Merge remote-tracking branch 'refs/remotes/origin/main'

This commit is contained in:
albert 2023-09-18 20:33:50 +09:00
commit d4dec452ca
8 changed files with 119 additions and 13 deletions

View file

@ -2,6 +2,15 @@
## NOTE: These configs expect this repo to be cloned to /etc/nixos/git/ ## NOTE: These configs expect this repo to be cloned to /etc/nixos/git/
### For first-run, see [setup.sh](setup.sh) ### For first-run, see [setup.sh](setup.sh)
## Building
* To build the Raspberry Pi image: `nix build .#nixosConfigurations.nixos-rpi4-img.config.system.build.sdImage`
* bash alias: `nixos-build-pi-img`
* The resulting .img will be in `result/sd-image/*.img.zst`
```
6.6G nixos-sd-image-23.11.20230914.f2ea252-aarch64-linux.img
2.0G nixos-sd-image-23.11.20230914.f2ea252-aarch64-linux.img.zst
```
![Gruv'd Hyprland](./screenshot.png "Hyprland with a Gruvboxy theme") ![Gruv'd Hyprland](./screenshot.png "Hyprland with a Gruvboxy theme")
--- ---
@ -9,7 +18,6 @@
* [ ] Look into Remote Builds - [Link](https://nixos.org/manual/nix/stable/advanced-topics/distributed-builds.html) * [ ] Look into Remote Builds - [Link](https://nixos.org/manual/nix/stable/advanced-topics/distributed-builds.html)
* [ ] Find a way to remove all default search engines in Firefox (Google, Amazon, etc) * [ ] Find a way to remove all default search engines in Firefox (Google, Amazon, etc)
* [ ] Figure out what the home-manager `account` options are for. * [ ] Figure out what the home-manager `account` options are for.
* [ ] Figure out how to get GPG SSH auth working
* [ ] Security hardening * [ ] Security hardening
* [ ] cronjob * [ ] cronjob
* [ ] Change wallpaper at a certain time of day * [ ] Change wallpaper at a certain time of day
@ -89,7 +97,7 @@ Completed ToDo List [here](complete.md)
| Hostname | Description | Status | | Hostname | Description | Status |
| -------- | ----------- | ------ | | -------- | ----------- | ------ |
| nixos-laptop | Lenovo P1 Gen 5 | Complete | | nixos-laptop | Lenovo P1 Gen 5 | Complete |
| nixos-framework | Ryzen 7 Framework 13 | Awaiting Hardware | | nixos-framework | Intel Framework 13 | Awaiting Hardware |
| nixos-rpi4-01 | Testing Raspberry Pi / ARM | In Work | | nixos-rpi4-01 | Testing Raspberry Pi / ARM | In Work |
| nixos-vm-01 | VM for building images | In Work | | nixos-vm-01 | VM for building images | In Work |
@ -104,6 +112,7 @@ Completed ToDo List [here](complete.md)
* NixOS Documentation - Stable - [Link](https://nixos.org/manual/nixos/stable/) * NixOS Documentation - Stable - [Link](https://nixos.org/manual/nixos/stable/)
* NixOS Packages / Options Search - [Link](https://search.nixos.org/) * NixOS Packages / Options Search - [Link](https://search.nixos.org/)
* Nix User Repository (NUR) Search - [Link](https://nur.nix-community.org/) * Nix User Repository (NUR) Search - [Link](https://nur.nix-community.org/)
* ARM NixOS Building - [Link](https://nixos.wiki/wiki/NixOS_on_ARM#NixOS_installation_.26_configuration)
### Useful Links ### Useful Links
* FlakeHub - [Link](https://flakehub.com) * FlakeHub - [Link](https://flakehub.com)

View file

@ -10,6 +10,7 @@
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
doom-emacs.url = "github:nix-community/nix-doom-emacs"; doom-emacs.url = "github:nix-community/nix-doom-emacs";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
}; };
outputs = { self, nixpkgs, nixpkgs-wayland, home-manager, lanzaboote, nur, sops-nix, doom-emacs, ... } @inputs: outputs = { self, nixpkgs, nixpkgs-wayland, home-manager, lanzaboote, nur, sops-nix, doom-emacs, ... } @inputs:
let let
@ -25,7 +26,7 @@
nixos-vm-01 = libx.mkHost { hostname = "nixos-vm-01"; }; nixos-vm-01 = libx.mkHost { hostname = "nixos-vm-01"; };
# Physical Machines # Physical Machines
nixos-laptop = libx.mkHost { hostname = "nixos-laptop"; desktop = "hyprland"; gpu = "intel"; theme = "gruvbox"; }; nixos-laptop = libx.mkHost { hostname = "nixos-laptop"; desktop = "hyprland"; gpu = "intel"; theme = "gruvbox"; };
nixos-framework = libx.mkHost { hostname = "nixos-framework"; desktop = "hyprland"; gpu = "amd"; theme = "gruvbox"; }; nixos-framework = libx.mkHost { hostname = "nixos-framework"; desktop = "hyprland"; gpu = "intel"; theme = "gruvbox"; };
nixos-rpi4-01 = libx.mkHost { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; }; nixos-rpi4-01 = libx.mkHost { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; };
nixos-rpi4-02 = libx.mkHost { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; }; nixos-rpi4-02 = libx.mkHost { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; };
nixos-rpi4-03 = libx.mkHost { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; }; nixos-rpi4-03 = libx.mkHost { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; };

View file

@ -106,6 +106,11 @@
rebuild-home = "git -C /etc/nixos/git pull && home-manager switch -b backup --flake /etc/nixos/git"; rebuild-home = "git -C /etc/nixos/git pull && home-manager switch -b backup --flake /etc/nixos/git";
rebuild-host = "git -C /etc/nixos/git pull && sudo nixos-rebuild switch --flake /etc/nixos/git"; rebuild-host = "git -C /etc/nixos/git pull && sudo nixos-rebuild switch --flake /etc/nixos/git";
rebuild-all = "rebuild-home && rebuild-host"; rebuild-all = "rebuild-home && rebuild-host";
# Build ISOs/SD Card Images
nixos-build-pi-img = "nix build /etc/nixos/git#nixosConfigurations.nixos-rpi4-img.config.system.build.sdImage";
# nixos-build-console = "nix build /etc/nixos/git#nixosConfigurations.nixos-iso-console.config.system.build.isoImage";
# nixos-build-desktop = "nix build /etc/nixos/git#nixosConfigurations.nixos-iso-desktop.config.system.build.isoImage";
}; };
}; };
}; };

View file

@ -0,0 +1,91 @@
{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
../../common/services/powertop.nix
../../common/modules/secureboot.nix
];
modules = [
# nix/nixos/hosts/nixos-laptop
inputs.nixos-hardware.nixosModules.framework.13th-gen-intel
];
# steam , etc
nixpkgs.config.allowUnfree = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "acpi_call" ];
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
# This expects the following:
# /boot is "VFAT" fstype with label "BOOT"
# / is "btrfs" fstype with label "ROOT"
# swap is "swap" fstype with label "SWAP"
fileSystems."/" = {
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."DISK".device = "/dev/nvme0n1p1";
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
# Enable Swap on LUKS
boot.initrd.luks.devices."SWAP" = {
device = "/dev/nvme0n1p2";
keyFile = "/crypto_keyfile.bin";
};
# Set up the keyfile
boot.initrd.secrets."/crypto_keyfile.bin" = null;
# Hibernation resume device
boot.resumeDevice = "/dev/disk/by-label/SWAP";
# Confirm the swap devices
swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# Set your time zone.
time.timeZone = "Asia/Tokyo";
# Set the networking hostname:
networking.hostName = "nixos-framework";
# Configure the fingerprint reader
services.fprintd = {
enable = true;
tod.enable = true;
tod.driver = pkgs.libfprint-2-tod1-vfs0090;
};
hardware = {
opengl = {
enable = true;
driSupport32Bit = true;
driSupport = true;
};
};
environment.systemPackages = with pkgs; [
# Fingerprint software
fprintd
# Game related things
gamemode
# WINE
wineWowPackages.stable
winetricks
wineWowPackages.waylandFull
];
}

View file

@ -36,7 +36,7 @@
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix # Generic Tailscale configs are in /nixos/common/services/tailscale.nix
# Set up the secrets file: # Set up the secrets file:
sops.secrets.nixos-rpi4-01_tailscale_key = { sops.secrets.tailscale.nixos-rpi4-01 = {
owner = "root"; owner = "root";
sopsFile = ../../../secrets/tailscale.yaml; sopsFile = ../../../secrets/tailscale.yaml;
restartUnits = [ restartUnits = [
@ -44,10 +44,10 @@
"tailscaled-autoconnect.service" "tailscaled-autoconnect.service"
]; ];
}; };
services.tailscale.authKeyFile = "/run/secrets/nixos-rpi4-01_tailscale_key"; services.tailscale.authKeyFile = "/run/secrets/tailscale/nixos-rpi4-01";
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
# Temporary # Temporary
# networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedTCPPorts = [ 22 ];
} }

View file

@ -36,7 +36,7 @@
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix # Generic Tailscale configs are in /nixos/common/services/tailscale.nix
# Set up the secrets file: # Set up the secrets file:
sops.secrets.nixos-rpi4-01_tailscale_key = { sops.secrets.tailscale.nixos-rpi4-02 = {
owner = "root"; owner = "root";
sopsFile = ../../../secrets/tailscale.yaml; sopsFile = ../../../secrets/tailscale.yaml;
restartUnits = [ restartUnits = [
@ -44,7 +44,7 @@
"tailscaled-autoconnect.service" "tailscaled-autoconnect.service"
]; ];
}; };
services.tailscale.authKeyFile = "/run/secrets/nixos-rpi4-02_tailscale_key"; services.tailscale.authKeyFile = "/run/secrets/tailscale/nixos-rpi4-02";
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };

View file

@ -36,7 +36,7 @@
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix # Generic Tailscale configs are in /nixos/common/services/tailscale.nix
# Set up the secrets file: # Set up the secrets file:
sops.secrets.nixos-rpi4-01_tailscale_key = { sops.secrets.tailscale.nixos-rpi4-03 = {
owner = "root"; owner = "root";
sopsFile = ../../../secrets/tailscale.yaml; sopsFile = ../../../secrets/tailscale.yaml;
restartUnits = [ restartUnits = [
@ -44,7 +44,7 @@
"tailscaled-autoconnect.service" "tailscaled-autoconnect.service"
]; ];
}; };
services.tailscale.authKeyFile = "/run/secrets/nixos-rpi4-03_tailscale_key"; services.tailscale.authKeyFile = "/run/secrets/tailscale/nixos-rpi4-03";
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };

View file

@ -38,5 +38,5 @@
]; ];
}; };
services.tailscale.authKeyFile = "/run/secrets/nixos-vm-01_tailscale_key"; services.tailscale.authKeyFile = "/run/secrets/nixos-vm-01_tailscale_key";
networking.firewall.allowedTCPPorts = [ 22 ]; # networking.firewall.allowedTCPPorts = [ 22 ];
} }