From a8156c500e9efa2a17b05ee1852f65a05f5acb60 Mon Sep 17 00:00:00 2001 From: Jonni Liljamo Date: Mon, 15 Jul 2024 18:09:33 +0300 Subject: [PATCH] feat: initial version --- .sops.yaml | 10 + README.md | 5 + flake.lock | 438 ++++++++++++++++++ flake.nix | 55 +++ roles/audio.nix | 23 + roles/base.nix | 45 ++ roles/bluetooth.nix | 27 ++ roles/default.nix | 10 + roles/git.nix | 42 ++ roles/nix.nix | 14 + roles/zellij.nix | 23 + secrets/arwen/secrets.yaml | 34 ++ systems/default.nix | 27 ++ systems/hosts/arwen/default.nix | 61 +++ .../hosts/arwen/hardware-configuration.nix | 60 +++ systems/hosts/default.nix | 7 + systems/profiles/default.nix | 3 + systems/profiles/laptop/default.nix | 18 + users/default.nix | 3 + users/skye/default.nix | 25 + 20 files changed, 930 insertions(+) create mode 100644 .sops.yaml create mode 100644 README.md create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 roles/audio.nix create mode 100644 roles/base.nix create mode 100644 roles/bluetooth.nix create mode 100644 roles/default.nix create mode 100644 roles/git.nix create mode 100644 roles/nix.nix create mode 100644 roles/zellij.nix create mode 100644 secrets/arwen/secrets.yaml create mode 100644 systems/default.nix create mode 100644 systems/hosts/arwen/default.nix create mode 100644 systems/hosts/arwen/hardware-configuration.nix create mode 100644 systems/hosts/default.nix create mode 100644 systems/profiles/default.nix create mode 100644 systems/profiles/laptop/default.nix create mode 100644 users/default.nix create mode 100644 users/skye/default.nix diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..cdb8c22 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,10 @@ +keys: + - &liljamo_gpg 848EEBCEE9F0D29D25C321A658577946A65EB712 + - &arwen age15hcszwfk0d6cu9ua6g4udj9tdq63jm8lja66ktxu0fjfuczczcwsm5kcxn +creation_rules: + - path_regex: secrets/arwen/[^/]+\.yaml$ + key_groups: + - pgp: + - *liljamo_gpg + age: + - *arwen diff --git a/README.md b/README.md new file mode 100644 index 0000000..4eb7fec --- /dev/null +++ b/README.md @@ -0,0 +1,5 @@ +# nix-arta + + +## Inspiration +[pluiedev/flake](https://github.com/pluiedev/flake) for structure. diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..01ce9b4 --- /dev/null +++ b/flake.lock @@ -0,0 +1,438 @@ +{ + "nodes": { + "devshell": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nvim-flake", + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717408969, + "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", + "owner": "numtide", + "repo": "devshell", + "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "flake-compat": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "nvim-flake", + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719877454, + "narHash": "sha256-g5N1yyOSsPNiOlFfkuI/wcUjmtah+nxdImJqrSATjOU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4e3583423212f9303aa1a6337f8dffb415920e4f", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "nvim-flake", + "nixvim", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "nvim-flake", + "nixvim", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nvim-flake", + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719259945, + "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nvim-flake", + "nixvim", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1720042825, + "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nvim-flake", + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719827439, + "narHash": "sha256-tneHOIv1lEavZ0vQ+rgz67LPNCgOZVByYki3OkSshFU=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "59ce796b2563e19821361abbe2067c3bb4143a7d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "impermanence": { + "locked": { + "lastModified": 1719091691, + "narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nvim-flake", + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719845423, + "narHash": "sha256-ZLHDmWAsHQQKnmfyhYSHJDlt8Wfjv6SQhl2qek42O7A=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "ec12b88104d6c117871fad55e931addac4626756", + "type": "github" + }, + "original": { + "owner": "lnl7", + "repo": "nix-darwin", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1720515935, + "narHash": "sha256-8b+fzR4W2hI5axwB+4nBwoA15awPKkck4ghhCt8v39M=", + "owner": "nixos", + "repo": "nixos-hardware", + "rev": "a111ce6b537df12a39874aa9672caa87f8677eda", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1720553833, + "narHash": "sha256-IXMiHQMtdShDXcBW95ctA+m5Oq2kLxnBt7WlMxvDQXA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "249fbde2a178a2ea2638b65b9ecebd531b338cf9", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1720542800, + "narHash": "sha256-ZgnNHuKV6h2+fQ5LuqnUaqZey1Lqqt5dTUAiAnqH0QQ=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "feb2849fdeb70028c70d73b848214b00d324a497", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixvim": { + "inputs": { + "devshell": "devshell", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts_3", + "git-hooks": "git-hooks", + "home-manager": "home-manager_2", + "nix-darwin": "nix-darwin", + "nixpkgs": [ + "nvim-flake", + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1720702748, + "narHash": "sha256-cmOvEwKQx1vs/Sx4pE4exqPMvOwnI/5DrinkQG8X1qY=", + "owner": "nix-community", + "repo": "nixvim", + "rev": "ca01a644ef0ef924dd0c6b2b54c4f2a8019fe5cf", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixvim", + "type": "github" + } + }, + "nvim-flake": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": [ + "nixpkgs-unstable" + ], + "nixvim": "nixvim" + }, + "locked": { + "lastModified": 1720713211, + "narHash": "sha256-8wgaKSmEh3vx2eXbTGhDEaFdhNOtEI+vL/nfPlZ83bs=", + "ref": "refs/heads/master", + "rev": "3748c750a040c5669454f7aaf0c8f9e5bbcff46e", + "revCount": 27, + "type": "git", + "url": "https://git.src.quest/~liljamo/nvim-flake" + }, + "original": { + "type": "git", + "url": "https://git.src.quest/~liljamo/nvim-flake" + } + }, + "root": { + "inputs": { + "flake-parts": "flake-parts", + "home-manager": "home-manager", + "impermanence": "impermanence", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", + "nvim-flake": "nvim-flake", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ], + "nixpkgs-stable": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1720479166, + "narHash": "sha256-jqvhLDXzTLTHq9ZviFOpcTmXXmnbLfz7mWhgMNipMN4=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "67035a355b1d52d2d238501f8cc1a18706979760", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nvim-flake", + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719887753, + "narHash": "sha256-p0B2r98UtZzRDM5miGRafL4h7TwGRC4DII+XXHDHqek=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "bdb6355009562d8f9313d9460c0d3860f525bc6c", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..de40f30 --- /dev/null +++ b/flake.nix @@ -0,0 +1,55 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + + nixos-hardware.url = "github:nixos/nixos-hardware"; + + flake-parts = { + url = "github:hercules-ci/flake-parts"; + inputs.nixpkgs-lib.follows = "nixpkgs"; + }; + + # Core + impermanence.url = "github:nix-community/impermanence"; + + home-manager = { + url = "github:nix-community/home-manager/release-24.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs-stable.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; + + # Own flakes + nvim-flake = { + url = "git+https://git.src.quest/~liljamo/nvim-flake"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; + }; + + outputs = inputs: + inputs.flake-parts.lib.mkFlake {inherit inputs;} { + imports = [ + #./hm-modules + ./systems + ]; + + systems = ["x86_64-linux"]; + perSystem = { + pkgs, + system, + ... + }: { + devShells.default = pkgs.mkShell { + buildInputs = with pkgs; [ + alejandra + sops + ]; + }; + }; + }; +} diff --git a/roles/audio.nix b/roles/audio.nix new file mode 100644 index 0000000..a314e24 --- /dev/null +++ b/roles/audio.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + ... +}: let + cfg = config.roles.audio; +in { + options.roles.audio = { + enable = lib.mkEnableOption "enable audio"; + }; + + config = lib.mkIf cfg.enable { + services.pipewire = { + enable = true; + alsa = { + enable = true; + support32Bit = true; + }; + jack.enable = true; + pulse.enable = true; + }; + }; +} diff --git a/roles/base.nix b/roles/base.nix new file mode 100644 index 0000000..addf1c9 --- /dev/null +++ b/roles/base.nix @@ -0,0 +1,45 @@ +{ + config, + lib, + ... +}: let + cfg = config.roles.base; +in { + options.roles.base = { + username = lib.mkOption { + type = lib.types.str; + }; + isWheel = lib.mkEnableOption "wheter to enable admin permissions"; + hashedPasswordFile = lib.mkOption { + type = lib.types.path; + }; + }; + + imports = [ + (lib.mkAliasOptionModule ["hm"] [ + "home-manager" + "users" + cfg.username + ]) + ]; + + config = let + homeDirectory = "/home/${cfg.username}"; + in { + users.users.${cfg.username} = { + isNormalUser = true; + extraGroups = lib.optional cfg.isWheel "wheel"; + home = homeDirectory; + hashedPasswordFile = cfg.hashedPasswordFile; + }; + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + }; + hm.home = { + inherit (cfg) username; + inherit homeDirectory; + stateVersion = config.system.stateVersion; + }; + }; +} diff --git a/roles/bluetooth.nix b/roles/bluetooth.nix new file mode 100644 index 0000000..f212f93 --- /dev/null +++ b/roles/bluetooth.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: let + cfg = config.roles.bluetooth; +in { + options.roles.bluetooth = { + enable = lib.mkEnableOption "enable bluetooth"; + enableHDAudio = lib.mkEnableOption "enable HD audio for bluetooth"; + }; + + config = lib.mkIf cfg.enable { + services.blueman.enable = true; + + services.pipewire.wireplumber.extraConfig = lib.mkIf cfg.enableHDAudio { + bluetoothEnhancements = { + "monitor.bluez.properties" = { + "bluez5.enable-sbc-xq" = true; + "bluez5.enable-msbc" = true; + "bluez5.enable-hw-volume" = true; + "bluez5.roles" = ["hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag"]; + }; + }; + }; + }; +} diff --git a/roles/default.nix b/roles/default.nix new file mode 100644 index 0000000..ace847d --- /dev/null +++ b/roles/default.nix @@ -0,0 +1,10 @@ +{...}: { + imports = [ + ./audio.nix + ./bluetooth.nix + ./base.nix + ./git.nix + ./nix.nix + ./zellij.nix + ]; +} diff --git a/roles/git.nix b/roles/git.nix new file mode 100644 index 0000000..3a715a4 --- /dev/null +++ b/roles/git.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.roles.git; +in { + options.roles.git = { + enable = lib.mkEnableOption "enable git"; + email = lib.mkOption { + type = lib.types.str; + }; + name = lib.mkOption { + type = lib.types.str; + }; + gitExtraConfig = lib.mkOption { + type = lib.types.lines; + default = {}; + }; + enableLazygit = lib.mkEnableOption "enable lazygit"; + }; + + config = { + programs.lazygit = lib.mkIf cfg.enableLazygit { + enable = true; + settings = { + disableStartupPopups = true; + }; + }; + + hm = { + programs.git = lib.mkIf cfg.enable { + enable = true; + package = pkgs.gitAndTools.gitFull; + userEmail = cfg.email; + userName = cfg.name; + extraConfig = cfg.gitExtraConfig; + }; + }; + }; +} diff --git a/roles/nix.nix b/roles/nix.nix new file mode 100644 index 0000000..b8ed0ed --- /dev/null +++ b/roles/nix.nix @@ -0,0 +1,14 @@ +{ + nix = { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + settings = { + auto-optimise-store = true; + experimental-features = ["nix-command" "flakes"]; + trusted-users = ["@wheel"]; + }; + }; +} diff --git a/roles/zellij.nix b/roles/zellij.nix new file mode 100644 index 0000000..c371ce1 --- /dev/null +++ b/roles/zellij.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + ... +}: let + cfg = config.roles.zellij; +in { + options.roles.zellij = { + enable = lib.mkEnableOption "enable zellij"; + }; + + config = lib.mkIf cfg.enable { + hm.programs.zellij = { + enable = true; + settings = { + simplified_ui = true; + pane_frames = false; + default_layout = "compact"; + ui.pane_frames.hide_session_name = true; + }; + }; + }; +} diff --git a/secrets/arwen/secrets.yaml b/secrets/arwen/secrets.yaml new file mode 100644 index 0000000..c8ec895 --- /dev/null +++ b/secrets/arwen/secrets.yaml @@ -0,0 +1,34 @@ +rootPwd: ENC[AES256_GCM,data:LnMbR4IstZqCDz+98+lZX8O2mzQc40t3Zf4Ka3wLOEuFExSn63xdH/PV2wLCUm2ufI95tpldiROAZxCifYhy9+Ls8E6GNqV0V0d6PkdyVi/9xT5rH23yOc1/dIYWbSZFcz4OlU+JPW81wA==,iv:6vm3G2cxIf/1oKxwZFtoYKCLt+ustd7uxBFEMSO9uPY=,tag:3/z0t9z54LGEY8HbIZ3G8Q==,type:str] +skyePwd: ENC[AES256_GCM,data:QT4pp8WSVCJBZBLyBP35Rjk08xxE+osibBj1irOLzyuYNH27XvYTtE3IJ4WtFdtSbDiHDGYDg8ZIDF5Z8ACgFngWuL9Akw7FsPuTzqsDLm3Gmum1tgDGXd3TlEc1WNNyZlzEjcA2Zz5INA==,iv:eeNL/i5tL12QQ73FD02mBvQ8Rl/QkJGFsC3tuinw5gc=,tag:Aks+C0qXUHItfbhTiBaLgA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age15hcszwfk0d6cu9ua6g4udj9tdq63jm8lja66ktxu0fjfuczczcwsm5kcxn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0WGJCUzBUREFkdTgydzBo + bnowYXc5aVl5WExiUCtORlM1MmhSb29KSlYwClJLTERBOEFhL2VrTDhaTFZCaW5K + WUZIOHVqQ0krQ3FSYmQ2ckhqS2RWMkkKLS0tIHFRR3UvbFY3MW5Vbk04bitENy9K + MVdQQjhONDVXS3lpK3EwZ2xwcVkxbE0KwYQHEKyemv2v1qzZcDMKXe0zPWa10kc4 + 6sJakrIj+OoMf+upFlmZM8X1VoVbvpDK+duwpPAj4P+2b1jvvQdtHA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-07-15T14:21:12Z" + mac: ENC[AES256_GCM,data:AyEiVTFKjp8uEKhsVQEjBmiCjuBXRbpLuv5HgaPYo7Tp/wHMsgo+O7HcEU/Hx2X3JqWApVjWb4SMMknckrodMlJPxTBM59bCNqZvI4/nqXMQknWO1t25xrHa+blMRLMVMbgjwaq4pYB0IfqN0ZQV3il3DcEx9ItYVMEwGPuqN9c=,iv:rEBT56+bqksGQdzRkxYEalmIuB+qXBgqMilk7H3hZ74=,tag:y1PP0RMZSfwBEGDlvpb/EA==,type:str] + pgp: + - created_at: "2024-06-27T15:56:30Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4D8ab0ENzkR4wSAQdARmHY/Qd3toPQ0RM7tl8zszzeeyUK33qzi9btz+zuI08w + ji84v5V0j1w2rjLrXUDLVPZeXGSUDrYF4GRx/hHP1E5zS5llgobVqtAAgejwsDth + 1GgBCQIQnifZFYBHIWHdcKUC7zz38lvhfnNAKwRewyUPZuITpS+8TfsGu7WO3icR + szfKzn9LCmc0KVB8NS0rWvBgRfblCDXyg85YClju091aufm4ZSFfIcIpsBQd5A2O + qnBij3QVOSxY+w== + =ATYo + -----END PGP MESSAGE----- + fp: 848EEBCEE9F0D29D25C321A658577946A65EB712 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/systems/default.nix b/systems/default.nix new file mode 100644 index 0000000..b0cad42 --- /dev/null +++ b/systems/default.nix @@ -0,0 +1,27 @@ +{ + self, + inputs, + ... +}: { + flake = let + mkHost = name: cfg: + inputs.nixpkgs.lib.nixosSystem { + system = cfg.system; + specialArgs = cfg.profile.specialArgs; + modules = + cfg.profile.modules + ++ cfg.modules + ++ [ + ./hosts/${name} + { + networking.hostName = name; + } + ]; + }; + + profiles = import ./profiles inputs; + hosts = import ./hosts profiles; + in { + nixosConfigurations = inputs.nixpkgs.lib.mapAttrs mkHost hosts; + }; +} diff --git a/systems/hosts/arwen/default.nix b/systems/hosts/arwen/default.nix new file mode 100644 index 0000000..403cb1f --- /dev/null +++ b/systems/hosts/arwen/default.nix @@ -0,0 +1,61 @@ +{ + config, + inputs, + lib, + pkgs, + ... +}: { + imports = [ + ./hardware-configuration.nix + + inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e495 + ]; + + boot.initrd.postDeviceCommands = lib.mkAfter '' + zfs rollback -r zpool/root@blank + ''; + + sops.defaultSopsFile = ../../../secrets/arwen/secrets.yaml; + sops.gnupg.sshKeyPaths = ["/persist/etc/ssh/ssh_host_rsa_key"]; + sops.age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; + sops.secrets.rootPwd.neededForUsers = true; + users.users.root.hashedPasswordFile = config.sops.secrets.rootPwd.path; + + networking.hostId = "d2a2e2cb"; + networking.networkmanager.enable = true; + + time.timeZone = "Europe/Helsinki"; + + services.xserver.xkb.layout = "us"; + + roles.audio.enable = true; + roles.bluetooth = { + enable = true; + enableHDAudio = true; + }; + + services.libinput.enable = true; + + environment.systemPackages = with pkgs; [ + inputs.nvim-flake.packages.x86_64-linux.nvim + git + vim + wget + ]; + + environment.persistence."/persist" = { + hideMounts = true; + directories = [ + "/etc/nixos" + "/etc/ssh" + "/var/lib/tailscale" + ]; + }; + + services.pcscd.enable = true; + programs.gnupg.agent.enable = true; + + services.openssh.enable = true; + + system.stateVersion = "24.05"; +} diff --git a/systems/hosts/arwen/hardware-configuration.nix b/systems/hosts/arwen/hardware-configuration.nix new file mode 100644 index 0000000..7a72753 --- /dev/null +++ b/systems/hosts/arwen/hardware-configuration.nix @@ -0,0 +1,60 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.systemd-boot.configurationLimit = 9; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci"]; + boot.initrd.kernelModules = ["zfs"]; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; + boot.supportedFilesystems = ["zfs"]; + + fileSystems."/" = { + device = "zpool/root"; + fsType = "zfs"; + neededForBoot = true; + }; + + fileSystems."/home" = { + device = "zpool/home"; + fsType = "zfs"; + neededForBoot = true; + }; + + fileSystems."/nix" = { + device = "zpool/nix"; + fsType = "zfs"; + neededForBoot = true; + }; + + fileSystems."/persist" = { + device = "zpool/persist"; + fsType = "zfs"; + neededForBoot = true; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/27D2-24CF"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/87589f56-9eb4-43d2-ade7-ccdab1e56cc2";} + ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/systems/hosts/default.nix b/systems/hosts/default.nix new file mode 100644 index 0000000..24ffdc2 --- /dev/null +++ b/systems/hosts/default.nix @@ -0,0 +1,7 @@ +{laptop, ...}: { + arwen = { + system = "x86_64-linux"; + profile = laptop; + modules = []; + }; +} diff --git a/systems/profiles/default.nix b/systems/profiles/default.nix new file mode 100644 index 0000000..07f5ac2 --- /dev/null +++ b/systems/profiles/default.nix @@ -0,0 +1,3 @@ +inputs: { + laptop = import ./laptop inputs; +} diff --git a/systems/profiles/laptop/default.nix b/systems/profiles/laptop/default.nix new file mode 100644 index 0000000..3a87a8a --- /dev/null +++ b/systems/profiles/laptop/default.nix @@ -0,0 +1,18 @@ +inputs @ { + home-manager, + impermanence, + sops-nix, + ... +}: { + modules = [ + sops-nix.nixosModules.sops + impermanence.nixosModules.impermanence + home-manager.nixosModules.home-manager + + ../../../roles + ../../../users + ]; + specialArgs = { + inherit inputs; + }; +} diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..91f9f98 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,3 @@ +{ + imports = [./skye]; +} diff --git a/users/skye/default.nix b/users/skye/default.nix new file mode 100644 index 0000000..7238b18 --- /dev/null +++ b/users/skye/default.nix @@ -0,0 +1,25 @@ +{config, ...}: { + sops.secrets.skyePwd.neededForUsers = true; + + roles.base = { + username = "skye"; + isWheel = true; + hashedPasswordFile = config.sops.secrets.skyePwd.path; + }; + + roles.git = { + enable = true; + enableLazygit = true; + email = "jonni@liljamo.com"; + name = "Jonni Liljamo"; + gitExtraConfig = '' + [sendemail] + smtpserver = "smtp.migadu.com" + smtpuser = "jonni@liljamo.com" + smtpencryption = "ssl" + smtpserverport = 465 + ''; + }; + + roles.zellij.enable = true; +} -- 2.44.1