macronova/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

NixOS on Steam Deck OLED

Browse source
This commit is contained in:
Invariantspace 2024-03-02 15:10:23 -08:00
parent 0863fa0dfb
commit 4dedb233de
23 changed files with 375 additions and 108 deletions
Download patch file Download diff file Expand all files Collapse all files

2
common/.sops.yaml
View file

@ -3,6 +3,7 @@ keys:
- &comet age18e4ttr7k6r7j662a6pvgrvsptuhsvffq70z4westqs3gfx7804fq0ewfaa - &comet age18e4ttr7k6r7j662a6pvgrvsptuhsvffq70z4westqs3gfx7804fq0ewfaa
- &macronova age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra - &macronova age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra
- &nebula age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33 - &nebula age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33
- &protostar age1m5jnjmed343uwpgeta4nkxjhwescsa6dfswx30e4rwm0yxcf753qr0ljkw
- &singularity age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu - &singularity age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu
creation_rules: creation_rules:
- path_regex: secrets.yaml$ - path_regex: secrets.yaml$
@ -16,4 +17,5 @@ creation_rules:
- age: - age:
- *comet - *comet
- *macronova - *macronova
- *protostar
- *singularity - *singularity

39
common/auths.yaml
View file

@ -15,29 +15,38 @@ sops:
- recipient: age18e4ttr7k6r7j662a6pvgrvsptuhsvffq70z4westqs3gfx7804fq0ewfaa - recipient: age18e4ttr7k6r7j662a6pvgrvsptuhsvffq70z4westqs3gfx7804fq0ewfaa
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVnJ0T3dQM1g3UllYVTZN YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVlNDQW5WVFppcEZJanc5
bkhON2RRTElDMUtBaTFhRkpTWHorbnVOdkFRCjl5cWM2NmtPRzdlT1pRaXNmOXND VDlZMG5xWmoyalB0bzVrRGpHOGRkcmlETVMwCis2TjA0dUMycG9UNldQenZnUDhW
RTBlT3ZmYW1sQlkyOXRNek5BS0lySVUKLS0tIERKM201ZzFZZHgrZjVPQTA1SWh2 S0FGWnpuZXRMUjd0V2FMeXpiVjFMNWsKLS0tIHMzaG9wUEVEVm5UM0Rob09MNFJq
Y2ljQzNBQnhwdzlEZGJLVFZreWJkN3cK90kk2p+kOag2IaY0QWbiUVerfq18TNax eEFicGFNajFiRXF6d2xEQjc0VGVsVDAK5wj9siWRiV7FD6bO5YATpOCidEOJGjO0
4ashMrFV5trh0Uq+/9Nob2MqSTVbmIC3UtP4m7x1j1TzpDuT+nEzPA== fa98Sv/HNJdYXx4wR0yWgIdqVFs+2z+Q4aaOzKdySBcxJjqLAvnZlw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra - recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4cnJybjArb0ZtZkFyUjln YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRVpBb2p1dlhHNlVLKzYw
cDVGbVdJcFpRdVRUd1lkMkJuME5vS2tBZjFnCldXODdiaFQzb1JHZHJycUNtMUo5 ck83MllqU2dYWEhEUVlFSGZhSEFaV284U0dnClRkUTRZbmJTN0ZrSmVBTXFtS3lh
L3E5c1VZL3lYOXZDVUxsaEMwcXJJRXMKLS0tIHlQcmVjcVBZcTFwV2dZM1UrWlN0 aEhJQWJTc094aHNlT2x4M3F1SFl4ZWcKLS0tIGtWbDBURjRkbmQrT0NlVUZjbnl3
Q0hMWlVWSmtqa083dTBzT252UjRGMWMK0lxWqBpx0zvH6HkGjatBS4rv9/7+0ZLr M1NRbVdqbzZ3Sy9xdlArbExSMzBKSHcKvmimpsvrNL1ogQ3jROJgD7b8dFgNCvd5
5m0kWm9bOQXhpy26IljNnx4nbMSuSO/bmLnVIst62pLFkHq+SjoYAQ== xWS2gbnTo3g+hhouHM4pko8nlT2BY3f0L4IiLfJZ0j7tWx0Kvaz/xA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m5jnjmed343uwpgeta4nkxjhwescsa6dfswx30e4rwm0yxcf753qr0ljkw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTDF0ZG1tVmF6YkxBUTJD
cnIzK0Q2WFJzZzNKLzZDM2VzOS9wOEw0OWprCnR4ZlpTdFc5YjRPdklYNzlHVTZY
bVFMRWhwVGJNN0Jwd0JlMjR2cHE4RUEKLS0tIHF1R2xFMFQrYm1wbXgwN29BLzZO
OFppTU5wdGJkRTN0cDRQK2VNelJwbnMKLuNccIhf2RbNbfYR+jTUdN/RAh1fQExS
Bqm4F3/PID+gdljxHDSS7mN7VZ+884nrInE8U5TCqREe5HSnwLStfg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu - recipient: age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyYWxtTWxad0V6cklxZm8y YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUndRMWFDaE1PS0lLY1N0
Wmh0dld6Y0FPRVU4Zk5pN1hsT1hRWmhha3gwCkFISjlEK1QxaVBPcVVPWXZmdk1m Nlk3bTQrR0lGV0ovUDd5cWlReEZWajdkbHhRCmJUODczdkhzNXV3YllBU2VxUmFI
Ymw1UHhveTN1R0VDdXJYRHNvczcxQTQKLS0tIFN1UDdqYXNGY29QS0pMYmJac055 bUdVUGpYcjFnYlRBMjJvRVd6bjlUMmMKLS0tIHN4cXJHeTZzTlEreTg1NWpxQ2dM
VHRRUnRpQzE3L0V4OVpGM0krOW9KWVUK3c8IH6tD2f8WKFm+yeVF3hP/UFvr4n1/ UnlUY25pOGJ2T1VoTW0yeTFEL2NNTVUKHFdlBryccJAKz26+oECG8tx/FvhZEe0E
rqTt3cILSurq62MjtzU/F4+FC9/Le5j1xlDh075EuH+M/ewm65POSw== MBRoWFu+LHaAUgaOKEBMUHZKzY7Q+TahAsdsy+VErmRkI6i/Hh10ww==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-28T05:25:46Z" lastmodified: "2023-11-28T05:25:46Z"
mac: ENC[AES256_GCM,data:e6p67apo/byZ1dNhvHqcbcUOnTFInoL9t2RGki8Wd114w+1IZxfPAmXzvoea3txXWnrvCuuZBVD+RglcWjbkvE54J8YfACgRN5+93NLWVVHrgbwL7WiI+W+rpzUqiWxByD72ee9rvG1dehAEAT0QEARVehIHpPK8F9/i/a3F+IA=,iv:rjtqpbKe4FyrX4RdVMwyqkCDMSP1rUaZoC9U9CAlzR0=,tag:4KSAB5eooNTdd/2ff9zL5Q==,type:str] mac: ENC[AES256_GCM,data:e6p67apo/byZ1dNhvHqcbcUOnTFInoL9t2RGki8Wd114w+1IZxfPAmXzvoea3txXWnrvCuuZBVD+RglcWjbkvE54J8YfACgRN5+93NLWVVHrgbwL7WiI+W+rpzUqiWxByD72ee9rvG1dehAEAT0QEARVehIHpPK8F9/i/a3F+IA=,iv:rjtqpbKe4FyrX4RdVMwyqkCDMSP1rUaZoC9U9CAlzR0=,tag:4KSAB5eooNTdd/2ff9zL5Q==,type:str]

4
common/default.nix
View file

@ -2,9 +2,9 @@
{ {
imports = with inputs; [ imports = with inputs; [
home-manager.nixosModules.home-manager home-manager.nixosModules.default
nh.nixosModules.default nh.nixosModules.default
sops-nix.nixosModules.sops sops-nix.nixosModules.default
] ++ [ ] ++ [
./constants.nix ./constants.nix
./secrets.nix ./secrets.nix

16
common/users.nix
View file

@ -75,6 +75,22 @@ in
programs.fish.enable = true; programs.fish.enable = true;
services = {
openssh = {
hostKeys = [{
comment = "host@${config.networking.hostName}";
path = "/etc/ssh/host";
rounds = 100;
type = "ed25519";
}];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
resolved.enable = true;
};
sops.secrets.${usrPwdFile}.neededForUsers = true; sops.secrets.${usrPwdFile}.neededForUsers = true;
users = { users = {

112
flake.lock generated
View file

@ -21,11 +21,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1708910350, "lastModified": 1709286488,
"narHash": "sha256-cTuJVlOm05aQFIgGuYikgkrI61P2vTO2OfXwIRWEzUg=", "narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "a13f36255cf4ce99cc4236a34251c2e7106e101d", "rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -70,11 +70,11 @@
}, },
"hardware": { "hardware": {
"locked": { "locked": {
"lastModified": 1708594753, "lastModified": 1709147990,
"narHash": "sha256-c/gH7iXS/IYH9NrFOT+aJqTq+iEBkvAkpWuUHGU3+f0=", "narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "3f7d0bca003eac1a1a7f4659bbab9c8f8c2a0958", "rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -88,11 +88,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1708988456, "lastModified": 1709204054,
"narHash": "sha256-RCz7Xe64tN2zgWk+MVHkzg224znwqknJ1RnB7rVqUWw=", "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "1d085ea4444d26aa52297758b333b449b2aa6fca", "rev": "2f3367769a93b226c467551315e9e270c3f78b15",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -101,11 +101,30 @@
"type": "github" "type": "github"
} }
}, },
"jovian": {
"inputs": {
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1709295149,
"narHash": "sha256-+blV8vKyvh3gYnUFYTOu2yuWxEEBqwS7hfLm6qdpoe4=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "0ef51034dcc8b65b8be72eedd0d5db7d426ea054",
"type": "github"
},
"original": {
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"type": "github"
}
},
"mailserver": { "mailserver": {
"inputs": { "inputs": {
"blobs": "blobs", "blobs": "blobs",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"nixpkgs-23_05": "nixpkgs-23_05", "nixpkgs-23_05": "nixpkgs-23_05",
"nixpkgs-23_11": "nixpkgs-23_11", "nixpkgs-23_11": "nixpkgs-23_11",
"utils": "utils" "utils": "utils"
@ -126,14 +145,14 @@
}, },
"nh": { "nh": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1708335499, "lastModified": 1709278248,
"narHash": "sha256-ZOAhp3hiJsWdNDSs/SF2EPylluAx5PiZv9aAUwZrKOI=", "narHash": "sha256-ceZXyzxTLSOrQlcTPQmvQnDV696NNMBwFmVPb9jpX2E=",
"owner": "viperML", "owner": "viperML",
"repo": "nh", "repo": "nh",
"rev": "aa4df097654cdeb15aa74aabd72863a6fb30c7e6", "rev": "6947e6f6f234d303131ecc1e54ef6703c82257e3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -145,7 +164,7 @@
"nix-custom": { "nix-custom": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_6",
"wallpaper-engine-kde-plugin": "wallpaper-engine-kde-plugin", "wallpaper-engine-kde-plugin": "wallpaper-engine-kde-plugin",
"yorha-grub-theme": "yorha-grub-theme", "yorha-grub-theme": "yorha-grub-theme",
"yorha-sound-theme": "yorha-sound-theme" "yorha-sound-theme": "yorha-sound-theme"
@ -164,6 +183,28 @@
"url": "https://forgejo.invariantspace.com/macronova/nix-custom" "url": "https://forgejo.invariantspace.com/macronova/nix-custom"
} }
}, },
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"jovian",
"nixpkgs"
]
},
"locked": {
"lastModified": 1690328911,
"narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
"owner": "zhaofengli",
"repo": "nix-github-actions",
"rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"ref": "matrix-name",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1708815994, "lastModified": 1708815994,
@ -243,6 +284,22 @@
} }
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": {
"lastModified": 1708984720,
"narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1705856552, "lastModified": 1705856552,
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
@ -257,13 +314,13 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1708161998, "lastModified": 1709218635,
"narHash": "sha256-6KnemmUorCvlcAvGziFosAVkrlWZGIc6UNT9GUYr0jQ=", "narHash": "sha256-nytX/MkfqeTD4z7bMq4QRXcHxO9B3vRo9tM6fMtPFA8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "84d981bae8b5e783b3b548de505b22880559515f", "rev": "068d4db604958d05d0b46c47f79b507d84dbc069",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -273,7 +330,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1708475490, "lastModified": 1708475490,
"narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=", "narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=",
@ -289,13 +346,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1708807242, "lastModified": 1709237383,
"narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=", "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "73de017ef2d18a04ac4bfd0c02650007ccb31c2a", "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -305,7 +362,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_7": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1708751719, "lastModified": 1708751719,
"narHash": "sha256-0uWOKSpXJXmXswOvDM5Vk3blB74apFB6rNGWV5IjoN0=", "narHash": "sha256-0uWOKSpXJXmXswOvDM5Vk3blB74apFB6rNGWV5IjoN0=",
@ -326,16 +383,17 @@
"disko": "disko", "disko": "disko",
"hardware": "hardware", "hardware": "hardware",
"home-manager": "home-manager", "home-manager": "home-manager",
"jovian": "jovian",
"mailserver": "mailserver", "mailserver": "mailserver",
"nh": "nh", "nh": "nh",
"nix-custom": "nix-custom", "nix-custom": "nix-custom",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_7",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {

1
flake.nix
View file

@ -5,6 +5,7 @@
disko.url = "github:nix-community/disko"; disko.url = "github:nix-community/disko";
hardware.url = "github:nixos/nixos-hardware"; hardware.url = "github:nixos/nixos-hardware";
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
jovian.url = "github:Jovian-Experiments/Jovian-NixOS";
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
nh.url = "github:viperML/nh"; nh.url = "github:viperML/nh";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";

2
linux/blitzar/default.nix
View file

@ -2,7 +2,7 @@
{ {
imports = with inputs; [ imports = with inputs; [
disko.nixosModules.disko disko.nixosModules.default
hardware.nixosModules.asus-zephyrus-ga402 hardware.nixosModules.asus-zephyrus-ga402
] ++ [ ] ++ [
./audio.nix ./audio.nix

14
linux/blitzar/gui.nix
View file

@ -17,7 +17,7 @@ let usr = config.constants.userName; in {
lutris lutris
nvtop-amd nvtop-amd
picard picard
qbittorrent-qt5 qbittorrent
sweet-nova sweet-nova
tauon tauon
telegram-desktop telegram-desktop
@ -27,9 +27,9 @@ let usr = config.constants.userName; in {
winetricks winetricks
yorha-sound-theme yorha-sound-theme
yuzu yuzu
] ++ (with libsForQt5; [ ] ++ (with kdePackages; [
polonium # polonium
qt5.qtwebsockets qtwebsockets
]); ]);
programs = { programs = {
firefox.enable = true; firefox.enable = true;
@ -102,7 +102,6 @@ let usr = config.constants.userName; in {
xserver = { xserver = {
enable = true; enable = true;
displayManager = { displayManager = {
defaultSession = "plasmawayland";
autoLogin.user = usr; autoLogin.user = usr;
sddm = { sddm = {
enable = true; enable = true;
@ -110,10 +109,7 @@ let usr = config.constants.userName; in {
wayland.enable = true; wayland.enable = true;
}; };
}; };
desktopManager.plasma5 = { desktopManager.plasma6.enable = true;
enable = true;
useQtScaling = true;
};
videoDrivers = [ "amdgpu" ]; videoDrivers = [ "amdgpu" ];
}; };
}; };

2
linux/blitzar/network.nix
View file

@ -11,6 +11,4 @@
nftables.enable = true; nftables.enable = true;
wireless.iwd.enable = true; wireless.iwd.enable = true;
}; };
services.resolved.enable = true;
} }

20
linux/comet/network.nix
View file

@ -1,27 +1,11 @@
{ config, ... }: { config, ... }:
let hn = config.networking.hostName; in { {
networking = { networking = {
domain = config.constants.domain; domain = config.constants.domain;
firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
hostId = "3ddd2ad2"; hostId = "3ddd2ad2";
nftables.enable = true; nftables.enable = true;
}; };
services.openssh.enable = true;
services = {
openssh = {
enable = true;
hostKeys = [{
comment = "host@${hn}";
path = "/etc/ssh/host";
rounds = 100;
type = "ed25519";
}];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
resolved.enable = true;
};
} }

2
linux/nebula/default.nix
View file

@ -2,7 +2,7 @@
{ {
imports = with inputs; [ imports = with inputs; [
disko.nixosModules.disko disko.nixosModules.default
hardware.nixosModules.common-cpu-amd hardware.nixosModules.common-cpu-amd
hardware.nixosModules.common-cpu-amd-pstate hardware.nixosModules.common-cpu-amd-pstate
] ++ [ ] ++ [

20
linux/nebula/network.nix
View file

@ -1,6 +1,6 @@
{ config, ... }: { config, ... }:
let hn = config.networking.hostName; in { {
networking = { networking = {
domain = config.constants.domain; domain = config.constants.domain;
firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
@ -13,21 +13,5 @@ let hn = config.networking.hostName; in {
tempAddresses = "disabled"; tempAddresses = "disabled";
wireless.iwd.enable = true; wireless.iwd.enable = true;
}; };
services.openssh.enable = true;
services = {
openssh = {
enable = true;
hostKeys = [{
comment = "host@${hn}";
path = "/etc/ssh/host";
rounds = 100;
type = "ed25519";
}];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
resolved.enable = true;
};
} }

29
linux/protostar/configuration.nix Normal file
View file

@ -0,0 +1,29 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ ... }:
{
# Configuration boot
boot.loader.grub.device = "nodev";
# Change secrets file
constants.sopsFile = ../../common/auths.yaml;
# Disable sudo password
security.sudo.wheelNeedsPassword = false;
# Set timezone automatically
services.automatic-timezoned.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

17
linux/protostar/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ inputs, ... }:
{
imports = with inputs; [
disko.nixosModules.default
jovian.nixosModules.default
] ++ [
./configuration.nix
./disko.nix
./hardware-configuration.nix
./network.nix
# ./syncthing.nix
./tailscale.nix
./zfs.nix
../../common
];
}

73
linux/protostar/disko.nix Normal file
View file

@ -0,0 +1,73 @@
{ ... }:
{
disko.devices = {
# Partition the physical disk
disk.storage = {
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
esp = {
size = "1G";
type = "ef00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
# Construct the primary zfs pool for this system.
zpool.zroot = {
type = "zpool";
options = {
ashift = "12";
autotrim = "on";
listsnapshots = "on";
};
rootFsOptions = {
acltype = "posix";
atime = "off";
compression = "zstd";
dnodesize = "auto";
mountpoint = "none";
normalization = "formD";
xattr = "sa";
};
datasets = {
# Create dataset for home
home = {
type = "zfs_fs";
mountpoint = "/home";
};
# Create dataset for nix store
nix = {
type = "zfs_fs";
mountpoint = "/nix";
};
# Create dataset for root
root = {
type = "zfs_fs";
mountpoint = "/";
};
# Reserve space for performance
reservation = {
type = "zfs_fs";
options.refreservation = "128G";
};
};
};
};
}

18
linux/protostar/gui.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, ... }:
let usr = config.constants.userName; in {
jovian = {
decky-loader.enable = true;
steam = {
enable = true;
autoStart = true;
desktopSession = "plasma";
user = usr;
};
};
services.xserver = {
enable = true;
desktopManager.plasma6.enable = true;
};
}

25
linux/protostar/hardware-configuration.nix Normal file
View file

@ -0,0 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

17
linux/protostar/network.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, ... }:
let hn = config.networking.hostName; in {
networking = {
domain = config.constants.domain;
firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
hostId = "e6449321";
networkmanager = {
enable = true;
wifi.backend = "iwd";
};
nftables.enable = true;
tempAddresses = "disabled";
wireless.iwd.enable = true;
};
services.openssh.enable = true;
}

27
linux/protostar/syncthing.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, ... }:
{
services.syncthing = let home = config.constants.homeDir; in {
enable = true;
configDir = "${home}/.config/syncthing";
dataDir = "${home}/.local/share/syncthing";
openDefaultPorts = true;
overrideDevices = true;
overrideFolders = true;
settings = let pc = "blitzar"; in {
devices.${pc} = {
name = pc;
id = "KGCBCIZ-GG6KMQ2-FLK5BWW-GLCEDML-5LCI24S-UKO5UWL-HWNCPYX-ZWWD5AQ";
};
folders.music = {
enable = true;
devices = [ pc ];
id = "Music";
label = "Music";
path = "~/Music";
type = "receiveonly";
};
};
user = config.constants.userName;
};
}

9
linux/protostar/tailscale.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
services.tailscale = {
enable = true;
port = 25172;
useRoutingFeatures = "client";
};
}

17
linux/protostar/zfs.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, ... }:
{
boot = {
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
loader.grub.zfsSupport = true;
zfs.enableUnstable = true;
};
services.zfs = {
autoScrub.enable = true;
trim.enable = true;
};
}

2
linux/singularity/default.nix
View file

@ -2,7 +2,7 @@
{ {
imports = [ imports = [
inputs.mailserver.nixosModule inputs.mailserver.nixosModules.default
./caddy.nix ./caddy.nix
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix

15
linux/singularity/network.nix
View file

@ -16,20 +16,7 @@ let hn = config.networking.hostName; in {
apiTokenFile = config.sops.secrets."cloudflare/${hn}".path; apiTokenFile = config.sops.secrets."cloudflare/${hn}".path;
domains = builtins.attrNames config.services.caddy.virtualHosts; domains = builtins.attrNames config.services.caddy.virtualHosts;
}; };
openssh = { openssh.enable = true;
enable = true;
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
};
hostKeys = [{
comment = "host@${hn}";
path = "/etc/ssh/host";
rounds = 100;
type = "ed25519";
}];
};
resolved.enable = true;
}; };
sops.secrets."cloudflare/${hn}" = { }; sops.secrets."cloudflare/${hn}" = { };