Test
This commit is contained in:
parent
5e1e1b8c29
commit
60aa664d26
4 changed files with 98 additions and 6 deletions
|
@ -4,6 +4,7 @@
|
||||||
|
|
||||||
## Building
|
## Building
|
||||||
* To build the Raspberry Pi image: `nix build .#nixosConfigurations.nixos-rpi4-img.config.system.build.sdImage`
|
* To build the Raspberry Pi image: `nix build .#nixosConfigurations.nixos-rpi4-img.config.system.build.sdImage`
|
||||||
|
* bash alias: `nixos-build-pi-img`
|
||||||
* The resulting .img will be in `result/sd-image/*.img.zst`
|
* The resulting .img will be in `result/sd-image/*.img.zst`
|
||||||
```
|
```
|
||||||
6.6G nixos-sd-image-23.11.20230914.f2ea252-aarch64-linux.img
|
6.6G nixos-sd-image-23.11.20230914.f2ea252-aarch64-linux.img
|
||||||
|
@ -17,7 +18,6 @@
|
||||||
* [ ] Look into Remote Builds - [Link](https://nixos.org/manual/nix/stable/advanced-topics/distributed-builds.html)
|
* [ ] Look into Remote Builds - [Link](https://nixos.org/manual/nix/stable/advanced-topics/distributed-builds.html)
|
||||||
* [ ] Find a way to remove all default search engines in Firefox (Google, Amazon, etc)
|
* [ ] Find a way to remove all default search engines in Firefox (Google, Amazon, etc)
|
||||||
* [ ] Figure out what the home-manager `account` options are for.
|
* [ ] Figure out what the home-manager `account` options are for.
|
||||||
* [ ] Figure out how to get GPG SSH auth working
|
|
||||||
* [ ] Security hardening
|
* [ ] Security hardening
|
||||||
* [ ] cronjob
|
* [ ] cronjob
|
||||||
* [ ] Change wallpaper at a certain time of day
|
* [ ] Change wallpaper at a certain time of day
|
||||||
|
@ -97,7 +97,7 @@ Completed ToDo List [here](complete.md)
|
||||||
| Hostname | Description | Status |
|
| Hostname | Description | Status |
|
||||||
| -------- | ----------- | ------ |
|
| -------- | ----------- | ------ |
|
||||||
| nixos-laptop | Lenovo P1 Gen 5 | Complete |
|
| nixos-laptop | Lenovo P1 Gen 5 | Complete |
|
||||||
| nixos-framework | Ryzen 7 Framework 13 | Awaiting Hardware |
|
| nixos-framework | Intel Framework 13 | Awaiting Hardware |
|
||||||
| nixos-rpi4-01 | Testing Raspberry Pi / ARM | In Work |
|
| nixos-rpi4-01 | Testing Raspberry Pi / ARM | In Work |
|
||||||
| nixos-vm-01 | VM for building images | In Work |
|
| nixos-vm-01 | VM for building images | In Work |
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@
|
||||||
nur.url = "github:nix-community/NUR";
|
nur.url = "github:nix-community/NUR";
|
||||||
sops-nix.url = "github:Mic92/sops-nix";
|
sops-nix.url = "github:Mic92/sops-nix";
|
||||||
doom-emacs.url = "github:nix-community/nix-doom-emacs";
|
doom-emacs.url = "github:nix-community/nix-doom-emacs";
|
||||||
|
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||||
};
|
};
|
||||||
outputs = { self, nixpkgs, nixpkgs-wayland, home-manager, lanzaboote, nur, sops-nix, doom-emacs, ... } @inputs:
|
outputs = { self, nixpkgs, nixpkgs-wayland, home-manager, lanzaboote, nur, sops-nix, doom-emacs, ... } @inputs:
|
||||||
let
|
let
|
||||||
|
@ -25,7 +26,7 @@
|
||||||
nixos-vm-01 = libx.mkHost { hostname = "nixos-vm-01"; };
|
nixos-vm-01 = libx.mkHost { hostname = "nixos-vm-01"; };
|
||||||
# Physical Machines
|
# Physical Machines
|
||||||
nixos-laptop = libx.mkHost { hostname = "nixos-laptop"; desktop = "hyprland"; gpu = "intel"; theme = "gruvbox"; };
|
nixos-laptop = libx.mkHost { hostname = "nixos-laptop"; desktop = "hyprland"; gpu = "intel"; theme = "gruvbox"; };
|
||||||
nixos-framework = libx.mkHost { hostname = "nixos-framework"; desktop = "hyprland"; gpu = "amd"; theme = "gruvbox"; };
|
nixos-framework = libx.mkHost { hostname = "nixos-framework"; desktop = "hyprland"; gpu = "intel"; theme = "gruvbox"; };
|
||||||
nixos-rpi4-01 = libx.mkHost { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; };
|
nixos-rpi4-01 = libx.mkHost { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; };
|
||||||
nixos-rpi4-02 = libx.mkHost { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; };
|
nixos-rpi4-02 = libx.mkHost { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; };
|
||||||
nixos-rpi4-03 = libx.mkHost { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; };
|
nixos-rpi4-03 = libx.mkHost { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; };
|
||||||
|
|
91
nixos/hosts/nixos-framework/default.nix
Normal file
91
nixos/hosts/nixos-framework/default.nix
Normal file
|
@ -0,0 +1,91 @@
|
||||||
|
{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: {
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
../../common/services/powertop.nix
|
||||||
|
../../common/modules/secureboot.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
modules = [
|
||||||
|
# nix/nixos/hosts/nixos-laptop
|
||||||
|
inputs.nixos-hardware.nixosModules.framework.13th-gen-intel
|
||||||
|
];
|
||||||
|
|
||||||
|
# steam , etc
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" "acpi_call" ];
|
||||||
|
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
|
||||||
|
|
||||||
|
# This expects the following:
|
||||||
|
# /boot is "VFAT" fstype with label "BOOT"
|
||||||
|
# / is "btrfs" fstype with label "ROOT"
|
||||||
|
# swap is "swap" fstype with label "SWAP"
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-label/ROOT";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=@" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.luks.devices."DISK".device = "/dev/nvme0n1p1";
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-label/BOOT";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Enable Swap on LUKS
|
||||||
|
boot.initrd.luks.devices."SWAP" = {
|
||||||
|
device = "/dev/nvme0n1p2";
|
||||||
|
keyFile = "/crypto_keyfile.bin";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Set up the keyfile
|
||||||
|
boot.initrd.secrets."/crypto_keyfile.bin" = null;
|
||||||
|
# Hibernation resume device
|
||||||
|
boot.resumeDevice = "/dev/disk/by-label/SWAP";
|
||||||
|
# Confirm the swap devices
|
||||||
|
swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
|
||||||
|
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Asia/Tokyo";
|
||||||
|
|
||||||
|
# Set the networking hostname:
|
||||||
|
networking.hostName = "nixos-framework";
|
||||||
|
|
||||||
|
# Configure the fingerprint reader
|
||||||
|
services.fprintd = {
|
||||||
|
enable = true;
|
||||||
|
tod.enable = true;
|
||||||
|
tod.driver = pkgs.libfprint-2-tod1-vfs0090;
|
||||||
|
};
|
||||||
|
|
||||||
|
hardware = {
|
||||||
|
opengl = {
|
||||||
|
enable = true;
|
||||||
|
driSupport32Bit = true;
|
||||||
|
driSupport = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
# Fingerprint software
|
||||||
|
fprintd
|
||||||
|
|
||||||
|
# Game related things
|
||||||
|
gamemode
|
||||||
|
|
||||||
|
# WINE
|
||||||
|
wineWowPackages.stable
|
||||||
|
winetricks
|
||||||
|
wineWowPackages.waylandFull
|
||||||
|
];
|
||||||
|
|
||||||
|
}
|
|
@ -27,16 +27,16 @@
|
||||||
useOSProber = true;
|
useOSProber = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
||||||
# Set up the secrets file:
|
# Set up the secrets file:
|
||||||
sops.secrets.nixos-vm-01_tailscale_key = {
|
sops.secrets.nixos-vm-01_tailscale_key = {
|
||||||
owner = "root";
|
owner = "root";
|
||||||
sopsFile = ../../../secrets/tailscale.yaml;
|
sopsFile = ../../../secrets/tailscale.yaml;
|
||||||
restartUnits = [
|
restartUnits = [
|
||||||
"tailscaled.service"
|
"tailscaled.service"
|
||||||
"tailscaled-autoconnect.service"
|
"tailscaled-autoconnect.service"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
services.tailscale.authKeyFile = "/run/secrets/nixos-vm-01_tailscale_key";
|
services.tailscale.authKeyFile = "/run/secrets/nixos-vm-01_tailscale_key";
|
||||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
# networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue