From feefcfc89b00d4955dbb3314c20be035f3db206f Mon Sep 17 00:00:00 2001 From: tzlil Date: Sat, 29 Jul 2023 20:53:14 +0300 Subject: disko for laptop, wip rewrite --- hosts/default.nix | 47 +++++++++ hosts/laptop/cfg.nix | 192 ---------------------------------- hosts/navi/default.nix | 163 +++++++++++++++++++++++++++++ hosts/navi/hardware-configuration.nix | 71 +++++++++++++ hosts/pc/cfg.nix | 87 --------------- hosts/pc/default.nix | 87 +++++++++++++++ hosts/vm/cfg.nix | 92 ---------------- hosts/vm/default.nix | 92 ++++++++++++++++ hosts/vps/cfg.nix | 91 ---------------- hosts/vps/default.nix | 91 ++++++++++++++++ hosts/vps/git.nix | 3 +- 11 files changed, 552 insertions(+), 464 deletions(-) create mode 100644 hosts/default.nix delete mode 100644 hosts/laptop/cfg.nix create mode 100644 hosts/navi/default.nix create mode 100644 hosts/navi/hardware-configuration.nix delete mode 100644 hosts/pc/cfg.nix create mode 100644 hosts/pc/default.nix delete mode 100644 hosts/vm/cfg.nix create mode 100644 hosts/vm/default.nix delete mode 100644 hosts/vps/cfg.nix create mode 100644 hosts/vps/default.nix (limited to 'hosts') diff --git a/hosts/default.nix b/hosts/default.nix new file mode 100644 index 0000000..0b9bd1c --- /dev/null +++ b/hosts/default.nix @@ -0,0 +1,47 @@ +inputs: let + commonProfiles = [ + { + imports = [ + ../profiles/nix.nix + ../profiles/tzlil.nix + ../profiles/security.nix + ../profiles/ssh.nix + ]; + } + inputs.agenix.nixosModules.age + inputs.impermanence.nixosModules.impermanence + ]; + + commonHome = [ + inputs.home-manager.nixosModule + { + home-manager = { + useGlobalPkgs = true; + extraSpecialArgs = {inherit inputs;}; + }; + } + ]; + + nixinate = host: { + _module.args.nixinate = { + inherit host; + sshUser = "tzlil"; + buildOn = "remote"; # valid args are "local" or "remote" + substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s" + hermetic = false; + }; + }; +in { + navi = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs;}; + modules = + [ + "${inputs.self}/hosts/navi" + {networking.hostName = "navi";} + (nixinate "navi") + ] + ++ commonProfiles + ++ commonHome; + }; +} diff --git a/hosts/laptop/cfg.nix b/hosts/laptop/cfg.nix deleted file mode 100644 index ab372c2..0000000 --- a/hosts/laptop/cfg.nix +++ /dev/null @@ -1,192 +0,0 @@ -{ - config, - lib, - pkgs, - inputs, - ... -}: { - imports = [ - inputs.hardware.nixosModules.common-cpu-intel - inputs.hardware.nixosModules.common-gpu-intel - ../../profiles/core.nix - ../../profiles/user.nix - ../../profiles/ssh.nix - ../../profiles/graphical.nix - ../../mixins/tailscale.nix - ../../mixins/cli.nix - ../../mixins/greet.nix - # ../../mixins/hyprland.nix - ../../mixins/sway.nix - ../../mixins/pipewire.nix - ../../mixins/multimedia.nix - # ../../mixins/emacs - ../../mixins/syncthing.nix - ]; - - config = { - _module.args.nixinate = { - host = "100.121.226.3"; - sshUser = "tzlil"; - buildOn = "remote"; # valid args are "local" or "remote" - substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s" - hermetic = false; - }; - networking.hostName = "navi"; - - boot = { - initrd = { - supportedFilesystems = ["btrfs"]; - availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "usbhid" "snd_usb_audio"]; - }; - supportedFilesystems = ["ntfs"]; - kernelModules = ["kvm-intel" "snd-seq" "snd-rawmidi" "bridge"]; - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - # extraModulePackages = [ config.boot.kernelPackages.rtl8821ce ]; - loader = { - systemd-boot = { - enable = true; - }; - efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "/boot"; - }; - }; - }; - - hardware.firmware = [pkgs.rtw88-firmware]; - - time.timeZone = lib.mkDefault "Israel"; - - fileSystems."/" = { - device = "none"; - fsType = "tmpfs"; - # hyprland doesnt compile with noexec root - options = ["defaults" "size=8G" "mode=755"]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/34CB-F158"; - fsType = "vfat"; - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/8a8cc550-034e-4545-a958-564779f51061"; - fsType = "btrfs"; - }; - - zramSwap = { - enable = true; - algorithm = "zstd"; - }; - - networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; - - # # iwd networking stuffs - # networking.networkmanager.enable = lib.mkForce false; - # networking.wireless.iwd.enable = true; - # services.connman = { - # enable = true; - # wifi.backend = "iwd"; - # }; - # networking.wireless.dbusControlled = true; - # home-manager.users.tzlil.home.packages = [pkgs.cmst]; - # networking.wireless.userControlled.enable = true; - # networking.wireless.enable = true; - # services.connman.enable = true; - - services.tor = { - enable = true; - openFirewall = true; - client.enable = true; - torsocks.enable = true; - }; - environment.persistence."/nix/persist".directories = [ - "/etc/NetworkManager/system-connections" - { - directory = "/home/tzlil/.config/SchildiChat"; - user = "tzlil"; - group = "users"; - } - { - directory = "/home/tzlil/.local/share/Terraria"; - user = "tzlil"; - group = "users"; - } - - { - directory = "/home/tzlil/.local/share/Steam"; - user = "tzlil"; - group = "users"; - } - "/var/lib/docker" - ]; - - home-manager.users.tzlil = { - home.packages = [pkgs.schildichat-desktop-wayland pkgs.keepassxc]; - programs.qutebrowser = { - enable = true; - settings.colors.webpage.darkmode.enabled = true; - }; - }; - - programs.steam.enable = true; - - programs.firejail.wrappedBinaries = { - mullvad-browser = { - executable = lib.getExe pkgs.mullvad-browser; - extraArgs = [ - "--env=MOZ_ENABLE_WAYLAND=1" - "--env=GTK_THEME=Adwaita:dark" - ]; - # profile = "${pkgs.firejail}/etc/firejail/firefox.profile"; - }; - }; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - nixpkgs.config.allowUnfree = true; - hardware.enableAllFirmware = true; - - # greeter.initialSession = "${pkgs.fish}/bin/fish"; - - hardware.opengl = { - enable = true; - extraPackages = with pkgs; [rocm-opencl-icd rocm-opencl-runtime]; - driSupport = true; - driSupport32Bit = true; - }; - - networking.firewall.allowedTCPPorts = [25565]; - - services = { - power-profiles-daemon.enable = true; - thermald.enable = true; - tlp = { - settings = { - CPU_BOOST_ON_AC = 1; - CPU_BOOST_ON_BAT = 0; - CPU_SCALING_GOVERNOR_ON_AC = "performance"; - CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; - }; - }; - acpid.enable = true; - }; - - hardware.bluetooth.enable = true; - services.blueman.enable = true; - - # dont know if i like this - nix.settings.trusted-public-keys = [ - "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" - ]; - nix.settings.substituters = [ - "https://cache.iog.io" - ]; - - virtualisation.docker.enable = true; - virtualisation.docker.storageDriver = "btrfs"; - users.users.tzlil.extraGroups = ["docker"]; - }; -} diff --git a/hosts/navi/default.nix b/hosts/navi/default.nix new file mode 100644 index 0000000..a8702a8 --- /dev/null +++ b/hosts/navi/default.nix @@ -0,0 +1,163 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: { + imports = [ + ./hardware-configuration.nix + # ../../profiles/core.nix + ../../profiles/graphical.nix + ../../mixins/tailscale.nix + ../../mixins/cli.nix + ../../mixins/greet.nix + # ../../mixins/hyprland.nix + ../../mixins/sway.nix + ../../mixins/pipewire.nix + ../../mixins/multimedia.nix + # ../../mixins/emacs + ../../mixins/syncthing.nix + ]; + + config = { + system.stateVersion = "23.11"; + boot = { + tmp.cleanOnBoot = true; + initrd = { + supportedFilesystems = ["btrfs"]; + availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "usbhid" "snd_usb_audio"]; + }; + supportedFilesystems = ["ntfs"]; + kernelModules = ["kvm-intel" "snd-seq" "snd-rawmidi" "bridge"]; + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + # extraModulePackages = [ config.boot.kernelPackages.rtl8821ce ]; + loader = { + systemd-boot = { + enable = true; + }; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; + }; + + time.timeZone = lib.mkDefault "Israel"; + + # fileSystems."/" = { + # device = "none"; + # fsType = "tmpfs"; + # # hyprland doesnt compile with noexec root + # options = ["defaults" "size=8G" "mode=755"]; + # }; + + # fileSystems."/boot" = { + # device = "/dev/disk/by-uuid/34CB-F158"; + # fsType = "vfat"; + # }; + + # fileSystems."/nix" = { + # device = "/dev/disk/by-uuid/8a8cc550-034e-4545-a958-564779f51061"; + # fsType = "btrfs"; + # }; + + zramSwap = { + enable = true; + algorithm = "zstd"; + }; + + networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + # # iwd networking stuffs + # networking.networkmanager.enable = lib.mkForce false; + # networking.wireless.iwd.enable = true; + # services.connman = { + # enable = true; + # wifi.backend = "iwd"; + # }; + # networking.wireless.dbusControlled = true; + # home-manager.users.tzlil.home.packages = [pkgs.cmst]; + # networking.wireless.userControlled.enable = true; + # networking.wireless.enable = true; + # services.connman.enable = true; + + # services.tor = { + # enable = true; + # openFirewall = true; + # client.enable = true; + # torsocks.enable = true; + # }; + environment.persistence."/nix/persist".directories = [ + "/etc/NetworkManager/system-connections" + { + directory = "/home/tzlil/.config/SchildiChat"; + user = "tzlil"; + group = "users"; + } + { + directory = "/home/tzlil/.local/share/Terraria"; + user = "tzlil"; + group = "users"; + } + + { + directory = "/home/tzlil/.local/share/Steam"; + user = "tzlil"; + group = "users"; + } + "/var/lib/docker" + ]; + + home-manager.users.tzlil = { + home.packages = [pkgs.schildichat-desktop-wayland pkgs.keepassxc]; + programs.qutebrowser = { + enable = true; + settings.colors.webpage.darkmode.enabled = true; + }; + }; + + programs.steam.enable = true; + + # programs.firejail.wrappedBinaries = { + # mullvad-browser = { + # executable = lib.getExe pkgs.mullvad-browser; + # extraArgs = [ + # "--env=MOZ_ENABLE_WAYLAND=1" + # "--env=GTK_THEME=Adwaita:dark" + # ]; + # # profile = "${pkgs.firejail}/etc/firejail/firefox.profile"; + # }; + # }; + + # greeter.initialSession = "${pkgs.fish}/bin/fish"; + + hardware.opengl = { + enable = true; + extraPackages = with pkgs; [rocm-opencl-icd rocm-opencl-runtime]; + driSupport = true; + driSupport32Bit = true; + }; + + networking.firewall.allowedTCPPorts = [25565]; + + services = { + power-profiles-daemon.enable = true; + thermald.enable = true; + tlp = { + settings = { + CPU_BOOST_ON_AC = 1; + CPU_BOOST_ON_BAT = 0; + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + }; + }; + acpid.enable = true; + }; + + services.blueman.enable = true; + + virtualisation.docker.enable = true; + virtualisation.docker.storageDriver = "btrfs"; + }; +} diff --git a/hosts/navi/hardware-configuration.nix b/hosts/navi/hardware-configuration.nix new file mode 100644 index 0000000..7b24c68 --- /dev/null +++ b/hosts/navi/hardware-configuration.nix @@ -0,0 +1,71 @@ +{ + inputs, + pkgs, + lib, + config, + ... +}: let + device = "/dev/nvme0n1"; +in { + imports = [ + inputs.disko.nixosModules.disko + inputs.hardware.nixosModules.common-cpu-intel + inputs.hardware.nixosModules.common-gpu-intel + ]; + + hardware.firmware = [pkgs.rtw88-firmware]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + hardware.enableAllFirmware = true; + + hardware.bluetooth.enable = true; + + disko.devices = { + disk.${baseNameOf device} = { + inherit device; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + type = "EF00"; + size = "512M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + content = { + type = "btrfs"; + extraArgs = ["-f"]; + subvolumes = { + "/nix" = { + mountOptions = ["compress=zstd" "noatime"]; + mountpoint = "/nix"; + }; + }; + }; + }; + }; + }; + }; + }; + nodev."/" = { + fsType = "tmpfs"; + mountOptions = [ + "size=8G" + "defaults" + "mode=755" + ]; + }; + }; +} diff --git a/hosts/pc/cfg.nix b/hosts/pc/cfg.nix deleted file mode 100644 index ee3b716..0000000 --- a/hosts/pc/cfg.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - imports = [ - ../../profiles/core.nix - ../../profiles/user.nix - ../../profiles/ssh.nix - ../../profiles/graphical.nix - ../../mixins/tailscale.nix - ../../mixins/cli.nix - ../../mixins/greet.nix - # ../../mixins/hyprland.nix - ../../mixins/sway.nix - ]; - - config = { - _module.args.nixinate = { - host = "pc"; - sshUser = "tzlil"; - buildOn = "remote"; # valid args are "local" or "remote" - substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s" - hermetic = false; - }; - networking.hostName = "pc"; - - boot = { - initrd = { - supportedFilesystems = ["btrfs"]; - availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid"]; - }; - kernelModules = ["kvm-amd"]; - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - loader = { - systemd-boot = { - enable = true; - }; - efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "/boot"; - }; - }; - }; - - time.timeZone = lib.mkDefault "Israel"; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; - fsType = "btrfs"; - options = ["subvol=root"]; - }; - - "/nix" = { - device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; - fsType = "btrfs"; - options = ["subvol=nix"]; - }; - - "/home" = { - device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; - fsType = "btrfs"; - options = ["subvol=home"]; - }; - - "/swap" = { - device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; - fsType = "btrfs"; - options = ["subvol=swap"]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/D999-2D99"; - fsType = "vfat"; - }; - }; - - zramSwap = { - enable = true; - algorithm = "zstd"; - }; - - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - # greeter.initialSession = "sh -c hyprland"; - }; -} diff --git a/hosts/pc/default.nix b/hosts/pc/default.nix new file mode 100644 index 0000000..ee3b716 --- /dev/null +++ b/hosts/pc/default.nix @@ -0,0 +1,87 @@ +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + ../../profiles/core.nix + ../../profiles/user.nix + ../../profiles/ssh.nix + ../../profiles/graphical.nix + ../../mixins/tailscale.nix + ../../mixins/cli.nix + ../../mixins/greet.nix + # ../../mixins/hyprland.nix + ../../mixins/sway.nix + ]; + + config = { + _module.args.nixinate = { + host = "pc"; + sshUser = "tzlil"; + buildOn = "remote"; # valid args are "local" or "remote" + substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s" + hermetic = false; + }; + networking.hostName = "pc"; + + boot = { + initrd = { + supportedFilesystems = ["btrfs"]; + availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid"]; + }; + kernelModules = ["kvm-amd"]; + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + loader = { + systemd-boot = { + enable = true; + }; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; + }; + + time.timeZone = lib.mkDefault "Israel"; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; + fsType = "btrfs"; + options = ["subvol=root"]; + }; + + "/nix" = { + device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; + fsType = "btrfs"; + options = ["subvol=nix"]; + }; + + "/home" = { + device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; + fsType = "btrfs"; + options = ["subvol=home"]; + }; + + "/swap" = { + device = "/dev/disk/by-uuid/3fe7d38b-bb95-41ca-afce-1b0b89cbcd8b"; + fsType = "btrfs"; + options = ["subvol=swap"]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/D999-2D99"; + fsType = "vfat"; + }; + }; + + zramSwap = { + enable = true; + algorithm = "zstd"; + }; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + # greeter.initialSession = "sh -c hyprland"; + }; +} diff --git a/hosts/vm/cfg.nix b/hosts/vm/cfg.nix deleted file mode 100644 index 99ed8b9..0000000 --- a/hosts/vm/cfg.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - ../../profiles/core.nix - ../../profiles/user.nix - ../../profiles/ssh.nix - ../../profiles/graphical.nix - ../../mixins/tailscale.nix - ../../mixins/cli.nix - ../../mixins/greet.nix - ../../mixins/pipewire.nix - # ../../mixins/hyprland.nix - ../../mixins/sway.nix - # (modulesPath + "/profiles/qemu-guest.nix") - # (modulesPath + "/virtualisation/qemu-vm.nix") - ]; - - config = { - _module.args.nixinate = { - host = "vm"; - sshUser = "tzlil"; - buildOn = "remote"; # valid args are "local" or "remote" - substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s" - hermetic = false; - }; - networking.hostName = "vm"; - - # dont do this - users.users.root.initialPassword = "hunter2"; - - boot.supportedFilesystems = ["9p"]; - boot = { - initrd = { - supportedFilesystems = ["btrfs"]; - availableKernelModules = ["ata_piix" "uhci_hcd" "floppy" "sd_mod" "sr_mod"]; - }; - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - kernelParams = [ - "console=ttyS0" - ]; - loader = { - systemd-boot = { - enable = true; - }; - efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "/boot"; - }; - }; - }; - - time.timeZone = lib.mkDefault "Israel"; - - fileSystems = { - "/" = { - device = "none"; - fsType = "tmpfs"; - options = ["noexec" "defaults" "size=2G" "mode=755"]; - }; - "/nix" = { - device = "/dev/disk/by-partlabel/nix"; - options = ["noatime" "compress=zstd"]; - }; - "/boot" = { - device = "/dev/disk/by-partlabel/boot"; - }; - }; - - zramSwap = { - enable = true; - algorithm = "zstd"; - }; - - hardware.opengl = { - enable = true; - extraPackages = with pkgs; [rocm-opencl-icd rocm-opencl-runtime]; - driSupport = true; - driSupport32Bit = true; - }; - - greeter.initialSession = "env WLR_RENDERER=pixman ${pkgs.sway.out}/bin/sway"; - # home-manager.users.tzlil.wayland.windowManager.sway.config.input."type:keyboard".xkb_variant = lib.mkForce ""; - - # nice to work with - security.sudo.wheelNeedsPassword = false; - }; -} diff --git a/hosts/vm/default.nix b/hosts/vm/default.nix new file mode 100644 index 0000000..99ed8b9 --- /dev/null +++ b/hosts/vm/default.nix @@ -0,0 +1,92 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + ../../profiles/core.nix + ../../profiles/user.nix + ../../profiles/ssh.nix + ../../profiles/graphical.nix + ../../mixins/tailscale.nix + ../../mixins/cli.nix + ../../mixins/greet.nix + ../../mixins/pipewire.nix + # ../../mixins/hyprland.nix + ../../mixins/sway.nix + # (modulesPath + "/profiles/qemu-guest.nix") + # (modulesPath + "/virtualisation/qemu-vm.nix") + ]; + + config = { + _module.args.nixinate = { + host = "vm"; + sshUser = "tzlil"; + buildOn = "remote"; # valid args are "local" or "remote" + substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s" + hermetic = false; + }; + networking.hostName = "vm"; + + # dont do this + users.users.root.initialPassword = "hunter2"; + + boot.supportedFilesystems = ["9p"]; + boot = { + initrd = { + supportedFilesystems = ["btrfs"]; + availableKernelModules = ["ata_piix" "uhci_hcd" "floppy" "sd_mod" "sr_mod"]; + }; + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + kernelParams = [ + "console=ttyS0" + ]; + loader = { + systemd-boot = { + enable = true; + }; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; + }; + + time.timeZone = lib.mkDefault "Israel"; + + fileSystems = { + "/" = { + device = "none"; + fsType = "tmpfs"; + options = ["noexec" "defaults" "size=2G" "mode=755"]; + }; + "/nix" = { + device = "/dev/disk/by-partlabel/nix"; + options = ["noatime" "compress=zstd"]; + }; + "/boot" = { + device = "/dev/disk/by-partlabel/boot"; + }; + }; + + zramSwap = { + enable = true; + algorithm = "zstd"; + }; + + hardware.opengl = { + enable = true; + extraPackages = with pkgs; [rocm-opencl-icd rocm-opencl-runtime]; + driSupport = true; + driSupport32Bit = true; + }; + + greeter.initialSession = "env WLR_RENDERER=pixman ${pkgs.sway.out}/bin/sway"; + # home-manager.users.tzlil.wayland.windowManager.sway.config.input."type:keyboard".xkb_variant = lib.mkForce ""; + + # nice to work with + security.sudo.wheelNeedsPassword = false; + }; +} diff --git a/hosts/vps/cfg.nix b/hosts/vps/cfg.nix deleted file mode 100644 index 3597c5c..0000000 --- a/hosts/vps/cfg.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - imports = [ - ../../profiles/core.nix - ../../profiles/user.nix - ../../profiles/ssh.nix - ../../mixins/tailscale.nix - ../../mixins/cli.nix - ./website.nix - ./git.nix - ./hydrus.nix - ./matrix.nix - ./maloja.nix - ]; - - config = { - _module.args.nixinate = { - host = "vps"; - sshUser = "tzlil"; - buildOn = "remote"; # valid args are "local" or "remote" - substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s" - hermetic = false; - }; - - networking.hostName = "vps"; - - boot = { - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - loader.grub.device = "/dev/vda"; - initrd = { - availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; - kernelModules = []; - }; - kernelModules = []; - extraModulePackages = []; - }; - - networking.interfaces.ens3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - virtualisation.hypervGuest.enable = true; - - time.timeZone = lib.mkDefault "Frankfurt"; - - fileSystems = { - "/" = { - device = "none"; - fsType = "tmpfs"; - options = ["noexec" "defaults" "size=2G" "mode=755"]; - }; - "/nix" = { - device = "/dev/disk/by-uuid/e4c4735d-bfdd-477f-bc43-d07510cb6a9a"; - fsType = "btrfs"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/7ea63707-099d-4c21-90eb-a51bfa6d8ba5"; - fsType = "ext4"; - }; - }; - - swapDevices = [{device = "/dev/disk/by-uuid/00eb2d2e-4d7c-4e95-804d-e9ecb22679d4";}]; - - zramSwap = { - enable = true; - algorithm = "zstd"; - }; - - networking.networkmanager.enable = lib.mkForce false; - - nixpkgs.config.allowUnfree = true; - environment.persistence."/nix/persist".directories = [ - { - directory = config.services.terraria.dataDir; - user = "terraria"; - group = "terraria"; - } - ]; - - services.terraria = { - enable = true; - worldPath = "${config.services.terraria.dataDir}/14.wld"; - password = "???"; - openFirewall = true; - }; - }; -} diff --git a/hosts/vps/default.nix b/hosts/vps/default.nix new file mode 100644 index 0000000..3597c5c --- /dev/null +++ b/hosts/vps/default.nix @@ -0,0 +1,91 @@ +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + ../../profiles/core.nix + ../../profiles/user.nix + ../../profiles/ssh.nix + ../../mixins/tailscale.nix + ../../mixins/cli.nix + ./website.nix + ./git.nix + ./hydrus.nix + ./matrix.nix + ./maloja.nix + ]; + + config = { + _module.args.nixinate = { + host = "vps"; + sshUser = "tzlil"; + buildOn = "remote"; # valid args are "local" or "remote" + substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s" + hermetic = false; + }; + + networking.hostName = "vps"; + + boot = { + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + loader.grub.device = "/dev/vda"; + initrd = { + availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; + kernelModules = []; + }; + kernelModules = []; + extraModulePackages = []; + }; + + networking.interfaces.ens3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + virtualisation.hypervGuest.enable = true; + + time.timeZone = lib.mkDefault "Frankfurt"; + + fileSystems = { + "/" = { + device = "none"; + fsType = "tmpfs"; + options = ["noexec" "defaults" "size=2G" "mode=755"]; + }; + "/nix" = { + device = "/dev/disk/by-uuid/e4c4735d-bfdd-477f-bc43-d07510cb6a9a"; + fsType = "btrfs"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/7ea63707-099d-4c21-90eb-a51bfa6d8ba5"; + fsType = "ext4"; + }; + }; + + swapDevices = [{device = "/dev/disk/by-uuid/00eb2d2e-4d7c-4e95-804d-e9ecb22679d4";}]; + + zramSwap = { + enable = true; + algorithm = "zstd"; + }; + + networking.networkmanager.enable = lib.mkForce false; + + nixpkgs.config.allowUnfree = true; + environment.persistence."/nix/persist".directories = [ + { + directory = config.services.terraria.dataDir; + user = "terraria"; + group = "terraria"; + } + ]; + + services.terraria = { + enable = true; + worldPath = "${config.services.terraria.dataDir}/14.wld"; + password = "???"; + openFirewall = true; + }; + }; +} diff --git a/hosts/vps/git.nix b/hosts/vps/git.nix index d9c638d..8bd4653 100644 --- a/hosts/vps/git.nix +++ b/hosts/vps/git.nix @@ -13,8 +13,7 @@ packages = [pkgs.git]; shell = "${pkgs.git}/bin/git-shell"; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMDyzrs9sbstv3KFK5FV8qYlSknnEy8Cn+qch4dJLmHA" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhN4Iq070J9rFJhOwP9RUyUJG9MC1W5KnDGqBqWZnlu" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIgPE76xQXx1kpvWavHGNOWHiZSFdGfz/rQlISGrKsDe" ]; }; -- cgit 1.4.1