unexplrd/nixos-blueprint
2
2
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

break up into reusable modules

Browse Source 
Signed-off-by: unexplrd <unexplrd@linerds.us>
This commit is contained in:
unexplrd
2025-03-28 16:16:16 +02:00
parent 28f935cfd0
commit 08408c5602
7 changed files with 125 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
hosts/eldrid/boot.nix Normal file
View File

@ -0,0 +1,35 @@
{
pkgs,
config,
inputs,
...
}: {
imports = with inputs; [
lanzaboote.nixosModules.lanzaboote
];
boot = {
# kernelPackages = pkgs.linuxPackages_latest;
kernelPackages = pkgs.linuxPackages_cachyos;
plymouth.enable = true;
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot = {
enable = !config.boot.lanzaboote.enable;
consoleMode = "auto";
};
initrd = {
availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" "xe" "i915"];
kernelModules = [];
};
kernelModules = ["kvm-intel"];
extraModulePackages = [];
lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
};
console = {
earlySetup = true;
packages = [pkgs.terminus_font];
font = "${pkgs.terminus_font}/share/consolefonts/ter-c18n.psf.gz";
};
}

124
hosts/eldrid/configuration.nix
View File

@ -1,111 +1,45 @@
# device-specific setup {inputs, ...}: {
{
pkgs,
config,
inputs,
...
}: {
imports = with inputs; [ imports = with inputs; [
chaotic.nixosModules.default
lanzaboote.nixosModules.lanzaboote
lix.nixosModules.default
self.nixosModules.desktop self.nixosModules.desktop
self.nixosModules.system self.nixosModules.system
./hardware.nix ./boot.nix
./programs.nix
./stylix.nix
./disko.nix ./disko.nix
./users.nix ./hardware.nix
./networking.nix
./nix.nix
./programs.nix
./services.nix
./sops.nix ./sops.nix
./stylix.nix
./users.nix
]; ];
desktop = { desktop.niri.enable = true;
niri.enable = true;
};
nix = {
channel.enable = false;
daemonCPUSchedPolicy = "idle";
settings = {
experimental-features = ["nix-command" "flakes"];
builders-use-substitutes = true;
};
distributedBuilds = true;
buildMachines = [
{
hostName = "dunamis";
sshUser = "nix-ssh";
system = "x86_64-linux";
sshKey = config.sops.secrets."ssh-eldrid-user".path;
supportedFeatures = ["nixos-test" "big-parallel" "kvm" "benchmark"];
publicHostKey = builtins.readFile "${inputs.mysecrets}/ssh/ssh_host_ed25519_dunamis.base64";
}
];
};
system.stateVersion = "25.05";
time.timeZone = "Europe/Kyiv";
locale.ukrainian.enable = true; locale.ukrainian.enable = true;
networking = { opentabletdriver.enable = false;
networkmanager.enable = true;
hostName = "eldrid";
hosts = {
"192.168.1.42" = ["dunamis"];
};
};
boot = { qmk-vial.enable = true;
# kernelPackages = pkgs.linuxPackages_latest;
kernelPackages = pkgs.linuxPackages_cachyos;
plymouth.enable = true;
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot = {
enable = !config.boot.lanzaboote.enable;
consoleMode = "auto";
};
lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
};
console = {
earlySetup = true;
packages = [pkgs.terminus_font];
font = "${pkgs.terminus_font}/share/consolefonts/ter-c18n.psf.gz";
};
services = {
power-profiles-daemon.enable = true;
flatpak.enable = true;
fstrim.enable = true;
openssh.enable = true;
syncthing.openDefaultPorts = true;
dnscrypt-proxy2 = {
enable = true;
settings = {
require_dnssec = true;
server_names = ["mullvad-doh"];
bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
};
};
};
services.scx = {
enable = true;
scheduler = "scx_flash";
};
security.basic.enable = true; security.basic.enable = true;
virtual = { system.stateVersion = "25.05";
libvirt.enable = true;
podman.enable = false; swapDevices = [
{
device = "/swap/swapfile";
size = 8 * 1024; # eight gigs
}
];
time.timeZone = "Europe/Kyiv";
virtual.libvirt.enable = true;
wireless = {
wifi.enable = true;
bluetooth.enable = true;
bluetooth.enableBlueman = true;
}; };
wireless.bluetooth.enableBlueman = true;
opentabletdriver.enable = false;
qmk-vial.enable = true;
} }

23
hosts/eldrid/hardware.nix
View File

@ -21,27 +21,6 @@
''; '';
}; };
in { in {
boot = {
initrd = {
availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" "xe" "i915"];
kernelModules = [];
};
kernelModules = ["kvm-intel"];
extraModulePackages = [];
};
swapDevices = [
{
device = "/swap/swapfile";
size = 8 * 1024; # eight gigs
}
];
wireless = {
wifi.enable = true;
bluetooth.enable = true;
};
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
@ -53,12 +32,12 @@ in {
# intel ax201 wifi card firmware # intel ax201 wifi card firmware
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
# physically broken touchscreen # physically broken touchscreen
services.udev.extraRules = "ACTION==\"add|change\", KERNELS==\"input[0-9]*\", SUBSYSTEMS==\"input\", ATTRS{id/vendor}==\"27c6\", ATTRS{id/product}==\"0e84\", ENV{LIBINPUT_IGNORE_DEVICE}=\"1\""; services.udev.extraRules = "ACTION==\"add|change\", KERNELS==\"input[0-9]*\", SUBSYSTEMS==\"input\", ATTRS{id/vendor}==\"27c6\", ATTRS{id/product}==\"0e84\", ENV{LIBINPUT_IGNORE_DEVICE}=\"1\"";
services.keyd = { services.keyd = {
enable = true; enable = true;
keyboards.internal = { keyboards.internal = {

9
hosts/eldrid/networking.nix Normal file
View File

@ -0,0 +1,9 @@
{
networking = {
networkmanager.enable = true;
hostName = "eldrid";
hosts = {
"192.168.1.42" = ["dunamis"];
};
};
}

28
hosts/eldrid/nix.nix Normal file
View File

@ -0,0 +1,28 @@
{
config,
inputs,
...
}: {
imports = with inputs; [
lix.nixosModules.default
];
nix = {
channel.enable = false;
daemonCPUSchedPolicy = "idle";
settings = {
experimental-features = ["nix-command" "flakes"];
builders-use-substitutes = true;
};
distributedBuilds = true;
buildMachines = [
{
hostName = "dunamis";
sshUser = "nix-ssh";
system = "x86_64-linux";
sshKey = config.sops.secrets."ssh-eldrid-user".path;
supportedFeatures = ["nixos-test" "big-parallel" "kvm" "benchmark"];
publicHostKey = builtins.readFile "${inputs.mysecrets}/ssh/ssh_host_ed25519_dunamis.base64";
}
];
};
}

21
hosts/eldrid/services.nix Normal file
View File

@ -0,0 +1,21 @@
{
services = {
flatpak.enable = true;
fstrim.enable = true;
openssh.enable = true;
power-profiles-daemon.enable = true;
syncthing.openDefaultPorts = true;
dnscrypt-proxy2 = {
enable = true;
settings = {
require_dnssec = true;
server_names = ["mullvad-doh"];
bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
};
};
scx = {
enable = true;
scheduler = "scx_flash";
};
};
}

4
hosts/eldrid/sops.nix
View File

@ -1,8 +1,8 @@
{inputs, ...}: let {inputs, ...}: let
secretsPath = builtins.toString inputs.mysecrets; secretsPath = builtins.toString inputs.mysecrets;
in { in {
imports = [ imports = with inputs; [
inputs.sops-nix.nixosModules.sops sops-nix.nixosModules.sops
]; ];
sops = { sops = {