From 4dedb233de533a21ab69d22886a9ab6fe1a13b2f Mon Sep 17 00:00:00 2001 From: macronova Date: Sat, 2 Mar 2024 15:10:23 -0800 Subject: [PATCH] NixOS on Steam Deck OLED --- common/.sops.yaml | 2 + common/auths.yaml | 39 ++++--- common/default.nix | 4 +- common/users.nix | 16 +++ flake.lock | 112 ++++++++++++++++----- flake.nix | 1 + linux/blitzar/default.nix | 2 +- linux/blitzar/gui.nix | 14 +-- linux/blitzar/network.nix | 2 - linux/comet/network.nix | 20 +--- linux/nebula/default.nix | 2 +- linux/nebula/network.nix | 20 +--- linux/protostar/configuration.nix | 29 ++++++ linux/protostar/default.nix | 17 ++++ linux/protostar/disko.nix | 73 ++++++++++++++ linux/protostar/gui.nix | 18 ++++ linux/protostar/hardware-configuration.nix | 25 +++++ linux/protostar/network.nix | 17 ++++ linux/protostar/syncthing.nix | 27 +++++ linux/protostar/tailscale.nix | 9 ++ linux/protostar/zfs.nix | 17 ++++ linux/singularity/default.nix | 2 +- linux/singularity/network.nix | 15 +-- 23 files changed, 375 insertions(+), 108 deletions(-) create mode 100644 linux/protostar/configuration.nix create mode 100644 linux/protostar/default.nix create mode 100644 linux/protostar/disko.nix create mode 100644 linux/protostar/gui.nix create mode 100644 linux/protostar/hardware-configuration.nix create mode 100644 linux/protostar/network.nix create mode 100644 linux/protostar/syncthing.nix create mode 100644 linux/protostar/tailscale.nix create mode 100644 linux/protostar/zfs.nix diff --git a/common/.sops.yaml b/common/.sops.yaml index cffdf21..ff3f948 100644 --- a/common/.sops.yaml +++ b/common/.sops.yaml @@ -3,6 +3,7 @@ keys: - &comet age18e4ttr7k6r7j662a6pvgrvsptuhsvffq70z4westqs3gfx7804fq0ewfaa - ¯onova age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra - &nebula age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33 + - &protostar age1m5jnjmed343uwpgeta4nkxjhwescsa6dfswx30e4rwm0yxcf753qr0ljkw - &singularity age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu creation_rules: - path_regex: secrets.yaml$ @@ -16,4 +17,5 @@ creation_rules: - age: - *comet - *macronova + - *protostar - *singularity diff --git a/common/auths.yaml b/common/auths.yaml index 25d2556..1683407 100644 --- a/common/auths.yaml +++ b/common/auths.yaml @@ -15,29 +15,38 @@ sops: - recipient: age18e4ttr7k6r7j662a6pvgrvsptuhsvffq70z4westqs3gfx7804fq0ewfaa enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVnJ0T3dQM1g3UllYVTZN - bkhON2RRTElDMUtBaTFhRkpTWHorbnVOdkFRCjl5cWM2NmtPRzdlT1pRaXNmOXND - RTBlT3ZmYW1sQlkyOXRNek5BS0lySVUKLS0tIERKM201ZzFZZHgrZjVPQTA1SWh2 - Y2ljQzNBQnhwdzlEZGJLVFZreWJkN3cK90kk2p+kOag2IaY0QWbiUVerfq18TNax - 4ashMrFV5trh0Uq+/9Nob2MqSTVbmIC3UtP4m7x1j1TzpDuT+nEzPA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVlNDQW5WVFppcEZJanc5 + VDlZMG5xWmoyalB0bzVrRGpHOGRkcmlETVMwCis2TjA0dUMycG9UNldQenZnUDhW + S0FGWnpuZXRMUjd0V2FMeXpiVjFMNWsKLS0tIHMzaG9wUEVEVm5UM0Rob09MNFJq + eEFicGFNajFiRXF6d2xEQjc0VGVsVDAK5wj9siWRiV7FD6bO5YATpOCidEOJGjO0 + fa98Sv/HNJdYXx4wR0yWgIdqVFs+2z+Q4aaOzKdySBcxJjqLAvnZlw== -----END AGE ENCRYPTED FILE----- - recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4cnJybjArb0ZtZkFyUjln - cDVGbVdJcFpRdVRUd1lkMkJuME5vS2tBZjFnCldXODdiaFQzb1JHZHJycUNtMUo5 - L3E5c1VZL3lYOXZDVUxsaEMwcXJJRXMKLS0tIHlQcmVjcVBZcTFwV2dZM1UrWlN0 - Q0hMWlVWSmtqa083dTBzT252UjRGMWMK0lxWqBpx0zvH6HkGjatBS4rv9/7+0ZLr - 5m0kWm9bOQXhpy26IljNnx4nbMSuSO/bmLnVIst62pLFkHq+SjoYAQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRVpBb2p1dlhHNlVLKzYw + ck83MllqU2dYWEhEUVlFSGZhSEFaV284U0dnClRkUTRZbmJTN0ZrSmVBTXFtS3lh + aEhJQWJTc094aHNlT2x4M3F1SFl4ZWcKLS0tIGtWbDBURjRkbmQrT0NlVUZjbnl3 + M1NRbVdqbzZ3Sy9xdlArbExSMzBKSHcKvmimpsvrNL1ogQ3jROJgD7b8dFgNCvd5 + xWS2gbnTo3g+hhouHM4pko8nlT2BY3f0L4IiLfJZ0j7tWx0Kvaz/xA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1m5jnjmed343uwpgeta4nkxjhwescsa6dfswx30e4rwm0yxcf753qr0ljkw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTDF0ZG1tVmF6YkxBUTJD + cnIzK0Q2WFJzZzNKLzZDM2VzOS9wOEw0OWprCnR4ZlpTdFc5YjRPdklYNzlHVTZY + bVFMRWhwVGJNN0Jwd0JlMjR2cHE4RUEKLS0tIHF1R2xFMFQrYm1wbXgwN29BLzZO + OFppTU5wdGJkRTN0cDRQK2VNelJwbnMKLuNccIhf2RbNbfYR+jTUdN/RAh1fQExS + Bqm4F3/PID+gdljxHDSS7mN7VZ+884nrInE8U5TCqREe5HSnwLStfg== -----END AGE ENCRYPTED FILE----- - recipient: age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyYWxtTWxad0V6cklxZm8y - Wmh0dld6Y0FPRVU4Zk5pN1hsT1hRWmhha3gwCkFISjlEK1QxaVBPcVVPWXZmdk1m - Ymw1UHhveTN1R0VDdXJYRHNvczcxQTQKLS0tIFN1UDdqYXNGY29QS0pMYmJac055 - VHRRUnRpQzE3L0V4OVpGM0krOW9KWVUK3c8IH6tD2f8WKFm+yeVF3hP/UFvr4n1/ - rqTt3cILSurq62MjtzU/F4+FC9/Le5j1xlDh075EuH+M/ewm65POSw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUndRMWFDaE1PS0lLY1N0 + Nlk3bTQrR0lGV0ovUDd5cWlReEZWajdkbHhRCmJUODczdkhzNXV3YllBU2VxUmFI + bUdVUGpYcjFnYlRBMjJvRVd6bjlUMmMKLS0tIHN4cXJHeTZzTlEreTg1NWpxQ2dM + UnlUY25pOGJ2T1VoTW0yeTFEL2NNTVUKHFdlBryccJAKz26+oECG8tx/FvhZEe0E + MBRoWFu+LHaAUgaOKEBMUHZKzY7Q+TahAsdsy+VErmRkI6i/Hh10ww== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-11-28T05:25:46Z" mac: ENC[AES256_GCM,data:e6p67apo/byZ1dNhvHqcbcUOnTFInoL9t2RGki8Wd114w+1IZxfPAmXzvoea3txXWnrvCuuZBVD+RglcWjbkvE54J8YfACgRN5+93NLWVVHrgbwL7WiI+W+rpzUqiWxByD72ee9rvG1dehAEAT0QEARVehIHpPK8F9/i/a3F+IA=,iv:rjtqpbKe4FyrX4RdVMwyqkCDMSP1rUaZoC9U9CAlzR0=,tag:4KSAB5eooNTdd/2ff9zL5Q==,type:str] diff --git a/common/default.nix b/common/default.nix index 74c448c..41888ca 100644 --- a/common/default.nix +++ b/common/default.nix @@ -2,9 +2,9 @@ { imports = with inputs; [ - home-manager.nixosModules.home-manager + home-manager.nixosModules.default nh.nixosModules.default - sops-nix.nixosModules.sops + sops-nix.nixosModules.default ] ++ [ ./constants.nix ./secrets.nix diff --git a/common/users.nix b/common/users.nix index 3f1611b..365bb28 100644 --- a/common/users.nix +++ b/common/users.nix @@ -75,6 +75,22 @@ in programs.fish.enable = true; + services = { + openssh = { + hostKeys = [{ + comment = "host@${config.networking.hostName}"; + path = "/etc/ssh/host"; + rounds = 100; + type = "ed25519"; + }]; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + resolved.enable = true; + }; + sops.secrets.${usrPwdFile}.neededForUsers = true; users = { diff --git a/flake.lock b/flake.lock index 5285851..83cd347 100644 --- a/flake.lock +++ b/flake.lock @@ -21,11 +21,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1708910350, - "narHash": "sha256-cTuJVlOm05aQFIgGuYikgkrI61P2vTO2OfXwIRWEzUg=", + "lastModified": 1709286488, + "narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=", "owner": "nix-community", "repo": "disko", - "rev": "a13f36255cf4ce99cc4236a34251c2e7106e101d", + "rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "hardware": { "locked": { - "lastModified": 1708594753, - "narHash": "sha256-c/gH7iXS/IYH9NrFOT+aJqTq+iEBkvAkpWuUHGU3+f0=", + "lastModified": 1709147990, + "narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "3f7d0bca003eac1a1a7f4659bbab9c8f8c2a0958", + "rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159", "type": "github" }, "original": { @@ -88,11 +88,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1708988456, - "narHash": "sha256-RCz7Xe64tN2zgWk+MVHkzg224znwqknJ1RnB7rVqUWw=", + "lastModified": 1709204054, + "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=", "owner": "nix-community", "repo": "home-manager", - "rev": "1d085ea4444d26aa52297758b333b449b2aa6fca", + "rev": "2f3367769a93b226c467551315e9e270c3f78b15", "type": "github" }, "original": { @@ -101,11 +101,30 @@ "type": "github" } }, + "jovian": { + "inputs": { + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1709295149, + "narHash": "sha256-+blV8vKyvh3gYnUFYTOu2yuWxEEBqwS7hfLm6qdpoe4=", + "owner": "Jovian-Experiments", + "repo": "Jovian-NixOS", + "rev": "0ef51034dcc8b65b8be72eedd0d5db7d426ea054", + "type": "github" + }, + "original": { + "owner": "Jovian-Experiments", + "repo": "Jovian-NixOS", + "type": "github" + } + }, "mailserver": { "inputs": { "blobs": "blobs", "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-23_05": "nixpkgs-23_05", "nixpkgs-23_11": "nixpkgs-23_11", "utils": "utils" @@ -126,14 +145,14 @@ }, "nh": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1708335499, - "narHash": "sha256-ZOAhp3hiJsWdNDSs/SF2EPylluAx5PiZv9aAUwZrKOI=", + "lastModified": 1709278248, + "narHash": "sha256-ceZXyzxTLSOrQlcTPQmvQnDV696NNMBwFmVPb9jpX2E=", "owner": "viperML", "repo": "nh", - "rev": "aa4df097654cdeb15aa74aabd72863a6fb30c7e6", + "rev": "6947e6f6f234d303131ecc1e54ef6703c82257e3", "type": "github" }, "original": { @@ -145,7 +164,7 @@ "nix-custom": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "wallpaper-engine-kde-plugin": "wallpaper-engine-kde-plugin", "yorha-grub-theme": "yorha-grub-theme", "yorha-sound-theme": "yorha-sound-theme" @@ -164,6 +183,28 @@ "url": "https://forgejo.invariantspace.com/macronova/nix-custom" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "jovian", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1690328911, + "narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=", + "owner": "zhaofengli", + "repo": "nix-github-actions", + "rev": "96df4a39c52f53cb7098b923224d8ce941b64747", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "ref": "matrix-name", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1708815994, @@ -243,6 +284,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1708984720, + "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1705856552, "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", @@ -257,13 +314,13 @@ "type": "indirect" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { - "lastModified": 1708161998, - "narHash": "sha256-6KnemmUorCvlcAvGziFosAVkrlWZGIc6UNT9GUYr0jQ=", + "lastModified": 1709218635, + "narHash": "sha256-nytX/MkfqeTD4z7bMq4QRXcHxO9B3vRo9tM6fMtPFA8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "84d981bae8b5e783b3b548de505b22880559515f", + "rev": "068d4db604958d05d0b46c47f79b507d84dbc069", "type": "github" }, "original": { @@ -273,7 +330,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1708475490, "narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=", @@ -289,13 +346,13 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { - "lastModified": 1708807242, - "narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=", + "lastModified": 1709237383, + "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", "owner": "nixos", "repo": "nixpkgs", - "rev": "73de017ef2d18a04ac4bfd0c02650007ccb31c2a", + "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", "type": "github" }, "original": { @@ -305,7 +362,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1708751719, "narHash": "sha256-0uWOKSpXJXmXswOvDM5Vk3blB74apFB6rNGWV5IjoN0=", @@ -326,16 +383,17 @@ "disko": "disko", "hardware": "hardware", "home-manager": "home-manager", + "jovian": "jovian", "mailserver": "mailserver", "nh": "nh", "nix-custom": "nix-custom", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "sops-nix": "sops-nix" } }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { diff --git a/flake.nix b/flake.nix index 8819526..39b2ace 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,7 @@ disko.url = "github:nix-community/disko"; hardware.url = "github:nixos/nixos-hardware"; home-manager.url = "github:nix-community/home-manager"; + jovian.url = "github:Jovian-Experiments/Jovian-NixOS"; mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; nh.url = "github:viperML/nh"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; diff --git a/linux/blitzar/default.nix b/linux/blitzar/default.nix index c3afd46..91a5396 100644 --- a/linux/blitzar/default.nix +++ b/linux/blitzar/default.nix @@ -2,7 +2,7 @@ { imports = with inputs; [ - disko.nixosModules.disko + disko.nixosModules.default hardware.nixosModules.asus-zephyrus-ga402 ] ++ [ ./audio.nix diff --git a/linux/blitzar/gui.nix b/linux/blitzar/gui.nix index 1dd2fee..3690777 100644 --- a/linux/blitzar/gui.nix +++ b/linux/blitzar/gui.nix @@ -17,7 +17,7 @@ let usr = config.constants.userName; in { lutris nvtop-amd picard - qbittorrent-qt5 + qbittorrent sweet-nova tauon telegram-desktop @@ -27,9 +27,9 @@ let usr = config.constants.userName; in { winetricks yorha-sound-theme yuzu - ] ++ (with libsForQt5; [ - polonium - qt5.qtwebsockets + ] ++ (with kdePackages; [ + # polonium + qtwebsockets ]); programs = { firefox.enable = true; @@ -102,7 +102,6 @@ let usr = config.constants.userName; in { xserver = { enable = true; displayManager = { - defaultSession = "plasmawayland"; autoLogin.user = usr; sddm = { enable = true; @@ -110,10 +109,7 @@ let usr = config.constants.userName; in { wayland.enable = true; }; }; - desktopManager.plasma5 = { - enable = true; - useQtScaling = true; - }; + desktopManager.plasma6.enable = true; videoDrivers = [ "amdgpu" ]; }; }; diff --git a/linux/blitzar/network.nix b/linux/blitzar/network.nix index 9e6efcc..a6b53ee 100644 --- a/linux/blitzar/network.nix +++ b/linux/blitzar/network.nix @@ -11,6 +11,4 @@ nftables.enable = true; wireless.iwd.enable = true; }; - - services.resolved.enable = true; } diff --git a/linux/comet/network.nix b/linux/comet/network.nix index 9e01630..791ecb5 100644 --- a/linux/comet/network.nix +++ b/linux/comet/network.nix @@ -1,27 +1,11 @@ { config, ... }: -let hn = config.networking.hostName; in { +{ networking = { domain = config.constants.domain; firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; hostId = "3ddd2ad2"; nftables.enable = true; }; - - services = { - openssh = { - enable = true; - hostKeys = [{ - comment = "host@${hn}"; - path = "/etc/ssh/host"; - rounds = 100; - type = "ed25519"; - }]; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - resolved.enable = true; - }; + services.openssh.enable = true; } diff --git a/linux/nebula/default.nix b/linux/nebula/default.nix index 888059c..9b7feab 100644 --- a/linux/nebula/default.nix +++ b/linux/nebula/default.nix @@ -2,7 +2,7 @@ { imports = with inputs; [ - disko.nixosModules.disko + disko.nixosModules.default hardware.nixosModules.common-cpu-amd hardware.nixosModules.common-cpu-amd-pstate ] ++ [ diff --git a/linux/nebula/network.nix b/linux/nebula/network.nix index df3fd0e..6f7c966 100644 --- a/linux/nebula/network.nix +++ b/linux/nebula/network.nix @@ -1,6 +1,6 @@ { config, ... }: -let hn = config.networking.hostName; in { +{ networking = { domain = config.constants.domain; firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; @@ -13,21 +13,5 @@ let hn = config.networking.hostName; in { tempAddresses = "disabled"; wireless.iwd.enable = true; }; - - services = { - openssh = { - enable = true; - hostKeys = [{ - comment = "host@${hn}"; - path = "/etc/ssh/host"; - rounds = 100; - type = "ed25519"; - }]; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - resolved.enable = true; - }; + services.openssh.enable = true; } diff --git a/linux/protostar/configuration.nix b/linux/protostar/configuration.nix new file mode 100644 index 0000000..13c30b0 --- /dev/null +++ b/linux/protostar/configuration.nix @@ -0,0 +1,29 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running `nixos-help`). + +{ ... }: + +{ + # Configuration boot + boot.loader.grub.device = "nodev"; + + # Change secrets file + constants.sopsFile = ../../common/auths.yaml; + + # Disable sudo password + security.sudo.wheelNeedsPassword = false; + + # Set timezone automatically + services.automatic-timezoned.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? + +} + diff --git a/linux/protostar/default.nix b/linux/protostar/default.nix new file mode 100644 index 0000000..442c441 --- /dev/null +++ b/linux/protostar/default.nix @@ -0,0 +1,17 @@ +{ inputs, ... }: + +{ + imports = with inputs; [ + disko.nixosModules.default + jovian.nixosModules.default + ] ++ [ + ./configuration.nix + ./disko.nix + ./hardware-configuration.nix + ./network.nix + # ./syncthing.nix + ./tailscale.nix + ./zfs.nix + ../../common + ]; +} diff --git a/linux/protostar/disko.nix b/linux/protostar/disko.nix new file mode 100644 index 0000000..0931f14 --- /dev/null +++ b/linux/protostar/disko.nix @@ -0,0 +1,73 @@ +{ ... }: + +{ + disko.devices = { + # Partition the physical disk + disk.storage = { + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + esp = { + size = "1G"; + type = "ef00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + + # Construct the primary zfs pool for this system. + zpool.zroot = { + type = "zpool"; + options = { + ashift = "12"; + autotrim = "on"; + listsnapshots = "on"; + }; + rootFsOptions = { + acltype = "posix"; + atime = "off"; + compression = "zstd"; + dnodesize = "auto"; + mountpoint = "none"; + normalization = "formD"; + xattr = "sa"; + }; + datasets = { + # Create dataset for home + home = { + type = "zfs_fs"; + mountpoint = "/home"; + }; + # Create dataset for nix store + nix = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + # Create dataset for root + root = { + type = "zfs_fs"; + mountpoint = "/"; + }; + # Reserve space for performance + reservation = { + type = "zfs_fs"; + options.refreservation = "128G"; + }; + }; + }; + }; + +} diff --git a/linux/protostar/gui.nix b/linux/protostar/gui.nix new file mode 100644 index 0000000..b0d0340 --- /dev/null +++ b/linux/protostar/gui.nix @@ -0,0 +1,18 @@ +{ config, ... }: + +let usr = config.constants.userName; in { + jovian = { + decky-loader.enable = true; + steam = { + enable = true; + autoStart = true; + desktopSession = "plasma"; + user = usr; + }; + }; + + services.xserver = { + enable = true; + desktopManager.plasma6.enable = true; + }; +} diff --git a/linux/protostar/hardware-configuration.nix b/linux/protostar/hardware-configuration.nix new file mode 100644 index 0000000..8bb369f --- /dev/null +++ b/linux/protostar/hardware-configuration.nix @@ -0,0 +1,25 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/linux/protostar/network.nix b/linux/protostar/network.nix new file mode 100644 index 0000000..b9e2b65 --- /dev/null +++ b/linux/protostar/network.nix @@ -0,0 +1,17 @@ +{ config, ... }: + +let hn = config.networking.hostName; in { + networking = { + domain = config.constants.domain; + firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; + hostId = "e6449321"; + networkmanager = { + enable = true; + wifi.backend = "iwd"; + }; + nftables.enable = true; + tempAddresses = "disabled"; + wireless.iwd.enable = true; + }; + services.openssh.enable = true; +} diff --git a/linux/protostar/syncthing.nix b/linux/protostar/syncthing.nix new file mode 100644 index 0000000..3767734 --- /dev/null +++ b/linux/protostar/syncthing.nix @@ -0,0 +1,27 @@ +{ config, ... }: + +{ + services.syncthing = let home = config.constants.homeDir; in { + enable = true; + configDir = "${home}/.config/syncthing"; + dataDir = "${home}/.local/share/syncthing"; + openDefaultPorts = true; + overrideDevices = true; + overrideFolders = true; + settings = let pc = "blitzar"; in { + devices.${pc} = { + name = pc; + id = "KGCBCIZ-GG6KMQ2-FLK5BWW-GLCEDML-5LCI24S-UKO5UWL-HWNCPYX-ZWWD5AQ"; + }; + folders.music = { + enable = true; + devices = [ pc ]; + id = "Music"; + label = "Music"; + path = "~/Music"; + type = "receiveonly"; + }; + }; + user = config.constants.userName; + }; +} diff --git a/linux/protostar/tailscale.nix b/linux/protostar/tailscale.nix new file mode 100644 index 0000000..9213f67 --- /dev/null +++ b/linux/protostar/tailscale.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + services.tailscale = { + enable = true; + port = 25172; + useRoutingFeatures = "client"; + }; +} diff --git a/linux/protostar/zfs.nix b/linux/protostar/zfs.nix new file mode 100644 index 0000000..35d7371 --- /dev/null +++ b/linux/protostar/zfs.nix @@ -0,0 +1,17 @@ +{ config, ... }: + +{ + + boot = { + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + loader.grub.zfsSupport = true; + zfs.enableUnstable = true; + }; + + services.zfs = { + autoScrub.enable = true; + trim.enable = true; + }; + +} + diff --git a/linux/singularity/default.nix b/linux/singularity/default.nix index 89c49bf..3123e8d 100644 --- a/linux/singularity/default.nix +++ b/linux/singularity/default.nix @@ -2,7 +2,7 @@ { imports = [ - inputs.mailserver.nixosModule + inputs.mailserver.nixosModules.default ./caddy.nix ./configuration.nix ./hardware-configuration.nix diff --git a/linux/singularity/network.nix b/linux/singularity/network.nix index 6dbc163..2f98a21 100644 --- a/linux/singularity/network.nix +++ b/linux/singularity/network.nix @@ -16,20 +16,7 @@ let hn = config.networking.hostName; in { apiTokenFile = config.sops.secrets."cloudflare/${hn}".path; domains = builtins.attrNames config.services.caddy.virtualHosts; }; - openssh = { - enable = true; - settings = { - KbdInteractiveAuthentication = false; - PasswordAuthentication = false; - }; - hostKeys = [{ - comment = "host@${hn}"; - path = "/etc/ssh/host"; - rounds = 100; - type = "ed25519"; - }]; - }; - resolved.enable = true; + openssh.enable = true; }; sops.secrets."cloudflare/${hn}" = { };