From 2a2275a87ad874317114dc0dfbee139944b228ca Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 28 Feb 2024 17:48:56 +0100 Subject: [PATCH 01/10] flake: update everything --- flake.lock | 126 ++++++++++++++++++++++++++++++++++++++--------------- flake.nix | 15 +++++-- 2 files changed, 103 insertions(+), 38 deletions(-) diff --git a/flake.lock b/flake.lock index 92525ad..82707a5 100644 --- a/flake.lock +++ b/flake.lock @@ -3,14 +3,16 @@ "agenix": { "inputs": { "darwin": "darwin", - "nixpkgs": "nixpkgs" + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" }, "locked": { - "lastModified": 1677969766, - "narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=", + "lastModified": 1707830867, + "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", "owner": "ryantm", "repo": "agenix", - "rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e", + "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", "type": "github" }, "original": { @@ -27,11 +29,11 @@ ] }, "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -46,11 +48,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1702479765, - "narHash": "sha256-wjNYsFhciYoJkZ/FBKvFj55k+vkLbu6C2qYQ7K+s8pI=", + "lastModified": 1708910350, + "narHash": "sha256-cTuJVlOm05aQFIgGuYikgkrI61P2vTO2OfXwIRWEzUg=", "owner": "nix-community", "repo": "disko", - "rev": "bd8fbc3f274288ac905bcea66bc2a5428abde458", + "rev": "a13f36255cf4ce99cc4236a34251c2e7106e101d", "type": "github" }, "original": { @@ -61,17 +63,20 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems_2" + }, "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", "type": "github" }, "original": { "owner": "numtide", - "ref": "master", + "ref": "main", "repo": "flake-utils", "type": "github" } @@ -79,31 +84,52 @@ "home-manager": { "inputs": { "nixpkgs": [ + "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1706981411, - "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "owner": "nix-community", "repo": "home-manager", - "rev": "652fda4ca6dafeb090943422c34ae9145787af37", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1708988456, + "narHash": "sha256-RCz7Xe64tN2zgWk+MVHkzg224znwqknJ1RnB7rVqUWw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "1d085ea4444d26aa52297758b333b449b2aa6fca", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", "repo": "home-manager", "type": "github" } }, "nixos-hardware": { "locked": { - "lastModified": 1695887975, - "narHash": "sha256-u3+5FR12dI305jCMb0fJNQx2qwoQ54lv1tPoEWp0hmg=", + "lastModified": 1709110790, + "narHash": "sha256-qUk0G9vWX90beOKB1EtLFdeImXAujNi5SP5zTyIEATc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "adcfd6aa860d1d129055039696bc457af7d50d0e", + "rev": "01467901ec51dd92774040f2b3dff4f21f4e1c45", "type": "github" }, "original": { @@ -115,11 +141,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1677676435, - "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "type": "github" }, "original": { @@ -131,11 +157,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1678510587, - "narHash": "sha256-Jb6/OsFlvUotDhs9Xtk/G5SLXCHsnVnVdn5trgSiNQA=", + "lastModified": 1709109332, + "narHash": "sha256-v2rVOs9d+A+t3ZFgWCq/31gontLcJc9K0raI7fDuu34=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1e21dd61028bca1ed1d70a76bc8bd988ae366275", + "rev": "c1fe227b486d4bfffb319fd225a95ea574d398bf", "type": "github" }, "original": { @@ -147,11 +173,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1697915759, - "narHash": "sha256-WyMj5jGcecD+KC8gEs+wFth1J1wjisZf8kVZH13f1Zo=", + "lastModified": 1708815994, + "narHash": "sha256-hL7N/ut2Xu0NaDxDMsw2HagAjgDskToGiyZOWriiLYM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "51d906d2341c9e866e48c2efcaac0f2d70bfd43e", + "rev": "9a9dae8f6319600fa9aebde37f340975cab4b8c0", "type": "github" }, "original": { @@ -163,16 +189,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1707650010, - "narHash": "sha256-dOhphIA4MGrH4ElNCy/OlwmN24MsnEqFjRR6+RY7jZw=", + "lastModified": 1708984720, + "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "809cca784b9f72a5ad4b991e0e7bcf8890f9c3a6", + "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -182,11 +208,41 @@ "agenix": "agenix", "disko": "disko", "flake-utils": "flake-utils", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", "nixpkgs-unstable-small": "nixpkgs-unstable-small" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 54c4d61..9a3c3fb 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ type = "github"; owner = "NixOS"; repo = "nixpkgs"; - ref = "nixos-23.11"; + ref = "nixos-unstable"; }; nixpkgs-unstable-small = { @@ -25,7 +25,7 @@ type = "github"; owner = "nix-community"; repo = "home-manager"; - ref = "release-23.11"; + ref = "master"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -33,7 +33,7 @@ type = "github"; owner = "numtide"; repo = "flake-utils"; - ref = "master"; + ref = "main"; }; nixos-hardware = { @@ -155,6 +155,15 @@ ++ sharedModules; }; + talos = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + inputs.nixos-hardware.nixosModules.framework-13-inch-7040-amd + disko.nixosModules.default + ./talos.nix + ]; + }; + thanatos = nixpkgs.lib.nixosSystem { inherit system; modules = From 3e3f4331d20f9309f3bd0f6c5e45632126a566d5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 28 Feb 2024 23:30:28 +0100 Subject: [PATCH 02/10] talos: initial setup --- flake.nix | 4 +- hosts/talos/default.nix | 106 ++++++++++++++++++ hosts/talos/disko-config.nix | 63 +++++++++++ hosts/talos/hardware-configuration.nix | 25 +++++ hosts/talos/home.nix | 46 ++++++++ hosts/talos/secrets.nix | 23 ++++ modules/secrets/secrets.nix | 3 +- .../secrets/users/alarsyo-hashed-password.age | Bin 863 -> 836 bytes .../secrets/users/root-hashed-password.age | 28 ++--- talos.nix | 23 ++++ 10 files changed, 304 insertions(+), 17 deletions(-) create mode 100644 hosts/talos/default.nix create mode 100644 hosts/talos/disko-config.nix create mode 100644 hosts/talos/hardware-configuration.nix create mode 100644 hosts/talos/home.nix create mode 100644 hosts/talos/secrets.nix create mode 100644 talos.nix diff --git a/flake.nix b/flake.nix index 9a3c3fb..b068188 100644 --- a/flake.nix +++ b/flake.nix @@ -158,10 +158,10 @@ talos = nixpkgs.lib.nixosSystem { inherit system; modules = [ - inputs.nixos-hardware.nixosModules.framework-13-inch-7040-amd + inputs.nixos-hardware.nixosModules.framework-13-7040-amd disko.nixosModules.default ./talos.nix - ]; + ] ++ sharedModules; }; thanatos = nixpkgs.lib.nixosSystem { diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix new file mode 100644 index 0000000..cfc361c --- /dev/null +++ b/hosts/talos/default.nix @@ -0,0 +1,106 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ./disko-config.nix + + ./home.nix + ./secrets.nix + ]; + + hardware.amdgpu.opencl = false; + + boot.kernelPackages = pkgs.linuxPackages_6_6; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.tmp.useTmpfs = true; + + services.btrfs = { + autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + }; + + networking.hostName = "talos"; # Define your hostname. + networking.domain = "alarsyo.net"; + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + time.timeZone = "Europe/Paris"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + programs = { + dconf.enable = true; + light.enable = true; + }; + services = { + fwupd.enable = true; + openssh.enable = true; + }; + virtualisation = { + docker.enable = true; + libvirtd.enable = true; + }; + + my.services = { + tailscale = { + enable = true; + useRoutingFeatures = "client"; + }; + + pipewire.enable = true; + }; + + my.gui.enable = true; + my.displayManager.sddm.enable = lib.mkForce false; + + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + settings.General.Experimental = true; + }; + + # Configure console keymap + console.keyMap = "us"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "fr_FR.UTF-8"; + LC_IDENTIFICATION = "fr_FR.UTF-8"; + LC_MEASUREMENT = "fr_FR.UTF-8"; + LC_MONETARY = "fr_FR.UTF-8"; + LC_NAME = "fr_FR.UTF-8"; + LC_PAPER = "fr_FR.UTF-8"; + LC_TELEPHONE = "fr_FR.UTF-8"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the KDE Plasma Desktop Environment. + services.xserver.displayManager.sddm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + services.power-profiles-daemon.enable = true; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; +} + diff --git a/hosts/talos/disko-config.nix b/hosts/talos/disko-config.nix new file mode 100644 index 0000000..89ddfd8 --- /dev/null +++ b/hosts/talos/disko-config.nix @@ -0,0 +1,63 @@ +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + # disable settings.keyFile if you want to use interactive password entry + passwordFile = "/tmp/secret.key"; # Interactive + settings = { + allowDiscards = true; + #keyFile = "/tmp/secret.key"; + }; + #additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "8G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/talos/hardware-configuration.nix b/hosts/talos/hardware-configuration.nix new file mode 100644 index 0000000..7bb481b --- /dev/null +++ b/hosts/talos/hardware-configuration.nix @@ -0,0 +1,25 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix new file mode 100644 index 0000000..06cb3dd --- /dev/null +++ b/hosts/talos/home.nix @@ -0,0 +1,46 @@ +{ + config, + pkgs, + ... +}: { + home-manager.users.alarsyo = { + my.home.laptop.enable = true; + + # Keyboard settings & i3 settings + my.home.x.enable = true; + my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; + my.home.x.i3bar.temperature.inputs = ["Tctl"]; + my.home.x.i3bar.networking.throughput_interfaces = ["wlp1s0"]; + my.home.emacs.enable = true; + + my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; + + # TODO: place in global home conf + services.dunst.enable = true; + + home.packages = builtins.attrValues { + inherit + (pkgs) + # some websites only work there :( + + chromium + darktable + # dev + + rustup + gdb + valgrind + arandr + zotero + ; + + #inherit + # (pkgs.packages) + # ansel + # spot + # ; + + inherit (pkgs.wineWowPackages) stable; + }; + }; +} diff --git a/hosts/talos/secrets.nix b/hosts/talos/secrets.nix new file mode 100644 index 0000000..387f511 --- /dev/null +++ b/hosts/talos/secrets.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + options, + ... +}: { + config.age = { + secrets = let + toSecret = name: {...} @ attrs: + { + file = ./../../modules/secrets + "/${name}.age"; + } + // attrs; + in + lib.mapAttrs toSecret { + #"restic-backup/hephaestus-credentials" = {}; + #"restic-backup/hephaestus-password" = {}; + + "users/alarsyo-hashed-password" = {}; + "users/root-hashed-password" = {}; + }; + }; +} diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 9c042d0..2496adb 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -5,9 +5,10 @@ let boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades"; hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus"; + talos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBYcmL9HZJ9SqB9OJwQ0Nt6ZbvHZTS+fzM8A6D5MPZs root@talos"; thanatos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8JEAWk/8iSl8fN6/f76JkmVFwtyixTpLol4zSVsnVw root@thanatos"; - machines = [boreal hades hephaestus thanatos]; + machines = [boreal hades hephaestus talos thanatos]; all = users ++ machines; in { diff --git a/modules/secrets/users/alarsyo-hashed-password.age b/modules/secrets/users/alarsyo-hashed-password.age index 38b12accb020c04422710553bdf46bb52f37ee10..dfbbc689bf07585002b19933c6eb4a0bdd1e63c7 100644 GIT binary patch delta 746 zcmcc5c7$z$PJOUncA>swRalaXM{a&_lxMDaPPTJ-WSL)LmWfAjZhDb{e^73gcX60O zGM9h8bB?xKlxc8=L4I~dxPP8om1U`RNp_jHQ*o|uRF#u1k?mhDAoWet}^`v9Ei!esM}+scC?liBn}xx z#E;_j?&Z#Ae%c-$#bHhs;o6mXp+QLj86^Q}`AH@z&biuoULh9QmTq1pC6&osh8`v* zRbFn{B^e>X={aWkoQEC!d5$T=n z>g7{WRhd*(?&@alUL5RSn1P#FTA7=^f2o;&d8J=* zc9BJ}er`!Qm#(g^f=fx5WtP5^fon*ZPiAm(rMp*{TT-#7Z*qB9YO+U^MS757v16`t zs6~}`I@i9*ZMyQUA9`+Y+uHwo-@yZNma66x{Z7oE!~4C$LyO}fllw>3I>jo6PfOZ- zqxhGtaak9*z_80#VzTV_hO3s2_n-YZe7-B$WB$jeEiZmQJGE8sV}0}Q$!~fmS8+Y+ T)ZEXj(f`xvxZdjTi#7lN3+@b5 delta 793 zcmX@YcAss6PJN!EnQ4TFn`uRHVz{YSfO}eaq>oF9bD@DtU|@ltnVVBmQl5*qkCCxc zB$roZl}}oQWne^5m`PSdV0c+^gs-c=d8DOpVwzc)V_;OML13n9rK3SnF_*5LLUD11 zZfc5=si~o*LP3N@rBS+qfn#ZTkcmr~SyE|Ea(=nCkDGsrSwyj$eyFxjrA1nxi)X1v za&~cMmUFfVS4c!;kw`o4~n&oYYF8zrTMr>FS3 zW@!ib=lG;%rB~$`yGQvM`Wjc1mKraR5h!8IS zAaWHXDr6QV|{<~ zjO;2?-y~nh;?n#~E*Fc8Y`?6Oh&l7Nb@W+qvBArqKLAnQVWxS?6Pd%!YET;Lu1RdF#Vt$ugsL7NauXZoItLB z5f_uJV=}x%f68%QQNDI!-*P+SfU3VU0#Cd+f314I*E|K@OA&Wd**3j44pjUszjTM` zQI$Wt8)|%yxmbJu+8iY{C0I{RZnuEYj@J<{`q_f**B)3f=fZZwEX~zxJfcr$WFK3- LcIA?7HR-kh+z1oG diff --git a/modules/secrets/users/root-hashed-password.age b/modules/secrets/users/root-hashed-password.age index 0988a49..6a15e89 100644 --- a/modules/secrets/users/root-hashed-password.age +++ b/modules/secrets/users/root-hashed-password.age @@ -1,15 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 YWMQkg i+/8YGSMh0M3Z0qvZebnAmZzr78cnp0TDMUr/FvSyj8 -YQm2rXUoM2l1zh4AD6LHBvgDgsRYdiZWgycu1OabiaA --> ssh-ed25519 pX8y2g Vrn1mB2TH0EGY6uB9hfRu3LaLNp5hjwgLCV4xHQ3UDc -2zZBeLqqs6PAAywIs7v3aLb4tFydwrV6iqGJcZkDbY8 --> ssh-ed25519 SYm+hA PbPD9hhKTAqOFwY0RNtq0tNZnmwC7B0BWCcEp4MBEQ0 -qoXYrSuGtWQX6FlNIgVCkwRy5He/SVi3VHrbPHQvpf0 --> ssh-ed25519 6UUuZw 4pyEkmESRYwA3cURKdWtJ9w5K72y6qNqNXRb+oexoGA -UBa59ClPat1rl4r/BBWHhea1YBLBiyaoHvoYrgnkZhk --> ssh-ed25519 k2gHjw Ef7VgulblvO2b6gUlSa7MqAJMm/0E4z9kOLGuuy+MyY -ede5dtwJpTaDdtFGtNdrv+dfF/V/qmCR+vjC0vhv7WQ --> 2}s-grease -H1mgdyEhmM8weQ+JKPeLvHRb4XsD+zglY5RI428sqRhUSoOX3P8 ---- F/H59tq65rdlR0xSltrmJ8FJZaLVIQPAiruY0R8xpYM -b$(cmQ-:+'TKakyxy._5~Y6@Kʒj8لI'#9W<'֨i׈ZOz \ No newline at end of file +-> ssh-ed25519 YWMQkg mb17MHdKPO5SDXOslq38CjHLKy063L1KyN2wT85fGlE +3JnWLwx2cNmBC1vpS9KAwZQIy7B/vqLZ9QwQYNY4wMQ +-> ssh-ed25519 pX8y2g mvykS4XrUSwe68MteVV52u95oySHdzRlMGVFjhQQrx8 +ztoGz8OrTMRH/0NPfnQXrVBA0Uyuuc2b0dlOXToq85U +-> ssh-ed25519 SYm+hA TiL9r8l1nIvOMUpFaYmZ/5d6DRxcMHMICjrTfmbC7Wc +GfivQi5vzTUfYDVjwSxNA8t/tKtRu0QAGE+kPr4u1+I +-> ssh-ed25519 nh0dAQ 9agb3Zl/7+mAIH7bcIXbY2KrHDZAjugAfKbQ0OAhIQQ +kPzKALS6Wrr5zUJngqjwGV6w5prKMWlj/WY2qi2ck4M +-> ssh-ed25519 6UUuZw 36Uu//D8HuiRHFN0GOAyLxI0J3yBrTSBXuBG9pTVZA8 +KTMmUW8MvVtUm4Xjyz0JGDdz4H7Y5KxLPDeYPc0dfl4 +-> ssh-ed25519 k2gHjw D3OD07mu/YnR3xVhhbX4UoChpAWSG4CYIkmQZclsjQc +kgqZizkSgB5p+1ZRd0tP/bBxZ92jt6fvAcNZe3MmgoE +--- ZuL2dvQ6+hac47fRdRWl4VHl2sRIvnF80d37EZKq94I +J)Fr@+4rF OL5|㞵ˮq[ Pm;aH Date: Thu, 29 Feb 2024 02:44:24 +0100 Subject: [PATCH 03/10] base: update xkb option names --- base/gui-programs.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index 31ee485..ee2712f 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -35,8 +35,10 @@ in { then ["nvidia"] else options.services.xserver.videoDrivers.default; windowManager.i3.enable = true; - layout = "fr"; - xkbVariant = "us"; + xkb = { + layout = "fr"; + variant = "us"; + }; libinput = { enable = true; touchpad = { From 2d420362acc75d27336ee9fcd705e4c48ef14dda Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Feb 2024 02:45:20 +0100 Subject: [PATCH 04/10] base: remove driver config NVIDIA specific settings should just go to boreal --- base/gui-programs.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/base/gui-programs.nix b/base/gui-programs.nix index ee2712f..885597b 100644 --- a/base/gui-programs.nix +++ b/base/gui-programs.nix @@ -29,11 +29,6 @@ in { services = { xserver = { enable = true; - # NOTE: could use `mkOptionDefault` but this feels more explicit - videoDrivers = - if config.my.gui.isNvidia - then ["nvidia"] - else options.services.xserver.videoDrivers.default; windowManager.i3.enable = true; xkb = { layout = "fr"; From 401ee0005ac2e7068cd963acff35226e9261a718 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Feb 2024 03:48:41 +0100 Subject: [PATCH 05/10] run formatter --- flake.nix | 12 +++++++----- hosts/talos/default.nix | 25 +++++++++++++------------ hosts/talos/disko-config.nix | 8 ++++---- hosts/talos/hardware-configuration.nix | 22 +++++++++++++--------- hosts/talos/home.nix | 4 ++-- 5 files changed, 39 insertions(+), 32 deletions(-) diff --git a/flake.nix b/flake.nix index b068188..c0f7351 100644 --- a/flake.nix +++ b/flake.nix @@ -157,11 +157,13 @@ talos = nixpkgs.lib.nixosSystem { inherit system; - modules = [ - inputs.nixos-hardware.nixosModules.framework-13-7040-amd - disko.nixosModules.default - ./talos.nix - ] ++ sharedModules; + modules = + [ + inputs.nixos-hardware.nixosModules.framework-13-7040-amd + disko.nixosModules.default + ./talos.nix + ] + ++ sharedModules; }; thanatos = nixpkgs.lib.nixosSystem { diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index cfc361c..dd16c73 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -1,18 +1,20 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -{ config, lib, pkgs, ... }: - { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ./disko-config.nix + config, + lib, + pkgs, + ... +}: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./disko-config.nix - ./home.nix - ./secrets.nix - ]; + ./home.nix + ./secrets.nix + ]; hardware.amdgpu.opencl = false; @@ -35,7 +37,7 @@ networking.domain = "alarsyo.net"; # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. time.timeZone = "Europe/Paris"; @@ -103,4 +105,3 @@ # accidentally delete configuration.nix. # system.copySystemConfiguration = true; } - diff --git a/hosts/talos/disko-config.nix b/hosts/talos/disko-config.nix index 89ddfd8..b59cd1a 100644 --- a/hosts/talos/disko-config.nix +++ b/hosts/talos/disko-config.nix @@ -33,19 +33,19 @@ #additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; content = { type = "btrfs"; - extraArgs = [ "-f" ]; + extraArgs = ["-f"]; subvolumes = { "/root" = { mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = ["compress=zstd" "noatime"]; }; "/home" = { mountpoint = "/home"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = ["compress=zstd" "noatime"]; }; "/nix" = { mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = ["compress=zstd" "noatime"]; }; "/swap" = { mountpoint = "/.swapvol"; diff --git a/hosts/talos/hardware-configuration.nix b/hosts/talos/hardware-configuration.nix index 7bb481b..1d0808e 100644 --- a/hosts/talos/hardware-configuration.nix +++ b/hosts/talos/hardware-configuration.nix @@ -1,17 +1,21 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 06cb3dd..53d7fec 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -22,11 +22,11 @@ inherit (pkgs) # some websites only work there :( - + chromium darktable # dev - + rustup gdb valgrind From b28266d6eaa5e0824b3b7c61f2aaeab0eedb8d93 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Feb 2024 10:58:36 +0100 Subject: [PATCH 06/10] talos: update systemd-boot settings --- hosts/talos/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index dd16c73..d5a0891 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -21,7 +21,11 @@ boot.kernelPackages = pkgs.linuxPackages_6_6; # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; + boot.loader.systemd-boot = { + enable = true; + editor = false; + consoleMode = "auto"; + }; boot.loader.efi.canTouchEfiVariables = true; boot.tmp.useTmpfs = true; From b05eec42c5cfc3526b154f19acea80d6010646a6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 29 Feb 2024 16:35:17 +0100 Subject: [PATCH 07/10] talos: enable some wayland window managers --- hosts/talos/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index d5a0891..9ef88c1 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -104,6 +104,11 @@ services.xserver.desktopManager.plasma5.enable = true; services.power-profiles-daemon.enable = true; + programs.hyprland.enable = true; + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + }; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. From ae2c988bdbb2b056c4210881f41f78b621307e2e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 1 Mar 2024 10:35:36 +0100 Subject: [PATCH 08/10] talos: switch sddm to wayland --- hosts/talos/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/talos/default.nix b/hosts/talos/default.nix index 9ef88c1..a7994c8 100644 --- a/hosts/talos/default.nix +++ b/hosts/talos/default.nix @@ -100,7 +100,10 @@ services.xserver.enable = true; # Enable the KDE Plasma Desktop Environment. - services.xserver.displayManager.sddm.enable = true; + services.xserver.displayManager.sddm = { + enable = true; + wayland.enable = true; + }; services.xserver.desktopManager.plasma5.enable = true; services.power-profiles-daemon.enable = true; From 93764167e9c2ac35173f4b236ec3bc3a02d9b4e5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 1 Mar 2024 11:43:13 +0100 Subject: [PATCH 09/10] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/a13f36255cf4ce99cc4236a34251c2e7106e101d' (2024-02-26) → 'github:nix-community/disko/bde7dd352c07d43bd5b8245e6c39074a391fdd46' (2024-03-01) • Updated input 'home-manager': 'github:nix-community/home-manager/1d085ea4444d26aa52297758b333b449b2aa6fca' (2024-02-26) → 'github:nix-community/home-manager/2f3367769a93b226c467551315e9e270c3f78b15' (2024-02-29) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/01467901ec51dd92774040f2b3dff4f21f4e1c45' (2024-02-28) → 'github:NixOS/nixos-hardware/33a97b5814d36ddd65ad678ad07ce43b1a67f159' (2024-02-28) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/13aff9b34cc32e59d35c62ac9356e4a41198a538' (2024-02-26) → 'github:NixOS/nixpkgs/9099616b93301d5cf84274b184a3a5ec69e94e08' (2024-02-28) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/c1fe227b486d4bfffb319fd225a95ea574d398bf' (2024-02-28) → 'github:NixOS/nixpkgs/09c1497ce5d4ed4a0edfdd44450d3048074cb300' (2024-03-01) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 82707a5..bf02982 100644 --- a/flake.lock +++ b/flake.lock @@ -48,11 +48,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1708910350, - "narHash": "sha256-cTuJVlOm05aQFIgGuYikgkrI61P2vTO2OfXwIRWEzUg=", + "lastModified": 1709286488, + "narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=", "owner": "nix-community", "repo": "disko", - "rev": "a13f36255cf4ce99cc4236a34251c2e7106e101d", + "rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46", "type": "github" }, "original": { @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1708988456, - "narHash": "sha256-RCz7Xe64tN2zgWk+MVHkzg224znwqknJ1RnB7rVqUWw=", + "lastModified": 1709204054, + "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=", "owner": "nix-community", "repo": "home-manager", - "rev": "1d085ea4444d26aa52297758b333b449b2aa6fca", + "rev": "2f3367769a93b226c467551315e9e270c3f78b15", "type": "github" }, "original": { @@ -125,11 +125,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1709110790, - "narHash": "sha256-qUk0G9vWX90beOKB1EtLFdeImXAujNi5SP5zTyIEATc=", + "lastModified": 1709147990, + "narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "01467901ec51dd92774040f2b3dff4f21f4e1c45", + "rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159", "type": "github" }, "original": { @@ -157,11 +157,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1709109332, - "narHash": "sha256-v2rVOs9d+A+t3ZFgWCq/31gontLcJc9K0raI7fDuu34=", + "lastModified": 1709271102, + "narHash": "sha256-Z2sBL/HRRTNABsU8E5XsP+FXBEyBoi6oMwm5bV7lSFw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c1fe227b486d4bfffb319fd225a95ea574d398bf", + "rev": "09c1497ce5d4ed4a0edfdd44450d3048074cb300", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1708984720, - "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=", + "lastModified": 1709150264, + "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538", + "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08", "type": "github" }, "original": { From beb366f9a544078a62359dac1d8e3840bd8e1251 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 1 Mar 2024 13:34:33 +0100 Subject: [PATCH 10/10] home: individualise stateVersion --- home/default.nix | 2 -- hosts/boreal/home.nix | 3 +++ hosts/hades/home.nix | 3 +++ hosts/hephaestus/home.nix | 3 +++ hosts/talos/home.nix | 2 ++ hosts/thanatos/home.nix | 3 +++ 6 files changed, 14 insertions(+), 2 deletions(-) diff --git a/home/default.nix b/home/default.nix index 97d2b3c..2c74b55 100644 --- a/home/default.nix +++ b/home/default.nix @@ -21,8 +21,6 @@ ./x ]; - home.stateVersion = "21.05"; - home.username = "alarsyo"; home.sessionVariables = let diff --git a/hosts/boreal/home.nix b/hosts/boreal/home.nix index f522fb3..10516ae 100644 --- a/hosts/boreal/home.nix +++ b/hosts/boreal/home.nix @@ -4,6 +4,9 @@ ... }: { home-manager.users.alarsyo = { + # TODO: can probably upgrade me + home.stateVersion = "21.05"; + # Keyboard settings & i3 settings my.home.x.enable = true; my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; diff --git a/hosts/hades/home.nix b/hosts/hades/home.nix index 3bb7dab..3f83cc4 100644 --- a/hosts/hades/home.nix +++ b/hosts/hades/home.nix @@ -1,5 +1,8 @@ {config, ...}: { home-manager.users.alarsyo = { + # TODO: can probably upgrade me + home.stateVersion = "21.05"; + my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; }; } diff --git a/hosts/hephaestus/home.nix b/hosts/hephaestus/home.nix index 3e0f454..3f17233 100644 --- a/hosts/hephaestus/home.nix +++ b/hosts/hephaestus/home.nix @@ -4,6 +4,9 @@ ... }: { home-manager.users.alarsyo = { + # TODO: can probably upgrade me + home.stateVersion = "21.05"; + my.home.laptop.enable = true; # Keyboard settings & i3 settings diff --git a/hosts/talos/home.nix b/hosts/talos/home.nix index 53d7fec..2dce6f6 100644 --- a/hosts/talos/home.nix +++ b/hosts/talos/home.nix @@ -4,6 +4,8 @@ ... }: { home-manager.users.alarsyo = { + home.stateVersion = "24.05"; + my.home.laptop.enable = true; # Keyboard settings & i3 settings diff --git a/hosts/thanatos/home.nix b/hosts/thanatos/home.nix index 3bb7dab..3f83cc4 100644 --- a/hosts/thanatos/home.nix +++ b/hosts/thanatos/home.nix @@ -1,5 +1,8 @@ {config, ...}: { home-manager.users.alarsyo = { + # TODO: can probably upgrade me + home.stateVersion = "21.05"; + my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; }; }