diff --git a/flake.lock b/flake.lock index 82707a5..92525ad 100644 --- a/flake.lock +++ b/flake.lock @@ -3,16 +3,14 @@ "agenix": { "inputs": { "darwin": "darwin", - "home-manager": "home-manager", - "nixpkgs": "nixpkgs", - "systems": "systems" + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1707830867, - "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", + "lastModified": 1677969766, + "narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=", "owner": "ryantm", "repo": "agenix", - "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", + "rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e", "type": "github" }, "original": { @@ -29,11 +27,11 @@ ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", "type": "github" }, "original": { @@ -48,11 +46,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1708910350, - "narHash": "sha256-cTuJVlOm05aQFIgGuYikgkrI61P2vTO2OfXwIRWEzUg=", + "lastModified": 1702479765, + "narHash": "sha256-wjNYsFhciYoJkZ/FBKvFj55k+vkLbu6C2qYQ7K+s8pI=", "owner": "nix-community", "repo": "disko", - "rev": "a13f36255cf4ce99cc4236a34251c2e7106e101d", + "rev": "bd8fbc3f274288ac905bcea66bc2a5428abde458", "type": "github" }, "original": { @@ -63,20 +61,17 @@ } }, "flake-utils": { - "inputs": { - "systems": "systems_2" - }, "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", "type": "github" }, "original": { "owner": "numtide", - "ref": "main", + "ref": "master", "repo": "flake-utils", "type": "github" } @@ -84,52 +79,31 @@ "home-manager": { "inputs": { "nixpkgs": [ - "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "lastModified": 1706981411, + "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "rev": "652fda4ca6dafeb090943422c34ae9145787af37", "type": "github" }, "original": { "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1708988456, - "narHash": "sha256-RCz7Xe64tN2zgWk+MVHkzg224znwqknJ1RnB7rVqUWw=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "1d085ea4444d26aa52297758b333b449b2aa6fca", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", + "ref": "release-23.11", "repo": "home-manager", "type": "github" } }, "nixos-hardware": { "locked": { - "lastModified": 1709110790, - "narHash": "sha256-qUk0G9vWX90beOKB1EtLFdeImXAujNi5SP5zTyIEATc=", + "lastModified": 1695887975, + "narHash": "sha256-u3+5FR12dI305jCMb0fJNQx2qwoQ54lv1tPoEWp0hmg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "01467901ec51dd92774040f2b3dff4f21f4e1c45", + "rev": "adcfd6aa860d1d129055039696bc457af7d50d0e", "type": "github" }, "original": { @@ -141,11 +115,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1703013332, - "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "lastModified": 1677676435, + "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169", "type": "github" }, "original": { @@ -157,11 +131,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1709109332, - "narHash": "sha256-v2rVOs9d+A+t3ZFgWCq/31gontLcJc9K0raI7fDuu34=", + "lastModified": 1678510587, + "narHash": "sha256-Jb6/OsFlvUotDhs9Xtk/G5SLXCHsnVnVdn5trgSiNQA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c1fe227b486d4bfffb319fd225a95ea574d398bf", + "rev": "1e21dd61028bca1ed1d70a76bc8bd988ae366275", "type": "github" }, "original": { @@ -173,11 +147,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1708815994, - "narHash": "sha256-hL7N/ut2Xu0NaDxDMsw2HagAjgDskToGiyZOWriiLYM=", + "lastModified": 1697915759, + "narHash": "sha256-WyMj5jGcecD+KC8gEs+wFth1J1wjisZf8kVZH13f1Zo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9a9dae8f6319600fa9aebde37f340975cab4b8c0", + "rev": "51d906d2341c9e866e48c2efcaac0f2d70bfd43e", "type": "github" }, "original": { @@ -189,16 +163,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1708984720, - "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=", + "lastModified": 1707650010, + "narHash": "sha256-dOhphIA4MGrH4ElNCy/OlwmN24MsnEqFjRR6+RY7jZw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538", + "rev": "809cca784b9f72a5ad4b991e0e7bcf8890f9c3a6", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } @@ -208,41 +182,11 @@ "agenix": "agenix", "disko": "disko", "flake-utils": "flake-utils", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index b068188..54c4d61 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ type = "github"; owner = "NixOS"; repo = "nixpkgs"; - ref = "nixos-unstable"; + ref = "nixos-23.11"; }; nixpkgs-unstable-small = { @@ -25,7 +25,7 @@ type = "github"; owner = "nix-community"; repo = "home-manager"; - ref = "master"; + ref = "release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -33,7 +33,7 @@ type = "github"; owner = "numtide"; repo = "flake-utils"; - ref = "main"; + ref = "master"; }; nixos-hardware = { @@ -155,15 +155,6 @@ ++ sharedModules; }; - talos = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - inputs.nixos-hardware.nixosModules.framework-13-7040-amd - disko.nixosModules.default - ./talos.nix - ] ++ sharedModules; - }; - thanatos = nixpkgs.lib.nixosSystem { inherit system; modules = diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix deleted file mode 100644 index cfc361c..0000000 --- a/hosts/talos/default.nix +++ /dev/null @@ -1,106 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -{ config, lib, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ./disko-config.nix - - ./home.nix - ./secrets.nix - ]; - - hardware.amdgpu.opencl = false; - - boot.kernelPackages = pkgs.linuxPackages_6_6; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.tmp.useTmpfs = true; - - services.btrfs = { - autoScrub = { - enable = true; - fileSystems = ["/"]; - }; - }; - - networking.hostName = "talos"; # Define your hostname. - networking.domain = "alarsyo.net"; - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - - # Set your time zone. - time.timeZone = "Europe/Paris"; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - programs = { - dconf.enable = true; - light.enable = true; - }; - services = { - fwupd.enable = true; - openssh.enable = true; - }; - virtualisation = { - docker.enable = true; - libvirtd.enable = true; - }; - - my.services = { - tailscale = { - enable = true; - useRoutingFeatures = "client"; - }; - - pipewire.enable = true; - }; - - my.gui.enable = true; - my.displayManager.sddm.enable = lib.mkForce false; - - hardware.bluetooth = { - enable = true; - powerOnBoot = false; - settings.General.Experimental = true; - }; - - # Configure console keymap - console.keyMap = "us"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - i18n.extraLocaleSettings = { - LC_ADDRESS = "fr_FR.UTF-8"; - LC_IDENTIFICATION = "fr_FR.UTF-8"; - LC_MEASUREMENT = "fr_FR.UTF-8"; - LC_MONETARY = "fr_FR.UTF-8"; - LC_NAME = "fr_FR.UTF-8"; - LC_PAPER = "fr_FR.UTF-8"; - LC_TELEPHONE = "fr_FR.UTF-8"; - }; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the KDE Plasma Desktop Environment. - services.xserver.displayManager.sddm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - services.power-profiles-daemon.enable = true; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; -} - diff --git a/hosts/talos/disko-config.nix b/hosts/talos/disko-config.nix deleted file mode 100644 index 89ddfd8..0000000 --- a/hosts/talos/disko-config.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ - disko.devices = { - disk = { - nvme0n1 = { - type = "disk"; - device = "/dev/nvme0n1"; - content = { - type = "gpt"; - partitions = { - ESP = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; - }; - }; - luks = { - size = "100%"; - content = { - type = "luks"; - name = "crypted"; - # disable settings.keyFile if you want to use interactive password entry - passwordFile = "/tmp/secret.key"; # Interactive - settings = { - allowDiscards = true; - #keyFile = "/tmp/secret.key"; - }; - #additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/home" = { - mountpoint = "/home"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/swap" = { - mountpoint = "/.swapvol"; - swap.swapfile.size = "8G"; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/talos/hardware-configuration.nix b/hosts/talos/hardware-configuration.nix deleted file mode 100644 index 7bb481b..0000000 --- a/hosts/talos/hardware-configuration.nix +++ /dev/null @@ -1,25 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix deleted file mode 100644 index 06cb3dd..0000000 --- a/hosts/talos/home.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - config, - pkgs, - ... -}: { - home-manager.users.alarsyo = { - my.home.laptop.enable = true; - - # Keyboard settings & i3 settings - my.home.x.enable = true; - my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; - my.home.x.i3bar.temperature.inputs = ["Tctl"]; - my.home.x.i3bar.networking.throughput_interfaces = ["wlp1s0"]; - my.home.emacs.enable = true; - - my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; - - # TODO: place in global home conf - services.dunst.enable = true; - - home.packages = builtins.attrValues { - inherit - (pkgs) - # some websites only work there :( - - chromium - darktable - # dev - - rustup - gdb - valgrind - arandr - zotero - ; - - #inherit - # (pkgs.packages) - # ansel - # spot - # ; - - inherit (pkgs.wineWowPackages) stable; - }; - }; -} diff --git a/hosts/talos/secrets.nix b/hosts/talos/secrets.nix deleted file mode 100644 index 387f511..0000000 --- a/hosts/talos/secrets.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - config, - lib, - options, - ... -}: { - config.age = { - secrets = let - toSecret = name: {...} @ attrs: - { - file = ./../../modules/secrets + "/${name}.age"; - } - // attrs; - in - lib.mapAttrs toSecret { - #"restic-backup/hephaestus-credentials" = {}; - #"restic-backup/hephaestus-password" = {}; - - "users/alarsyo-hashed-password" = {}; - "users/root-hashed-password" = {}; - }; - }; -} diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 2496adb..9c042d0 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -5,10 +5,9 @@ let boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades"; hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus"; - talos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBYcmL9HZJ9SqB9OJwQ0Nt6ZbvHZTS+fzM8A6D5MPZs root@talos"; thanatos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8JEAWk/8iSl8fN6/f76JkmVFwtyixTpLol4zSVsnVw root@thanatos"; - machines = [boreal hades hephaestus talos thanatos]; + machines = [boreal hades hephaestus thanatos]; all = users ++ machines; in { diff --git a/modules/secrets/users/alarsyo-hashed-password.age b/modules/secrets/users/alarsyo-hashed-password.age index dfbbc68..38b12ac 100644 Binary files a/modules/secrets/users/alarsyo-hashed-password.age and b/modules/secrets/users/alarsyo-hashed-password.age differ diff --git a/modules/secrets/users/root-hashed-password.age b/modules/secrets/users/root-hashed-password.age index 6a15e89..0988a49 100644 --- a/modules/secrets/users/root-hashed-password.age +++ b/modules/secrets/users/root-hashed-password.age @@ -1,15 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 YWMQkg mb17MHdKPO5SDXOslq38CjHLKy063L1KyN2wT85fGlE -3JnWLwx2cNmBC1vpS9KAwZQIy7B/vqLZ9QwQYNY4wMQ --> ssh-ed25519 pX8y2g mvykS4XrUSwe68MteVV52u95oySHdzRlMGVFjhQQrx8 -ztoGz8OrTMRH/0NPfnQXrVBA0Uyuuc2b0dlOXToq85U --> ssh-ed25519 SYm+hA TiL9r8l1nIvOMUpFaYmZ/5d6DRxcMHMICjrTfmbC7Wc -GfivQi5vzTUfYDVjwSxNA8t/tKtRu0QAGE+kPr4u1+I --> ssh-ed25519 nh0dAQ 9agb3Zl/7+mAIH7bcIXbY2KrHDZAjugAfKbQ0OAhIQQ -kPzKALS6Wrr5zUJngqjwGV6w5prKMWlj/WY2qi2ck4M --> ssh-ed25519 6UUuZw 36Uu//D8HuiRHFN0GOAyLxI0J3yBrTSBXuBG9pTVZA8 -KTMmUW8MvVtUm4Xjyz0JGDdz4H7Y5KxLPDeYPc0dfl4 --> ssh-ed25519 k2gHjw D3OD07mu/YnR3xVhhbX4UoChpAWSG4CYIkmQZclsjQc -kgqZizkSgB5p+1ZRd0tP/bBxZ92jt6fvAcNZe3MmgoE ---- ZuL2dvQ6+hac47fRdRWl4VHl2sRIvnF80d37EZKq94I -J)Fr@+4rF OL5|㞵ˮq[ Pm;aH ssh-ed25519 YWMQkg i+/8YGSMh0M3Z0qvZebnAmZzr78cnp0TDMUr/FvSyj8 +YQm2rXUoM2l1zh4AD6LHBvgDgsRYdiZWgycu1OabiaA +-> ssh-ed25519 pX8y2g Vrn1mB2TH0EGY6uB9hfRu3LaLNp5hjwgLCV4xHQ3UDc +2zZBeLqqs6PAAywIs7v3aLb4tFydwrV6iqGJcZkDbY8 +-> ssh-ed25519 SYm+hA PbPD9hhKTAqOFwY0RNtq0tNZnmwC7B0BWCcEp4MBEQ0 +qoXYrSuGtWQX6FlNIgVCkwRy5He/SVi3VHrbPHQvpf0 +-> ssh-ed25519 6UUuZw 4pyEkmESRYwA3cURKdWtJ9w5K72y6qNqNXRb+oexoGA +UBa59ClPat1rl4r/BBWHhea1YBLBiyaoHvoYrgnkZhk +-> ssh-ed25519 k2gHjw Ef7VgulblvO2b6gUlSa7MqAJMm/0E4z9kOLGuuy+MyY +ede5dtwJpTaDdtFGtNdrv+dfF/V/qmCR+vjC0vhv7WQ +-> 2}s-grease +H1mgdyEhmM8weQ+JKPeLvHRb4XsD+zglY5RI428sqRhUSoOX3P8 +--- F/H59tq65rdlR0xSltrmJ8FJZaLVIQPAiruY0R8xpYM +b$(cmQ-:+'TKakyxy._5~Y6@Kʒj8لI'#9W<'֨i׈ZOz \ No newline at end of file diff --git a/talos.nix b/talos.nix deleted file mode 100644 index c969790..0000000 --- a/talos.nix +++ /dev/null @@ -1,23 +0,0 @@ -{...}: { - imports = [ - # Default configuration - ./base - - # Module definitions - ./modules - - # Service definitions - ./services - - # Host-specific config - ./hosts/talos - ]; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.05"; # Did you read the comment? -}