diff options
| -rw-r--r-- | flake.nix | 15 | ||||
| -rw-r--r-- | home/nipsy/arrakis.nix | 20 | ||||
| -rw-r--r-- | home/root/arrakis.nix | 6 | ||||
| -rw-r--r-- | hosts/arrakis/default.nix | 78 | ||||
| -rw-r--r-- | hosts/arrakis/disks.nix | 132 | ||||
| -rw-r--r-- | hosts/arrakis/hardware-configuration.nix | 52 |
6 files changed, 303 insertions, 0 deletions
@@ -30,6 +30,21 @@ outputs = inputs@{ home-manager-stable, home-manager-unstable, nixos-hardware, nixpkgs-stable, nixpkgs-unstable, sops-nix, ... }: rec { nixosConfigurations = { + arrakis = nixpkgs-unstable.lib.nixosSystem { + pkgs = pkgs-unstable; + #specialArgs = inputs; + system = "x86_64-linux"; + modules = [ + ./hosts/arrakis + home-manager-unstable.nixosModules.home-manager { + home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ]; + home-manager.users.root = import ./home/root/arrakis.nix; + home-manager.users.nipsy = import ./home/nipsy/arrakis.nix; + } + #sops-nix.nixosModules.sops + ]; + }; + darkstar = nixpkgs-unstable.lib.nixosSystem { pkgs = pkgs-unstable; #specialArgs = inputs; diff --git a/home/nipsy/arrakis.nix b/home/nipsy/arrakis.nix new file mode 100644 index 0000000..dc27d3e --- /dev/null +++ b/home/nipsy/arrakis.nix @@ -0,0 +1,20 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + common/core + common/optional/desktops + common/optional/desktops/services/xscreensaver.nix + #inputs.sops-nix.homeManagerModules.sops + ]; + + #sops = { + # age.keyFile = "/home/nipsy/.config/sops/age/keys.txt"; + # defaultSopsFile = ./secrets/ginaz.yaml; + + # secrets = { + # "ssh_config" = { + # path = "/home/nipsy/.ssh/config"; + # }; + # }; + #}; +} diff --git a/home/root/arrakis.nix b/home/root/arrakis.nix new file mode 100644 index 0000000..83c92cd --- /dev/null +++ b/home/root/arrakis.nix @@ -0,0 +1,6 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + common/core + ]; +} diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix new file mode 100644 index 0000000..e1cd540 --- /dev/null +++ b/hosts/arrakis/default.nix @@ -0,0 +1,78 @@ +{ config, pkgs, ... }: { + boot = { + initrd.kernelModules = [ "zfs" ]; + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + timeout = 3; + }; + supportedFilesystems = [ "zfs" ]; + zfs.devNodes = "/dev/disk/by-label"; + }; + + environment.systemPackages = with pkgs; [ + signal-desktop + ]; + + imports = [ + ./hardware-configuration.nix + ../common/core + ../common/optional/db.nix + ../common/optional/dev.nix + ../common/optional/ebooks.nix + ../common/optional/games.nix + ../common/optional/google-authenticator.nix + ../common/optional/misc.nix + ../common/optional/multimedia.nix + ../common/optional/pipewire.nix + ../common/optional/sdr.nix + ../common/optional/services/openssh.nix + ../common/optional/services/xorg.nix + ../common/optional/sound.nix + ../common/optional/zfs.nix + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + hostId = "2ae4c89f"; + hostName = "arrakis"; + nftables.enable = true; + }; + + services.openssh.settings.X11Forwarding = true; + services.xserver.videoDrivers = [ "nvidia" ]; + + #sops = { + # age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + # defaultSopsFile = ../secrets/arrakis.yaml; + + # secrets = { + # "nftables/ssh" = {}; + # }; + #}; + + system.stateVersion = "23.11"; + + #systemd.services."nftables-extra" = { + # description = "nftables extra firewall rules"; + # script = '' + # ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} + # ''; + # serviceConfig = { + # RemainAfterExit = true; + # Type = "oneshot"; + # }; + # unitConfig = { + # ConditionPathExists = config.sops.secrets."nftables/ssh".path; + # }; + # wantedBy = [ "multi-user.target" ]; + #}; + #systemd.paths."nftables-extra" = { + # pathConfig = { + # PathExists = config.sops.secrets."nftables/ssh".path; + # }; + # wantedBy = [ "multi-user.target" ]; + #}; +} diff --git a/hosts/arrakis/disks.nix b/hosts/arrakis/disks.nix new file mode 100644 index 0000000..0402b4a --- /dev/null +++ b/hosts/arrakis/disks.nix @@ -0,0 +1,132 @@ +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800014"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/efiboot/efi1"; + mountOptions = [ "defaults" ]; + extraArgs = [ "-n ESP1" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap1" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + nvme1n1 = { + type = "disk"; + device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800005"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/efiboot/efi2"; + mountOptions = [ "defaults" ]; + extraArgs = [ "-n ESP2" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap2" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + mode = "mirror"; + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + canmount = "off"; + compression = "on"; + dnodesize = "auto"; + relatime = "on"; + xattr = "sa"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + "local" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "local/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + }; + "local/nix" = { + type = "zfs_fs"; + options = { + atime = "off"; + mountpoint = "legacy"; + }; + mountpoint = "/nix"; + }; + "user" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "user/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "user/home/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/root"; + }; + "user/home/nipsy" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/nipsy"; + }; + }; + }; + }; + }; +} diff --git a/hosts/arrakis/hardware-configuration.nix b/hosts/arrakis/hardware-configuration.nix new file mode 100644 index 0000000..52c407f --- /dev/null +++ b/hosts/arrakis/hardware-configuration.nix @@ -0,0 +1,52 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ #(modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool/local/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + + fileSystems."/nix" = + { device = "rpool/local/nix"; + fsType = "zfs"; + }; + + fileSystems."/root" = + { device = "rpool/user/home/root"; + fsType = "zfs"; + }; + + fileSystems."/home/nipsy" = + { device = "rpool/user/home/nipsy"; + fsType = "zfs"; + }; + + swapDevices = + [ { device = "/dev/disk/by-label/swap"; } + ]; + + hardware = { + bluetooth.enable = true; + nvidia = { + modesetting.enable = true; + package = config.boot.kernelPackages.nvidiaPackages.beta; + }; + }; +} |