hosts: add talos

hosts/talos/default.nix

@@ -0,0 +1,120 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+    ./disko-config.nix
+
+    ./home.nix
+    ./secrets.nix
+  ];
+
+  hardware.amdgpu.opencl = false;
+
+  boot.kernelPackages = pkgs.linuxPackages_6_6;
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot = {
+    enable = true;
+    editor = false;
+    consoleMode = "auto";
+  };
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.tmp.useTmpfs = true;
+
+  services.btrfs = {
+    autoScrub = {
+      enable = true;
+      fileSystems = ["/"];
+    };
+  };
+
+  networking.hostName = "talos"; # Define your hostname.
+  networking.domain = "alarsyo.net";
+  # Pick only one of the below networking options.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
+
+  # Set your time zone.
+  time.timeZone = "Europe/Paris";
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  programs = {
+    dconf.enable = true;
+    light.enable = true;
+  };
+  services = {
+    fwupd.enable = true;
+    openssh.enable = true;
+  };
+  virtualisation = {
+    docker.enable = true;
+    libvirtd.enable = true;
+  };
+
+  my.services = {
+    tailscale = {
+      enable = true;
+      useRoutingFeatures = "client";
+    };
+
+    pipewire.enable = true;
+  };
+
+  my.gui.enable = true;
+  my.displayManager.sddm.enable = lib.mkForce false;
+
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = false;
+    settings.General.Experimental = true;
+  };
+
+  # Configure console keymap
+  console.keyMap = "us";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "fr_FR.UTF-8";
+    LC_IDENTIFICATION = "fr_FR.UTF-8";
+    LC_MEASUREMENT = "fr_FR.UTF-8";
+    LC_MONETARY = "fr_FR.UTF-8";
+    LC_NAME = "fr_FR.UTF-8";
+    LC_PAPER = "fr_FR.UTF-8";
+    LC_TELEPHONE = "fr_FR.UTF-8";
+  };
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+
+  # Enable the KDE Plasma Desktop Environment.
+  services.xserver.displayManager.sddm = {
+    enable = true;
+    wayland.enable = true;
+  };
+  services.xserver.desktopManager.plasma5.enable = true;
+  services.power-profiles-daemon.enable = true;
+
+  #programs.hyprland.enable = true;
+  #programs.sway = {
+  #  enable = true;
+  #  wrapperFeatures.gtk = true;
+  #};
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+}

hosts/talos/disko-config.nix

@@ -0,0 +1,67 @@
+{
+  disko.devices = {
+    disk = {
+      nvme0n1 = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [
+                  "defaults"
+                ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "crypted";
+                # disable settings.keyFile if you want to use interactive password entry
+                passwordFile = "/tmp/secret.key"; # Interactive
+                settings = {
+                  allowDiscards = true;
+                  #keyFile = "/tmp/secret.key";
+                };
+                #additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
+                content = {
+                  type = "btrfs";
+                  extraArgs = ["-f"];
+                  subvolumes = {
+                    "@" = {
+                      mountpoint = "/";
+                      mountOptions = ["compress=zstd" "noatime"];
+                    };
+                    "@home" = {
+                      mountpoint = "/home";
+                      mountOptions = ["compress=zstd" "noatime"];
+                    };
+                    "@nix" = {
+                      mountpoint = "/nix";
+                      mountOptions = ["compress=zstd" "noatime"];
+                    };
+                    "@persist" = {
+                      mountpoint = "/persist";
+                      mountOptions = ["compress=zstd" "noatime"];
+                    };
+                    "@swap" = {
+                      mountpoint = "/.swapvol";
+                      swap.swapfile.size = "8G";
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/talos/hardware-configuration.nix

@@ -0,0 +1,29 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-amd"];
+  boot.extraModulePackages = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/talos/home.nix

@@ -0,0 +1,57 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  home-manager.users.alarsyo = {
+    home.stateVersion = lib.mkForce "23.11";
+
+    my.home.laptop.enable = true;
+
+    # Keyboard settings & i3 settings
+    my.home.x.enable = true;
+    my.home.x.i3bar.temperature.chip = "k10temp-pci-*";
+    my.home.x.i3bar.temperature.inputs = ["Tctl"];
+    my.home.x.i3bar.networking.throughput_interfaces = ["wlp1s0"];
+    my.home.emacs.enable = true;
+
+    my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
+
+    # TODO: place in global home conf
+    services.dunst.enable = true;
+
+    home.packages = builtins.attrValues {
+      inherit
+        (pkgs)
+        # some websites only work there :(
+        
+        #chromium
+        
+        #darktable
+        
+        ## dev
+        
+        #
+        
+        #rustup
+        
+        #gdb
+        
+        #valgrind
+        
+        arandr
+        #zotero
+        
+        ;
+
+      #inherit
+      #  (pkgs.packages)
+      #  ansel
+      #  spot
+      #  ;
+
+      #inherit (pkgs.wineWowPackages) stable;
+    };
+  };
+}

hosts/talos/secrets.nix

@@ -0,0 +1,23 @@
+{
+  config,
+  lib,
+  options,
+  ...
+}: {
+  config.age = {
+    secrets = let
+      toSecret = name: {...} @ attrs:
+        {
+          file = ./../../modules/secrets + "/${name}.age";
+        }
+        // attrs;
+    in
+      lib.mapAttrs toSecret {
+        #"restic-backup/hephaestus-credentials" = {};
+        #"restic-backup/hephaestus-password" = {};
+
+        "users/alarsyo-hashed-password" = {};
+        "users/root-hashed-password" = {};
+      };
+  };
+}