macronova/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

NixOS on Steam Deck OLED

Browse source
This commit is contained in:
Invariantspace 2024-03-02 15:10:23 -08:00
parent 0863fa0dfb
commit 4dedb233de
23 changed files with 375 additions and 108 deletions
Download patch file Download diff file Expand all files Collapse all files

2
common/.sops.yaml
View file

@ -3,6 +3,7 @@ keys:
- &comet age18e4ttr7k6r7j662a6pvgrvsptuhsvffq70z4westqs3gfx7804fq0ewfaa
- &macronova age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra
- &nebula age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33
- &protostar age1m5jnjmed343uwpgeta4nkxjhwescsa6dfswx30e4rwm0yxcf753qr0ljkw
- &singularity age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu
creation_rules:
- path_regex: secrets.yaml$
@ -16,4 +17,5 @@ creation_rules:
- age:
- *comet
- *macronova
- *protostar
- *singularity

39
common/auths.yaml
View file

@ -15,29 +15,38 @@ sops:
- recipient: age18e4ttr7k6r7j662a6pvgrvsptuhsvffq70z4westqs3gfx7804fq0ewfaa
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVnJ0T3dQM1g3UllYVTZN
bkhON2RRTElDMUtBaTFhRkpTWHorbnVOdkFRCjl5cWM2NmtPRzdlT1pRaXNmOXND
RTBlT3ZmYW1sQlkyOXRNek5BS0lySVUKLS0tIERKM201ZzFZZHgrZjVPQTA1SWh2
Y2ljQzNBQnhwdzlEZGJLVFZreWJkN3cK90kk2p+kOag2IaY0QWbiUVerfq18TNax
4ashMrFV5trh0Uq+/9Nob2MqSTVbmIC3UtP4m7x1j1TzpDuT+nEzPA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVlNDQW5WVFppcEZJanc5
VDlZMG5xWmoyalB0bzVrRGpHOGRkcmlETVMwCis2TjA0dUMycG9UNldQenZnUDhW
S0FGWnpuZXRMUjd0V2FMeXpiVjFMNWsKLS0tIHMzaG9wUEVEVm5UM0Rob09MNFJq
eEFicGFNajFiRXF6d2xEQjc0VGVsVDAK5wj9siWRiV7FD6bO5YATpOCidEOJGjO0
fa98Sv/HNJdYXx4wR0yWgIdqVFs+2z+Q4aaOzKdySBcxJjqLAvnZlw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4cnJybjArb0ZtZkFyUjln
cDVGbVdJcFpRdVRUd1lkMkJuME5vS2tBZjFnCldXODdiaFQzb1JHZHJycUNtMUo5
L3E5c1VZL3lYOXZDVUxsaEMwcXJJRXMKLS0tIHlQcmVjcVBZcTFwV2dZM1UrWlN0
Q0hMWlVWSmtqa083dTBzT252UjRGMWMK0lxWqBpx0zvH6HkGjatBS4rv9/7+0ZLr
5m0kWm9bOQXhpy26IljNnx4nbMSuSO/bmLnVIst62pLFkHq+SjoYAQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRVpBb2p1dlhHNlVLKzYw
ck83MllqU2dYWEhEUVlFSGZhSEFaV284U0dnClRkUTRZbmJTN0ZrSmVBTXFtS3lh
aEhJQWJTc094aHNlT2x4M3F1SFl4ZWcKLS0tIGtWbDBURjRkbmQrT0NlVUZjbnl3
M1NRbVdqbzZ3Sy9xdlArbExSMzBKSHcKvmimpsvrNL1ogQ3jROJgD7b8dFgNCvd5
xWS2gbnTo3g+hhouHM4pko8nlT2BY3f0L4IiLfJZ0j7tWx0Kvaz/xA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m5jnjmed343uwpgeta4nkxjhwescsa6dfswx30e4rwm0yxcf753qr0ljkw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTDF0ZG1tVmF6YkxBUTJD
cnIzK0Q2WFJzZzNKLzZDM2VzOS9wOEw0OWprCnR4ZlpTdFc5YjRPdklYNzlHVTZY
bVFMRWhwVGJNN0Jwd0JlMjR2cHE4RUEKLS0tIHF1R2xFMFQrYm1wbXgwN29BLzZO
OFppTU5wdGJkRTN0cDRQK2VNelJwbnMKLuNccIhf2RbNbfYR+jTUdN/RAh1fQExS
Bqm4F3/PID+gdljxHDSS7mN7VZ+884nrInE8U5TCqREe5HSnwLStfg==
-----END AGE ENCRYPTED FILE-----
- recipient: age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyYWxtTWxad0V6cklxZm8y
Wmh0dld6Y0FPRVU4Zk5pN1hsT1hRWmhha3gwCkFISjlEK1QxaVBPcVVPWXZmdk1m
Ymw1UHhveTN1R0VDdXJYRHNvczcxQTQKLS0tIFN1UDdqYXNGY29QS0pMYmJac055
VHRRUnRpQzE3L0V4OVpGM0krOW9KWVUK3c8IH6tD2f8WKFm+yeVF3hP/UFvr4n1/
rqTt3cILSurq62MjtzU/F4+FC9/Le5j1xlDh075EuH+M/ewm65POSw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUndRMWFDaE1PS0lLY1N0
Nlk3bTQrR0lGV0ovUDd5cWlReEZWajdkbHhRCmJUODczdkhzNXV3YllBU2VxUmFI
bUdVUGpYcjFnYlRBMjJvRVd6bjlUMmMKLS0tIHN4cXJHeTZzTlEreTg1NWpxQ2dM
UnlUY25pOGJ2T1VoTW0yeTFEL2NNTVUKHFdlBryccJAKz26+oECG8tx/FvhZEe0E
MBRoWFu+LHaAUgaOKEBMUHZKzY7Q+TahAsdsy+VErmRkI6i/Hh10ww==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-28T05:25:46Z"
mac: ENC[AES256_GCM,data:e6p67apo/byZ1dNhvHqcbcUOnTFInoL9t2RGki8Wd114w+1IZxfPAmXzvoea3txXWnrvCuuZBVD+RglcWjbkvE54J8YfACgRN5+93NLWVVHrgbwL7WiI+W+rpzUqiWxByD72ee9rvG1dehAEAT0QEARVehIHpPK8F9/i/a3F+IA=,iv:rjtqpbKe4FyrX4RdVMwyqkCDMSP1rUaZoC9U9CAlzR0=,tag:4KSAB5eooNTdd/2ff9zL5Q==,type:str]

4
common/default.nix
View file

@ -2,9 +2,9 @@
{
imports = with inputs; [
home-manager.nixosModules.home-manager
home-manager.nixosModules.default
nh.nixosModules.default
sops-nix.nixosModules.sops
sops-nix.nixosModules.default
] ++ [
./constants.nix
./secrets.nix

16
common/users.nix
View file

@ -75,6 +75,22 @@ in
programs.fish.enable = true;
services = {
openssh = {
hostKeys = [{
comment = "host@${config.networking.hostName}";
path = "/etc/ssh/host";
rounds = 100;
type = "ed25519";
}];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
resolved.enable = true;
};
sops.secrets.${usrPwdFile}.neededForUsers = true;
users = {

112
flake.lock generated
View file

@ -21,11 +21,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1708910350,
"narHash": "sha256-cTuJVlOm05aQFIgGuYikgkrI61P2vTO2OfXwIRWEzUg=",
"lastModified": 1709286488,
"narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=",
"owner": "nix-community",
"repo": "disko",
"rev": "a13f36255cf4ce99cc4236a34251c2e7106e101d",
"rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46",
"type": "github"
},
"original": {
@ -70,11 +70,11 @@
},
"hardware": {
"locked": {
"lastModified": 1708594753,
"narHash": "sha256-c/gH7iXS/IYH9NrFOT+aJqTq+iEBkvAkpWuUHGU3+f0=",
"lastModified": 1709147990,
"narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "3f7d0bca003eac1a1a7f4659bbab9c8f8c2a0958",
"rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159",
"type": "github"
},
"original": {
@ -88,11 +88,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1708988456,
"narHash": "sha256-RCz7Xe64tN2zgWk+MVHkzg224znwqknJ1RnB7rVqUWw=",
"lastModified": 1709204054,
"narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1d085ea4444d26aa52297758b333b449b2aa6fca",
"rev": "2f3367769a93b226c467551315e9e270c3f78b15",
"type": "github"
},
"original": {
@ -101,11 +101,30 @@
"type": "github"
}
},
"jovian": {
"inputs": {
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1709295149,
"narHash": "sha256-+blV8vKyvh3gYnUFYTOu2yuWxEEBqwS7hfLm6qdpoe4=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "0ef51034dcc8b65b8be72eedd0d5db7d426ea054",
"type": "github"
},
"original": {
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"type": "github"
}
},
"mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"nixpkgs-23_05": "nixpkgs-23_05",
"nixpkgs-23_11": "nixpkgs-23_11",
"utils": "utils"
@ -126,14 +145,14 @@
},
"nh": {
"inputs": {
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1708335499,
"narHash": "sha256-ZOAhp3hiJsWdNDSs/SF2EPylluAx5PiZv9aAUwZrKOI=",
"lastModified": 1709278248,
"narHash": "sha256-ceZXyzxTLSOrQlcTPQmvQnDV696NNMBwFmVPb9jpX2E=",
"owner": "viperML",
"repo": "nh",
"rev": "aa4df097654cdeb15aa74aabd72863a6fb30c7e6",
"rev": "6947e6f6f234d303131ecc1e54ef6703c82257e3",
"type": "github"
},
"original": {
@ -145,7 +164,7 @@
"nix-custom": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"wallpaper-engine-kde-plugin": "wallpaper-engine-kde-plugin",
"yorha-grub-theme": "yorha-grub-theme",
"yorha-sound-theme": "yorha-sound-theme"
@ -164,6 +183,28 @@
"url": "https://forgejo.invariantspace.com/macronova/nix-custom"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"jovian",
"nixpkgs"
]
},
"locked": {
"lastModified": 1690328911,
"narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
"owner": "zhaofengli",
"repo": "nix-github-actions",
"rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"ref": "matrix-name",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1708815994,
@ -243,6 +284,22 @@
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1708984720,
"narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1705856552,
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
@ -257,13 +314,13 @@
"type": "indirect"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1708161998,
"narHash": "sha256-6KnemmUorCvlcAvGziFosAVkrlWZGIc6UNT9GUYr0jQ=",
"lastModified": 1709218635,
"narHash": "sha256-nytX/MkfqeTD4z7bMq4QRXcHxO9B3vRo9tM6fMtPFA8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "84d981bae8b5e783b3b548de505b22880559515f",
"rev": "068d4db604958d05d0b46c47f79b507d84dbc069",
"type": "github"
},
"original": {
@ -273,7 +330,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1708475490,
"narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=",
@ -289,13 +346,13 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1708807242,
"narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=",
"lastModified": 1709237383,
"narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "73de017ef2d18a04ac4bfd0c02650007ccb31c2a",
"rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
"type": "github"
},
"original": {
@ -305,7 +362,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1708751719,
"narHash": "sha256-0uWOKSpXJXmXswOvDM5Vk3blB74apFB6rNGWV5IjoN0=",
@ -326,16 +383,17 @@
"disko": "disko",
"hardware": "hardware",
"home-manager": "home-manager",
"jovian": "jovian",
"mailserver": "mailserver",
"nh": "nh",
"nix-custom": "nix-custom",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {

1
flake.nix
View file

@ -5,6 +5,7 @@
disko.url = "github:nix-community/disko";
hardware.url = "github:nixos/nixos-hardware";
home-manager.url = "github:nix-community/home-manager";
jovian.url = "github:Jovian-Experiments/Jovian-NixOS";
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
nh.url = "github:viperML/nh";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";

2
linux/blitzar/default.nix
View file

@ -2,7 +2,7 @@
{
imports = with inputs; [
disko.nixosModules.disko
disko.nixosModules.default
hardware.nixosModules.asus-zephyrus-ga402
] ++ [
./audio.nix

14
linux/blitzar/gui.nix
View file

@ -17,7 +17,7 @@ let usr = config.constants.userName; in {
lutris
nvtop-amd
picard
qbittorrent-qt5
qbittorrent
sweet-nova
tauon
telegram-desktop
@ -27,9 +27,9 @@ let usr = config.constants.userName; in {
winetricks
yorha-sound-theme
yuzu
] ++ (with libsForQt5; [
polonium
qt5.qtwebsockets
] ++ (with kdePackages; [
# polonium
qtwebsockets
]);
programs = {
firefox.enable = true;
@ -102,7 +102,6 @@ let usr = config.constants.userName; in {
xserver = {
enable = true;
displayManager = {
defaultSession = "plasmawayland";
autoLogin.user = usr;
sddm = {
enable = true;
@ -110,10 +109,7 @@ let usr = config.constants.userName; in {
wayland.enable = true;
};
};
desktopManager.plasma5 = {
enable = true;
useQtScaling = true;
};
desktopManager.plasma6.enable = true;
videoDrivers = [ "amdgpu" ];
};
};

2
linux/blitzar/network.nix
View file

@ -11,6 +11,4 @@
nftables.enable = true;
wireless.iwd.enable = true;
};
services.resolved.enable = true;
}

20
linux/comet/network.nix
View file

@ -1,27 +1,11 @@
{ config, ... }:
let hn = config.networking.hostName; in {
{
networking = {
domain = config.constants.domain;
firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
hostId = "3ddd2ad2";
nftables.enable = true;
};
services = {
openssh = {
enable = true;
hostKeys = [{
comment = "host@${hn}";
path = "/etc/ssh/host";
rounds = 100;
type = "ed25519";
}];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
resolved.enable = true;
};
services.openssh.enable = true;
}

2
linux/nebula/default.nix
View file

@ -2,7 +2,7 @@
{
imports = with inputs; [
disko.nixosModules.disko
disko.nixosModules.default
hardware.nixosModules.common-cpu-amd
hardware.nixosModules.common-cpu-amd-pstate
] ++ [

20
linux/nebula/network.nix
View file

@ -1,6 +1,6 @@
{ config, ... }:
let hn = config.networking.hostName; in {
{
networking = {
domain = config.constants.domain;
firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
@ -13,21 +13,5 @@ let hn = config.networking.hostName; in {
tempAddresses = "disabled";
wireless.iwd.enable = true;
};
services = {
openssh = {
enable = true;
hostKeys = [{
comment = "host@${hn}";
path = "/etc/ssh/host";
rounds = 100;
type = "ed25519";
}];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
resolved.enable = true;
};
services.openssh.enable = true;
}

29
linux/protostar/configuration.nix Normal file
View file

@ -0,0 +1,29 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ ... }:
{
# Configuration boot
boot.loader.grub.device = "nodev";
# Change secrets file
constants.sopsFile = ../../common/auths.yaml;
# Disable sudo password
security.sudo.wheelNeedsPassword = false;
# Set timezone automatically
services.automatic-timezoned.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

17
linux/protostar/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ inputs, ... }:
{
imports = with inputs; [
disko.nixosModules.default
jovian.nixosModules.default
] ++ [
./configuration.nix
./disko.nix
./hardware-configuration.nix
./network.nix
# ./syncthing.nix
./tailscale.nix
./zfs.nix
../../common
];
}

73
linux/protostar/disko.nix Normal file
View file

@ -0,0 +1,73 @@
{ ... }:
{
disko.devices = {
# Partition the physical disk
disk.storage = {
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
esp = {
size = "1G";
type = "ef00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
# Construct the primary zfs pool for this system.
zpool.zroot = {
type = "zpool";
options = {
ashift = "12";
autotrim = "on";
listsnapshots = "on";
};
rootFsOptions = {
acltype = "posix";
atime = "off";
compression = "zstd";
dnodesize = "auto";
mountpoint = "none";
normalization = "formD";
xattr = "sa";
};
datasets = {
# Create dataset for home
home = {
type = "zfs_fs";
mountpoint = "/home";
};
# Create dataset for nix store
nix = {
type = "zfs_fs";
mountpoint = "/nix";
};
# Create dataset for root
root = {
type = "zfs_fs";
mountpoint = "/";
};
# Reserve space for performance
reservation = {
type = "zfs_fs";
options.refreservation = "128G";
};
};
};
};
}

18
linux/protostar/gui.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, ... }:
let usr = config.constants.userName; in {
jovian = {
decky-loader.enable = true;
steam = {
enable = true;
autoStart = true;
desktopSession = "plasma";
user = usr;
};
};
services.xserver = {
enable = true;
desktopManager.plasma6.enable = true;
};
}

25
linux/protostar/hardware-configuration.nix Normal file
View file

@ -0,0 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

17
linux/protostar/network.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, ... }:
let hn = config.networking.hostName; in {
networking = {
domain = config.constants.domain;
firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
hostId = "e6449321";
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
nftables.enable = true;
tempAddresses = "disabled";
wireless.iwd.enable = true;
};
services.openssh.enable = true;
}

27
linux/protostar/syncthing.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, ... }:
{
services.syncthing = let home = config.constants.homeDir; in {
enable = true;
configDir = "${home}/.config/syncthing";
dataDir = "${home}/.local/share/syncthing";
openDefaultPorts = true;
overrideDevices = true;
overrideFolders = true;
settings = let pc = "blitzar"; in {
devices.${pc} = {
name = pc;
id = "KGCBCIZ-GG6KMQ2-FLK5BWW-GLCEDML-5LCI24S-UKO5UWL-HWNCPYX-ZWWD5AQ";
};
folders.music = {
enable = true;
devices = [ pc ];
id = "Music";
label = "Music";
path = "~/Music";
type = "receiveonly";
};
};
user = config.constants.userName;
};
}

9
linux/protostar/tailscale.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
services.tailscale = {
enable = true;
port = 25172;
useRoutingFeatures = "client";
};
}

17
linux/protostar/zfs.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, ... }:
{
boot = {
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
loader.grub.zfsSupport = true;
zfs.enableUnstable = true;
};
services.zfs = {
autoScrub.enable = true;
trim.enable = true;
};
}

2
linux/singularity/default.nix
View file

@ -2,7 +2,7 @@
{
imports = [
inputs.mailserver.nixosModule
inputs.mailserver.nixosModules.default
./caddy.nix
./configuration.nix
./hardware-configuration.nix

15
linux/singularity/network.nix
View file

@ -16,20 +16,7 @@ let hn = config.networking.hostName; in {
apiTokenFile = config.sops.secrets."cloudflare/${hn}".path;
domains = builtins.attrNames config.services.caddy.virtualHosts;
};
openssh = {
enable = true;
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
};
hostKeys = [{
comment = "host@${hn}";
path = "/etc/ssh/host";
rounds = 100;
type = "ed25519";
}];
};
resolved.enable = true;
openssh.enable = true;
};
sops.secrets."cloudflare/${hn}" = { };