diff --git a/configs/nixos/freshrss.nix b/configs/nixos/freshrss.nix index e730307..063b555 100644 --- a/configs/nixos/freshrss.nix +++ b/configs/nixos/freshrss.nix @@ -7,17 +7,17 @@ }: let cfg = config.services.freshrss; in { - services.freshrss={ - enable=true; - database.type="sqlite"; - webserver="nginx"; - baseUrl="https://rss.venberg.xyz"; + services.freshrss = { + enable = true; + database.type = "sqlite"; + webserver = "nginx"; + baseUrl = "https://rss.venberg.xyz"; virtualHost = "rss.venberg.xyz"; passwordFile = config.sops.secrets.freshrss-password.path; - defaultUser="gabe"; + defaultUser = "gabe"; }; - services.nginx.virtualHosts.${cfg.virtualHost}= { + services.nginx.virtualHosts.${cfg.virtualHost} = { enableACME = true; forceSSL = true; }; diff --git a/configs/nixos/interactive-networking.nix b/configs/nixos/interactive-networking.nix index f765e32..e4c0102 100644 --- a/configs/nixos/interactive-networking.nix +++ b/configs/nixos/interactive-networking.nix @@ -4,6 +4,10 @@ ... }: { # Enable networking - networking.networkmanager.enable = true; + networking.networkmanager = { + enable = true; + dns = "systemd-resolved"; + }; + services.resolved.enable = true; users.users.${config.host.details.user}.extraGroups = ["networkmanager"]; } diff --git a/flake.nix b/flake.nix index c670550..491e9b9 100644 --- a/flake.nix +++ b/flake.nix @@ -97,12 +97,12 @@ cirrus = import ./hosts/cirrus {inherit inputs myLib;}; cirrostratus = import ./hosts/cirrostratus {inherit inputs myLib;}; altostratus = import ./hosts/altostratus {inherit inputs myLib;}; + harmatan = import ./hosts/harmatan {inherit inputs myLib;}; }; # Standalone home-manager configuration entrypoint # Available through 'home-manager --flake .#your-username@your-hostname' homeConfigurations = { - "gabe@archlaptop" = import ./hosts/home-laptop.nix {inherit inputs myLib;}; "gabe@linuxgamingrig" = import ./hosts/home-personal.nix {inherit inputs myLib;}; "gabe@gvworklaptop" = import ./hosts/work-laptop.nix {inherit inputs myLib;}; }; diff --git a/hosts/altostratus/default.nix b/hosts/altostratus/default.nix index 5e4386a..768e5fd 100644 --- a/hosts/altostratus/default.nix +++ b/hosts/altostratus/default.nix @@ -15,6 +15,7 @@ inputs.nixpkgs.lib.nixosSystem { ../../configs/nixos/sshd.nix ../../configs/nixos/secrets.nix ../../configs/nixos/tailscale.nix + ../../configs/nixos/interactive-networking.nix ../../roles/nixos/embedded-dev.nix ({ config, @@ -30,12 +31,6 @@ inputs.nixpkgs.lib.nixosSystem { }; networking.hostName = "altostratus"; # Define your hostname. networking.hostId = "c62c7ef6"; - networking.networkmanager = { - enable = true; - dns = "systemd-resolved"; - }; - services.resolved.enable = true; - users.users.${config.host.details.user}.extraGroups = ["networkmanager"]; # home-manager.sharedModules = [ # inputs.sops-nix.homeManagerModules.sops diff --git a/hosts/harmatan/default.nix b/hosts/harmatan/default.nix new file mode 100644 index 0000000..e93414e --- /dev/null +++ b/hosts/harmatan/default.nix @@ -0,0 +1,90 @@ +{ + inputs, + myLib, + ... +}: +inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs myLib;}; + modules = [ + inputs.home-manager.nixosModules.home-manager + inputs.disko.nixosModules.disko + inputs.nixos-hardware.nixosModules.asus-zephyrus-ga402x-amdgpu + ./disk-config.nix + ./hardware-config.nix + ../../configs/nixos/common.nix + ../../configs/nixos/sshd.nix + # TODO + #../../configs/nixos/secrets.nix + ../../configs/nixos/tailscale.nix + ../../configs/nixos/printing.nix + ../../configs/nixos/syncthing.nix + ../../configs/nixos/touchpad.nix + ../../configs/nixos/i3 + ({ + config, + pkgs, + lib, + ... + }: { + host.details = { + user = "gabe"; + fullName = "Gabe Venberg"; + gui.enable = true; + isLaptop = true; + }; + networking.hostName = "harmatan"; + networking.hostId = "7a42af26"; + + # TODO + # home-manager.sharedModules = [ + # inputs.sops-nix.homeManagerModules.sops + # ]; + home-manager.users.${config.host.details.user} = { + inputs, + osConfig, + lib, + ... + }: { + host.details = osConfig.host.details; + user = { + git = { + profile = { + name = config.host.details.fullName; + email = "gabevenberg@gmail.com"; + }; + }; + }; + imports = [ + ../../roles/home-manager/terminal.nix + ../../roles/home-manager/music.nix + ../../configs/home-manager/common.nix + # TODO + # ../../configs/home-manager/secrets.nix + ../configs/home-manager/email.nix + ../configs/home-manager/tiny-irc.nix + ]; + + # TODO + # sops = lib.mkIf (inputs ? nix-secrets) { + # secrets = { + # gmail-password.sopsFile = "${inputs.nix-secrets}/workstations.yaml"; + # irc-cert.sopsFile = "${inputs.nix-secrets}/workstations.yaml"; + # }; + # }; + }; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "25.05"; # Did you read the comment? + }) + ]; +} diff --git a/hosts/harmatan/disk-config.nix b/hosts/harmatan/disk-config.nix new file mode 100644 index 0000000..057c12f --- /dev/null +++ b/hosts/harmatan/disk-config.nix @@ -0,0 +1,66 @@ +{ + disko.devices = { + disk = { + emmc = { + device = "/dev/disk/by-id/nvme-eui.000000000000000100a07521334683d6"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + # disable settings.keyFile if you want to use interactive password entry + passwordFile = "/tmp/secret.key"; # Interactive + content = { + type = "btrfs"; + extraArgs = ["-L" "nixos" "-f"]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "16G"; + priority = 0; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/harmatan/hardware-config.nix b/hosts/harmatan/hardware-config.nix new file mode 100644 index 0000000..459ce36 --- /dev/null +++ b/hosts/harmatan/hardware-config.nix @@ -0,0 +1,16 @@ +{config, ...}: { + config.hardware.enableRedistributableFirmware = true; + + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; + + nixpkgs.hostPlatform = "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware; + + zramSwap = { + enable = true; + priority = 5; + }; +} diff --git a/hosts/home-laptop.nix b/hosts/home-laptop.nix deleted file mode 100644 index 3e470bd..0000000 --- a/hosts/home-laptop.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - inputs, - myLib, - ... -}: -inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance - extraSpecialArgs = {inherit inputs myLib;}; - modules = [ - ({ - config, - pkgs, - lib, - ... - }: { - # machine specific options - user = { - enable-speech = true; - git = { - profile = { - name = "Gabe Venberg"; - email = "gabevenberg@gmail.com"; - }; - workProfile.enable = false; - }; - }; - host.details.isLaptop = true; - - targets.genericLinux.enable = true; - home.username = "gabe"; - home.homeDirectory = /home/gabe; - imports = [ - ../roles/home-manager/terminal.nix - ../roles/home-manager/music.nix - ../configs/home-manager/common.nix - ../configs/home-manager/email.nix - ../configs/home-manager/tiny-irc.nix - ../configs/home-manager/secrets.nix - inputs.sops-nix.homeManagerModules.sops - ]; - - sops = lib.mkIf (inputs ? nix-secrets) { - secrets = { - gmail-password.sopsFile = "${inputs.nix-secrets}/workstations.yaml"; - irc-cert.sopsFile = "${inputs.nix-secrets}/workstations.yaml"; - }; - }; - }) - ]; -}