aboutsummaryrefslogtreecommitdiffstats
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'hosts')
-rw-r--r--hosts/common/core/default.nix21
-rw-r--r--hosts/common/core/locale.nix5
-rw-r--r--hosts/common/core/nix.nix30
-rw-r--r--hosts/common/core/shells.nix8
-rw-r--r--hosts/common/core/zsh.nix6
-rw-r--r--hosts/common/optional/google-authenticator.nix23
-rw-r--r--hosts/common/optional/pipewire.nix24
-rw-r--r--hosts/common/optional/services/openssh.nix11
-rw-r--r--hosts/common/optional/services/xorg.nix21
-rw-r--r--hosts/common/optional/zfs.nix6
-rw-r--r--hosts/common/users/nipsy/default.nix31
-rw-r--r--hosts/common/users/nipsy/keys/id_arrakis.pub1
-rw-r--r--hosts/common/users/root/default.nix10
-rw-r--r--hosts/ginaz/default.nix238
-rw-r--r--hosts/ginaz/hardware-configuration.nix49
15 files changed, 484 insertions, 0 deletions
diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix
new file mode 100644
index 0000000..8d19a9f
--- /dev/null
+++ b/hosts/common/core/default.nix
@@ -0,0 +1,21 @@
+{ inputs, outputs, ... }: {
+ imports = [
+ inputs.home-manager.nixosModules.home-manager
+ ./locale.nix
+ ./nix.nix
+ ./shells.nix
+ ./zsh.nix
+ ] ++ (builtins.attrValues outputs.nixosModules);
+
+ home-manager.extraSpecialArgs = { inherit inputs outputs; };
+
+ nixpkgs = {
+ # you can add global overlays here
+ overlays = builtins.attrValues outputs.overlays;
+ config = {
+ allowUnfree = true;
+ };
+ };
+
+ hardware.enableRedistributableFirmware = true;
+}
diff --git a/hosts/common/core/locale.nix b/hosts/common/core/locale.nix
new file mode 100644
index 0000000..914312e
--- /dev/null
+++ b/hosts/common/core/locale.nix
@@ -0,0 +1,5 @@
+{ lib, ... }:
+{
+ i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
+ time.timeZone = lib.mkDefault "America/Los_Angeles";
+}
diff --git a/hosts/common/core/nix.nix b/hosts/common/core/nix.nix
new file mode 100644
index 0000000..587bac6
--- /dev/null
+++ b/hosts/common/core/nix.nix
@@ -0,0 +1,30 @@
+{ inputs, lib, ... }:
+{
+ nix = {
+ settings = {
+ trusted-users = [ "root" "@wheel" ];
+
+ auto-optimise-store = lib.mkDefault true;
+ experimental-features = [ "nix-command" "flakes" "repl-flake" ];
+ warn-dirty = false;
+ #flake-registry = ""; # Disable global flake registry This is a hold-over setting from Misterio77. Not sure significance but likely to do with nix.registry entry below.
+ };
+
+ # Add each flake input as a registry to make nix3 commands consistent with your flake
+ #registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+
+ # Add nixpkgs input to NIX_PATH
+ # This lets nix2 commands still use <nixpkgs>
+ #nixPath = [ "nixpkgs=${inputs.nixpkgs.outPath}" ];
+
+ # Garbage Collection
+ gc = {
+ automatic = true;
+ dates = "weekly";
+ randomizedDelaySec = "14m";
+ # Keep the last 2 generations
+ options = "--delete-older-than +2";
+ };
+
+ };
+}
diff --git a/hosts/common/core/shells.nix b/hosts/common/core/shells.nix
new file mode 100644
index 0000000..0469b8c
--- /dev/null
+++ b/hosts/common/core/shells.nix
@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+ environment.systemPackages = builtins.attrValues {
+ inherit (pkgs)
+ bash
+ zsh;
+ };
+}
diff --git a/hosts/common/core/zsh.nix b/hosts/common/core/zsh.nix
new file mode 100644
index 0000000..ba73c00
--- /dev/null
+++ b/hosts/common/core/zsh.nix
@@ -0,0 +1,6 @@
+{
+ programs.zsh = {
+ enable = true;
+ enableCompletion = true;
+ };
+}
diff --git a/hosts/common/optional/google-authenticator.nix b/hosts/common/optional/google-authenticator.nix
new file mode 100644
index 0000000..7380d1b
--- /dev/null
+++ b/hosts/common/optional/google-authenticator.nix
@@ -0,0 +1,23 @@
+{ pkgs, ... }:
+{
+ environment.systemPackages = builtins.attrValues {
+ inherit (pkgs)
+ #other
+ google-authenticator;
+ };
+
+ security.pam.services = {
+ chfn.googleAuthenticator.enable = true;
+ chsh.googleAuthenticator.enable = true;
+ cups.googleAuthenticator.enable = true;
+ lightdm.googleAuthenticator.enable = true;
+ login.googleAuthenticator.enable = true;
+ other.googleAuthenticator.enable = true;
+ sshd.googleAuthenticator.enable = true;
+ su.googleAuthenticator.enable = true;
+ sudo.googleAuthenticator.enable = true;
+ vlock.googleAuthenticator.enable = true;
+ xlock.googleAuthenticator.enable = true;
+ xscreensaver.googleAuthenticator.enable = true;
+ };
+}
diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix
new file mode 100644
index 0000000..27b2a09
--- /dev/null
+++ b/hosts/common/optional/pipewire.nix
@@ -0,0 +1,24 @@
+{ pkgs, ... }:
+{
+ sound.enable = true;
+ hardware.pulseaudio.enable = false;
+ security.rtkit.enable = true;
+ services.pipewire = {
+ enable = true;
+ alsa.enable = true;
+ alsa.support32Bit = true;
+ pulse.enable = true;
+ wireplumber.enable = true;
+ jack.enable = true;
+
+ # use the example session manager (no others are packaged yet so this is enabled by default,
+ # no need to redefine it in your config for now)
+ # media-session.enable = true;
+ };
+
+ environment.systemPackages = builtins.attrValues {
+ inherit (pkgs)
+ pamixer
+ pavucontrol;
+ };
+}
diff --git a/hosts/common/optional/services/openssh.nix b/hosts/common/optional/services/openssh.nix
new file mode 100644
index 0000000..33cdbac
--- /dev/null
+++ b/hosts/common/optional/services/openssh.nix
@@ -0,0 +1,11 @@
+{
+ services.openssh = {
+ enable = true;
+ openFirewall = true;
+ settings = {
+ KbdInteractiveAuthentication = false;
+ PasswordAuthentication = false;
+ PermitRootLogin = "yes";
+ };
+ };
+}
diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix
new file mode 100644
index 0000000..ebca5ea
--- /dev/null
+++ b/hosts/common/optional/services/xorg.nix
@@ -0,0 +1,21 @@
+{
+ services.xserver = {
+ displayManager.defaultSession = "xsession";
+ displayManager.lightdm = {
+ enable = true;
+ extraSeatDefaults = ''greeter-hide-users=true'';
+ };
+ displayManager.session = [
+ {
+ manage = "desktop";
+ name = "xsession";
+ start = ''exec $HOME/.xsession'';
+ }
+ ];
+ enable = true;
+ libinput.enable = true;
+ videoDrivers = [ "amdgpu" ];
+ xkb.layout = "us";
+ xkb.options = "caps:super,compose:ralt";
+ };
+}
diff --git a/hosts/common/optional/zfs.nix b/hosts/common/optional/zfs.nix
new file mode 100644
index 0000000..a2d978d
--- /dev/null
+++ b/hosts/common/optional/zfs.nix
@@ -0,0 +1,6 @@
+{
+ services.zfs = {
+ autoScrub.enable = true;
+ trim.enable = true;
+ };
+}
diff --git a/hosts/common/users/nipsy/default.nix b/hosts/common/users/nipsy/default.nix
new file mode 100644
index 0000000..58ef9b3
--- /dev/null
+++ b/hosts/common/users/nipsy/default.nix
@@ -0,0 +1,31 @@
+{ pkgs, inputs, config, ... }:
+let
+ ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+in
+{
+ users.groups.nipsy.gid = 1000;
+ users.users.nipsy = {
+ description = "Mark Nipper";
+ extraGroups = [
+ "wheel"
+ "audio"
+ "video"
+ ] ++ ifTheyExist [
+ "networkmanager"
+ ];
+ group = "nipsy";
+ home = "/home/nipsy";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ (builtins.readFile ./keys/id_arrakis.pub)
+ #(builtins.readFile ./keys/id_other.pub)
+ ];
+
+ packages = [ pkgs.home-manager ];
+ shell = pkgs.zsh;
+ };
+
+ # Import this user's personal/home configurations
+ home-manager.users.nipsy = import ../../../../home/nipsy/${config.networking.hostName}.nix;
+
+}
diff --git a/hosts/common/users/nipsy/keys/id_arrakis.pub b/hosts/common/users/nipsy/keys/id_arrakis.pub
new file mode 100644
index 0000000..38c1d4c
--- /dev/null
+++ b/hosts/common/users/nipsy/keys/id_arrakis.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbKppxX6GF88fAfXJZR4ZcPzwopi7TAy+v/dmWso+7f nipsy@arrakis.bitgnome.net
diff --git a/hosts/common/users/root/default.nix b/hosts/common/users/root/default.nix
new file mode 100644
index 0000000..f70f414
--- /dev/null
+++ b/hosts/common/users/root/default.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+{
+ users.users.root = {
+ openssh.authorizedKeys.keys = [
+ (builtins.readFile ../nipsy/keys/id_arrakis.pub)
+ #(builtins.readFile ./keys/id_other.pub)
+ ];
+ shell = pkgs.zsh;
+ };
+}
diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix
new file mode 100644
index 0000000..d5fa16c
--- /dev/null
+++ b/hosts/ginaz/default.nix
@@ -0,0 +1,238 @@
+{ config, inputs, pkgs, ... }: {
+ boot = {
+ initrd.kernelModules = [ "amdgpu" "zfs" ];
+ kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+ loader = {
+ efi.canTouchEfiVariables = true;
+ systemd-boot.enable = true;
+ timeout = 3;
+ };
+ supportedFilesystems = [ "zfs" ];
+ zfs.devNodes = "/dev/disk/by-label";
+ };
+
+ documentation.dev.enable = true;
+ documentation.man.enable = true;
+
+ environment.systemPackages = with pkgs; [
+ bc
+ bespokesynth
+ bintools
+ cardinal
+ cargo
+ conntrack-tools
+ curl
+ dmenu
+ dict
+ dig
+ dmidecode
+ easyeffects
+ encfs
+ enscript
+ evince
+ feh
+ ffmpeg
+ file
+ flac
+ fldigi
+ fluidsynth
+ foot
+ fortune
+ fping
+ gcr
+ geeqie
+ geonkick
+ #gimp-with-plugins
+ gimp
+ git
+ go
+ godot_4
+ google-authenticator
+ google-chrome
+ gv
+ helm
+ i3
+ i3status
+ imagemagick
+ inkscape
+ inxi
+ iotop
+ ipcalc
+ iperf
+ jq
+ lame
+ libreoffice
+ libva-utils
+ lilypond-unstable-with-fonts
+ lshw
+ lsof
+ mame
+ mariadb
+ mednafen
+ mednaffe
+ mesa-demos
+ mkvtoolnix
+ mpv
+ mutt
+ netcat-openbsd
+ nix-index
+ nmap
+ ntfs3g
+ oath-toolkit
+ openldap
+ openssl
+ (pass.withExtensions (ext: with ext; [pass-otp]))
+ pass
+ patchelf
+ pavucontrol
+ pciutils
+ picom
+ polkit_gnome
+ polyphone
+ poppler_utils
+ powertop
+ psmisc
+ pv
+ pwgen
+ qemu_kvm
+ qpwgraph
+ qrencode
+ qsynth
+ radeontop
+ rdesktop
+ read-edid
+ reaper
+ recode
+ rosegarden
+ rustc
+ samplv1
+ sfizz
+ sg3_utils
+ signal-desktop
+ speedtest-cli
+ sqlite
+ sshfs
+ st
+ stoken
+ surge-XT
+ sxiv
+ synthv1
+ sysstat
+ tcpdump
+ tigervnc
+ traceroute
+ tree
+ tshark
+ turbovnc
+ unrar
+ unzip
+ usbutils
+ vapoursynth
+ vdpauinfo
+ vim
+ vlc
+ vmpk
+ vocproc
+ vulkan-tools
+ wavpack
+ wget
+ whois
+ winetricks
+ wineWowPackages.stagingFull
+ wireguard-tools
+ x11vnc
+ x265
+ xclip
+ xdotool
+ xorg.xdpyinfo
+ xscreensaver
+ xsnow
+ yabridge
+ yabridgectl
+ yoshimi
+ zig
+ zip
+ zynaddsubfx
+ ];
+
+ imports = [
+ inputs.hardware.nixosModules.lenovo-yoga-7-14ARH7.amdgpu
+
+ ./hardware-configuration.nix
+ ../common/core
+ ../common/optional/google-authenticator.nix
+ ../common/optional/pipewire.nix
+ ../common/optional/services/openssh.nix
+ ../common/optional/services/xorg.nix
+ ../common/optional/zfs.nix
+ ../common/users/nipsy
+ ../common/users/root
+ ];
+
+ networking = {
+ hostId = "8425e349";
+ hostName = "ginaz";
+ networkmanager.enable = true;
+ nftables.enable = true;
+ };
+
+ programs.atop.enable = true;
+ programs.firefox.enable = true;
+ programs.gnupg.agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+ programs.iftop.enable = true;
+ programs.mtr.enable = true;
+ programs.nm-applet.enable = true;
+ programs.steam.enable = true;
+ programs.tmux.enable = true;
+ programs.zsh.enable = true;
+
+ security.polkit = {
+ enable = true;
+ extraConfig = ''
+ polkit.addRule(function(action, subject) {
+ if (
+ subject.isInGroup("users")
+ && (
+ action.id == "org.freedesktop.login1.reboot" ||
+ action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
+ action.id == "org.freedesktop.login1.power-off" ||
+ action.id == "org.freedesktop.login1.power-off-multiple-sessions"
+ )
+ )
+ {
+ return polkit.Result.YES;
+ }
+ })
+ '';
+ };
+ services.blueman.enable = true;
+ services.printing.enable = true;
+ services.udev.extraRules = ''
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="2500",MODE:="0666"
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3000",MODE:="0666"
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3010",MODE:="0666"
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3020",MODE:="0666"
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="3030",MODE:="0666"
+ '';
+
+ systemd = {
+ user.services.polkit-gnome-authentication-agent-1 = {
+ description = "polkit-gnome-authentication-agent-1";
+ wantedBy = [ "graphical-session.target" ];
+ wants = [ "graphical-session.target" ];
+ after = [ "graphical-session.target" ];
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+ Restart = "on-failure";
+ RestartSec = 1;
+ TimeoutStopSec = 10;
+ };
+ };
+ };
+
+ system.stateVersion = "23.11";
+}
diff --git a/hosts/ginaz/hardware-configuration.nix b/hosts/ginaz/hardware-configuration.nix
new file mode 100644
index 0000000..a5ae455
--- /dev/null
+++ b/hosts/ginaz/hardware-configuration.nix
@@ -0,0 +1,49 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ #(modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "rpool/local/root";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-label/boot";
+ fsType = "vfat";
+ };
+
+ fileSystems."/nix" =
+ { device = "rpool/local/nix";
+ fsType = "zfs";
+ };
+
+ fileSystems."/root" =
+ { device = "rpool/user/home/root";
+ fsType = "zfs";
+ };
+
+ fileSystems."/home/nipsy" =
+ { device = "rpool/user/home/nipsy";
+ fsType = "zfs";
+ };
+
+ swapDevices =
+ [ { device = "/dev/disk/by-label/swap"; }
+ ];
+
+ hardware.bluetooth.enable = true;
+ #hardware.bluetooth.powerOnBoot = true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}