diff --git a/README.md b/README.md index 12fcc871..98a717ca 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,15 @@ ## NOTE: These configs expect this repo to be cloned to /etc/nixos/git/ ### For first-run, see [setup.sh](setup.sh) +## Building +* To build the Raspberry Pi image: `nix build .#nixosConfigurations.nixos-rpi4-img.config.system.build.sdImage` + * bash alias: `nixos-build-pi-img` +* The resulting .img will be in `result/sd-image/*.img.zst` +``` +6.6G nixos-sd-image-23.11.20230914.f2ea252-aarch64-linux.img +2.0G nixos-sd-image-23.11.20230914.f2ea252-aarch64-linux.img.zst +``` + ![Gruv'd Hyprland](./screenshot.png "Hyprland with a Gruvboxy theme") --- @@ -9,7 +18,6 @@ * [ ] Look into Remote Builds - [Link](https://nixos.org/manual/nix/stable/advanced-topics/distributed-builds.html) * [ ] Find a way to remove all default search engines in Firefox (Google, Amazon, etc) * [ ] Figure out what the home-manager `account` options are for. -* [ ] Figure out how to get GPG SSH auth working * [ ] Security hardening * [ ] cronjob * [ ] Change wallpaper at a certain time of day @@ -89,7 +97,7 @@ Completed ToDo List [here](complete.md) | Hostname | Description | Status | | -------- | ----------- | ------ | | nixos-laptop | Lenovo P1 Gen 5 | Complete | -| nixos-framework | Ryzen 7 Framework 13 | Awaiting Hardware | +| nixos-framework | Intel Framework 13 | Awaiting Hardware | | nixos-rpi4-01 | Testing Raspberry Pi / ARM | In Work | | nixos-vm-01 | VM for building images | In Work | @@ -104,6 +112,7 @@ Completed ToDo List [here](complete.md) * NixOS Documentation - Stable - [Link](https://nixos.org/manual/nixos/stable/) * NixOS Packages / Options Search - [Link](https://search.nixos.org/) * Nix User Repository (NUR) Search - [Link](https://nur.nix-community.org/) + * ARM NixOS Building - [Link](https://nixos.wiki/wiki/NixOS_on_ARM#NixOS_installation_.26_configuration) ### Useful Links * FlakeHub - [Link](https://flakehub.com) diff --git a/flake.nix b/flake.nix index 42527970..f3979204 100644 --- a/flake.nix +++ b/flake.nix @@ -10,6 +10,7 @@ nur.url = "github:nix-community/NUR"; sops-nix.url = "github:Mic92/sops-nix"; doom-emacs.url = "github:nix-community/nix-doom-emacs"; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; outputs = { self, nixpkgs, nixpkgs-wayland, home-manager, lanzaboote, nur, sops-nix, doom-emacs, ... } @inputs: let @@ -25,7 +26,7 @@ nixos-vm-01 = libx.mkHost { hostname = "nixos-vm-01"; }; # Physical Machines nixos-laptop = libx.mkHost { hostname = "nixos-laptop"; desktop = "hyprland"; gpu = "intel"; theme = "gruvbox"; }; - nixos-framework = libx.mkHost { hostname = "nixos-framework"; desktop = "hyprland"; gpu = "amd"; theme = "gruvbox"; }; + nixos-framework = libx.mkHost { hostname = "nixos-framework"; desktop = "hyprland"; gpu = "intel"; theme = "gruvbox"; }; nixos-rpi4-01 = libx.mkHost { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; }; nixos-rpi4-02 = libx.mkHost { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; }; nixos-rpi4-03 = libx.mkHost { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; }; diff --git a/home-manager/common/software/cli/bash.nix b/home-manager/common/software/cli/bash.nix index 05e63b4f..b12116d2 100644 --- a/home-manager/common/software/cli/bash.nix +++ b/home-manager/common/software/cli/bash.nix @@ -106,6 +106,11 @@ rebuild-home = "git -C /etc/nixos/git pull && home-manager switch -b backup --flake /etc/nixos/git"; rebuild-host = "git -C /etc/nixos/git pull && sudo nixos-rebuild switch --flake /etc/nixos/git"; rebuild-all = "rebuild-home && rebuild-host"; + + # Build ISOs/SD Card Images + nixos-build-pi-img = "nix build /etc/nixos/git#nixosConfigurations.nixos-rpi4-img.config.system.build.sdImage"; + # nixos-build-console = "nix build /etc/nixos/git#nixosConfigurations.nixos-iso-console.config.system.build.isoImage"; + # nixos-build-desktop = "nix build /etc/nixos/git#nixosConfigurations.nixos-iso-desktop.config.system.build.isoImage"; }; }; }; diff --git a/nixos/hosts/nixos-framework/default.nix b/nixos/hosts/nixos-framework/default.nix new file mode 100644 index 00000000..691f913f --- /dev/null +++ b/nixos/hosts/nixos-framework/default.nix @@ -0,0 +1,91 @@ +{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ../../common/services/powertop.nix + ../../common/modules/secureboot.nix + ]; + + modules = [ + # nix/nixos/hosts/nixos-laptop + inputs.nixos-hardware.nixosModules.framework.13th-gen-intel + ]; + + # steam , etc + nixpkgs.config.allowUnfree = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" "acpi_call" ]; + boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; + + # This expects the following: + # /boot is "VFAT" fstype with label "BOOT" + # / is "btrfs" fstype with label "ROOT" + # swap is "swap" fstype with label "SWAP" + + fileSystems."/" = { + device = "/dev/disk/by-label/ROOT"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; + + boot.initrd.luks.devices."DISK".device = "/dev/nvme0n1p1"; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + }; + + # Enable Swap on LUKS + boot.initrd.luks.devices."SWAP" = { + device = "/dev/nvme0n1p2"; + keyFile = "/crypto_keyfile.bin"; + }; + + # Set up the keyfile + boot.initrd.secrets."/crypto_keyfile.bin" = null; + # Hibernation resume device + boot.resumeDevice = "/dev/disk/by-label/SWAP"; + # Confirm the swap devices + swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ]; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + # Set your time zone. + time.timeZone = "Asia/Tokyo"; + + # Set the networking hostname: + networking.hostName = "nixos-framework"; + + # Configure the fingerprint reader + services.fprintd = { + enable = true; + tod.enable = true; + tod.driver = pkgs.libfprint-2-tod1-vfs0090; + }; + + hardware = { + opengl = { + enable = true; + driSupport32Bit = true; + driSupport = true; + }; + }; + + environment.systemPackages = with pkgs; [ + # Fingerprint software + fprintd + + # Game related things + gamemode + + # WINE + wineWowPackages.stable + winetricks + wineWowPackages.waylandFull + ]; + +} diff --git a/nixos/hosts/nixos-rpi4-01/default.nix b/nixos/hosts/nixos-rpi4-01/default.nix index e616ebaa..b4a46fe7 100644 --- a/nixos/hosts/nixos-rpi4-01/default.nix +++ b/nixos/hosts/nixos-rpi4-01/default.nix @@ -36,7 +36,7 @@ # Generic Tailscale configs are in /nixos/common/services/tailscale.nix # Set up the secrets file: - sops.secrets.nixos-rpi4-01_tailscale_key = { + sops.secrets.tailscale.nixos-rpi4-01 = { owner = "root"; sopsFile = ../../../secrets/tailscale.yaml; restartUnits = [ @@ -44,10 +44,10 @@ "tailscaled-autoconnect.service" ]; }; - services.tailscale.authKeyFile = "/run/secrets/nixos-rpi4-01_tailscale_key"; + services.tailscale.authKeyFile = "/run/secrets/tailscale/nixos-rpi4-01"; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; # Temporary - # networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.allowedTCPPorts = [ 22 ]; } \ No newline at end of file diff --git a/nixos/hosts/nixos-rpi4-02/default.nix b/nixos/hosts/nixos-rpi4-02/default.nix index 2ecd2162..d329835e 100644 --- a/nixos/hosts/nixos-rpi4-02/default.nix +++ b/nixos/hosts/nixos-rpi4-02/default.nix @@ -36,7 +36,7 @@ # Generic Tailscale configs are in /nixos/common/services/tailscale.nix # Set up the secrets file: - sops.secrets.nixos-rpi4-01_tailscale_key = { + sops.secrets.tailscale.nixos-rpi4-02 = { owner = "root"; sopsFile = ../../../secrets/tailscale.yaml; restartUnits = [ @@ -44,7 +44,7 @@ "tailscaled-autoconnect.service" ]; }; - services.tailscale.authKeyFile = "/run/secrets/nixos-rpi4-02_tailscale_key"; + services.tailscale.authKeyFile = "/run/secrets/tailscale/nixos-rpi4-02"; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; diff --git a/nixos/hosts/nixos-rpi4-03/default.nix b/nixos/hosts/nixos-rpi4-03/default.nix index 1f23f149..335f96a0 100644 --- a/nixos/hosts/nixos-rpi4-03/default.nix +++ b/nixos/hosts/nixos-rpi4-03/default.nix @@ -36,7 +36,7 @@ # Generic Tailscale configs are in /nixos/common/services/tailscale.nix # Set up the secrets file: - sops.secrets.nixos-rpi4-01_tailscale_key = { + sops.secrets.tailscale.nixos-rpi4-03 = { owner = "root"; sopsFile = ../../../secrets/tailscale.yaml; restartUnits = [ @@ -44,7 +44,7 @@ "tailscaled-autoconnect.service" ]; }; - services.tailscale.authKeyFile = "/run/secrets/nixos-rpi4-03_tailscale_key"; + services.tailscale.authKeyFile = "/run/secrets/tailscale/nixos-rpi4-03"; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; diff --git a/nixos/hosts/nixos-vm-01/default.nix b/nixos/hosts/nixos-vm-01/default.nix index 1c6e444a..28b7c840 100644 --- a/nixos/hosts/nixos-vm-01/default.nix +++ b/nixos/hosts/nixos-vm-01/default.nix @@ -27,16 +27,16 @@ useOSProber = true; }; - # Generic Tailscale configs are in /nixos/common/services/tailscale.nix + # Generic Tailscale configs are in /nixos/common/services/tailscale.nix # Set up the secrets file: sops.secrets.nixos-vm-01_tailscale_key = { owner = "root"; sopsFile = ../../../secrets/tailscale.yaml; - restartUnits = [ + restartUnits = [ "tailscaled.service" "tailscaled-autoconnect.service" ]; }; services.tailscale.authKeyFile = "/run/secrets/nixos-vm-01_tailscale_key"; - networking.firewall.allowedTCPPorts = [ 22 ]; + # networking.firewall.allowedTCPPorts = [ 22 ]; }