diff --git a/disko/libvirt/uefi-luks-lvm-ext4.nix b/disko/libvirt/uefi-luks-lvm-ext4.nix new file mode 100644 index 0000000..b800e00 --- /dev/null +++ b/disko/libvirt/uefi-luks-lvm-ext4.nix @@ -0,0 +1,54 @@ +{ ... }: { + disko.devices = { + disk = { + vda = { + type = "disk"; + device = "/dev/vda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/disko/libvirt/uefi-lvm-ext4.nix b/disko/libvirt/uefi-lvm-ext4.nix new file mode 100644 index 0000000..43b23ca --- /dev/null +++ b/disko/libvirt/uefi-lvm-ext4.nix @@ -0,0 +1,50 @@ +{ ... }: { + disko.devices = { + disk = { + vda = { + type = "disk"; + device = "/dev/vda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + primary = { + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/disko/nvme/uefi-luks-lvm-ext4.nix b/disko/nvme/uefi-luks-lvm-ext4.nix new file mode 100644 index 0000000..cb2cd39 --- /dev/null +++ b/disko/nvme/uefi-luks-lvm-ext4.nix @@ -0,0 +1,54 @@ +{ ... }: { + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/features/base.nix b/features/base.nix index 9e12290..137f6ae 100644 --- a/features/base.nix +++ b/features/base.nix @@ -2,44 +2,11 @@ users.mutableUsers = false; nixpkgs.config.allowUnfree = true; - services.smartd.enable = true; + networking.wireless.enable = false; # For some reason this is needed all of the time - boot.supportedFilesystems = [ "zfs" "ntfs" ]; - - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - nix.channel.enable = false; - - # TODO: ???? - networking.wireless.enable = false; + boot.supportedFilesystems = [ "ntfs" ]; # Basic Services + services.smartd.enable = true; services.uptimed.enable = true; - - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "no"; - - # Basic Utilities - environment.systemPackages = with pkgs; [ - # Basic Utilities - bc pv killall unzip unrar-wrapper unar - - # System Monitoring / TUI QoL Tools - btop iotop tmux byobu - - # Security / Cryptography - ssss gnupg pwgen qrencode diceware - - # Applications - vim_configurable - - # asdf - git ffmpeg restic rclone nixos-generators - # samba libvirt tinc_pre - - # File Systems - nfs-utils cifs-utils exfatprogs - ]; } diff --git a/features/docker.nix b/features/docker.nix deleted file mode 100644 index 8814f80..0000000 --- a/features/docker.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ ... }: { - virtualisation.docker.enable = true; -} diff --git a/features/embedded.nix b/features/embedded.nix index 8ad6f64..8633ca0 100644 --- a/features/embedded.nix +++ b/features/embedded.nix @@ -1,4 +1,4 @@ -{ pkgs, unstable, ... }: { +{ pkgs, pkgs-unstable, ... }: { nixpkgs.config.allowUnfree = true; nixpkgs.config.segger-jlink.acceptLicense = true; @@ -6,7 +6,7 @@ nixpkgs.config.permittedInsecurePackages = [ "segger-jlink-qt4-796s" ]; environment.systemPackages = with pkgs; [ - unstable.platformio # https://github.com/NixOS/nixpkgs/commit/0ba947ba44fc17c7cc94be2374dbfb939900cecd + pkgs-unstable.platformio # https://github.com/NixOS/nixpkgs/commit/0ba947ba44fc17c7cc94be2374dbfb939900cecd segger-jlink arduino-ide diff --git a/features/factorio.nix b/features/factorio.nix index bb38339..ddc924b 100644 --- a/features/factorio.nix +++ b/features/factorio.nix @@ -1,13 +1,13 @@ -{ pkgs, ... }: { - environment.systemPackages = with pkgs; [ +{ pkgs, unstable, ... }: { + environment.systemPackages = with unstable; [ (factorio.override { username = ""; token = ""; releaseType = "alpha"; - version = "1.1.107"; + version = "2.0.32"; - # nix-prefetch-url "file:///run/media/lauren_lagarde/Lauren%20USB/Applications/factorio/factorio_alpha_x64_1.1.107.tar.xz" --name factorio_alpha_x64-1.1.107.tar.xz + # nix-prefetch-url file:///$(pwd | sed 's| |%20|')/factorio_alpha_x64-2.0.32.tar.xz --name factorio_alpha_x64-2.0.32.tar.xz }) ]; } diff --git a/features/intelgpu.nix b/features/gpu/intel.nix similarity index 100% rename from features/intelgpu.nix rename to features/gpu/intel.nix diff --git a/features/nvidia.nix b/features/gpu/nvidia.nix similarity index 100% rename from features/nvidia.nix rename to features/gpu/nvidia.nix diff --git a/features/gui-apps.nix b/features/gui-apps.nix new file mode 100644 index 0000000..bbed42f --- /dev/null +++ b/features/gui-apps.nix @@ -0,0 +1,2 @@ +{ pkgs, lib, unstable, ... }: { +} diff --git a/features/printing.nix b/features/hardware/printing.nix similarity index 100% rename from features/printing.nix rename to features/hardware/printing.nix diff --git a/features/rtl-sdr.nix b/features/hardware/rtl-sdr.nix similarity index 100% rename from features/rtl-sdr.nix rename to features/hardware/rtl-sdr.nix diff --git a/features/yubikey.nix b/features/hardware/yubikey.nix similarity index 100% rename from features/yubikey.nix rename to features/hardware/yubikey.nix diff --git a/features/headless.nix b/features/headless.nix index d75917e..3272bf4 100644 --- a/features/headless.nix +++ b/features/headless.nix @@ -1,67 +1,3 @@ { config, lib, pkgs, callPackage, ... }: { - - ############################################################################## - ############################################################################## - ############################################################################## - # Packages - - environment.systemPackages = with pkgs; [ - # Basic Utilities - bc pv killall unzip unrar-wrapper unar - - # System Monitoring / TUI QoL Tools - btop iotop tmux byobu - - # Backup Tools - restic rclone - - # Networking Utilities - dig tinc_pre traceroute wireguard-tools iperf3 - - # Security / Cryptography - (pass.withExtensions (ext: with ext; [ pass-otp pass-update ])) - ssss gnupg pwgen qrencode diceware - - # NixOS Helpers - nixos-generators nix-index nix-search-cli - - # Applications - vim_configurable - - # File Systems - nfs-utils cifs-utils exfatprogs - - # Multimedia Utilities - ffmpeg imagemagick - - # Services - podman-compose - - units usbutils pciutils - ]; - - ############################################################################## - ############################################################################## - ############################################################################## - # Services - # TODO: Split this out further - services.uptimed.enable = true; - - services.openssh = { - enable = true; - settings = { - PermitRootLogin = lib.mkForce "no"; - PasswordAuthentication = false; - }; - }; - - # TODO: Attempt to use podman - virtualisation.docker.enable = true; - virtualisation.containers.enable = true; - virtualisation.podman = { - enable = true; - dockerCompat = false; - defaultNetwork.settings.dns_enabled = true; - }; } diff --git a/features/i3.nix b/features/i3_old.nix similarity index 100% rename from features/i3.nix rename to features/i3_old.nix diff --git a/features/i3wm.nix b/features/i3wm.nix new file mode 100644 index 0000000..b834c0b --- /dev/null +++ b/features/i3wm.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: { + services.xserver = { + enable = true; + + desktopManager = { + xterm.enable = false; + gnome.enable = true; + }; + + windowManager = { + i3.enable = true; + }; + + displayManager.lightdm.enable = true; + }; + + services.displayManager.defaultSession = "none+i3"; +} diff --git a/features/initrd-ssh.nix b/features/initrd-ssh.nix new file mode 100644 index 0000000..15b3438 --- /dev/null +++ b/features/initrd-ssh.nix @@ -0,0 +1,29 @@ +# ssh-keygen -t ed25519 -N "" -f ./ssh_host_ed25519_key + +{ ... }: { + boot.initrd = { + systemd = { + enable = true; + users.root.shell = "/bin/systemd-tty-ask-password-agent"; + network = { + enable = true; + networks."10-enp1s0" = { + matchConfig.Name = "enp1s0"; + networkConfig.DHCP = "yes"; + }; + }; + }; + + network = { + enable = true; + ssh = { + enable = true; + port = 2222; + hostKeys = [ "/root/secrets/initrd/ssh_host_ed25519_key" ]; + authorizedKeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCl881A1gvgCx+4ECrmJnO2QCTiqjaOLfAegKAAkvWNFKL0rDfsj8tZULUcyn87HYsRrdmqCOQ62GOjQyK803azq7QTxwY4vjczkJxico4LnIToTobcz+JkgF6Rf/h74bs9dHk4ZU853FRBz3wi/14rI10Iwckt37B1ayJacpELuzFobKYip2FjiL1vNH3tiAFR131z+YBByvNX+uJYEhpsI0xry9zbsSUWUq5/YFpmjezblzYRokfsReYiKJeQBeROSeRC/xFBSnikECSylNI4sw5VIpGXFIxL5xhss+s+3dnb+LFQ+zInOYxkVRydYc/In9Wz6Tu7v07K8bjvE7nQwHenoGtRW590Xu0rJApS+k8Cu16sCO2QFj/aI+gCrhU0ymM0aicr0hFAME6Y7j9HcR6PxYxnXZjI7cfqhO5TG8jot25SPzJcvH3EV5oPKtAkw9XA+8+nAI9czFlUgHnuMJAqw1IGOD3qozwqZ5yn1+kG7FZJRpvaPc5pK2HtqaAKJmnRuVaWcFuNALh86gr7Qn8IEp8Q+YyKmDqrMZ4KLJUMnVqn4y0HVS1eB5nVujaJZUGJWA4q3og0FE/2kH74WEp2ZtuJAoEPcgfZ6Ns7BmmXIZU7qu4kQoQ73b3mn6hCi5xlQ/sClzwHYkRPo4tST64ED/UIRPCYe1byNUWSww== lauren@lagarde.dev" + ]; + }; + }; + }; +} diff --git a/features/br0.nix b/features/networking/networkd-br0.nix similarity index 100% rename from features/br0.nix rename to features/networking/networkd-br0.nix diff --git a/features/openssh-server.nix b/features/openssh-server.nix new file mode 100644 index 0000000..06d8376 --- /dev/null +++ b/features/openssh-server.nix @@ -0,0 +1,9 @@ +{ lib, ... }: { + services.openssh = { + enable = true; + settings = { + PermitRootLogin = lib.mkForce "no"; + PasswordAuthentication = false; + }; + }; +} diff --git a/features/systemd-boot.nix b/features/systemd-boot.nix new file mode 100644 index 0000000..909c54c --- /dev/null +++ b/features/systemd-boot.nix @@ -0,0 +1,4 @@ +{ ... }: { + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; +} diff --git a/features/tui-apps.nix b/features/tui-apps.nix new file mode 100644 index 0000000..b888404 --- /dev/null +++ b/features/tui-apps.nix @@ -0,0 +1,31 @@ +{ pkgs, ... }: { + environment.systemPackages = with pkgs; [ + # Basic Utilities + bc pv killall unzip unrar-wrapper unar units + + # System Monitoring / TUI QoL Tools + btop iotop tmux byobu + + # Security / Cryptography + (pass.withExtensions (ext: with ext; [ pass-otp pass-update ])) + ssss gnupg pwgen qrencode diceware + + # Applications + vim_configurable + + # File Management + git ffmpeg restic rclone imagemagick + + # File Systems + nfs-utils cifs-utils exfatprogs + + # Networking Utilities + dig tinc_pre traceroute wireguard-tools iperf3 + + # NixOS Helpers + nixos-generators nix-index nix-search-cli + + # Hardware Utilities + usbutils pciutils + ]; +} diff --git a/features/virtualization/docker.nix b/features/virtualization/docker.nix new file mode 100644 index 0000000..f81c392 --- /dev/null +++ b/features/virtualization/docker.nix @@ -0,0 +1,11 @@ +{ ... }: { + virtualisation.docker.enable = true; + virtualisation.containers.enable = true; + + # Enable podman, but don't default to it + virtualisation.podman = { + enable = true; + dockerCompat = false; + defaultNetwork.settings.dns_enabled = true; + }; +} diff --git a/features/dockge.nix b/features/virtualization/dockge.nix similarity index 100% rename from features/dockge.nix rename to features/virtualization/dockge.nix diff --git a/features/virtualization/libvirt-guest-uefi.nix b/features/virtualization/libvirt-guest-uefi.nix new file mode 100644 index 0000000..70c2a57 --- /dev/null +++ b/features/virtualization/libvirt-guest-uefi.nix @@ -0,0 +1,6 @@ +{ ... }: { + boot.initrd = { + kernelModules = [ "virtio_net" "e1000" ]; + availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; + }; +} diff --git a/features/libvirt.nix b/features/virtualization/libvirt-host.nix similarity index 100% rename from features/libvirt.nix rename to features/virtualization/libvirt-host.nix diff --git a/features/persistent_docker.nix b/features/virtualization/persistent_docker.nix similarity index 100% rename from features/persistent_docker.nix rename to features/virtualization/persistent_docker.nix diff --git a/features/virtualbox.nix b/features/virtualization/virtualbox-host.nix similarity index 100% rename from features/virtualbox.nix rename to features/virtualization/virtualbox-host.nix diff --git a/flake.lock b/flake.lock index b2caa5f..bf7a142 100644 --- a/flake.lock +++ b/flake.lock @@ -73,6 +73,28 @@ "type": "github" } }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "ll-home-manager", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1739757849, + "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, "lix": { "flake": false, "locked": { @@ -108,6 +130,23 @@ "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz" } }, + "ll-home-manager": { + "inputs": { + "home-manager": "home-manager_2", + "nixpkgs": "nixpkgs_2", + "nixpkgs-unstable": "nixpkgs-unstable" + }, + "locked": { + "lastModified": 1, + "narHash": "sha256-tEq3iB8LaBpgig/fDrM9uvcMkoyKj8nghUAcqa1vxe8=", + "path": "/nix/store/yhhsnncsi6azid2vaa7zkh9s7l3hlw0l-source/users/lauren_lagarde/home-manager", + "type": "path" + }, + "original": { + "path": "/nix/store/yhhsnncsi6azid2vaa7zkh9s7l3hlw0l-source/users/lauren_lagarde/home-manager", + "type": "path" + } + }, "nixlib": { "locked": { "lastModified": 1711241261, @@ -163,11 +202,27 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1723175592, - "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=", + "lastModified": 1741379970, + "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b", + "rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable_2": { + "locked": { + "lastModified": 1741246872, + "narHash": "sha256-Q6pMP4a9ed636qilcYX8XUguvKl/0/LGXhHcRI91p0U=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "10069ef4cf863633f57238f179a0297de84bd8d3", "type": "github" }, "original": { @@ -178,6 +233,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1741332913, + "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "20755fa05115c84be00b04690630cb38f0a203ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1735531152, "narHash": "sha256-As8I+ebItDKtboWgDXYZSIjGlKeqiLBvjxsQHUmAf1Q=", @@ -193,7 +264,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1, "narHash": "sha256-QJFvxzBCZHVjWApIe4KaxC3gRd5d1QgDT3xJNetMwVE=", @@ -210,9 +281,10 @@ "disko": "disko", "home-manager": "home-manager", "lix-module": "lix-module", + "ll-home-manager": "ll-home-manager", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs_2", - "nixpkgs-unstable": "nixpkgs-unstable", + "nixpkgs": "nixpkgs_3", + "nixpkgs-unstable": "nixpkgs-unstable_2", "waveforms": "waveforms" } }, @@ -233,7 +305,7 @@ }, "waveforms": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1722915115, diff --git a/flake.nix b/flake.nix index d1ff22c..986e90e 100644 --- a/flake.nix +++ b/flake.nix @@ -30,18 +30,23 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - home-manager.url = "github:nix-community/home-manager/release-24.11"; - home-manager.inputs.nixpkgs.follows = "nixpkgs"; - - nixos-generators.url = "github:nix-community/nixos-generators/7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565"; - nixos-generators.inputs.nixpkgs.follows = "nixpkgs"; - + # Lix over Nix lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"; lix-module.inputs.nixpkgs.follows = "nixpkgs"; + # Installers + disko.url = "github:nix-community/disko/v1.11.0"; + nixos-generators.url = "github:nix-community/nixos-generators/7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565"; + nixos-generators.inputs.nixpkgs.follows = "nixpkgs"; + + # Home Manager + home-manager.url = "github:nix-community/home-manager/release-24.11"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + + ll-home-manager.url = "./users/lauren_lagarde/home-manager/"; + # Extras waveforms.url = "github:liff/waveforms-flake"; - disko.url = "github:nix-community/disko/v1.11.0"; }; outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, nixos-generators, disko, waveforms, lix-module, ... }@inputs: let @@ -50,7 +55,8 @@ locale = "en_US.UTF-8"; stateVersion = "24.11"; - unstable = nixpkgs-unstable.legacyPackages.${system}; + pkgs = import nixpkgs { inherit system; }; + pkgs-unstable = import nixpkgs-unstable { inherit system; }; iso_modules = [ "${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix" @@ -76,6 +82,7 @@ time.timeZone = timezone; system.stateVersion = stateVersion; } + lix-module.nixosModules.default home-manager.nixosModules.home-manager waveforms.nixosModule @@ -83,34 +90,17 @@ ]; in { nixosConfigurations = { - ll-nixos-headless = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = iso_modules ++ [ - { networking.hostName = "ll-nixos-headless"; } - ./systems/ll-nixos-headless.nix - ] ++ inherited_modules; - specialArgs = { unstable = unstable; }; - }; - - ll-nixos = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = iso_modules ++ [ - { networking.hostName = "ll-nixos"; } - ./systems/ll-nixos-full.nix - ] ++ inherited_modules; - specialArgs = { unstable = unstable; }; - }; - ll-latitude-e5591 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = iso_modules ++ [ + modules = [ { networking.hostName = "ll-latitude-e5591"; networking.hostId = "f55542ee"; } ./systems/ll-latitude-e5591.nix + ./disko/nvme/uefi-luks-lvm-ext4.nix ] ++ inherited_modules; - specialArgs = { unstable = unstable; }; + specialArgs = { inherit inputs pkgs-unstable; }; }; ll-nixos-headless-pi = nixpkgs.lib.nixosSystem { @@ -136,7 +126,22 @@ } ./systems/ll-nixos-headless.nix ] ++ inherited_modules; - specialArgs = { unstable = unstable; }; + specialArgs = { inherit inputs pkgs-unstable; }; + }; + + ll-nixos-base = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = iso_modules ++ [ + { + networking.hostName = "ll-nixos-base"; + home-manager.users."lauren_lagarde" = { config, ... }: { + imports = inputs.ll-home-manager.homeManagerModules."lauren_lagarde@ll-latitude-e5591"; + }; + } + ./systems/ll-nixos-base.nix + ] ++ inherited_modules; + + specialArgs = { inherit inputs pkgs-unstable; }; }; # Real Systems @@ -159,6 +164,17 @@ ./systems/vm-docker-base.nix ] ++ inherited_modules; }; + + vm-docker-luks-test = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + { + networking.hostName = "vm-docker-luks-test"; + networking.hostId = "1b5432b7"; + } + ./systems/vm-docker-luks.nix + ] ++ inherited_modules; + }; }; packages.aarch64-linux = { @@ -169,7 +185,7 @@ { networking.hostName = "ll-nixos-headless-pi"; } ./systems/ll-nixos-headless.nix ] ++ inherited_modules; - specialArgs = { unstable = unstable; }; + specialArgs = { inherit inputs pkgs-unstable; }; }; token-pi-sdcard = nixos-generators.nixosGenerate { @@ -179,7 +195,7 @@ { networking.hostName = "token-pi"; } ./systems/ll-nixos-headless.nix ] ++ inherited_modules; - specialArgs = { unstable = unstable; }; + specialArgs = { inherit inputs pkgs-unstable; }; }; }; @@ -190,54 +206,49 @@ ########################################################################## # Personal Live Disks - ll-nixos-headless-iso = nixos-generators.nixosGenerate { - system = "x86_64-linux"; - modules = iso_modules ++ [ - { networking.hostName = "ll-nixos-headless"; } - ./systems/ll-nixos-headless.nix - ] ++ inherited_modules; - format = "install-iso"; - specialArgs = { unstable = unstable; }; - }; + # TODO: ll-nixos-headless-iso = nixos-generators.nixosGenerate {}; ll-nixos-base-iso = nixos-generators.nixosGenerate { system = "x86_64-linux"; modules = iso_modules ++ [ - { networking.hostName = "ll-nixos-base"; } + { + networking.hostName = "ll-nixos"; + home-manager.users."lauren_lagarde" = { config, ... }: { + imports = inputs.ll-home-manager.homeManagerModules."lauren_lagarde@ll-latitude-e5591"; + }; + } ./systems/ll-nixos-base.nix ] ++ inherited_modules; + specialArgs = { + inherit inputs pkgs-unstable; + }; format = "install-iso"; - specialArgs = { unstable = unstable; }; }; ll-nixos-full-iso = nixos-generators.nixosGenerate { system = "x86_64-linux"; modules = iso_modules ++ [ - { networking.hostName = "ll-nixos"; } + { + networking.hostName = "ll-nixos"; + home-manager.users."lauren_lagarde" = { config, ... }: { + imports = inputs.ll-home-manager.homeManagerModules."lauren_lagarde@ll-latitude-e5591"; + }; + } ./systems/ll-nixos-full.nix ] ++ inherited_modules; + specialArgs = { + inherit inputs pkgs-unstable; + }; format = "install-iso"; - specialArgs = { unstable = unstable; }; }; - ll-latitude-e5591-iso = nixos-generators.nixosGenerate { + ll-nixos-xmrig-worker-iso = nixos-generators.nixosGenerate { system = "x86_64-linux"; modules = iso_modules ++ [ - { networking.hostName = "ll-latitude-e5591"; } - ./systems/ll-latitude-e5591.nix + { networking.hostName = "ll-nixos-xmrig-worker"; } + ./systems/ll-nixos-xmrig-worker.nix ] ++ inherited_modules; format = "install-iso"; - specialArgs = { unstable = unstable; }; - }; - - ll-xmrig-worker-iso = nixos-generators.nixosGenerate { - system = "x86_64-linux"; - modules = iso_modules ++ [ - { networking.hostName = "ll-xmrig-worker"; } - ./systems/ll-xmrig-worker.nix - ] ++ inherited_modules; - format = "install-iso"; - specialArgs = { unstable = unstable; }; }; ########################################################################## @@ -245,34 +256,14 @@ ########################################################################## # Systems - ll-nixos-factorio-iso = nixos-generators.nixosGenerate { - system = "x86_64-linux"; - modules = iso_modules ++ [ - { networking.hostName = "ll-nixos-factorio"; } - ./systems/ll-nixos-factorio.nix - ] ++ inherited_modules; - format = "install-iso"; - specialArgs = { unstable = unstable; }; - }; - - vm-docker-dhcp-iso = nixos-generators.nixosGenerate { - system = "x86_64-linux"; - modules = iso_modules ++ [ - { networking.hostName = ""; } - ./systems/vm-docker-dhcp.nix - ] ++ inherited_modules; - format = "install-iso"; - specialArgs = { unstable = unstable; }; - }; - living-room-nixos-iso = nixos-generators.nixosGenerate { system = "x86_64-linux"; modules = iso_modules ++ [ { networking.hostName = "living-room-nixos-iso"; } - ./systems/ll-nixos-full.nix + ./systems/living-room-nixos.nix ] ++ inherited_modules; format = "install-iso"; - specialArgs = { unstable = unstable; }; + specialArgs = { inherit inputs pkgs-unstable; }; }; default = self.packages.x86_64-linux.ll-nixos-full-iso; diff --git a/secrets.tar.zst.gpg b/secrets.tar.zst.gpg index 42ecd93..b2801d8 100644 Binary files a/secrets.tar.zst.gpg and b/secrets.tar.zst.gpg differ diff --git a/systems/ll-latitude-e5591.nix b/systems/ll-latitude-e5591.nix index f5a33b4..d46dace 100644 --- a/systems/ll-latitude-e5591.nix +++ b/systems/ll-latitude-e5591.nix @@ -1,7 +1,41 @@ +# sudo nix run 'github:nix-community/disko/latest#disko-install' -- --flake .#$TARGET_HOSTNAME --disk nvme0n1 /dev/nvme0n1 +# tar -xvf /Parlor/Lauren/mlaga97-nixos.tar.zst; sudo nixos-rebuild switch --flake mlaga97-nixos?submodules=1#$HOSTNAME { config, pkgs, ... }: { imports = [ - ./ll-nixos-full.nix - ../features/intelgpu.nix + # Core Features + ../features/base.nix + ../features/tui-apps.nix + ../features/openssh-server.nix + + # Core Tweaks + ../tweaks/zram.nix + ../tweaks/enable_flakes.nix + ../tweaks/disable_nixos_user.nix + ../tweaks/systemd-resolved_nonsense.nix + + # Lauren Base + ../users/lauren_lagarde/lauren_lagarde.nix + + # i3wm + ../features/i3wm.nix + ../features/hardware/yubikey.nix + ../tweaks/bluetooth.nix + ../tweaks/intel_igpu_screen_tearing.nix + + # Dotspace + ../secrets/dotspace.nix + ../features/stronghold-binary-cache.nix + + # Additional Software + ../features/embedded.nix + ../features/hardware/rtl-sdr.nix + ../features/hardware/printing.nix + ../features/virtualization/docker.nix + ../features/virtualization/libvirt-host.nix + + # ll-latitude-e5591 + ../features/gpu/intel.nix + ../features/systemd-boot.nix ]; hardware.enableRedistributableFirmware = true; @@ -9,4 +43,18 @@ boot.kernelParams = [ "i915.enable_guc=2" ]; + + ############################################################################## + ############################################################################## + ############################################################################## + # Tinc Stuff + # TODO: Less hacky + + services.tinc.networks.mlaga97space = { + name = "ll_latitude_e5591"; + ed25519PrivateKeyFile = "/root/tinc/mlaga97space_ed25519_key.priv"; + + chroot = false; + settings.ConnectTo = [ "fortress" "citadel" ]; + }; } diff --git a/systems/ll-nixos-base.nix b/systems/ll-nixos-base.nix index 4f8ab01..100daa4 100644 --- a/systems/ll-nixos-base.nix +++ b/systems/ll-nixos-base.nix @@ -1,22 +1,27 @@ -{ ... }: { +{ pkgs, ... }: { imports = [ - ./ll-nixos-headless.nix + # Core Features + ../features/base.nix + ../features/tui-apps.nix + ../features/openssh-server.nix + + # Core Tweaks + ../tweaks/zram.nix + ../tweaks/enable_flakes.nix + ../tweaks/disable_nixos_user.nix + ../tweaks/systemd-resolved_nonsense.nix + + # Lauren Base + ../users/lauren_lagarde/lauren_lagarde.nix # i3wm - ../features/i3.nix - ../features/yubikey.nix + ../features/i3wm.nix + ../features/hardware/yubikey.nix ../tweaks/bluetooth.nix ../tweaks/intel_igpu_screen_tearing.nix - # Lauren - ../users/lauren_lagarde/i3.nix - ../users/lauren_lagarde/autologin.nix + # Dotspace + ../secrets/dotspace.nix + ../features/stronghold-binary-cache.nix ]; - - home-manager.users.lauren_lagarde = { - imports = [ - ../users/lauren_lagarde/home-manager/monitor_configs.nix - ../users/lauren_lagarde/home-manager/secrets/dotspace_gui.nix - ]; - }; } diff --git a/systems/ll-nixos-factorio.nix b/systems/ll-nixos-factorio.nix deleted file mode 100644 index 6961e7c..0000000 --- a/systems/ll-nixos-factorio.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: { - imports = [ - ./ll-nixos-base.nix - - # Additional Features - ../features/factorio.nix - ]; -} diff --git a/systems/ll-nixos-full.nix b/systems/ll-nixos-full.nix index 0fb0e20..6b9a212 100644 --- a/systems/ll-nixos-full.nix +++ b/systems/ll-nixos-full.nix @@ -1,11 +1,37 @@ -{ ... }: { +{ pkgs, ... }: { imports = [ - ./ll-nixos-base.nix + # Core Features + ../features/base.nix + ../features/tui-apps.nix + ../features/openssh-server.nix - # Additional Features - ../features/rtl-sdr.nix - ../features/printing.nix + # Core Tweaks + ../tweaks/zram.nix + ../tweaks/enable_flakes.nix + ../tweaks/disable_nixos_user.nix + ../tweaks/systemd-resolved_nonsense.nix + + # Lauren Base + ../users/lauren_lagarde/lauren_lagarde.nix + + # i3wm + ../features/i3wm.nix + ../features/hardware/yubikey.nix + ../tweaks/bluetooth.nix + ../tweaks/intel_igpu_screen_tearing.nix + + # Dotspace + ../secrets/dotspace.nix + ../features/stronghold-binary-cache.nix + + # Additional Software ../features/embedded.nix - ../features/virtualbox.nix + ../features/hardware/rtl-sdr.nix + ../features/hardware/printing.nix + ../features/virtualization/docker.nix + ../features/virtualization/libvirt-host.nix + + # Assume Intel GPU + ../features/gpu/intel.nix ]; } diff --git a/systems/ll-nixos-headless.nix b/systems/ll-nixos-headless.nix deleted file mode 100644 index ffe3bb0..0000000 --- a/systems/ll-nixos-headless.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ ... }: { - imports = [ - # Core - ../features/base.nix - ../tweaks/zram.nix - ../tweaks/disable_nixos_user.nix - ../tweaks/systemd-resolved_nonsense.nix - - # Headless - ../features/headless.nix - ../tweaks/zfs.nix - - # Lauren - ../users/lauren_lagarde/lauren_lagarde.nix - { - home-manager.users.lauren_lagarde = { - imports = [ - ../users/lauren_lagarde/home-manager/lauren_lagarde.nix - ]; - }; - } - - # Dotspace - ../features/stronghold-binary-cache.nix - ../secrets/dotspace.nix - ../users/lauren_lagarde/dotspace.nix - ]; -} diff --git a/systems/ll-nixos-xmrig-worker.nix b/systems/ll-nixos-xmrig-worker.nix new file mode 100644 index 0000000..c628fa1 --- /dev/null +++ b/systems/ll-nixos-xmrig-worker.nix @@ -0,0 +1,47 @@ +{ pkgs, ... }: { + imports = [ + # Core Features + ../features/base.nix + ../features/tui-apps.nix + ../features/openssh-server.nix + + # Core Tweaks + ../tweaks/zram.nix + ../tweaks/enable_flakes.nix + ]; + + networking.networkmanager.enable = true; + powerManagement.cpuFreqGovernor = "performance"; + + environment.systemPackages = with pkgs; [ + xmrig + ]; + + # Improve xmrig performance + hardware.cpu.x86.msr.enable = true; + hardware.cpu.x86.msr.settings.allow-writes = "on"; + + # Helper Scripts + home-manager.users.nixos.home = { + stateVersion = "24.11"; + file = { + "stronghold" = { + executable = true; + text = '' + sudo nmtui-connect Stronghold + ''; + }; + "mine" = { + executable = true; + text = '' + sudo xmrig --randomx-1gb-pages -o vm-docker-2.mlaga97.space:3333 + ''; + }; + }; + }; + + # SSH Config + users.users.nixos.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCl881A1gvgCx+4ECrmJnO2QCTiqjaOLfAegKAAkvWNFKL0rDfsj8tZULUcyn87HYsRrdmqCOQ62GOjQyK803azq7QTxwY4vjczkJxico4LnIToTobcz+JkgF6Rf/h74bs9dHk4ZU853FRBz3wi/14rI10Iwckt37B1ayJacpELuzFobKYip2FjiL1vNH3tiAFR131z+YBByvNX+uJYEhpsI0xry9zbsSUWUq5/YFpmjezblzYRokfsReYiKJeQBeROSeRC/xFBSnikECSylNI4sw5VIpGXFIxL5xhss+s+3dnb+LFQ+zInOYxkVRydYc/In9Wz6Tu7v07K8bjvE7nQwHenoGtRW590Xu0rJApS+k8Cu16sCO2QFj/aI+gCrhU0ymM0aicr0hFAME6Y7j9HcR6PxYxnXZjI7cfqhO5TG8jot25SPzJcvH3EV5oPKtAkw9XA+8+nAI9czFlUgHnuMJAqw1IGOD3qozwqZ5yn1+kG7FZJRpvaPc5pK2HtqaAKJmnRuVaWcFuNALh86gr7Qn8IEp8Q+YyKmDqrMZ4KLJUMnVqn4y0HVS1eB5nVujaJZUGJWA4q3og0FE/2kH74WEp2ZtuJAoEPcgfZ6Ns7BmmXIZU7qu4kQoQ73b3mn6hCi5xlQ/sClzwHYkRPo4tST64ED/UIRPCYe1byNUWSww== lauren@lagarde.dev" + ]; +} diff --git a/systems/ll-xmrig-worker.nix b/systems/ll-xmrig-worker.nix deleted file mode 100644 index 3f66686..0000000 --- a/systems/ll-xmrig-worker.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ pkgs, ... }: { - imports = [ - # Core - ../features/base.nix - ../tweaks/zram.nix - ../tweaks/disable_nixos_user.nix - ../tweaks/systemd-resolved_nonsense.nix - - # Headless - ../features/headless.nix - - # Lauren - ../users/lauren_lagarde/lauren_lagarde.nix - { - home-manager.users.lauren_lagarde = { - imports = [ - ../users/lauren_lagarde/home-manager/lauren_lagarde.nix - ]; - }; - } - - # i3wm - ../features/i3.nix - ../tweaks/intel_igpu_screen_tearing.nix - - # Lauren - ../users/lauren_lagarde/i3.nix - ../users/lauren_lagarde/autologin.nix - ]; - - powerManagement.cpuFreqGovernor = "performance"; - - environment.systemPackages = with pkgs; [ - xmrig - ]; - - hardware.cpu.x86.msr = { - enable = true; - settings.allow-writes = "on"; - }; - - home-manager.users.lauren_lagarde = { - home.file = { - "Stronghold" = { - executable = true; - text = '' - sudo nmtui-connect Stronghold - ''; - }; - "mine" = { - executable = true; - text = '' - sudo xmrig -o vm-docker-2.mlaga97.space:3333 - ''; - }; - }; - }; -} diff --git a/systems/vm-docker-base.nix b/systems/vm-docker-base.nix deleted file mode 100644 index 0b10127..0000000 --- a/systems/vm-docker-base.nix +++ /dev/null @@ -1,78 +0,0 @@ -# cd; rm nixos-config; tar -xvf /Parlor/Lauren/nixos-config.tar.zst; cd nixos-config/nixos/; sudo nix run 'github:nix-community/disko/latest#disko-install' -- --flake .#TARGET_HOSTNAME --disk vda /dev/vda -{ ... }: { - imports = [ - ./ll-nixos-headless.nix - - ../features/docker.nix - ../features/dockge.nix - - ../tweaks/disable_firewall.nix - ]; - - ############################################################################## - ############################################################################## - ############################################################################## - # Bootloader / Kernel - - # UEFI Boot - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.systemd-boot.enable = true; - - # Libvirt Guest Kernel Modules - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; - - ############################################################################## - ############################################################################## - ############################################################################## - # Disk Layout - - # https://github.com/nix-community/disko/issues/528 - disko.devices = { - disk = { - vda = { - type = "disk"; - device = "/dev/vda"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - primary = { - size = "100%"; - content = { - type = "lvm_pv"; - vg = "pool"; - }; - }; - }; - }; - }; - }; - lvm_vg = { - pool = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%FREE"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - mountOptions = [ - "defaults" - ]; - }; - }; - }; - }; - }; - }; -} diff --git a/systems/vm-docker-dhcp.nix b/systems/vm-docker-dhcp.nix deleted file mode 100644 index 079c2f5..0000000 --- a/systems/vm-docker-dhcp.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: { - imports = [ - ./ll-nixos-headless.nix - - # Additional Features - ../features/persistent_docker.nix - ../tweaks/disable-firewall.nix - ]; -} diff --git a/systems/vm-docker-host/vm-docker-host-base.nix b/systems/vm-docker-host/vm-docker-host-base.nix new file mode 100644 index 0000000..ad90de4 --- /dev/null +++ b/systems/vm-docker-host/vm-docker-host-base.nix @@ -0,0 +1,26 @@ +{ ... }: { + imports = [ + # Core Features + ../features/base.nix + ../features/tui-apps.nix + ../features/openssh-server.nix + + # Core Tweaks + ../tweaks/zram.nix + ../tweaks/enable_flakes.nix + ../tweaks/disable_nixos_user.nix + ../tweaks/systemd-resolved_nonsense.nix + + # Lauren Base + ../users/lauren_lagarde/lauren_lagarde.nix + + # Dotspace + ../../secrets/dotspace.nix + ../../features/stronghold-binary-cache.nix + + # Docker Host Stuff + ../../tweaks/disable_firewall.nix + ../../features/virtualization/docker.nix + ../../features/virtualization/dockge.nix + ]; +} diff --git a/systems/vm-docker-host/vm-docker-host-luks.nix b/systems/vm-docker-host/vm-docker-host-luks.nix new file mode 100644 index 0000000..6ad6412 --- /dev/null +++ b/systems/vm-docker-host/vm-docker-host-luks.nix @@ -0,0 +1,12 @@ +# git add *; tar -cavf /Parlor/Lauren/mlaga97-nixos.tar.zst ../mlaga97-nixos +# tar -xvf /Parlor/Lauren/mlaga97-nixos.tar.zst; sudo nix run 'github:nix-community/disko/latest#disko-install' -- --extra-files ./ssh_host_ed25519_key /root/secrets/initrd/ssh_host_ed25519_key --flake mlaga97-nixos#$TARGET_HOSTNAME --disk vda /dev/vda +# tar -xvf /Parlor/Lauren/mlaga97-nixos.tar.zst; sudo nixos-rebuild switch --flake mlaga97-nixos?submodules=1#$HOSTNAME +{ ... }: { + imports = [ + ./vm-docker-host-base.nix + + # UEFI SSH LUKS + ../../features/initrd_ssh.nix + ../../features/libvirt-uefi-guest.nix + ]; +} diff --git a/tweaks/aarch64-crosscompile.nix b/tweaks/aarch64-crosscompile.nix new file mode 100644 index 0000000..e01e00b --- /dev/null +++ b/tweaks/aarch64-crosscompile.nix @@ -0,0 +1,3 @@ +{ ... }: { + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; +} diff --git a/tweaks/enable_flakes.nix b/tweaks/enable_flakes.nix new file mode 100644 index 0000000..1597d88 --- /dev/null +++ b/tweaks/enable_flakes.nix @@ -0,0 +1,4 @@ +{ ... }: { + nix.channel.enable = false; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; +} diff --git a/users/lauren_lagarde/dotspace_gui.nix b/users/lauren_lagarde/dotspace_gui.nix new file mode 100644 index 0000000..be89129 --- /dev/null +++ b/users/lauren_lagarde/dotspace_gui.nix @@ -0,0 +1,7 @@ +{ pkgs, unstable, ... }: { + home-manager.users.lauren_lagarde = { + imports = [ + ./home-manager/secrets/dotspace_gui.nix + ]; + }; +} diff --git a/users/lauren_lagarde/home-manager b/users/lauren_lagarde/home-manager index 97cde8a..110fa22 160000 --- a/users/lauren_lagarde/home-manager +++ b/users/lauren_lagarde/home-manager @@ -1 +1 @@ -Subproject commit 97cde8a8e73f1623a390397b060e5e4b7ffa61ba +Subproject commit 110fa225d48f599a7459c207e8fdb8d0f6f36d28 diff --git a/users/lauren_lagarde/home-manager.nix b/users/lauren_lagarde/home-manager.nix new file mode 100644 index 0000000..d6181f2 --- /dev/null +++ b/users/lauren_lagarde/home-manager.nix @@ -0,0 +1,7 @@ +{ pkgs, unstable, ... }: { + home-manager.users.lauren_lagarde = { + imports = [ + ./home-manager/lauren_lagarde.nix + ]; + }; +}