M flake.lock => flake.lock +16 -0
@@ 864,6 864,21 @@
"type": "github"
}
},
+ "preservation": {
+ "locked": {
+ "lastModified": 1757436102,
+ "narHash": "sha256-mMI9IanU+Xw+pVogD2oT0I2kTmvz2Un/Apc5+CwUpEY=",
+ "owner": "nix-community",
+ "repo": "preservation",
+ "rev": "93416f4614ad2dfed5b0dcf12f27e57d27a5ab11",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "preservation",
+ "type": "github"
+ }
+ },
"root": {
"inputs": {
"flake-parts": "flake-parts",
@@ 879,6 894,7 @@
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable",
"nvim-flake": "nvim-flake",
+ "preservation": "preservation",
"sops-nix": "sops-nix"
}
},
M flake.nix => flake.nix +1 -0
@@ 27,6 27,7 @@
# System related modules
impermanence.url = "github:nix-community/impermanence";
+ preservation.url = "github:nix-community/preservation";
sops-nix.url = "github:Mic92/sops-nix";
# Hyprland
A modules/hosts/ws/arwen/_nixos/default.nix => modules/hosts/ws/arwen/_nixos/default.nix +36 -0
@@ 0,0 1,36 @@
+{pkgs, ...}: {
+ imports = [
+ ./hardware-configuration.nix
+ ./preservation.nix
+ ./not-managed-by-modules-yet.nix
+ ];
+
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.systemd-boot.configurationLimit = 9;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ boot.initrd.systemd.enable = true;
+ boot.initrd.systemd.services.wipe = {
+ wantedBy = ["initrd.target"];
+ after = ["zfs-import-zpool.service"];
+ before = ["sysroot.mount"];
+ path = with pkgs; [zfs];
+ unitConfig.DefaultDependencies = "no";
+ serviceConfig.Type = "oneshot";
+ script = ''
+ zfs rollback -r zpool/root@blank
+ zfs rollback -r zpool/home@blank
+ '';
+ };
+
+ sops.defaultSopsFile = ../../../../../secrets/arwen/secrets.yaml;
+ sops.gnupg.sshKeyPaths = ["/persist/etc/ssh/ssh_host_rsa_key"];
+ sops.age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
+
+ networking.hostId = "9c928f21";
+ networking.networkmanager.enable = true;
+
+ time.timeZone = "Europe/Helsinki";
+
+ system.stateVersion = "25.11";
+}
A modules/hosts/ws/arwen/_nixos/hardware-configuration.nix => modules/hosts/ws/arwen/_nixos/hardware-configuration.nix +48 -0
@@ 0,0 1,48 @@
+{
+ config,
+ lib,
+ modulesPath,
+ ...
+}: {
+ imports = [
+ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci"];
+ boot.initrd.kernelModules = ["zfs"];
+ boot.kernelModules = ["kvm-amd"];
+ boot.supportedFilesystems = ["zfs"];
+
+ fileSystems."/" = {
+ device = "zpool/root";
+ fsType = "zfs";
+ neededForBoot = true;
+ };
+
+ fileSystems."/home" = {
+ device = "zpool/home";
+ fsType = "zfs";
+ neededForBoot = true;
+ };
+
+ fileSystems."/nix" = {
+ device = "zpool/nix";
+ fsType = "zfs";
+ neededForBoot = true;
+ };
+
+ fileSystems."/persist" = {
+ device = "zpool/persist";
+ fsType = "zfs";
+ neededForBoot = true;
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/DE99-660A";
+ fsType = "vfat";
+ options = ["fmask=0022" "dmask=0022"];
+ };
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
A modules/hosts/ws/arwen/_nixos/not-managed-by-modules-yet.nix => modules/hosts/ws/arwen/_nixos/not-managed-by-modules-yet.nix +14 -0
@@ 0,0 1,14 @@
+{pkgs, ...}: {
+ environment.systemPackages = with pkgs; [
+ prismlauncher
+ ];
+
+ services.libinput.enable = true;
+
+ programs.firefox.enable = true;
+
+ services.logind = {
+ settings.Login.HandlePowerKey = "suspend";
+ settings.Login.HandleLidSwitch = "suspend";
+ };
+}
A modules/hosts/ws/arwen/_nixos/preservation.nix => modules/hosts/ws/arwen/_nixos/preservation.nix +55 -0
@@ 0,0 1,55 @@
+{...}: {
+ preservation = {
+ enable = true;
+ preserveAt."/persist" = {
+ files = [
+ # Machine ID
+ {
+ file = "/etc/machine-id";
+ inInitrd = true;
+ }
+
+ # SSH host keys
+ {
+ file = "/etc/ssh/ssh_host_rsa_key";
+ how = "symlink";
+ configureParent = true;
+ }
+ {
+ file = "/etc/ssh/ssh_host_ed25519_key";
+ how = "symlink";
+ configureParent = true;
+ }
+ ];
+ directories = [
+ # NixOS state
+ "/var/lib/nixos"
+
+ # Tailscale state
+ "/var/lib/tailscale"
+
+ # NetworkManager connections
+ "/etc/NetworkManager/system-connections"
+ ];
+ users.skye = {
+ directories = [
+ # SSH state (keys, known_hosts, etc)
+ {
+ directory = ".ssh";
+ mode = "0700";
+ }
+
+ # Dev directory
+ "dev"
+
+ # Application states
+ ".local/share/direnv"
+ ".local/share/PrismLauncher"
+ ".mozilla"
+ ];
+ };
+ };
+ };
+
+ systemd.suppressedSystemUnits = ["systemd-machine-id-commit.service"];
+}
A modules/hosts/ws/arwen/default.nix => modules/hosts/ws/arwen/default.nix +113 -0
@@ 0,0 1,113 @@
+{inputs, ...}: let
+ channel = "unstable";
+ system = "x86_64-linux";
+ hostName = "arwen";
+in {
+ flake.nixosConfigurations.${hostName} = inputs."nixpkgs-${channel}".lib.nixosSystem {
+ inherit system;
+ specialArgs = {
+ inherit inputs;
+ lib = inputs."nixpkgs-${channel}".lib.extend (
+ final: prev:
+ import ../../../../lib {
+ inherit inputs;
+ lib = final;
+ }
+ );
+ };
+ modules = [
+ {
+ networking.hostName = hostName;
+ }
+
+ ./_nixos
+
+ inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e495
+ inputs.preservation.nixosModules.preservation
+ inputs.sops-nix.nixosModules.sops
+ inputs."home-manager-${channel}".nixosModules.home-manager
+
+ ({
+ config,
+ lib,
+ ...
+ }: let
+ user = "skye";
+ in {
+ imports = with inputs.self.modules.nixos;
+ [
+ core
+ amdgpu
+ audio
+ nvim
+ nix
+ tailscale
+ lazygit
+ gnupg
+ tlp
+
+ home-manager
+ {
+ home-manager.users.${user} = {
+ imports = with inputs.self.modules.homeManager;
+ [
+ git
+ ]
+ ++ [
+ {
+ home.stateVersion = config.system.stateVersion;
+ home.file.".config/niri/config.kdl".source = ./niri.kdl;
+ }
+
+ # TODO: see alice
+ {
+ arta.git = {
+ email = "jonni@liljamo.com";
+ name = "Jonni Liljamo";
+ };
+
+ arta.waybar.extraConfig = {
+ output = ["eDP-1"];
+
+ modules-left = ["niri/workspaces"];
+ modules-right = [
+ "bluetooth"
+ "custom/sep"
+ "backlight"
+ "custom/sep"
+ "battery"
+ "custom/sep"
+ "wireplumber"
+ "custom/sep"
+ "disk"
+ "custom/sep"
+ "network"
+ "custom/sep"
+ "clock"
+ "custom/sep"
+ "niri/language"
+ "tray"
+ ];
+
+ "network".interface = "wlp4s0";
+ };
+ }
+ ];
+ };
+ }
+ ]
+ ++ [
+ inputs.self.modules.nixos.${user}
+ {
+ users.users.${user}.extraGroups = ["video"];
+ }
+ ]
+ ++ lib.flatten [
+ (lib.arta.importBoth "niri" user)
+ (lib.arta.importBoth "shell" user)
+ (lib.arta.importBoth "passmenu" user)
+ ];
+ })
+ ];
+ };
+}
A modules/hosts/ws/arwen/niri.kdl => modules/hosts/ws/arwen/niri.kdl +74 -0
@@ 0,0 1,74 @@
+input {
+ keyboard {
+ xkb {
+ layout "us,fi"
+ options "grp:win_space_toggle,ctrl:nocaps"
+ }
+ }
+
+ warp-mouse-to-focus
+ focus-follows-mouse
+}
+
+output "eDP-1" {
+ mode "1920x1080@60.008"
+ scale 1
+}
+
+layout {
+ gaps 8
+
+ focus-ring {
+ off
+ }
+
+ border {
+ width 4
+ }
+}
+
+spawn-at-startup "waybar"
+
+hotkey-overlay {
+ skip-at-startup
+}
+
+prefer-no-csd
+
+binds {
+ Mod+Return { spawn "foot"; }
+ Mod+D { spawn "rofi" "-show" "run"; }
+
+ Mod+Shift+Q { close-window; }
+
+ Mod+Shift+E { quit; }
+
+ Mod+H { focus-column-left; }
+ Mod+J { focus-window-down; }
+ Mod+K { focus-window-up; }
+ Mod+L { focus-column-right; }
+
+ Mod+Shift+H { move-column-left; }
+ Mod+Shift+J { move-window-down; }
+ Mod+Shift+K { move-window-up; }
+ Mod+Shift+L { move-column-right; }
+
+ Mod+1 { focus-workspace 1; }
+ Mod+2 { focus-workspace 2; }
+ Mod+3 { focus-workspace 3; }
+ Mod+4 { focus-workspace 4; }
+ Mod+5 { focus-workspace 5; }
+ Mod+6 { focus-workspace 6; }
+ Mod+7 { focus-workspace 7; }
+ Mod+8 { focus-workspace 8; }
+ Mod+9 { focus-workspace 9; }
+ Mod+Shift+1 { move-column-to-workspace 1; }
+ Mod+Shift+2 { move-column-to-workspace 2; }
+ Mod+Shift+3 { move-column-to-workspace 3; }
+ Mod+Shift+4 { move-column-to-workspace 4; }
+ Mod+Shift+5 { move-column-to-workspace 5; }
+ Mod+Shift+6 { move-column-to-workspace 6; }
+ Mod+Shift+7 { move-column-to-workspace 7; }
+ Mod+Shift+8 { move-column-to-workspace 8; }
+ Mod+Shift+9 { move-column-to-workspace 9; }
+}