlQ4cTJiT2w3cE5hSVJ3 + Y1Y4RGxheWF0ZFlUcVUzZjdLcUdwOXFUQTBJCjJ1dXdpWUMwN2FZRTJ1MkdzV0Ro + YUo1UlRzajJjSXFkMitER3dpYWJyV3MKLS0tIHEvbzJRM1Jqbk8rWmdJVU5hRS9q + bzlLU1I1V1RWaGZPU3lPVGVaaE5LdEUKioyyj0IDzOPjSX+KX6ntQnfM9mVonfWt + NTEBLTChbbyrRFOzwC/G9G+bFFvA+sWpz/6sFqQUWVWuQqkE6eJlpw== -----END AGE ENCRYPTED FILE----- - recipient: age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUndRMWFDaE1PS0lLY1N0 - Nlk3bTQrR0lGV0ovUDd5cWlReEZWajdkbHhRCmJUODczdkhzNXV3YllBU2VxUmFI - bUdVUGpYcjFnYlRBMjJvRVd6bjlUMmMKLS0tIHN4cXJHeTZzTlEreTg1NWpxQ2dM - UnlUY25pOGJ2T1VoTW0yeTFEL2NNTVUKHFdlBryccJAKz26+oECG8tx/FvhZEe0E - MBRoWFu+LHaAUgaOKEBMUHZKzY7Q+TahAsdsy+VErmRkI6i/Hh10ww== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1enNFRlJldmpaQXhCUlli + Q21oaEVlVkl3dE9wRHI5STVyd2NFeUVJUERzCmtrTFVGbEowVm1aQVZxbmM4SnNx + NlExUWNIZ1lkZTd4WDZ2cGRLMDhJNHcKLS0tIGt4ZlR1RkdxdkdDZHpHcnBCYkpV + SEZndElYa1NOWnQ1Y3dMUG9WUS9yZE0Ku4sIsnLwt7bPeceWT/fSbJngdLdeVFiL + qYYzmQOAP/nb1KlZCQjbqxZaMq7An+Iqaat4ILD1i39hmbLAZdxIpA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-09-01T06:31:43Z" mac: ENC[AES256_GCM,data:w6s0HiUCsaVU0aYkCuIwLxW/NTP3dZbDZOS8zOAKgK4mBecs9MlBzFY6cQzM657aYvK/JibyD2L6AsjrdX9HOiN0dEFikDAaZ6OvyCoaxYawZF/aFPKR92sWzuMMvaU8g+g3F3tyhq/SR1ojHyPFztbkrfxIkm+ORl17w56Eb5E=,iv:7088zB1C/1Dt7zBJNRaTcDVJRa28dwPV43vR/yRc/mA=,tag:geuuukzQ4A8wofkK5Co4jg==,type:str] diff --git a/common/constants.nix b/common/constants.nix index 90876ff..f762a41 100644 --- a/common/constants.nix +++ b/common/constants.nix @@ -67,7 +67,7 @@ with lib; { publicKeys = mkOption { type = types.listOf types.str; default = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHPT/zRq5fffcUmjxcwG2cTr09fOa9O4rBUb6ob2CyNy macronova@blitzar" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHPT/zRq5fffcUmjxcwG2cTr09fOa9O4rBUb6ob2CyNy macronova" ]; description = '' The public keys for SSH authentication. @@ -86,6 +86,7 @@ with lib; { blitzar.id = "KGCBCIZ-GG6KMQ2-FLK5BWW-GLCEDML-5LCI24S-UKO5UWL-HWNCPYX-ZWWD5AQ"; nebula.id = "NJXA5XS-2PSWECD-UHBV7JH-IR2RSWY-PRUPFTZ-AHL7IN6-RXSLZKB-2FUNRQH"; protostar.id = "RQBGBAP-TI2VGMA-IO6OOAC-5KDJJKC-5NH2HNW-VAKLHMS-2YCRRQU-QKXFXQM"; + quasar.id = "4IZ2RNQ-YTRM4C5-54X2MBV-ZL6Q6FO-TDETMJD-LBV3GV5-CO25QQU-2MG4PQR"; }; description = '' The device information for syncthing diff --git a/common/secrets.yaml b/common/secrets.yaml index 128699c..3a952f4 100644 --- a/common/secrets.yaml +++ b/common/secrets.yaml @@ -11,29 +11,38 @@ sops: - recipient: age1mc72my8whm2fm3wjg2ucvckx27dyp09urdgs9lpzqswl5pa5py8sfwszt9 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsQnQ1TkRrd1lEMG9vbDd6 - R2RYMDRNNWVLUTBqNEtjL1lvMGpOSzh5ZW1jCm56VU5uWElBNm9xUUJPTDYyTGs0 - dmRSMmR3RXJHc00yUENpTVROajFBMTgKLS0tIEo3SVlzcXBGdzg3aXNZaG0xbXc5 - eEMyWFZ4VVByelVxNm80SkxYdExwV0UKXTtkHk7LMBy0LY4tjbcpxGHhxnwbTexe - 98TKQMBQncPR7IVZDkOHmsYq20jSCWEdV6vLH2mQH6Kqq4HQCS6/sA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWUtjTGNJQ0ZiZk93T1Fv + akZtYVA0WENUaXFvYVY4U2orMklGV3ZBd21BClFHODJhTTRFVjA0eTA5R0FzbWZ1 + N0JlV1VKdjFHSExGejJnbUgvNWxFRjgKLS0tIHJQcmZXSzFqQWI5Q01jTkFpaFU0 + bStHZHJsUmtDNW1RV2VPYW50TkRXaU0KNWPQzLzzyZBqY9f0bP5uG56I9Z5wJodB + xsYMXkQkEUGGvMO4PADeQ4jsXYXSPsVakzpwlvJD/hYmEmoBat2yNg== -----END AGE ENCRYPTED FILE----- - recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRRjM2VEx1N25CK00yVGht - TzNpbi8vVXF0WmJGTldtWTFWdS9UZHNoTmp3CjZOeXpvOVE0M2kzbEdKTzlBYVFa - LzFzaFM5SmlwQytDMFhtb0ttb2N1c3MKLS0tIDgrTVJpaWdZSzlPL0Z2WE9RSno0 - QmRJUlY0NTJZMnVKdUJLWk1yZFRkb1UKaubDYas4I2MGs6XauGSmev03UgF6btYB - ynok/qxNaXFL4MwuHnL5W/TnHpGAE6M7PLLEV4Kf+yaHojbLLxUw6A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBid3EvaGFmZGRwMGNYM2ZP + bER3azFSeUhpcWppR1FFcGFkOXorbnE4cldzCmxpY0MvVjdITm5IVXJzM0N4SEMw + cldBOHBXK2hsd2JPZCt3Y1ZQVXlwMVkKLS0tIDZ1MStnSU5yT0Z4RnhCdXQ1Mjgz + aERoRW5teHQyeXFOK0t3N243YXV1R2sKDEo7Dpb9qFjJ0sDt4UEnDrfNpmEyuKM+ + NcRQB5ltwCjJcpt057ePgb2PJbhYE4jbZDh42+CTwsEOpl3Ru9lbtw== -----END AGE ENCRYPTED FILE----- - recipient: age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUWJLL3FxWE1mbnZsN0dU - VlBXUHZlRFlOR01WSUlmdkw1eGtpaDhlSmdBClVWRGZ5anFHWFRKcUFuNkJ3Y2lz - Kys1N29QVWozZXI5eVFSV21OSHFqRG8KLS0tIG9CYmRuUm5YQzZidTR2R1l0a05h - TG5mYWd3MnI5TlZiNXBjb0JJY3BvN0EKUd0ldQPe0/zdHjsmKEUhH7xkpO4nLfd5 - fnTk1jGonJg+t+TqLLg/YYKlcNkgExWaIZ7wrd0RVKXOeC2BtM/wzQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aXk0NG90ZXhJSEU1a2Ew + dGh5azE2VUk1dGJZN0tHYTJWcHhyMVNyY2tjCkZqYmNyU1cxbDF3dUUzaHBRak5p + angwdnN1cWlwQzV2N3lVekVaY0lzekEKLS0tIHM2S0J1T3NQTmRNcHhYM28vVVg4 + c3doOWhjaHdQOWJWMXF5ZlZoemxObmsKrH/FRfoGRZouNgRsdvGB5AZma+mELIXh + +K+pSoYKlR74RdQVVIm5jaPEmMdzDvDfIkeJJ8TvEMCha6QP5uKpzQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age19wmymljvrhwmrhtutj5f3vm32fhyhka5k5ecjx4zs8tnclrdeyxsq43jwn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1UmUrSkNEWlFwdWVyM0Jx + bm5uQXd2K2JvaHhRTzJMN012WDFzNFQxZG5JCkR2QjNqYU8vNHRWblN4aFZPVTNp + ZWR3UjRCL3YvUkpCc245eFNuMWNoR3MKLS0tIFpMRVRIOHkydTgzT3E4L2t4bmJG + dlUxMlpsK2F5MXpocnFseCtNaXZjNEkKlyWUaOZWIPg0dTCQOj7QNVYTjZkQhnm3 + hfqzzOsH750xWjGl7FlWw2O9tRfbk1xSatYJLR2pPox6mny+GHZhiA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-09-01T04:30:14Z" mac: ENC[AES256_GCM,data:ct8vaGlaPj69vzRm9baA2rxbuBM+MYX3Gjtg8m1cdHtldifvrYcw+hb1b9qC/Jhn3ppqpPO/8PhqqMU9U+aUBaSRV0AdDZs63T1/591SU3NDC6rmRBtkbrGk4g4jw4/Guw9Gs8F2r6xWf91KobAoHg9HLI+PK+pOSlfl4o8PBww=,iv:iPGlDkj5mnUxdtoSMztH8BPwSID0FJQDZfc2JenQngw=,tag:1QUCclV0Cs6hsPBANupj1g==,type:str] diff --git a/flake.lock b/flake.lock index 28a4303..5092e23 100644 --- a/flake.lock +++ b/flake.lock @@ -37,11 +37,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1732988076, - "narHash": "sha256-2uMaVAZn7fiyTUGhKgleuLYe5+EAAYB/diKxrM7g3as=", + "lastModified": 1733168902, + "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", "owner": "nix-community", "repo": "disko", - "rev": "2814a5224a47ca19e858e027f7e8bff74a8ea9f1", + "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", "type": "github" }, "original": { @@ -141,11 +141,11 @@ }, "hardware": { "locked": { - "lastModified": 1732483221, - "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", + "lastModified": 1733481457, + "narHash": "sha256-IS3bxa4N1VMSh3/P6vhEAHQZecQ3oAlKCDvzCQSO5Is=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", + "rev": "e563803af3526852b6b1d77107a81908c66a9fcf", "type": "github" }, "original": { @@ -159,11 +159,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1732884235, - "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=", + "lastModified": 1733484277, + "narHash": "sha256-i5ay20XsvpW91N4URET/nOc0VQWOAd4c4vbqYtcH8Rc=", "owner": "nix-community", "repo": "home-manager", - "rev": "819f682269f4e002884702b87e445c82840c68f2", + "rev": "d00c6f6d0ad16d598bf7e2956f52c1d9d5de3c3a", "type": "github" }, "original": { @@ -199,11 +199,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1732739177, - "narHash": "sha256-iL32+TA/8geCzcL1r3uthrH/GPvbUak5QE++WJUkaiI=", + "lastModified": 1733491721, + "narHash": "sha256-n4fTKTYXeGRngeanNDxSxbuWSRCQ6l74IwOBlqp8dcw=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "8d7b2149e618696d5100c2683af1ffa893f02a75", + "rev": "0f415721ee427270bc078ef3a5ba2a308d47461f", "type": "github" }, "original": { @@ -331,11 +331,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1732521221, - "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", "type": "github" }, "original": { @@ -347,11 +347,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1733392399, + "narHash": "sha256-kEsTJTUQfQFIJOcLYFt/RvNxIK653ZkTBIs4DG+cBns=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "d0797a04b81caeae77bcff10a9dde78bc17f5661", "type": "github" }, "original": { @@ -394,11 +394,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1732837521, - "narHash": "sha256-jNRNr49UiuIwaarqijgdTR2qLPifxsVhlJrKzQ8XUIE=", + "lastModified": 1733581040, + "narHash": "sha256-Qn3nPMSopRQJgmvHzVqPcE3I03zJyl8cSbgnnltfFDY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "970e93b9f82e2a0f3675757eb0bfc73297cc6370", + "rev": "22c3f2cf41a0e70184334a958e6b124fb0ce3e01", "type": "github" }, "original": { @@ -462,11 +462,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1733005589, - "narHash": "sha256-NAym0oWYwKgFuAif6Z7HacU6Su/SJNTW4wEYC5urSYU=", + "lastModified": 1733578387, + "narHash": "sha256-XkMZGeqg0GCRoSXvMcaHP7bdvWPRZxCK1sw1ASsc16E=", "owner": "pjones", "repo": "plasma-manager", - "rev": "88ca377ff58b5c30a2879745829842554d4b21d5", + "rev": "2a64e173f1effdcc86e25cba0601e8feedf89115", "type": "github" }, "original": { @@ -483,11 +483,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1732021966, - "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", + "lastModified": 1733665616, + "narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", + "rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a", "type": "github" }, "original": { @@ -516,11 +516,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1732575825, - "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=", + "lastModified": 1733128155, + "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa", + "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856", "type": "github" }, "original": { diff --git a/linux/quasar/configuration.nix b/linux/quasar/configuration.nix new file mode 100644 index 0000000..6f89c9a --- /dev/null +++ b/linux/quasar/configuration.nix @@ -0,0 +1,46 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). +{pkgs, ...}: { + # Configure boot + boot = { + initrd.systemd.enable = true; + loader = { + efi.canTouchEfiVariables = true; + grub = let + yorha = pkgs.yorha-grub-theme; + in { + enable = true; + device = "nodev"; + efiSupport = true; + splashImage = "${yorha}/background.png"; + theme = yorha; + }; + }; + plymouth = { + enable = true; + extraConfig = "DeviceScale=1"; + theme = "target_2"; + themePackages = [pkgs.adi1090x-plymouth-themes]; + }; + }; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.11"; # Did you read the comment? +} diff --git a/linux/quasar/default.nix b/linux/quasar/default.nix new file mode 100644 index 0000000..171fd49 --- /dev/null +++ b/linux/quasar/default.nix @@ -0,0 +1,26 @@ +{inputs, ...}: { + imports = + [ + inputs.disko.nixosModules.default + ../../common + ./configuration.nix + ./device.nix + ./disko.nix + ./gui.nix + ./hardware-configuration.nix + ./network.nix + ./syncthing.nix + ./tailscale.nix + ./zfs.nix + ] + ++ (with inputs.hardware.nixosModules; [ + common-cpu-amd + common-cpu-amd-pstate + common-cpu-amd-raphael-igpu + common-cpu-amd-zenpower + common-gpu-amd + common-hidpi + common-pc + common-pc-ssd + ]); +} diff --git a/linux/quasar/device.nix b/linux/quasar/device.nix new file mode 100644 index 0000000..0921237 --- /dev/null +++ b/linux/quasar/device.nix @@ -0,0 +1,61 @@ +{ + config, + pkgs, + ... +}: let + userName = config.constants.userName; +in { + hardware = { + bluetooth.enable = true; + graphics = { + enable = true; + extraPackages = [ + pkgs.rocmPackages.clr.icd + ]; + }; + keyboard.qmk.enable = true; + openrazer = { + enable = true; + users = [userName]; + }; + }; + + programs = { + adb.enable = true; + kdeconnect.enable = true; + noisetorch.enable = true; + }; + + security.rtkit.enable = true; + + services = { + automatic-timezoned.enable = true; + avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + fwupd.enable = true; + hardware.openrgb.enable = true; + pipewire = { + enable = true; + alsa = { + enable = true; + support32Bit = true; + }; + pulse.enable = true; + }; + printing.enable = true; + udev.packages = [pkgs.via]; + }; + + users.users.${userName}.extraGroups = ["adbusers" "cdrom"]; + + virtualisation = { + containers.enable = true; + podman = { + enable = true; + dockerCompat = true; + }; + }; +} diff --git a/linux/quasar/disko.nix b/linux/quasar/disko.nix new file mode 100644 index 0000000..7b11a49 --- /dev/null +++ b/linux/quasar/disko.nix @@ -0,0 +1,113 @@ +{...}: { + disko.devices = { + # Partition the physical disk + disk = { + active = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + esp = { + size = "2G"; + type = "ef00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zactive"; + }; + }; + }; + }; + }; + archive = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions.zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zarchive"; + }; + }; + }; + }; + }; + + # Declare zfs pools for this system. + zpool = let + options = { + ashift = "12"; + autotrim = "on"; + listsnapshots = "on"; + }; + rootFsOptions = { + acltype = "posix"; + atime = "off"; + compression = "zstd"; + dnodesize = "auto"; + mountpoint = "none"; + normalization = "formD"; + xattr = "sa"; + }; + in { + zactive = { + type = "zpool"; + inherit options rootFsOptions; + datasets = { + # Encrypt main dataset + main = { + type = "zfs_fs"; + options = { + encryption = "on"; + keyformat = "passphrase"; + }; + }; + # Create dataset for home + "main/home" = { + type = "zfs_fs"; + mountpoint = "/home"; + }; + # Create dataset for nix store + "main/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + # Create dataset for root + "main/root" = { + type = "zfs_fs"; + mountpoint = "/"; + }; + # Reserve space for performance + reservation = { + type = "zfs_fs"; + options.refreservation = "256G"; + }; + }; + }; + + zarchive = { + type = "zpool"; + inherit options rootFsOptions; + datasets = { + snapshot.type = "zfs_fs"; + # Reserve space for performance + reservation = { + type = "zfs_fs"; + options.refreservation = "512G"; + }; + }; + }; + }; + }; +} diff --git a/linux/quasar/gui.nix b/linux/quasar/gui.nix new file mode 100644 index 0000000..eb2fa33 --- /dev/null +++ b/linux/quasar/gui.nix @@ -0,0 +1,152 @@ +{ + config, + pkgs, + ... +}: let + userName = config.constants.userName; +in { + home-manager.users.${userName} = { + config, + pkgs, + ... + }: let + xdgCfg = config.xdg; + in { + home.packages = with pkgs; [ + element-desktop + feishin + jellyfin-mpv-shim + joplin-desktop + lutris + nvtopPackages.amd + picard + qbittorrent + razergenie + ryujinx + telegram-desktop + thunderbird + via + winetricks + wineWowPackages.stagingFull + ]; + programs = { + # git.signing = { + # key = "0x6A815D4CB1637AAC"; + # signByDefault = true; + # }; + gpg = { + enable = true; + homedir = "${xdgCfg.dataHome}/gnupg"; + }; + mpv = { + enable = true; + config = { + osd-bar = "no"; + border = "no"; + }; + scripts = with pkgs.mpvScripts; [ + mpris + thumbfast + uosc + vr-reversal + ]; + }; + obs-studio.enable = true; + zathura = { + enable = true; + options = { + completion-bg = "#504945"; + completion-fg = "#ebdbb2"; + completion-group-bg = "#3c3836"; + completion-group-fg = "#928374"; + completion-highlight-bg = "#83a598"; + completion-highlight-fg = "#504945"; + default-bg = "#1d2021"; + default-fg = "#ebdbb2"; + highlight-active-color = "#fe8019"; + highlight-color = "#fabd2f"; + index-active-bg = "#83a598"; + index-active-fg = "#504945"; + index-bg = "#504945"; + index-fg = "#ebdbb2"; + inputbar-bg = "#1d2021"; + inputbar-fg = "#ebdbb2"; + notification-bg = "#1d2021"; + notification-error-bg = "#1d2021"; + notification-error-fg = "#fb4934"; + notification-fg = "#b8bb26"; + notification-warning-bg = "#1d2021"; + notification-warning-fg = "#fabd2f"; + recolor = "true"; + recolor-darkcolor = "#ebdbb2"; + recolor-keephue = "true"; + recolor-lightcolor = "#1d2021"; + render-loading = "true"; + render-loading-bg = "#1d2021"; + render-loading-fg = "#ebdbb2"; + selection-clipboard = "clipboard"; + statusbar-bg = "#504945"; + statusbar-fg = "#ebdbb2"; + }; + }; + }; + services = { + easyeffects.enable = true; + gpg-agent = { + enable = true; + pinentryPackage = pkgs.pinentry-qt; + }; + xsettingsd = { + enable = true; + settings = { + "Gdk/UnscaledDPI" = 98304; + "Gdk/WindowScalingFactor" = 2; + "Gtk/EnableAnimations" = 1; + "Gtk/DecorationLayout" = "icon:minimize,maximize,close"; + "Net/ThemeName" = "Sweet-Ambar-Blue"; + "Gtk/PrimaryButtonWarpsSlider" = 1; + "Gtk/ToolbarStyle" = 3; + "Gtk/MenuImages" = 1; + "Gtk/ButtonImages" = 1; + "Gtk/CursorThemeSize" = 96; + "Gtk/CursorThemeName" = "Sweet-cursors"; + "Net/SoundThemeName" = "yorha"; + "Net/IconThemeName" = "Sweet-Rainbow"; + "Gtk/FontName" = "Noto Sans, 10"; + }; + }; + }; + }; + + i18n.inputMethod = { + enable = true; + type = "fcitx5"; + fcitx5.addons = with pkgs; [fcitx5-nord fcitx5-rime]; + }; + + programs = { + dconf.enable = true; + # TODO: Enable when it's fixed + kde-pim = { + enable = true; + merkuro = true; + }; + partition-manager.enable = true; + steam.enable = true; + }; + + services = { + desktopManager.plasma6.enable = true; + displayManager = { + autoLogin.user = userName; + sddm = { + enable = true; + wayland.enable = true; + }; + }; + xserver = { + enable = true; + videoDrivers = ["amdgpu"]; + }; + }; +} diff --git a/linux/quasar/hardware-configuration.nix b/linux/quasar/hardware-configuration.nix new file mode 100644 index 0000000..e23dc2c --- /dev/null +++ b/linux/quasar/hardware-configuration.nix @@ -0,0 +1,30 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "uas" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp10s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp9s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/linux/quasar/network.nix b/linux/quasar/network.nix new file mode 100644 index 0000000..f1d8a02 --- /dev/null +++ b/linux/quasar/network.nix @@ -0,0 +1,11 @@ +{...}: { + networking = { + hostId = "d8999277"; + networkmanager = { + enable = true; + wifi.backend = "iwd"; + }; + nftables.enable = true; + wireless.iwd.enable = true; + }; +} diff --git a/linux/quasar/syncthing.nix b/linux/quasar/syncthing.nix new file mode 100644 index 0000000..eec328a --- /dev/null +++ b/linux/quasar/syncthing.nix @@ -0,0 +1,21 @@ +{...}: { + services.syncthing = { + enable = true; + settings.folders = { + # game-data = { + # devices = ["protostar"]; + # path = "~/Game/data"; + # type = "sendonly"; + # }; + # game-save = { + # devices = ["protostar"]; + # path = "~/Game/save"; + # }; + # music = { + # devices = ["nebula"]; + # path = "~/Music"; + # type = "sendonly"; + # }; + }; + }; +} diff --git a/linux/quasar/tailscale.nix b/linux/quasar/tailscale.nix new file mode 100644 index 0000000..399eb4e --- /dev/null +++ b/linux/quasar/tailscale.nix @@ -0,0 +1,7 @@ +{...}: { + services.tailscale = { + enable = true; + port = 62662; + useRoutingFeatures = "client"; + }; +} diff --git a/linux/quasar/zfs.nix b/linux/quasar/zfs.nix new file mode 100644 index 0000000..88e0374 --- /dev/null +++ b/linux/quasar/zfs.nix @@ -0,0 +1,76 @@ +{ + config, + lib, + ... +}: { + boot.loader.grub.zfsSupport = true; + + services.zfs = { + autoScrub.enable = true; + trim.enable = true; + }; + + services.zrepl = { + enable = true; + settings = { + global = { + logging = [ + { + type = "syslog"; + level = "info"; + format = "human"; + } + ]; + }; + jobs = let + listener_name = "archive"; + in [ + { + type = "push"; + name = "snapshot"; + connect = { + inherit listener_name; + type = "local"; + client_identity = config.networking.hostName; + }; + filesystems."zactive/main/home" = true; + send.encrypted = true; + snapshotting = { + type = "periodic"; + prefix = "zrepl-"; + interval = "1h"; + }; + pruning = { + keep_sender = [ + { + type = "grid"; + regex = "^zrepl-.*"; + grid = lib.concatStringsSep " | " ["1x1h(keep=all)" "24x1h" "7x1d" "4x1w"]; + } + ]; + keep_receiver = [ + { + type = "grid"; + regex = "^zrepl-.*"; + grid = lib.concatStringsSep " | " ["1x1h(keep=all)" "30x1d" "52x1w"]; + } + ]; + }; + replication.protection = { + initial = "guarantee_resumability"; + incremental = "guarantee_incremental"; + }; + } + { + type = "sink"; + name = "archive"; + serve = { + inherit listener_name; + type = "local"; + }; + root_fs = "zarchive"; + } + ]; + }; + }; +}