From 08408c5602e4da44ce6da0d04ebe58af06c7880a Mon Sep 17 00:00:00 2001 From: unexplrd Date: Fri, 28 Mar 2025 16:16:16 +0200 Subject: [PATCH] break up into reusable modules Signed-off-by: unexplrd --- hosts/eldrid/boot.nix | 35 ++++++++++ hosts/eldrid/configuration.nix | 124 ++++++++------------------------- hosts/eldrid/hardware.nix | 23 +----- hosts/eldrid/networking.nix | 9 +++ hosts/eldrid/nix.nix | 28 ++++++++ hosts/eldrid/services.nix | 21 ++++++ hosts/eldrid/sops.nix | 4 +- 7 files changed, 125 insertions(+), 119 deletions(-) create mode 100644 hosts/eldrid/boot.nix create mode 100644 hosts/eldrid/networking.nix create mode 100644 hosts/eldrid/nix.nix create mode 100644 hosts/eldrid/services.nix diff --git a/hosts/eldrid/boot.nix b/hosts/eldrid/boot.nix new file mode 100644 index 0000000..8c21e6e --- /dev/null +++ b/hosts/eldrid/boot.nix @@ -0,0 +1,35 @@ +{ + pkgs, + config, + inputs, + ... +}: { + imports = with inputs; [ + lanzaboote.nixosModules.lanzaboote + ]; + boot = { + # kernelPackages = pkgs.linuxPackages_latest; + kernelPackages = pkgs.linuxPackages_cachyos; + plymouth.enable = true; + loader.efi.canTouchEfiVariables = true; + loader.systemd-boot = { + enable = !config.boot.lanzaboote.enable; + consoleMode = "auto"; + }; + initrd = { + availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" "xe" "i915"]; + kernelModules = []; + }; + kernelModules = ["kvm-intel"]; + extraModulePackages = []; + lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; + }; + console = { + earlySetup = true; + packages = [pkgs.terminus_font]; + font = "${pkgs.terminus_font}/share/consolefonts/ter-c18n.psf.gz"; + }; +} diff --git a/hosts/eldrid/configuration.nix b/hosts/eldrid/configuration.nix index 3558fbe..685a97e 100644 --- a/hosts/eldrid/configuration.nix +++ b/hosts/eldrid/configuration.nix @@ -1,111 +1,45 @@ -# device-specific setup -{ - pkgs, - config, - inputs, - ... -}: { +{inputs, ...}: { imports = with inputs; [ - chaotic.nixosModules.default - lanzaboote.nixosModules.lanzaboote - lix.nixosModules.default self.nixosModules.desktop self.nixosModules.system - ./hardware.nix - ./programs.nix - ./stylix.nix + ./boot.nix ./disko.nix - ./users.nix + ./hardware.nix + ./networking.nix + ./nix.nix + ./programs.nix + ./services.nix ./sops.nix + ./stylix.nix + ./users.nix ]; - desktop = { - niri.enable = true; - }; + desktop.niri.enable = true; - nix = { - channel.enable = false; - daemonCPUSchedPolicy = "idle"; - settings = { - experimental-features = ["nix-command" "flakes"]; - builders-use-substitutes = true; - }; - distributedBuilds = true; - buildMachines = [ - { - hostName = "dunamis"; - sshUser = "nix-ssh"; - system = "x86_64-linux"; - sshKey = config.sops.secrets."ssh-eldrid-user".path; - supportedFeatures = ["nixos-test" "big-parallel" "kvm" "benchmark"]; - publicHostKey = builtins.readFile "${inputs.mysecrets}/ssh/ssh_host_ed25519_dunamis.base64"; - } - ]; - }; - - system.stateVersion = "25.05"; - - time.timeZone = "Europe/Kyiv"; locale.ukrainian.enable = true; - networking = { - networkmanager.enable = true; - hostName = "eldrid"; - hosts = { - "192.168.1.42" = ["dunamis"]; - }; - }; + opentabletdriver.enable = false; - boot = { - # kernelPackages = pkgs.linuxPackages_latest; - kernelPackages = pkgs.linuxPackages_cachyos; - plymouth.enable = true; - loader.efi.canTouchEfiVariables = true; - loader.systemd-boot = { - enable = !config.boot.lanzaboote.enable; - consoleMode = "auto"; - }; - lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - }; - }; - - console = { - earlySetup = true; - packages = [pkgs.terminus_font]; - font = "${pkgs.terminus_font}/share/consolefonts/ter-c18n.psf.gz"; - }; - - services = { - power-profiles-daemon.enable = true; - flatpak.enable = true; - fstrim.enable = true; - openssh.enable = true; - syncthing.openDefaultPorts = true; - dnscrypt-proxy2 = { - enable = true; - settings = { - require_dnssec = true; - server_names = ["mullvad-doh"]; - bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"]; - }; - }; - }; - services.scx = { - enable = true; - scheduler = "scx_flash"; - }; + qmk-vial.enable = true; security.basic.enable = true; - virtual = { - libvirt.enable = true; - podman.enable = false; + system.stateVersion = "25.05"; + + swapDevices = [ + { + device = "/swap/swapfile"; + size = 8 * 1024; # eight gigs + } + ]; + + time.timeZone = "Europe/Kyiv"; + + virtual.libvirt.enable = true; + + wireless = { + wifi.enable = true; + bluetooth.enable = true; + bluetooth.enableBlueman = true; }; - - wireless.bluetooth.enableBlueman = true; - - opentabletdriver.enable = false; - qmk-vial.enable = true; } diff --git a/hosts/eldrid/hardware.nix b/hosts/eldrid/hardware.nix index 09921b4..6ca7d37 100755 --- a/hosts/eldrid/hardware.nix +++ b/hosts/eldrid/hardware.nix @@ -21,27 +21,6 @@ ''; }; in { - boot = { - initrd = { - availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" "xe" "i915"]; - kernelModules = []; - }; - kernelModules = ["kvm-intel"]; - extraModulePackages = []; - }; - - swapDevices = [ - { - device = "/swap/swapfile"; - size = 8 * 1024; # eight gigs - } - ]; - - wireless = { - wifi.enable = true; - bluetooth.enable = true; - }; - hardware.graphics = { enable = true; extraPackages = with pkgs; [ @@ -53,12 +32,12 @@ in { # intel ax201 wifi card firmware hardware.enableRedistributableFirmware = true; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; # physically broken touchscreen services.udev.extraRules = "ACTION==\"add|change\", KERNELS==\"input[0-9]*\", SUBSYSTEMS==\"input\", ATTRS{id/vendor}==\"27c6\", ATTRS{id/product}==\"0e84\", ENV{LIBINPUT_IGNORE_DEVICE}=\"1\""; + services.keyd = { enable = true; keyboards.internal = { diff --git a/hosts/eldrid/networking.nix b/hosts/eldrid/networking.nix new file mode 100644 index 0000000..3ae7ae8 --- /dev/null +++ b/hosts/eldrid/networking.nix @@ -0,0 +1,9 @@ +{ + networking = { + networkmanager.enable = true; + hostName = "eldrid"; + hosts = { + "192.168.1.42" = ["dunamis"]; + }; + }; +} diff --git a/hosts/eldrid/nix.nix b/hosts/eldrid/nix.nix new file mode 100644 index 0000000..6dadc3e --- /dev/null +++ b/hosts/eldrid/nix.nix @@ -0,0 +1,28 @@ +{ + config, + inputs, + ... +}: { + imports = with inputs; [ + lix.nixosModules.default + ]; + nix = { + channel.enable = false; + daemonCPUSchedPolicy = "idle"; + settings = { + experimental-features = ["nix-command" "flakes"]; + builders-use-substitutes = true; + }; + distributedBuilds = true; + buildMachines = [ + { + hostName = "dunamis"; + sshUser = "nix-ssh"; + system = "x86_64-linux"; + sshKey = config.sops.secrets."ssh-eldrid-user".path; + supportedFeatures = ["nixos-test" "big-parallel" "kvm" "benchmark"]; + publicHostKey = builtins.readFile "${inputs.mysecrets}/ssh/ssh_host_ed25519_dunamis.base64"; + } + ]; + }; +} diff --git a/hosts/eldrid/services.nix b/hosts/eldrid/services.nix new file mode 100644 index 0000000..7fa3eab --- /dev/null +++ b/hosts/eldrid/services.nix @@ -0,0 +1,21 @@ +{ + services = { + flatpak.enable = true; + fstrim.enable = true; + openssh.enable = true; + power-profiles-daemon.enable = true; + syncthing.openDefaultPorts = true; + dnscrypt-proxy2 = { + enable = true; + settings = { + require_dnssec = true; + server_names = ["mullvad-doh"]; + bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"]; + }; + }; + scx = { + enable = true; + scheduler = "scx_flash"; + }; + }; +} diff --git a/hosts/eldrid/sops.nix b/hosts/eldrid/sops.nix index bf833b9..d48524a 100644 --- a/hosts/eldrid/sops.nix +++ b/hosts/eldrid/sops.nix @@ -1,8 +1,8 @@ {inputs, ...}: let secretsPath = builtins.toString inputs.mysecrets; in { - imports = [ - inputs.sops-nix.nixosModules.sops + imports = with inputs; [ + sops-nix.nixosModules.sops ]; sops = {