diff options
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/default.nix | 47 | ||||
| -rw-r--r-- | hosts/navi/default.nix (renamed from hosts/laptop/cfg.nix) | 97 | ||||
| -rw-r--r-- | hosts/navi/hardware-configuration.nix | 71 | ||||
| -rw-r--r-- | hosts/pc/default.nix (renamed from hosts/pc/cfg.nix) | 0 | ||||
| -rw-r--r-- | hosts/vm/default.nix (renamed from hosts/vm/cfg.nix) | 0 | ||||
| -rw-r--r-- | hosts/vps/default.nix (renamed from hosts/vps/cfg.nix) | 0 | ||||
| -rw-r--r-- | hosts/vps/git.nix | 3 |
7 files changed, 153 insertions, 65 deletions
diff --git a/hosts/default.nix b/hosts/default.nix new file mode 100644 index 0000000..0b9bd1c --- /dev/null +++ b/hosts/default.nix @@ -0,0 +1,47 @@ +inputs: let + commonProfiles = [ + { + imports = [ + ../profiles/nix.nix + ../profiles/tzlil.nix + ../profiles/security.nix + ../profiles/ssh.nix + ]; + } + inputs.agenix.nixosModules.age + inputs.impermanence.nixosModules.impermanence + ]; + + commonHome = [ + inputs.home-manager.nixosModule + { + home-manager = { + useGlobalPkgs = true; + extraSpecialArgs = {inherit inputs;}; + }; + } + ]; + + nixinate = host: { + _module.args.nixinate = { + inherit host; + sshUser = "tzlil"; + buildOn = "remote"; # valid args are "local" or "remote" + substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s" + hermetic = false; + }; + }; +in { + navi = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs;}; + modules = + [ + "${inputs.self}/hosts/navi" + {networking.hostName = "navi";} + (nixinate "navi") + ] + ++ commonProfiles + ++ commonHome; + }; +} diff --git a/hosts/laptop/cfg.nix b/hosts/navi/default.nix index ab372c2..a8702a8 100644 --- a/hosts/laptop/cfg.nix +++ b/hosts/navi/default.nix @@ -6,11 +6,8 @@ ... }: { imports = [ - inputs.hardware.nixosModules.common-cpu-intel - inputs.hardware.nixosModules.common-gpu-intel - ../../profiles/core.nix - ../../profiles/user.nix - ../../profiles/ssh.nix + ./hardware-configuration.nix + # ../../profiles/core.nix ../../profiles/graphical.nix ../../mixins/tailscale.nix ../../mixins/cli.nix @@ -24,16 +21,9 @@ ]; config = { - _module.args.nixinate = { - host = "100.121.226.3"; - sshUser = "tzlil"; - buildOn = "remote"; # valid args are "local" or "remote" - substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s" - hermetic = false; - }; - networking.hostName = "navi"; - + system.stateVersion = "23.11"; boot = { + tmp.cleanOnBoot = true; initrd = { supportedFilesystems = ["btrfs"]; availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "usbhid" "snd_usb_audio"]; @@ -53,26 +43,24 @@ }; }; - hardware.firmware = [pkgs.rtw88-firmware]; - time.timeZone = lib.mkDefault "Israel"; - fileSystems."/" = { - device = "none"; - fsType = "tmpfs"; - # hyprland doesnt compile with noexec root - options = ["defaults" "size=8G" "mode=755"]; - }; + # fileSystems."/" = { + # device = "none"; + # fsType = "tmpfs"; + # # hyprland doesnt compile with noexec root + # options = ["defaults" "size=8G" "mode=755"]; + # }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/34CB-F158"; - fsType = "vfat"; - }; + # fileSystems."/boot" = { + # device = "/dev/disk/by-uuid/34CB-F158"; + # fsType = "vfat"; + # }; - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/8a8cc550-034e-4545-a958-564779f51061"; - fsType = "btrfs"; - }; + # fileSystems."/nix" = { + # device = "/dev/disk/by-uuid/8a8cc550-034e-4545-a958-564779f51061"; + # fsType = "btrfs"; + # }; zramSwap = { enable = true; @@ -94,12 +82,12 @@ # networking.wireless.enable = true; # services.connman.enable = true; - services.tor = { - enable = true; - openFirewall = true; - client.enable = true; - torsocks.enable = true; - }; + # services.tor = { + # enable = true; + # openFirewall = true; + # client.enable = true; + # torsocks.enable = true; + # }; environment.persistence."/nix/persist".directories = [ "/etc/NetworkManager/system-connections" { @@ -131,23 +119,16 @@ programs.steam.enable = true; - programs.firejail.wrappedBinaries = { - mullvad-browser = { - executable = lib.getExe pkgs.mullvad-browser; - extraArgs = [ - "--env=MOZ_ENABLE_WAYLAND=1" - "--env=GTK_THEME=Adwaita:dark" - ]; - # profile = "${pkgs.firejail}/etc/firejail/firefox.profile"; - }; - }; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - nixpkgs.config.allowUnfree = true; - hardware.enableAllFirmware = true; + # programs.firejail.wrappedBinaries = { + # mullvad-browser = { + # executable = lib.getExe pkgs.mullvad-browser; + # extraArgs = [ + # "--env=MOZ_ENABLE_WAYLAND=1" + # "--env=GTK_THEME=Adwaita:dark" + # ]; + # # profile = "${pkgs.firejail}/etc/firejail/firefox.profile"; + # }; + # }; # greeter.initialSession = "${pkgs.fish}/bin/fish"; @@ -174,19 +155,9 @@ acpid.enable = true; }; - hardware.bluetooth.enable = true; services.blueman.enable = true; - # dont know if i like this - nix.settings.trusted-public-keys = [ - "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" - ]; - nix.settings.substituters = [ - "https://cache.iog.io" - ]; - virtualisation.docker.enable = true; virtualisation.docker.storageDriver = "btrfs"; - users.users.tzlil.extraGroups = ["docker"]; }; } diff --git a/hosts/navi/hardware-configuration.nix b/hosts/navi/hardware-configuration.nix new file mode 100644 index 0000000..7b24c68 --- /dev/null +++ b/hosts/navi/hardware-configuration.nix @@ -0,0 +1,71 @@ +{ + inputs, + pkgs, + lib, + config, + ... +}: let + device = "/dev/nvme0n1"; +in { + imports = [ + inputs.disko.nixosModules.disko + inputs.hardware.nixosModules.common-cpu-intel + inputs.hardware.nixosModules.common-gpu-intel + ]; + + hardware.firmware = [pkgs.rtw88-firmware]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + hardware.enableAllFirmware = true; + + hardware.bluetooth.enable = true; + + disko.devices = { + disk.${baseNameOf device} = { + inherit device; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + type = "EF00"; + size = "512M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + content = { + type = "btrfs"; + extraArgs = ["-f"]; + subvolumes = { + "/nix" = { + mountOptions = ["compress=zstd" "noatime"]; + mountpoint = "/nix"; + }; + }; + }; + }; + }; + }; + }; + }; + nodev."/" = { + fsType = "tmpfs"; + mountOptions = [ + "size=8G" + "defaults" + "mode=755" + ]; + }; + }; +} diff --git a/hosts/pc/cfg.nix b/hosts/pc/default.nix index ee3b716..ee3b716 100644 --- a/hosts/pc/cfg.nix +++ b/hosts/pc/default.nix diff --git a/hosts/vm/cfg.nix b/hosts/vm/default.nix index 99ed8b9..99ed8b9 100644 --- a/hosts/vm/cfg.nix +++ b/hosts/vm/default.nix diff --git a/hosts/vps/cfg.nix b/hosts/vps/default.nix index 3597c5c..3597c5c 100644 --- a/hosts/vps/cfg.nix +++ b/hosts/vps/default.nix diff --git a/hosts/vps/git.nix b/hosts/vps/git.nix index d9c638d..8bd4653 100644 --- a/hosts/vps/git.nix +++ b/hosts/vps/git.nix @@ -13,8 +13,7 @@ packages = [pkgs.git]; shell = "${pkgs.git}/bin/git-shell"; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMDyzrs9sbstv3KFK5FV8qYlSknnEy8Cn+qch4dJLmHA" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhN4Iq070J9rFJhOwP9RUyUJG9MC1W5KnDGqBqWZnlu" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIgPE76xQXx1kpvWavHGNOWHiZSFdGfz/rQlISGrKsDe" ]; }; |