unexplrd/nixos-blueprint
2
2
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

idk

Browse Source
This commit is contained in:
unexplrd
2025-03-09 14:21:08 +02:00
parent 3e3922be09
commit fca6f291ec
10 changed files with 342 additions and 252 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hosts/dunamis/builder.nix
View File

@ -1,5 +0,0 @@
{
nix.settings = {
secret-key-files = /var/nix/cache-priv-key.pem;
};
}

15
hosts/dunamis/configuration.nix
View File

@ -8,9 +8,10 @@
lix.nixosModules.default
self.nixosModules.desktop
self.nixosModules.system
./hardware-conf.nix
./hardware.nix
./programs.nix
./stylix.nix
./disko.nix
./users.nix
./sops.nix
];
@ -21,8 +22,9 @@
};
nix = {
# package = pkgs.lix;
channel.enable = false;
settings.experimental-features = ["nix-command" "flakes"];
daemonCPUSchedPolicy = "idle";
};
system.stateVersion = "25.05";
@ -65,6 +67,15 @@
fstrim.enable = true;
fwupd.enable = true;
openssh.enable = true;
opensnitch = {
enable = false;
settings = {
DefaultAaction = "deny";
Firewall = "iptables";
InterceptUnknown = true;
ProcMonitorMethod = "ebpf";
};
};
};
services.scx = {
enable = true;

73
hosts/dunamis/disko.nix Normal file
View File

@ -0,0 +1,73 @@
{inputs, ...}: {
imports = with inputs; [
disko.nixosModules.disko
];
disko.devices.disk.main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "2G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"fmask=0022"
"dmask=0022"
"noexec"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "luks-fe586da4-b164-4362-bcdf-9c5dd6c69a2b";
initrdUnlock = true;
settings.allowDiscards = true;
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"@nixos-root" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
"noexec"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"@storage" = {
mountpoint = "/storage";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
};
};
};
};
};
}

80
hosts/dunamis/hardware-conf.nix
View File

@ -1,80 +0,0 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
wireless.bluetooth.enable = true;
services.logind = {
lidSwitch = "ignore";
powerKey = "suspend";
};
boot = {
kernelModules = ["kvm-amd"];
extraModulePackages = [];
initrd = {
luks.devices."luks-fe586da4-b164-4362-bcdf-9c5dd6c69a2b".device = "/dev/disk/by-uuid/fe586da4-b164-4362-bcdf-9c5dd6c69a2b";
availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
kernelModules = [
"i915"
];
systemd.enable = true;
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/79ce18b8-3a9e-4cd0-be62-60972686f44a";
fsType = "btrfs";
options = [
"noatime"
"compress=zstd"
"subvol=@nixos-root"
];
};
"/home" = {
device = "/dev/disk/by-uuid/79ce18b8-3a9e-4cd0-be62-60972686f44a";
fsType = "btrfs";
options = [
"noatime"
"compress=zstd"
"subvol=@home"
];
};
"/storage" = {
device = "/dev/disk/by-uuid/79ce18b8-3a9e-4cd0-be62-60972686f44a";
fsType = "btrfs";
options = [
"noatime"
"compress=zstd"
"subvol=@storage"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/976C-7EE6";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};
swapDevices = [];
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
vpl-gpu-rt
];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

42
hosts/dunamis/hardware.nix Normal file
View File

@ -0,0 +1,42 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
wireless.bluetooth.enable = true;
services.logind = {
lidSwitch = "ignore";
powerKey = "suspend";
};
boot = {
kernelModules = ["kvm-amd"];
extraModulePackages = [];
initrd = {
systemd.enable = true; # needed for auto-unlocking with TPM
availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
kernelModules = [
"i915"
];
};
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
vpl-gpu-rt
];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/dunamis/stylix.nix
View File

@ -7,22 +7,21 @@
inputs.stylix.nixosModules.stylix
];
environment.systemPackages = with pkgs; [
#papirus-icon-theme
nerd-fonts.iosevka
];
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/tomorrow.yaml";
polarity = "light";
base16Scheme = "${pkgs.base16-schemes}/share/themes/tomorrow-night.yaml";
polarity = "dark";
cursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
name = "Bibata-Modern-Classic";
size = 24;
};
image = builtins.fetchurl {
url = "https://w.wallhaven.cc/full/d6/wallhaven-d6163o.jpg";
name = "wallhaven-d6163o";
sha256 = "c6d298be1520546c0440d64d1073e33a356043e2481a8a67e940d5262c0c2e28";
url = "https://w.wallhaven.cc/full/2y/wallhaven-2y7xv6.jpg";
name = "wallhaven-2y7xv6";
sha256 = "8c2118165298ff8f25138a2fed78e5f95e2494cfbf516b20ab1ff52dbad51afe";
};
opacity.terminal = 0.9;
fonts = {
@ -44,7 +43,6 @@
package = pkgs.nerd-fonts.iosevka;
name = "Iosevka Nerd Font Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";

1
hosts/dunamis/users.nix
View File

@ -30,6 +30,7 @@ in {
group = "remotebuild";
openssh.authorizedKeys.keyFiles = [
"${secrets}/ssh/id_ed25519_eldrid_rmbuild.pub"
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHPR1H7nWA2ay5PORdMJFnJcvVwpk3pTxMPJHQWSF3Z root@vylxae"
];
};
};