This commit is contained in:
Grimmauld 2024-09-08 21:05:56 +02:00
parent 2bff480d76
commit 294b33e5ae
Signed by: Grimmauld
GPG key ID: C2946668769F91FB
4 changed files with 198 additions and 1 deletions

View file

@ -68,7 +68,7 @@ in
"usb_storage"
"sd_mod"
];
initrd.systemd.enable = true;
# initrd.systemd.enable = true;
loader.systemd-boot.enable = true;
# extraModulePackages = [ config.boot.kernelPackages.ddcci-driver ];
kernelModules = [

View file

@ -20,6 +20,7 @@ let
host_modules = {
grimmauld-nixos = [ ./specific/grimm-nixos-laptop/configuration.nix ];
grimm-nixos-ssd = [ ./specific/grimm-nixos-ssd/configuration.nix ];
grimmauld-nixos-server = [
./specific/grimmauld-nixos-server/configuration.nix

View file

@ -0,0 +1,67 @@
{ config, lib, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# ./modules/kvm.nix
./../../sway
];
age.identityPaths = [ "/home/grimmauld/.ssh/id_ed25519" ];
services.zfs.trim.enable = true;
boot.supportedFilesystems.zfs = true;
# networking.hostId = "2ea79333";
# boot.kernelPackages = lib.mkForce config.boot.zfs.package.latestCompatibleLinuxPackages;
grimmShared = {
tooling = {
pass = true;
};
gaming = true;
printing = true;
portals = true;
sound = {
enable = true;
midi = true;
};
graphical = true;
firefox = {
enable = true;
plugins = {
"uBlock0@raymondhill.net" = "ublock-origin";
"{1e6672b5-a286-4217-83ec-81cc872debcf}" = "youtube-control-fix";
"gdpr@cavi.au.dk" = "consent-o-matic";
"{41f9e51d-35e4-4b29-af66-422ff81c8b41}" = "disable-javascript";
"{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}" = "styl-us";
"wappalyzer@crunchlabz.com" = "wappalyzer";
"{b9db16a4-6edc-47ec-a1f4-b86292ed211d}" = "video-downloadhelper";
"{1526fba1-ac33-4dfc-99d8-163e6129f7b9}" = "reveye-ris";
};
};
cloudSync = {
enable = true;
username = "Grimmauld";
server = "cloud.grimmauld.de";
passwordFile = config.age.secrets.nextcloud_pass.path;
};
spotify.enable = true;
};
age.secrets.nextcloud_pass = {
file = ./../../secrets/nextcloud_pass.age;
mode = "777";
};
networking.hostName = "grimm-nixos-ssd";
system.stateVersion = "24.05";
# nix.settings.extra-substituters = [ "https://nixcache.grimmauld.de" ];
nix.settings.trusted-public-keys = [
"nixcache.grimmauld.de:LFBlakr8RYIuVb9I1S0+L9JGyB2THcfbPa0W6srghqo="
];
}

View file

@ -0,0 +1,129 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "uas" "sd_mod" "kvm-intel" ];
boot.initrd.kernelModules = [ "zfs" "nls_cp437" "nls_iso8859-1" "usbhid" "usb_storage" "nvme" ];
boot.zfs = {
forceImportRoot = false;
requestEncryptionCredentials = false; # none of the zfs datasets that should be mounted are encrypted. User homes happen later.
# [
# "zpool/home"
# "zpool/root"
# "zpool/nix"
# "zpool/var"
# ];
};
boot.kernelModules = [ "kvm-intel" ];
boot.supportedFilesystems.zfs = true;
networking.hostId = "40fa5ea8";
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
boot.extraModulePackages = [ ];
boot.kernelParams = [ "mds=full,nosmt" ];
services.homed.enable = true;
fileSystems."/" =
{ device = "zpool/root";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "zpool/nix";
fsType = "zfs";
};
fileSystems."/var" =
{ device = "zpool/var";
fsType = "zfs";
};
# fileSystems."/home" =
# { device = "zpool/home";
# fsType = "zfs";
# };
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/12CE-A600";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" "umask=077" ];
};
grimmShared = {
screens = {
external = {
id = "HDMI-A-1";
pos = "0 0";
};
internal = {
id = "eDP-1";
fps = [
144
60
];
};
};
laptop_hardware.enable = true;
};
# fileSystems."/crypt-storage" =
# { device = "/dev/disk/by-uuid/6f0d65a8-24f0-439d-b5ee-03c0ef051fcb";
# fsType = "ext4";
# options = [ "umask=077" ]; # read only so a fat-finger can't accidentially bonk our salts, rendering the disk useless.
# };
# fileSystems."/home/grimmauld" =
# { device = "zpool/home/grimmauld";
# fsType = "zfs";
# };
security.pam = {
zfs = {
enable = true;
homes = "zpool/home";
};
};
boot.initrd.luks.yubikeySupport = true; # enable yubikey support
boot.initrd.luks.devices."root" = {
device = "/dev/disk/by-uuid/6e6ca6b4-cfd5-4384-955b-bad9c48fa9d6"; # /dev/sda3
preLVM = true;
allowDiscards = true;
yubikey = {
slot = 2;
twoFactor = true; # Set to false for 1FA
gracePeriod = 30; # Time in seconds to wait for Yubikey to be inserted
keyLength = 64; # Set to $KEY_LENGTH/8
saltLength = 16; # Set to $SALT_LENGTH
storage = {
device = "/dev/disk/by-uuid/6f0d65a8-24f0-439d-b5ee-03c0ef051fcb"; # same ID as the crypt-storage mount earlier
fsType = "ext4";
path = "/default";
};
};
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}