diff options
Diffstat (limited to '')
| -rw-r--r-- | hosts/fangorn/default.nix | 102 | ||||
| -rw-r--r-- | hosts/fangorn/disks.nix | 103 | ||||
| -rw-r--r-- | hosts/fangorn/hardware-configuration.nix | 33 | 
3 files changed, 238 insertions, 0 deletions
| diff --git a/hosts/fangorn/default.nix b/hosts/fangorn/default.nix new file mode 100644 index 0000000..4edee29 --- /dev/null +++ b/hosts/fangorn/default.nix @@ -0,0 +1,102 @@ +{ config, inputs, outputs, pkgs, ... }: { +  boot = { +    kernelPackages = pkgs.linuxPackages_6_12; +    loader = { +      efi.canTouchEfiVariables = true; +      systemd-boot.enable = true; +      timeout = 3; +    }; +    supportedFilesystems = [ "zfs" ]; +    zfs = { +      devNodes = "/dev/disk/by-label"; +      package = pkgs.master.zfs; +    }; +  }; + +  environment.systemPackages = with pkgs; [ +    signal-desktop +    #master.wsmancli +  ]; + +  imports = [ +    ./disks.nix +    ./hardware-configuration.nix +    ../common/core +    #../common/optional/db.nix +    #../common/optional/dev.nix +    #../common/optional/ebooks.nix +    #../common/optional/games.nix +    #../common/optional/misc.nix +    #../common/optional/multimedia.nix +    ../common/optional/pipewire.nix +    ../common/optional/services/openssh.nix +    #../common/optional/services/tlp.nix +    #../common/optional/services/xorg.nix +    #../common/optional/sound.nix +    ../common/optional/wdt.nix +    ../common/optional/zfs.nix +    ../common/users/don +    ../common/users/nipsy +    ../common/users/root +  ]; + +  networking = { +    hostId = "6f1faddc"; +    hostName = "fangorn"; +    networkmanager.enable = true; +    nftables.enable = true; +  }; + +  nixpkgs = { +    config.allowUnfree = true; +    hostPlatform = "x86_64-linux"; +    overlays = [ +      outputs.overlays.additions +      outputs.overlays.modifications +      outputs.overlays.master-packages +      outputs.overlays.stable-packages +    ]; +  }; + +  services.openssh.settings.X11Forwarding = true; +  services.xserver.videoDrivers = [ "amdgpu" ]; + +  #sops = { +  #  age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; +  #  defaultSopsFile = ../secrets/fangorn.yaml; + +  #  secrets = { +  #    "nftables/ssh" = {}; +  #    "nix-access-token-github" = {}; +  #    "ssh_config".path = "/root/.ssh/config"; +  #  }; +  #}; + +  system.stateVersion = "23.11"; + +  #systemd.services."nftables-extra" = let rules_script = '' +  #    ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} +  #  ''; in { +  #    description = "nftables extra firewall rules"; +  #    reload = rules_script; +  #    script = rules_script; +  #    serviceConfig = { +  #      RemainAfterExit = true; +  #      Type = "oneshot"; +  #    }; +  #    unitConfig = { +  #      ConditionPathExists = config.sops.secrets."nftables/ssh".path; +  #      ReloadPropagatedFrom = "nftables.service"; +  #    }; +  #    wantedBy = [ "multi-user.target" ]; +  #    after = [ "nftables.service" ]; +  #    partOf = [ "nftables.service" ]; +  #}; + +  #systemd.paths."nftables-extra" = { +  #  pathConfig = { +  #    PathExists = config.sops.secrets."nftables/ssh".path; +  #  }; +  #  wantedBy = [ "multi-user.target" ]; +  #}; +} diff --git a/hosts/fangorn/disks.nix b/hosts/fangorn/disks.nix new file mode 100644 index 0000000..f6e9ded --- /dev/null +++ b/hosts/fangorn/disks.nix @@ -0,0 +1,103 @@ +{ lib, ... }: +{ +  disko.devices = { +    disk = { +      nvme0n1 = { +        type = "disk"; +        device = "/dev/nvme0n1"; +        content = { +          type = "gpt"; +          partitions = { +            ESP = { +              size = "1G"; +              type = "EF00"; +              content = { +                type = "filesystem"; +                format = "vfat"; +                mountpoint = "/boot"; +                mountOptions = [ "umask=0077" ]; +                extraArgs = [ "-nboot" ]; +              }; +            }; +            swap = { +              device = lib.mkForce "/dev/disk/by-label/swap"; +              size = "32G"; +              type = "8200"; +              content = { +                type = "swap"; +                extraArgs = [ "-L swap" ]; +              }; +            }; +            rpool = { +              size = "100%"; +              content = { +                type = "zfs"; +                pool = "rpool"; +              }; +            }; +          }; +        }; +      }; +    }; +    zpool = { +      rpool = { +        type = "zpool"; +        rootFsOptions = { +          acltype = "posixacl"; +          canmount = "off"; +          compression = "on"; +          dnodesize = "auto"; +          relatime = "on"; +          xattr = "sa"; +        }; +        options = { +          ashift = "12"; +          autotrim = "on"; +        }; +        datasets = { +          "local" = { +            type = "zfs_fs"; +            options.mountpoint = "none"; +          }; +          "local/root" = { +            type = "zfs_fs"; +            options.mountpoint = "legacy"; +            mountpoint = "/"; +          }; +          "local/nix" = { +            type = "zfs_fs"; +            options = { +              atime = "off"; +              mountpoint = "legacy"; +            }; +            mountpoint = "/nix"; +          }; +          "user" = { +            type = "zfs_fs"; +            options.mountpoint = "none"; +          }; +          "user/home" = { +            type = "zfs_fs"; +            options.mountpoint = "legacy"; +            mountpoint = "/home"; +          }; +          "user/home/root" = { +            type = "zfs_fs"; +            options.mountpoint = "legacy"; +            mountpoint = "/root"; +          }; +          "user/home/don" = { +            type = "zfs_fs"; +            options.mountpoint = "legacy"; +            mountpoint = "/home/don"; +          }; +          "user/home/nipsy" = { +            type = "zfs_fs"; +            options.mountpoint = "legacy"; +            mountpoint = "/home/nipsy"; +          }; +        }; +      }; +    }; +  }; +} diff --git a/hosts/fangorn/hardware-configuration.nix b/hosts/fangorn/hardware-configuration.nix new file mode 100644 index 0000000..17a6bc6 --- /dev/null +++ b/hosts/fangorn/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file!  It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations.  Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ +  imports = [ +    (modulesPath + "/installer/scan/not-detected.nix") +  ]; + +  boot = { +    initrd = { +      availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; +      kernelModules = [ ]; +    }; +    kernelModules = [ "kvm-amd" ]; +    extraModulePackages = [ ]; +  }; + +  fileSystems."/boot" = { +    device = lib.mkForce "/dev/disk/by-label/boot"; +  }; + +  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking +  # (the default) this is the recommended approach. When using systemd-networkd it's +  # still possible to use this option, but it's recommended to use it in conjunction +  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. +  #networking.useDHCP = lib.mkDefault true; +  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; +  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + +  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} | 
