diff options
Diffstat (limited to 'nix-conf/machines')
| -rw-r--r-- | nix-conf/machines/djmuk1/configuration.nix | 86 | ||||
| -rw-r--r-- | nix-conf/machines/djmuk1/hardware-configuration.nix | 17 | ||||
| -rw-r--r-- | nix-conf/machines/djmuk2/configuration.nix | 93 | ||||
| -rw-r--r-- | nix-conf/machines/djmuk2/hardware-configuration.nix | 18 | ||||
| -rw-r--r-- | nix-conf/machines/djmuk2/secrets.yaml | 21 | ||||
| -rw-r--r-- | nix-conf/machines/edrahil/configuration.nix | 191 | ||||
| -rw-r--r-- | nix-conf/machines/edrahil/hardware-configuration.nix | 14 | ||||
| -rw-r--r-- | nix-conf/machines/edrahil/network-configuration.nix | 19 | ||||
| -rw-r--r-- | nix-conf/machines/edrahil/secrets.yaml | 31 | ||||
| -rw-r--r-- | nix-conf/machines/egalmoth/configuration.nix | 101 | ||||
| -rw-r--r-- | nix-conf/machines/egalmoth/hardware-configuration.nix | 41 |
11 files changed, 461 insertions, 171 deletions
diff --git a/nix-conf/machines/djmuk1/configuration.nix b/nix-conf/machines/djmuk1/configuration.nix index 8c7187e..7405e9a 100644 --- a/nix-conf/machines/djmuk1/configuration.nix +++ b/nix-conf/machines/djmuk1/configuration.nix @@ -1,7 +1,6 @@ -{ config, pkgs, ... }: { - imports = [ - ./hardware-configuration.nix - ]; +{ config, pkgs, ... }: +{ + imports = [ ./hardware-configuration.nix ]; boot.tmp.cleanOnBoot = true; @@ -30,45 +29,60 @@ services.sshguard.enable = true; services.oidentd.enable = true; - services.locate = { - enable = true; - package = pkgs.plocate; - localuser = null; - }; + services.locate.enable = true; - users.users.djm = - { isNormalUser = true; - home = "/home/djm"; - description = "David Morgan"; - extraGroups = [ "wheel" "plocate" ]; - shell = pkgs.zsh; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" + users.users.djm = { + isNormalUser = true; + home = "/home/djm"; + description = "David Morgan"; + extraGroups = [ + "wheel" + "plocate" + ]; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9UDTaVnUOU/JknrNdihlhhGOk53LmHq9I1ASri3aga djm@gaius" - ]; - }; + ]; + }; - security.sudo.extraConfig = '' - djm ALL=(ALL) NOPASSWD: ALL - ''; - security.doas = { - enable = true; - extraRules = [ { users = [ "djm" ]; noPass = true; keepEnv = true; } ]; - }; + security.sudo.extraConfig = '' + djm ALL=(ALL) NOPASSWD: ALL + ''; + security.doas = { + enable = true; + extraRules = [ + { + users = [ "djm" ]; + noPass = true; + keepEnv = true; + } + ]; + }; - programs.zsh.enable = true; + programs.zsh.enable = true; - programs.vim.defaultEditor = true; + programs.vim = { + enable = true; + defaultEditor = true; + }; - environment.systemPackages = with pkgs; [ - #procmail - vim - wget - ]; + environment.systemPackages = with pkgs; [ + #procmail + wget + ]; + + nix.settings.trusted-users = [ + "root" + "djm" + ]; - nix.settings.trusted-users = [ "root" "djm" ]; + i18n.defaultLocale = "en_GB.UTF-8"; - i18n.defaultLocale = "en_GB.UTF-8"; + swapDevices = [ { + device = "/var/lib/swapfile"; + size = 2*1024; + } ]; - system.stateVersion = "22.05"; + system.stateVersion = "23.11"; } diff --git a/nix-conf/machines/djmuk1/hardware-configuration.nix b/nix-conf/machines/djmuk1/hardware-configuration.nix index 4d5ccf9..894b817 100644 --- a/nix-conf/machines/djmuk1/hardware-configuration.nix +++ b/nix-conf/machines/djmuk1/hardware-configuration.nix @@ -6,7 +6,20 @@ efiInstallAsRemovable = true; device = "nodev"; }; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/C149-C30B"; fsType = "vfat"; }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/0D60-CDE2"; + fsType = "vfat"; + }; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + "vmw_pvscsi" + ]; boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + } diff --git a/nix-conf/machines/djmuk2/configuration.nix b/nix-conf/machines/djmuk2/configuration.nix index 8d679ac..0b31a01 100644 --- a/nix-conf/machines/djmuk2/configuration.nix +++ b/nix-conf/machines/djmuk2/configuration.nix @@ -1,7 +1,6 @@ -{ config, pkgs, ... }: { - imports = [ - ./hardware-configuration.nix - ]; +{ config, pkgs, ... }: +{ + imports = [ ./hardware-configuration.nix ]; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; @@ -31,49 +30,65 @@ services.sshguard.enable = true; services.oidentd.enable = true; - services.locate = { - enable = true; - package = pkgs.plocate; - localuser = null; - }; + services.locate.enable = true; - users.users.djm = - { isNormalUser = true; - home = "/home/djm"; - description = "David Morgan"; - extraGroups = [ "wheel" "plocate" ]; - shell = pkgs.zsh; - openssh.authorizedKeys.keys = [ + # Emulate nix-sops. Technically an anti-pattern, but this isn't a real secret, and this has to be embedded here, as we cannot set a file path to read it from. + # Populate/update with: + # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["openiscsi_name"]' machines/djmuk2/secrets.yaml | doas tee /root/.config/secrets/openiscsi_name + services.openiscsi.enable = true; + services.openiscsi.name = builtins.readFile "/root/.config/secrets/openiscsi_name"; + #services.openiscsi.enableAutoLoginOut = true; + + users.users.djm = { + isNormalUser = true; + home = "/home/djm"; + description = "David Morgan"; + extraGroups = [ + "wheel" + "plocate" + ]; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9UDTaVnUOU/JknrNdihlhhGOk53LmHq9I1ASri3aga djm@gaius" - ]; - }; + ]; + }; - security.sudo.extraConfig = '' - djm ALL=(ALL) NOPASSWD: ALL - ''; - security.doas = { - enable = true; - extraRules = [ { users = [ "djm" ]; noPass = true; keepEnv = true; } ]; - }; + security.sudo.extraConfig = '' + djm ALL=(ALL) NOPASSWD: ALL + ''; + security.doas = { + enable = true; + extraRules = [ + { + users = [ "djm" ]; + noPass = true; + keepEnv = true; + } + ]; + }; - programs.zsh.enable = true; + programs.zsh.enable = true; - programs.vim.defaultEditor = true; + programs.vim = { + enable = true; + defaultEditor = true; + }; - environment.systemPackages = with pkgs; [ - #procmail - git - vim - wget - ]; + environment.systemPackages = with pkgs; [ + #procmail + git + wget + ]; - nix.settings.trusted-users = [ "root" "djm" ]; - nix.optimise.automatic = true; - nix.optimise.dates = [ "03:00" ]; + nix.settings.trusted-users = [ + "root" + "djm" + ]; + nix.optimise.automatic = true; + nix.optimise.dates = [ "03:00" ]; - i18n.defaultLocale = "en_GB.UTF-8"; + i18n.defaultLocale = "en_GB.UTF-8"; - system.stateVersion = "22.05"; + system.stateVersion = "22.05"; } - diff --git a/nix-conf/machines/djmuk2/hardware-configuration.nix b/nix-conf/machines/djmuk2/hardware-configuration.nix index e27e899..5c421f9 100644 --- a/nix-conf/machines/djmuk2/hardware-configuration.nix +++ b/nix-conf/machines/djmuk2/hardware-configuration.nix @@ -6,9 +6,19 @@ efiInstallAsRemovable = true; device = "nodev"; }; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/4875-017B"; fsType = "vfat"; }; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/4875-017B"; + fsType = "vfat"; + }; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + ]; boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { device = "/dev/mapper/ocivolume-root"; fsType = "xfs"; }; - + fileSystems."/" = { + device = "/dev/mapper/ocivolume-root"; + fsType = "xfs"; + }; + } diff --git a/nix-conf/machines/djmuk2/secrets.yaml b/nix-conf/machines/djmuk2/secrets.yaml new file mode 100644 index 0000000..3216fd3 --- /dev/null +++ b/nix-conf/machines/djmuk2/secrets.yaml @@ -0,0 +1,21 @@ +openiscsi_name: ENC[AES256_GCM,data:RZtrRGCnYgiAwq1bVnyK8fiYCxCKbtNs5diV3nUmNWAhU8CYRxau6SIAhB9t3f7p1fKgVC1V0fxV0nko6tdK,iv:M7qSnfBdxdTaCIb2/QZfrTUOZGX19IJY69IncTEk68w=,tag:eIo0fSKZTMEakGHh2zi5oQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age17j56andser5ddtlfunm35m25xueua4djh9glxlscfcet8865yv9s5aqvla + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5UFgxckhMa1RWL3hGQkZw + M25XN1JkT2dnQk9iVXdyaFJsa3hMM0pVam04CmZSWFdJbnl4RzFpUUpYK2JmRXFO + L3ZZbXZ3aHA4NjBuRCtnYlpsNG94ZVkKLS0tIFNIUTVjOUxhS00zZFlyODVuQ1lB + bC9sLzdObkpFNTJRcmk3N3Y0TG1xakkKvFbr1YlLFS7c0BfK1MYczTXgjwcaNjxH + tHCQWzVyx1VzLID1TCQDGXWApkaaQYxa2d/afTTRxk98w6xJIvLj2g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-03T15:08:24Z" + mac: ENC[AES256_GCM,data:CtMDdk/tY52HLDuTHIUWF8qV3wdyykWnEKJk0bGMT+feWd/+PAzJRzCOVDuL6AxT1FmtZGx2lFZz6A9vzFbGsn1fawXVo40q+6TWpdcv80tRaicfyh1FTppWGNOJn/bh7DILuX41HRTEP2ngpMHwSr3cbCUfhxrV+r7giguj1do=,iv:uGe15h57SyQr8yi19sqDRPwtC/4WmBAwqvsHI5g5pAc=,tag:2Lv+QZf0CsgusJMay9MyQQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/nix-conf/machines/edrahil/configuration.nix b/nix-conf/machines/edrahil/configuration.nix index 2ef4c9d..a1bc8e3 100644 --- a/nix-conf/machines/edrahil/configuration.nix +++ b/nix-conf/machines/edrahil/configuration.nix @@ -1,7 +1,9 @@ -{ config, pkgs,... }: { +{ config, pkgs, ... }: +{ imports = [ ./hardware-configuration.nix ./network-configuration.nix + <sops-nix/modules/sops> ]; boot.tmp.cleanOnBoot = true; @@ -10,7 +12,20 @@ networking.hostName = "edrahil"; networking.firewall = { enable = true; - allowedTCPPorts = [ 113 2222 ]; + allowedTCPPorts = [ + 113 + 2222 + ]; + }; + + sops = { + defaultSopsFile = builtins.path { + path = /etc/nixos/secrets.yaml; + name = "edrahil-secrets.yaml"; + }; + secrets.restic_password = { + owner = config.users.users.djm.name; + }; }; services.openssh = { @@ -34,50 +49,158 @@ services.sshguard.enable = true; services.oidentd.enable = true; - services.locate = { - enable = true; - package = pkgs.plocate; - localuser = null; + services.locate.enable = true; + + services.restic = { + backups = { + hb = { + paths = [ "${config.users.users.djm.home}" ]; + repository = "sftp:djm@hb-backup:/home/djm/backup/edrahil"; + initialize = true; + user = "djm"; + environmentFile = "/etc/restic-environment"; + passwordFile = config.sops.secrets.restic_password.path; + timerConfig = { + OnCalendar = "02:25"; + RandomizedDelaySec = "20min"; + }; + exclude = [ + "irclogs" + ".cache" + ".config" + ".directory_history" + ".local" + "nixpkgs" + ]; + extraBackupArgs = [ + "--compression=max" + ]; + pruneOpts = [ + "--keep-daily 5" + "--keep-weekly 2" + "--keep-monthly 3" + ]; + }; + bs = { + paths = [ "${config.users.users.djm.home}" ]; + repository = "sftp:djm@bs-backup:/home/djm/backup/edrahil"; + initialize = true; + user = "djm"; + environmentFile = "/etc/restic-environment"; + passwordFile = config.sops.secrets.restic_password.path; + timerConfig = { + OnCalendar = "03:15"; + RandomizedDelaySec = "20min"; + }; + exclude = [ + "irclogs" + ".cache" + ".config" + ".directory_history" + ".local" + "nixpkgs" + ]; + extraBackupArgs = [ + "--compression=max" + ]; + pruneOpts = [ + "--keep-daily 5" + "--keep-weekly 2" + "--keep-monthly 3" + ]; + }; + tt = { + paths = [ "${config.users.users.djm.home}" ]; + repository = "sftp:djm@tt-backup:/home/djm/backup/edrahil"; + initialize = true; + user = "djm"; + environmentFile = "/etc/restic-environment"; + passwordFile = config.sops.secrets.restic_password.path; + timerConfig = { + OnCalendar = "04:05"; + RandomizedDelaySec = "20min"; + }; + exclude = [ + "irclogs" + ".cache" + ".config" + ".directory_history" + ".local" + "nixpkgs" + ]; + extraBackupArgs = [ + "--compression=max" + ]; + pruneOpts = [ + "--keep-daily 5" + "--keep-weekly 2" + "--keep-monthly 3" + ]; + }; + }; }; time.timeZone = "Europe/London"; - users.users.djm = - { isNormalUser = true; - home = "/home/djm"; - description = "David Morgan"; - extraGroups = [ "wheel" "plocate" ]; - shell = pkgs.zsh; - openssh.authorizedKeys.keys = [ + users.users.djm = { + isNormalUser = true; + home = "/home/djm"; + description = "David Morgan"; + extraGroups = [ + "wheel" + "plocate" + ]; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9UDTaVnUOU/JknrNdihlhhGOk53LmHq9I1ASri3aga djm@gaius" - ]; - }; + ]; + }; - security.sudo.extraConfig = '' - djm ALL=(ALL) NOPASSWD: ALL - ''; - security.doas = { - enable = true; - extraRules = [ { users = [ "djm" ]; noPass = true; keepEnv = true; } ]; - }; + security.sudo.extraConfig = '' + djm ALL=(ALL) NOPASSWD: ALL + ''; + security.doas = { + enable = true; + extraRules = [ + { + users = [ "djm" ]; + noPass = true; + keepEnv = true; + } + ]; + }; + + programs.zsh.enable = true; - programs.zsh.enable = true; + programs.vim = { + enable = true; + defaultEditor = true; + }; - programs.vim.defaultEditor = true; + environment.etc = { + "restic-environment" = { + text = '' + RESTIC_COMPRESSION=max + ''; + }; + }; - environment.systemPackages = with pkgs; [ - #procmail - git - wget - ]; + environment.systemPackages = with pkgs; [ + #procmail + git + wget + ]; - nix.settings.trusted-users = [ "root" "djm" ]; - nix.optimise.automatic = true; - nix.optimise.dates = [ "03:00" ]; + nix.settings.trusted-users = [ + "root" + "djm" + ]; + nix.optimise.automatic = true; + nix.optimise.dates = [ "03:00" ]; - i18n.defaultLocale = "en_GB.UTF-8"; + i18n.defaultLocale = "en_GB.UTF-8"; - system.stateVersion = "22.05"; + system.stateVersion = "22.05"; } diff --git a/nix-conf/machines/edrahil/hardware-configuration.nix b/nix-conf/machines/edrahil/hardware-configuration.nix index f67b9f4..c8ee3f5 100644 --- a/nix-conf/machines/edrahil/hardware-configuration.nix +++ b/nix-conf/machines/edrahil/hardware-configuration.nix @@ -2,8 +2,16 @@ { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.loader.grub.device = "/dev/sda"; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "vmw_pvscsi" "xen_blkfront" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "vmw_pvscsi" + "xen_blkfront" + ]; boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; - + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + } diff --git a/nix-conf/machines/edrahil/network-configuration.nix b/nix-conf/machines/edrahil/network-configuration.nix new file mode 100644 index 0000000..4b85912 --- /dev/null +++ b/nix-conf/machines/edrahil/network-configuration.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + networking = { + interfaces.ens3.ipv6.addresses = [ + { + # Emulate nix-sops. Technically an anti-pattern, but IP addresses aren't real secrets, and this has to be embedded here, + # as we cannot set a file path to read it from. + # Populate/update with: + # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["ipv6_address"]' machines/edrahil/secrets.yaml | doas tee /root/.config/secrets/ipv6_address + address = builtins.readFile "/root/.config/secrets/ipv6_address"; + prefixLength = 64; + } + ]; + defaultGateway6 = { + address = "fe80::1"; + interface = "ens3"; + }; + }; +} diff --git a/nix-conf/machines/edrahil/secrets.yaml b/nix-conf/machines/edrahil/secrets.yaml new file mode 100644 index 0000000..1f4c31e --- /dev/null +++ b/nix-conf/machines/edrahil/secrets.yaml @@ -0,0 +1,31 @@ +ipv6_address: ENC[AES256_GCM,data:CGQWUSuwmucIEwtlLK0FodXOWjM=,iv:ZLPiACwjOmes+FbezZKjjwUETujhTbT++4zCuoptpkY=,tag:VjMtetJhRDlJXdKAmJlOxQ==,type:str] +restic_password: ENC[AES256_GCM,data:2sxeUDRdh9cPv0ACY9EIP7JcmPFo/w==,iv:bkA/FW82l5gSEOZPtVhSNoATmoJf07kC0FJLAcXFkZU=,tag:PbDY039oBas7CvK8RaFRkA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1tjfctwnwldmyxnu6qmeufgr9l79vyzmrs7fy58v3d0qj4x4nhqhq2gjmlp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvUGNnbm1Jemc5dVZYM01h + R0h4RlRpVnU1ZGxyL3V2TXdYS2JUSHFNTm1BCjJxdlFFbURjdXBaNjNUdldXNkJy + blZYRkhkZUgxR0lST2MxM3hENUhiQkEKLS0tIDhvYjhpRnpIVnVmV0VoTDFNOXIx + RlB1dXVsdEhETTNUdTRIbGxIMGNFSEkKqeafOyRg3F9dtENNnH5DhJzJU+AEEqrV + nfndOlVQe0G/e8SUzUYjVtD6V6Hj/x8OxN6FSOfZnNFNFHQgJ42jFg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1w7kjp0qdgfyg9cyj5w4qc4fc9qz3w65xw2veazesfgdenqrd3ucqsc5ejv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSGIvTjdEZGdGWm9ldnow + RGxnZ3RhMmthQXFhOCtaNUk1UGhYSytQdkFnCmY3UUxWVFJKeDE5eG9GNktobndz + UjBLOFBNWmFXSmJ2akRDYitsZm9TcmMKLS0tIDZoTGFxSWpwWmFTNjN6b2Q2T2Y3 + Qm1PWnAvZGcxWGZjcnE4QWJZaDE2cGMKOAfTIipI68eJnOnvpQyLCOyH1KAWd/d/ + SLnJQ+rmh9onA/znahB7Pn3LQtfKLNBADVtwLIuPID0FcgUW7nlOiw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-17T13:43:53Z" + mac: ENC[AES256_GCM,data:lVMbjnDvwlw72CiixJkEXCO7a20DYi4zKA8JTf0kSVQR/xjr9WbLpyllNq9Ex+eca/X0yaHBYjyOnBBpgz1h5o4i5iq738VXOEqD9v5BMdOrVmmDNnVcTAXqmWZGE7/pGmkiKef/iXOyJT2vsrrYR0vhgrvo/0WXce1YLUA4NTs=,iv:Y1w/llSNDry+PWz4oA/0MBJ+Ra6ceC1ZHMKb+CPCvE0=,tag:r2RR6ZfGL9TYwHtV9auL3A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/nix-conf/machines/egalmoth/configuration.nix b/nix-conf/machines/egalmoth/configuration.nix index 66382dd..e47cd45 100644 --- a/nix-conf/machines/egalmoth/configuration.nix +++ b/nix-conf/machines/egalmoth/configuration.nix @@ -1,14 +1,18 @@ -{ config, pkgs, lib, ... }: - { - imports = - [ - ./hardware-configuration.nix - ]; + config, + pkgs, + lib, + ... +}: +let + unstable = import <unstable> { }; +in +{ + imports = [ ./hardware-configuration.nix ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.kernelParams = ["intel_pstate=enable"]; + boot.kernelParams = [ "intel_pstate=enable" ]; powerManagement = { enable = true; #cpuFreqGovernor = "powersave"; @@ -50,8 +54,7 @@ }; }; - hardware.opengl.enable = true; - hardware.opengl.driSupport = true; + hardware.graphics.enable = true; networking.hostName = "egalmoth"; # Define your hostname. networking.networkmanager.enable = true; @@ -80,13 +83,19 @@ services.xserver.xkb.layout = "gb"; services.printing.enable = true; - services.printing.drivers = [ pkgs.gutenprint pkgs.hplipWithPlugin ]; - - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "hplip" - "corefonts" + services.printing.drivers = [ + pkgs.gutenprint + pkgs.hplipWithPlugin ]; + nixpkgs.config.allowUnfreePredicate = + pkg: + builtins.elem (lib.getName pkg) [ + "corefonts" + "hplip" + "zoom" + ]; + hardware.sane.enable = true; services.udev.packages = [ @@ -118,31 +127,40 @@ pulse.enable = true; }; - users.users.djm = - { isNormalUser = true; - description = "David Morgan"; - extraGroups = [ "wheel" "networkmanager" "scanner" "lp" "plocate" "cdrom" ]; - shell = pkgs.zsh; - openssh.authorizedKeys.keys = [ + users.users.djm = { + isNormalUser = true; + description = "David Morgan"; + extraGroups = [ + "wheel" + "networkmanager" + "scanner" + "lp" + "plocate" + "cdrom" + "disk" + ]; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9UDTaVnUOU/JknrNdihlhhGOk53LmHq9I1ASri3aga djm@gaius" - ]; - }; - security.sudo.extraConfig = '' - djm ALL=(ALL) NOPASSWD: ALL - ''; - security.doas = { - enable = true; - extraRules = [ { users = [ "djm" ]; noPass = true; keepEnv = true; } ]; - }; - - - services.locate = { + ]; + }; + security.sudo.extraConfig = '' + djm ALL=(ALL) NOPASSWD: ALL + ''; + security.doas = { enable = true; - package = pkgs.plocate; - localuser = null; + extraRules = [ + { + users = [ "djm" ]; + noPass = true; + keepEnv = true; + } + ]; }; + services.locate.enable = true; + environment.systemPackages = with pkgs; [ acpi acpitool @@ -160,19 +178,25 @@ rofi st sway - vim + vdhcoapp + ungoogled-chromium wayland wayst wezterm wl-clipboard wget xclip + xorg.xkill xurls xst + zoom-us libreoffice onlyoffice-bin ]; + programs.nix-ld.enable = true; + + programs.nix-ld.libraries = with pkgs; [ xorg.libxcb ]; fonts.packages = with pkgs; [ corefonts @@ -180,6 +204,7 @@ iosevka-bin jetbrains-mono meslo-lgs-nf + unstable.aporetic ]; programs.zsh.enable = true; @@ -194,7 +219,10 @@ enableSSHSupport = true; }; - programs.vim.defaultEditor = true; + programs.vim = { + enable = true; + defaultEditor = true; + }; services.openssh.enable = true; @@ -203,4 +231,3 @@ system.stateVersion = "21.05"; # Did you read the comment? } - diff --git a/nix-conf/machines/egalmoth/hardware-configuration.nix b/nix-conf/machines/egalmoth/hardware-configuration.nix index 4a5ae74..e5cb5f7 100644 --- a/nix-conf/machines/egalmoth/hardware-configuration.nix +++ b/nix-conf/machines/egalmoth/hardware-configuration.nix @@ -1,31 +1,40 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/b2189909-19fe-4f58-a8ff-4de288199843"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/b2189909-19fe-4f58-a8ff-4de288199843"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/6ED1-F330"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/6ED1-F330"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/a130cacb-d7e0-4fb8-a312-a34d19f00796"; } - ]; + swapDevices = [ { device = "/dev/disk/by-uuid/a130cacb-d7e0-4fb8-a312-a34d19f00796"; } ]; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; } |