Compare commits
No commits in common. "a21e0fb568f99483665fabe63557d54fc470c079" and "c2c4035d98cef8f8ed123d88be7e73efc818de9b" have entirely different histories.
a21e0fb568
...
c2c4035d98
2
.github/workflows/cachix.yaml
vendored
2
.github/workflows/cachix.yaml
vendored
|
@ -78,7 +78,7 @@ jobs:
|
||||||
- boreal
|
- boreal
|
||||||
- hades
|
- hades
|
||||||
- hephaestus
|
- hephaestus
|
||||||
- thanatos
|
- poseidon
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
|
|
38
flake.lock
38
flake.lock
|
@ -41,25 +41,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"disko": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": "nixpkgs_2"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1702479765,
|
|
||||||
"narHash": "sha256-wjNYsFhciYoJkZ/FBKvFj55k+vkLbu6C2qYQ7K+s8pI=",
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "disko",
|
|
||||||
"rev": "bd8fbc3f274288ac905bcea66bc2a5428abde458",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-community",
|
|
||||||
"ref": "master",
|
|
||||||
"repo": "disko",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1653893745,
|
"lastModified": 1653893745,
|
||||||
|
@ -146,22 +127,6 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
|
||||||
"lastModified": 1697915759,
|
|
||||||
"narHash": "sha256-WyMj5jGcecD+KC8gEs+wFth1J1wjisZf8kVZH13f1Zo=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "51d906d2341c9e866e48c2efcaac0f2d70bfd43e",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "nixpkgs-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_3": {
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1701952659,
|
"lastModified": 1701952659,
|
||||||
"narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=",
|
"narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=",
|
||||||
|
@ -180,11 +145,10 @@
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"agenix": "agenix",
|
"agenix": "agenix",
|
||||||
"disko": "disko",
|
|
||||||
"flake-utils": "flake-utils",
|
"flake-utils": "flake-utils",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixos-hardware": "nixos-hardware",
|
||||||
"nixpkgs": "nixpkgs_3",
|
"nixpkgs": "nixpkgs_2",
|
||||||
"nixpkgs-unstable-small": "nixpkgs-unstable-small"
|
"nixpkgs-unstable-small": "nixpkgs-unstable-small"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
40
flake.nix
40
flake.nix
|
@ -42,13 +42,6 @@
|
||||||
repo = "nixos-hardware";
|
repo = "nixos-hardware";
|
||||||
ref = "master";
|
ref = "master";
|
||||||
};
|
};
|
||||||
|
|
||||||
disko = {
|
|
||||||
type = "github";
|
|
||||||
owner = "nix-community";
|
|
||||||
repo = "disko";
|
|
||||||
ref = "master";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = {
|
outputs = {
|
||||||
|
@ -56,7 +49,6 @@
|
||||||
nixpkgs,
|
nixpkgs,
|
||||||
home-manager,
|
home-manager,
|
||||||
agenix,
|
agenix,
|
||||||
disko,
|
|
||||||
...
|
...
|
||||||
} @ inputs:
|
} @ inputs:
|
||||||
{
|
{
|
||||||
|
@ -113,6 +105,15 @@
|
||||||
]
|
]
|
||||||
++ (nixpkgs.lib.attrValues self.nixosModules);
|
++ (nixpkgs.lib.attrValues self.nixosModules);
|
||||||
in {
|
in {
|
||||||
|
poseidon = nixpkgs.lib.nixosSystem rec {
|
||||||
|
inherit system;
|
||||||
|
modules =
|
||||||
|
[
|
||||||
|
./poseidon.nix
|
||||||
|
]
|
||||||
|
++ sharedModules;
|
||||||
|
};
|
||||||
|
|
||||||
hades = nixpkgs.lib.nixosSystem rec {
|
hades = nixpkgs.lib.nixosSystem rec {
|
||||||
inherit system;
|
inherit system;
|
||||||
modules =
|
modules =
|
||||||
|
@ -142,6 +143,19 @@
|
||||||
++ sharedModules;
|
++ sharedModules;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
zephyrus = nixpkgs.lib.nixosSystem rec {
|
||||||
|
inherit system;
|
||||||
|
modules =
|
||||||
|
[
|
||||||
|
./zephyrus.nix
|
||||||
|
|
||||||
|
inputs.nixos-hardware.nixosModules.common-cpu-intel
|
||||||
|
inputs.nixos-hardware.nixosModules.common-pc-laptop
|
||||||
|
inputs.nixos-hardware.nixosModules.common-pc-ssd
|
||||||
|
]
|
||||||
|
++ sharedModules;
|
||||||
|
};
|
||||||
|
|
||||||
hephaestus = nixpkgs.lib.nixosSystem rec {
|
hephaestus = nixpkgs.lib.nixosSystem rec {
|
||||||
inherit system;
|
inherit system;
|
||||||
modules =
|
modules =
|
||||||
|
@ -155,16 +169,6 @@
|
||||||
]
|
]
|
||||||
++ sharedModules;
|
++ sharedModules;
|
||||||
};
|
};
|
||||||
|
|
||||||
thanatos = nixpkgs.lib.nixosSystem {
|
|
||||||
inherit system;
|
|
||||||
modules =
|
|
||||||
[
|
|
||||||
disko.nixosModules.default
|
|
||||||
./thanatos.nix
|
|
||||||
]
|
|
||||||
++ sharedModules;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
// inputs.flake-utils.lib.eachDefaultSystem (system: {
|
// inputs.flake-utils.lib.eachDefaultSystem (system: {
|
||||||
|
|
84
hosts/poseidon/default.nix
Normal file
84
hosts/poseidon/default.nix
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
secrets = config.my.secrets;
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
|
||||||
|
./home.nix
|
||||||
|
./secrets.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Use the GRUB 2 boot loader.
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
|
||||||
|
|
||||||
|
boot.supportedFilesystems = ["btrfs"];
|
||||||
|
|
||||||
|
services.btrfs = {
|
||||||
|
autoScrub = {
|
||||||
|
enable = true;
|
||||||
|
fileSystems = ["/"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.hostName = "poseidon"; # Define your hostname.
|
||||||
|
networking.domain = "alarsyo.net";
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Paris";
|
||||||
|
|
||||||
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
|
# replicates the default behaviour.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.eno1.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "163.172.11.110";
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
networking.defaultGateway = {
|
||||||
|
address = "163.172.11.1";
|
||||||
|
interface = "eno1";
|
||||||
|
};
|
||||||
|
networking.nameservers = [
|
||||||
|
"62.210.16.6"
|
||||||
|
"62.210.16.7"
|
||||||
|
];
|
||||||
|
my.networking.externalInterface = "eno1";
|
||||||
|
|
||||||
|
my.services = {
|
||||||
|
restic-backup = {
|
||||||
|
enable = true;
|
||||||
|
repo = "b2:poseidon-backup";
|
||||||
|
passwordFile = config.age.secrets."restic-backup/poseidon-password".path;
|
||||||
|
environmentFile = config.age.secrets."restic-backup/poseidon-credentials".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
fail2ban = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
tailscale = {
|
||||||
|
enable = true;
|
||||||
|
exitNode = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
openssh.enable = true;
|
||||||
|
vnstat.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Takes a long while to build
|
||||||
|
documentation.nixos.enable = false;
|
||||||
|
}
|
45
hosts/poseidon/hardware-configuration.nix
Normal file
45
hosts/poseidon/hardware-configuration.nix
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
inherit
|
||||||
|
(lib)
|
||||||
|
mkDefault
|
||||||
|
;
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = ["ahci" "usbhid"];
|
||||||
|
boot.initrd.kernelModules = [];
|
||||||
|
boot.kernelModules = ["kvm-intel"];
|
||||||
|
boot.extraModulePackages = [];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-uuid/adcf0158-edfb-402f-82e7-61e4902af989";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [
|
||||||
|
"subvol=@nixos"
|
||||||
|
"compress=zstd"
|
||||||
|
"noatime"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/ff54b622-0e26-4c6e-aa0c-ac2c1e12699a";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [
|
||||||
|
{device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc";}
|
||||||
|
];
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = mkDefault "ondemand";
|
||||||
|
}
|
27
hosts/poseidon/secrets.nix
Normal file
27
hosts/poseidon/secrets.nix
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
options,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
config.age = {
|
||||||
|
secrets = let
|
||||||
|
toSecret = name: {...} @ attrs:
|
||||||
|
{
|
||||||
|
file = ./../../modules/secrets + "/${name}.age";
|
||||||
|
}
|
||||||
|
// attrs;
|
||||||
|
in
|
||||||
|
lib.mapAttrs toSecret {
|
||||||
|
"gandi/api-key" = {};
|
||||||
|
|
||||||
|
"lohr/shared-secret" = {};
|
||||||
|
|
||||||
|
"restic-backup/poseidon-credentials" = {};
|
||||||
|
"restic-backup/poseidon-password" = {};
|
||||||
|
|
||||||
|
"users/alarsyo-hashed-password" = {};
|
||||||
|
"users/root-hashed-password" = {};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,43 +0,0 @@
|
||||||
# Edit this configuration file to define what should be installed on
|
|
||||||
# your system. Help is available in the configuration.nix(5) man page
|
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
secrets = config.my.secrets;
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
# Include the results of the hardware scan.
|
|
||||||
./hardware-configuration.nix
|
|
||||||
./disko-configuration.nix
|
|
||||||
./home.nix
|
|
||||||
./secrets.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
|
||||||
boot.tmp.useTmpfs = true;
|
|
||||||
|
|
||||||
networking.hostName = "thanatos"; # Define your hostname.
|
|
||||||
networking.domain = "lrde.epita.fr";
|
|
||||||
|
|
||||||
# Set your time zone.
|
|
||||||
time.timeZone = "Europe/Paris";
|
|
||||||
|
|
||||||
# List services that you want to enable:
|
|
||||||
my.services = {
|
|
||||||
tailscale.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services = {
|
|
||||||
openssh.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
virtualisation.docker.enable = true;
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
docker-compose
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,52 +0,0 @@
|
||||||
{
|
|
||||||
disko.devices = {
|
|
||||||
disk = {
|
|
||||||
main = {
|
|
||||||
type = "disk";
|
|
||||||
device = "/dev/disk/by-id/ata-CT250MX500SSD1_2301E69A20C4";
|
|
||||||
content = {
|
|
||||||
type = "gpt";
|
|
||||||
partitions = {
|
|
||||||
boot = {
|
|
||||||
size = "1M";
|
|
||||||
type = "EF02"; # for grub MBR
|
|
||||||
};
|
|
||||||
ESP = {
|
|
||||||
size = "512M";
|
|
||||||
type = "EF00";
|
|
||||||
content = {
|
|
||||||
type = "filesystem";
|
|
||||||
format = "vfat";
|
|
||||||
mountpoint = "/boot";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
root = {
|
|
||||||
size = "100%";
|
|
||||||
content = {
|
|
||||||
type = "btrfs";
|
|
||||||
subvolumes = {
|
|
||||||
"/root" = {
|
|
||||||
mountpoint = "/";
|
|
||||||
mountOptions = [ "compress=zstd" "noatime" ];
|
|
||||||
};
|
|
||||||
"/home" = {
|
|
||||||
mountpoint = "/home";
|
|
||||||
mountOptions = [ "compress=zstd" "noatime" ];
|
|
||||||
};
|
|
||||||
"/nix" = {
|
|
||||||
mountpoint = "/nix";
|
|
||||||
mountOptions = [ "compress=zstd" "noatime" ];
|
|
||||||
};
|
|
||||||
"/swap" = {
|
|
||||||
mountpoint = "/.swapvol";
|
|
||||||
swap.swapfile.size = "8G";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,25 +0,0 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
|
||||||
# still possible to use this option, but it's recommended to use it in conjunction
|
|
||||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
|
||||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
}
|
|
112
hosts/zephyrus/default.nix
Normal file
112
hosts/zephyrus/default.nix
Normal file
|
@ -0,0 +1,112 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./home.nix
|
||||||
|
./secrets.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.kernelPackages = pkgs.linuxPackages;
|
||||||
|
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
boot.tmp.useTmpfs = true;
|
||||||
|
|
||||||
|
services.btrfs = {
|
||||||
|
autoScrub = {
|
||||||
|
enable = true;
|
||||||
|
fileSystems = ["/"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.hostName = "zephyrus"; # Define your hostname.
|
||||||
|
networking.domain = "alarsyo.net";
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Paris";
|
||||||
|
|
||||||
|
# List services that you want to enable:
|
||||||
|
my.services = {
|
||||||
|
tailscale.enable = true;
|
||||||
|
|
||||||
|
pipewire.enable = true;
|
||||||
|
|
||||||
|
restic-backup = {
|
||||||
|
enable = true;
|
||||||
|
repo = "b2:zephyrus-backup";
|
||||||
|
passwordFile = config.age.secrets."restic-backup/zephyrus-password".path;
|
||||||
|
environmentFile = config.age.secrets."restic-backup/zephyrus-credentials".path;
|
||||||
|
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day
|
||||||
|
};
|
||||||
|
|
||||||
|
paths = [
|
||||||
|
"/home/alarsyo"
|
||||||
|
];
|
||||||
|
exclude = [
|
||||||
|
"/home/alarsyo/Downloads"
|
||||||
|
|
||||||
|
# Rust builds using half my storage capacity
|
||||||
|
"/home/alarsyo/**/target"
|
||||||
|
"/home/alarsyo/work/rust/build"
|
||||||
|
|
||||||
|
# don't backup nixpkgs
|
||||||
|
"/home/alarsyo/work/nixpkgs"
|
||||||
|
|
||||||
|
"/home/alarsyo/go"
|
||||||
|
|
||||||
|
# C build crap
|
||||||
|
"*.a"
|
||||||
|
"*.o"
|
||||||
|
"*.so"
|
||||||
|
|
||||||
|
# test vms
|
||||||
|
"*.qcow2"
|
||||||
|
|
||||||
|
# secrets stay offline
|
||||||
|
"/home/alarsyo/**/secrets"
|
||||||
|
|
||||||
|
# ignore all dotfiles as .config and .cache can become quite big
|
||||||
|
"/home/alarsyo/.*"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.docker.enable = true;
|
||||||
|
virtualisation.libvirtd.enable = true;
|
||||||
|
programs.dconf.enable = true;
|
||||||
|
|
||||||
|
services = {
|
||||||
|
tlp = {
|
||||||
|
settings = {
|
||||||
|
START_CHARGE_THRESH_BAT0 = 70;
|
||||||
|
STOP_CHARGE_THRESH_BAT0 = 80;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
fwupd.enable = true;
|
||||||
|
openssh.enable = true;
|
||||||
|
};
|
||||||
|
my.gui.enable = true;
|
||||||
|
|
||||||
|
services.udev.packages = [pkgs.chrysalis];
|
||||||
|
services.udisks2.enable = true;
|
||||||
|
|
||||||
|
hardware.bluetooth = {
|
||||||
|
enable = true;
|
||||||
|
powerOnBoot = false;
|
||||||
|
settings.General.Experimental = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.light.enable = true;
|
||||||
|
}
|
70
hosts/zephyrus/hardware-configuration.nix
Normal file
70
hosts/zephyrus/hardware-configuration.nix
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
inherit
|
||||||
|
(lib)
|
||||||
|
mkDefault
|
||||||
|
;
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
|
||||||
|
boot.initrd.kernelModules = [];
|
||||||
|
boot.kernelModules = ["kvm-intel"];
|
||||||
|
boot.extraModulePackages = [];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["subvol=@" "compress=zstd" "noatime"];
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c59e7067-e33c-474c-9b8e-96d0e8f59297";
|
||||||
|
|
||||||
|
fileSystems."/home" = {
|
||||||
|
device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["subvol=@home" "compress=zstd" "noatime"];
|
||||||
|
neededForBoot = true; # agenix needs my key for some root secrets
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nix" = {
|
||||||
|
device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["subvol=@nix" "compress=zstd" "noatime"];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/D9DA-F46C";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/swap" = {
|
||||||
|
device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["subvol=@swap" "compress=zstd" "noatime"];
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [
|
||||||
|
{
|
||||||
|
device = "/swap/swapfile";
|
||||||
|
size = 1024 * 8; # half of RAM size
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = mkDefault "powersave";
|
||||||
|
|
||||||
|
hardware = {
|
||||||
|
enableRedistributableFirmware = true;
|
||||||
|
cpu.intel.updateMicrocode = true;
|
||||||
|
};
|
||||||
|
}
|
39
hosts/zephyrus/home.nix
Normal file
39
hosts/zephyrus/home.nix
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
home-manager.users.alarsyo = {
|
||||||
|
my.home.laptop.enable = true;
|
||||||
|
|
||||||
|
# Keyboard settings & i3 settings
|
||||||
|
my.home.x.enable = true;
|
||||||
|
my.home.x.i3bar.temperature.chip = "coretemp-isa-*";
|
||||||
|
my.home.x.i3bar.temperature.inputs = ["Core 0" "Core 1" "Core 2" "Core 3"];
|
||||||
|
my.home.x.i3bar.networking.throughput_interfaces = ["enp0s31f6" "wlp0s20f3" "enp43s0u1u1"];
|
||||||
|
my.home.emacs.enable = true;
|
||||||
|
|
||||||
|
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
|
||||||
|
|
||||||
|
home.packages = builtins.attrValues {
|
||||||
|
inherit
|
||||||
|
(pkgs)
|
||||||
|
# some websites only work there :(
|
||||||
|
|
||||||
|
chromium
|
||||||
|
darktable
|
||||||
|
# dev
|
||||||
|
|
||||||
|
rustup
|
||||||
|
gdb
|
||||||
|
valgrind
|
||||||
|
arandr
|
||||||
|
zotero
|
||||||
|
;
|
||||||
|
|
||||||
|
inherit (pkgs.packages) spot;
|
||||||
|
|
||||||
|
inherit (pkgs.wineWowPackages) stable;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -13,6 +13,9 @@
|
||||||
// attrs;
|
// attrs;
|
||||||
in
|
in
|
||||||
lib.mapAttrs toSecret {
|
lib.mapAttrs toSecret {
|
||||||
|
"restic-backup/zephyrus-credentials" = {};
|
||||||
|
"restic-backup/zephyrus-password" = {};
|
||||||
|
|
||||||
"users/alarsyo-hashed-password" = {};
|
"users/alarsyo-hashed-password" = {};
|
||||||
"users/root-hashed-password" = {};
|
"users/root-hashed-password" = {};
|
||||||
};
|
};
|
|
@ -5,13 +5,14 @@ let
|
||||||
boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal";
|
boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal";
|
||||||
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades";
|
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades";
|
||||||
hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus";
|
hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus";
|
||||||
thanatos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8JEAWk/8iSl8fN6/f76JkmVFwtyixTpLol4zSVsnVw root@thanatos";
|
poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon";
|
||||||
|
zephyrus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU4JfIADH9MXUnVe+3ezYK9WXsqy/jJcm1zFkmL4aSU root@zephyrus";
|
||||||
|
|
||||||
machines = [boreal hades hephaestus thanatos];
|
machines = [boreal hades hephaestus poseidon zephyrus];
|
||||||
|
|
||||||
all = users ++ machines;
|
all = users ++ machines;
|
||||||
in {
|
in {
|
||||||
"gandi/api-key.age".publicKeys = [alarsyo hades];
|
"gandi/api-key.age".publicKeys = [alarsyo hades poseidon];
|
||||||
|
|
||||||
"lohr/shared-secret.age".publicKeys = [alarsyo hades];
|
"lohr/shared-secret.age".publicKeys = [alarsyo hades];
|
||||||
|
|
||||||
|
@ -34,7 +35,11 @@ in {
|
||||||
"restic-backup/hades-credentials.age".publicKeys = [alarsyo hades];
|
"restic-backup/hades-credentials.age".publicKeys = [alarsyo hades];
|
||||||
"restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus];
|
"restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus];
|
||||||
"restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus];
|
"restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus];
|
||||||
|
"restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon];
|
||||||
|
"restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon];
|
||||||
|
"restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus];
|
||||||
|
"restic-backup/zephyrus-credentials.age".publicKeys = [alarsyo zephyrus];
|
||||||
|
|
||||||
"users/root-hashed-password.age".publicKeys = machines ++ [alarsyo];
|
"users/root-hashed-password.age".publicKeys = machines;
|
||||||
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo];
|
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,16 +1,17 @@
|
||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-ed25519 YWMQkg nA65XHF5xsaW5JPGfWYLDtCq0DQQpN6FBbbnDKL23BY
|
-> ssh-ed25519 YWMQkg edb6vOJgAg7qUtsk3wot1lDT0guqrhkVO4q647At/Xo
|
||||||
JyzLfx9QXRV4jXQWvsXMEO7Y9Maf6VAQZU0QiEyA0rs
|
XlX07p/2byuBzWeR3khI/B255/4IwjiWEiOEgO6Jmzo
|
||||||
-> ssh-ed25519 pX8y2g 0AuwR4Dv6bulcow+LOd6XsF/U+Ly8fQDIuHcksijCk4
|
-> ssh-ed25519 pX8y2g yn4fQ1E54ReKViSKMjyIQWfbHlqwXmAn225hRUt2sVU
|
||||||
TXyxasso2OmK8RswWOk6oP7+q6iS2WTwYsy0CF07gtc
|
OVciEEE58TS7gkJV2kS75hL0z+mzn/I9cFYZQ9m4fCg
|
||||||
-> ssh-ed25519 SYm+hA coVEtWHcu5Zc17TuVLTzWe7RiXjJ53wjjRfLidwjUgg
|
-> ssh-ed25519 SYm+hA 3hLgW/LWQ6ilt1hYdHsA6M4YvSkrQauES77Mk0elkG4
|
||||||
fx5hl1hPiRxQLHIN2mrvB9tc+xMTwqHM1DXZY75s/MA
|
41l9uzYv/6raDNSBGrbH7hULv0cYFY65SlhpuSburHs
|
||||||
-> ssh-ed25519 6UUuZw 2bfWgdMEj+POlLejgzl3GZN1M3xt5Qoif9M2BwGV4QA
|
-> ssh-ed25519 z6Eu8Q GE324833mb5ff9C+TN3SqazvwW0ZZiqBb56cs8bKjho
|
||||||
9pLL7KegernUFqbNklKDho5IRgw9VVZGaphgmcfnohQ
|
8Aogd9tN2sN8DSmKJUfuCifiRMKpD7Cn6CLLazQ2qjk
|
||||||
-> ssh-ed25519 k2gHjw yxVoANLjqXRU97oymWtIEr4ZQ9OVvlRsC2Y2jsvkJWY
|
-> ssh-ed25519 ZQuVNA 2plMxBUBbv3ScEdXBnkvtt/qlP+dG/8+O8gHBChL8lI
|
||||||
Q37kBzgMyWkpcLO/3FFMtmDO16/17+i57DmALUDL/kE
|
1GpPm9oFARwDQfTT25isUZlGKn6BaanIQoiLDzlxzww
|
||||||
-> >)/-grease VfMC'D<: eQJ #XT
|
-> ssh-ed25519 k2gHjw JlNEYLQixP7LEb0FJu5O54pu1B72WWsml5ELNcFESEc
|
||||||
OcrPfgaTtzKItA7HfjeBUc68U7ol1sewRCFKg0iAeSVT1jiv3/O7hkz5MbMAsuoi
|
r8QUuLhEEFyst0JeWd1jahkrcMV/b9KGHj8PSZUZJ10
|
||||||
D8hkNjdXn3TDBVc1OcIS2iX5xOdpvP3ePs6TgX9H
|
-> _a@Yy?HU-grease /wJ2a` WIyE6 ewMVR h,D)T
|
||||||
--- mAY7j62sU6rXvZu84PkvkMqZ5M139fV/RlJidRYCo9Q
|
wAOK28XvNSpz
|
||||||
þXÑb;\hJù Ô#ÖȾ§>3Pzý˜QÈèÏÖ{¿Jž
ÒXÝe²ë3Q!ó¥¸5Å$ü»€|MÆD;Kú³Z”S.»¸ëXè<58>S?À œÐ·1j)«¬H[ËhkÆ«©¤¶|g=
|
--- hlIXSQ9X6OM5/uPv+3PMfkuIfiKWpkbdWNHed+q/Hr8
|
||||||
|
{gh1ÕßÃ…±ž\Py<50>ðЯ@s™ªý¹H„§q8—JxèÔw<žüç¿•k»öÕVħ©
T‹†¿“¥õ¬<C3B5>…<EFBFBD> <EFBFBD>(«”N¼ô.;™/)ÞD¯Wz{uÞNlÆ%±ávöÞ†50K0ÂóÍ©n”n±8°ï£\kJ¬OüCª7oáÙ‹4ÿcÑ—
|
Binary file not shown.
|
@ -10,7 +10,7 @@
|
||||||
./services
|
./services
|
||||||
|
|
||||||
# Host-specific config
|
# Host-specific config
|
||||||
./hosts/thanatos
|
./hosts/poseidon
|
||||||
];
|
];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
@ -19,5 +19,5 @@
|
||||||
# this value at the release version of the first install of this system.
|
# this value at the release version of the first install of this system.
|
||||||
# Before changing this value read the documentation for this option
|
# Before changing this value read the documentation for this option
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "23.11"; # Did you read the comment?
|
system.stateVersion = "20.09"; # Did you read the comment?
|
||||||
}
|
}
|
23
zephyrus.nix
Normal file
23
zephyrus.nix
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
{...}: {
|
||||||
|
imports = [
|
||||||
|
# Default configuration
|
||||||
|
./base
|
||||||
|
|
||||||
|
# Module definitions
|
||||||
|
./modules
|
||||||
|
|
||||||
|
# Service definitions
|
||||||
|
./services
|
||||||
|
|
||||||
|
# Host-specific config
|
||||||
|
./hosts/zephyrus
|
||||||
|
];
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "21.05"; # Did you read the comment?
|
||||||
|
}
|
Loading…
Reference in a new issue