diff options
Diffstat (limited to 'nix-conf/machines')
| -rw-r--r-- | nix-conf/machines/djmuk1/configuration.nix | 25 | ||||
| -rw-r--r-- | nix-conf/machines/djmuk1/hardware-configuration.nix | 11 | ||||
| -rw-r--r-- | nix-conf/machines/djmuk2/configuration.nix | 26 | ||||
| -rw-r--r-- | nix-conf/machines/djmuk2/hardware-configuration.nix | 9 | ||||
| -rw-r--r-- | nix-conf/machines/edrahil/configuration.nix | 35 | ||||
| -rw-r--r-- | nix-conf/machines/edrahil/hardware-configuration.nix | 11 | ||||
| -rw-r--r-- | nix-conf/machines/edrahil/network-configuration.nix | 21 | ||||
| -rw-r--r-- | nix-conf/machines/egalmoth/configuration.nix | 45 | ||||
| -rw-r--r-- | nix-conf/machines/egalmoth/hardware-configuration.nix | 21 |
9 files changed, 143 insertions, 61 deletions
diff --git a/nix-conf/machines/djmuk1/configuration.nix b/nix-conf/machines/djmuk1/configuration.nix index ed402c4..3ae99c5 100644 --- a/nix-conf/machines/djmuk1/configuration.nix +++ b/nix-conf/machines/djmuk1/configuration.nix @@ -1,4 +1,5 @@ -{ config, pkgs, ... }: { +{ config, pkgs, ... }: +{ imports = [ ./hardware-configuration.nix ]; boot.tmp.cleanOnBoot = true; @@ -38,7 +39,10 @@ isNormalUser = true; home = "/home/djm"; description = "David Morgan"; - extraGroups = [ "wheel" "plocate" ]; + extraGroups = [ + "wheel" + "plocate" + ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" @@ -51,11 +55,13 @@ ''; security.doas = { enable = true; - extraRules = [{ - users = [ "djm" ]; - noPass = true; - keepEnv = true; - }]; + extraRules = [ + { + users = [ "djm" ]; + noPass = true; + keepEnv = true; + } + ]; }; programs.zsh.enable = true; @@ -68,7 +74,10 @@ wget ]; - nix.settings.trusted-users = [ "root" "djm" ]; + nix.settings.trusted-users = [ + "root" + "djm" + ]; i18n.defaultLocale = "en_GB.UTF-8"; diff --git a/nix-conf/machines/djmuk1/hardware-configuration.nix b/nix-conf/machines/djmuk1/hardware-configuration.nix index 88a2e1a..894b817 100644 --- a/nix-conf/machines/djmuk1/hardware-configuration.nix +++ b/nix-conf/machines/djmuk1/hardware-configuration.nix @@ -1,4 +1,5 @@ -{ modulesPath, ... }: { +{ modulesPath, ... }: +{ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.loader.grub = { efiSupport = true; @@ -9,8 +10,12 @@ device = "/dev/disk/by-uuid/0D60-CDE2"; fsType = "vfat"; }; - boot.initrd.availableKernelModules = - [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + "vmw_pvscsi" + ]; boot.initrd.kernelModules = [ "nvme" ]; fileSystems."/" = { device = "/dev/sda1"; diff --git a/nix-conf/machines/djmuk2/configuration.nix b/nix-conf/machines/djmuk2/configuration.nix index f332103..9cc0a85 100644 --- a/nix-conf/machines/djmuk2/configuration.nix +++ b/nix-conf/machines/djmuk2/configuration.nix @@ -1,4 +1,5 @@ -{ config, pkgs, ... }: { +{ config, pkgs, ... }: +{ imports = [ ./hardware-configuration.nix ]; boot.tmp.cleanOnBoot = true; @@ -46,7 +47,10 @@ isNormalUser = true; home = "/home/djm"; description = "David Morgan"; - extraGroups = [ "wheel" "plocate" ]; + extraGroups = [ + "wheel" + "plocate" + ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" @@ -59,11 +63,13 @@ ''; security.doas = { enable = true; - extraRules = [{ - users = [ "djm" ]; - noPass = true; - keepEnv = true; - }]; + extraRules = [ + { + users = [ "djm" ]; + noPass = true; + keepEnv = true; + } + ]; }; programs.zsh.enable = true; @@ -77,7 +83,10 @@ wget ]; - nix.settings.trusted-users = [ "root" "djm" ]; + nix.settings.trusted-users = [ + "root" + "djm" + ]; nix.optimise.automatic = true; nix.optimise.dates = [ "03:00" ]; @@ -85,4 +94,3 @@ system.stateVersion = "22.05"; } - diff --git a/nix-conf/machines/djmuk2/hardware-configuration.nix b/nix-conf/machines/djmuk2/hardware-configuration.nix index fbc8d57..5c421f9 100644 --- a/nix-conf/machines/djmuk2/hardware-configuration.nix +++ b/nix-conf/machines/djmuk2/hardware-configuration.nix @@ -1,4 +1,5 @@ -{ modulesPath, ... }: { +{ modulesPath, ... }: +{ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.loader.grub = { efiSupport = true; @@ -9,7 +10,11 @@ device = "/dev/disk/by-uuid/4875-017B"; fsType = "vfat"; }; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + ]; boot.initrd.kernelModules = [ "nvme" ]; fileSystems."/" = { device = "/dev/mapper/ocivolume-root"; diff --git a/nix-conf/machines/edrahil/configuration.nix b/nix-conf/machines/edrahil/configuration.nix index 76b294b..d78c2a8 100644 --- a/nix-conf/machines/edrahil/configuration.nix +++ b/nix-conf/machines/edrahil/configuration.nix @@ -1,5 +1,9 @@ -{ config, pkgs, ... }: { - imports = [ ./hardware-configuration.nix ./network-configuration.nix ]; +{ config, pkgs, ... }: +{ + imports = [ + ./hardware-configuration.nix + ./network-configuration.nix + ]; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; @@ -7,7 +11,10 @@ networking.hostName = "edrahil"; networking.firewall = { enable = true; - allowedTCPPorts = [ 113 2222 ]; + allowedTCPPorts = [ + 113 + 2222 + ]; }; services.openssh = { @@ -43,7 +50,10 @@ isNormalUser = true; home = "/home/djm"; description = "David Morgan"; - extraGroups = [ "wheel" "plocate" ]; + extraGroups = [ + "wheel" + "plocate" + ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" @@ -56,11 +66,13 @@ ''; security.doas = { enable = true; - extraRules = [{ - users = [ "djm" ]; - noPass = true; - keepEnv = true; - }]; + extraRules = [ + { + users = [ "djm" ]; + noPass = true; + keepEnv = true; + } + ]; }; programs.zsh.enable = true; @@ -73,7 +85,10 @@ wget ]; - nix.settings.trusted-users = [ "root" "djm" ]; + nix.settings.trusted-users = [ + "root" + "djm" + ]; nix.optimise.automatic = true; nix.optimise.dates = [ "03:00" ]; diff --git a/nix-conf/machines/edrahil/hardware-configuration.nix b/nix-conf/machines/edrahil/hardware-configuration.nix index e20c7a7..c8ee3f5 100644 --- a/nix-conf/machines/edrahil/hardware-configuration.nix +++ b/nix-conf/machines/edrahil/hardware-configuration.nix @@ -1,8 +1,13 @@ -{ modulesPath, ... }: { +{ modulesPath, ... }: +{ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.loader.grub.device = "/dev/sda"; - boot.initrd.availableKernelModules = - [ "ata_piix" "uhci_hcd" "vmw_pvscsi" "xen_blkfront" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "vmw_pvscsi" + "xen_blkfront" + ]; boot.initrd.kernelModules = [ "nvme" ]; fileSystems."/" = { device = "/dev/sda1"; diff --git a/nix-conf/machines/edrahil/network-configuration.nix b/nix-conf/machines/edrahil/network-configuration.nix index 626232c..b8ce55f 100644 --- a/nix-conf/machines/edrahil/network-configuration.nix +++ b/nix-conf/machines/edrahil/network-configuration.nix @@ -1,13 +1,16 @@ -{ ... }: { +{ ... }: +{ networking = { - interfaces.ens3.ipv6.addresses = [{ - # Emulate nix-sops. Technically an anti-pattern, but IP addresses aren't real secrets, and this has to be embedded here, - # as we cannot set a file path to read it from. - # Populate/update with: - # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["ipv6_address"]' secrets/edrahil.yaml | doas tee /root/.config/secrets/ipv6_address - address = builtins.readFile "/root/.config/secrets/ipv6_address"; - prefixLength = 64; - }]; + interfaces.ens3.ipv6.addresses = [ + { + # Emulate nix-sops. Technically an anti-pattern, but IP addresses aren't real secrets, and this has to be embedded here, + # as we cannot set a file path to read it from. + # Populate/update with: + # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["ipv6_address"]' secrets/edrahil.yaml | doas tee /root/.config/secrets/ipv6_address + address = builtins.readFile "/root/.config/secrets/ipv6_address"; + prefixLength = 64; + } + ]; defaultGateway6 = { address = "fe80::1"; interface = "ens3"; diff --git a/nix-conf/machines/egalmoth/configuration.nix b/nix-conf/machines/egalmoth/configuration.nix index dbdce96..21b7d23 100644 --- a/nix-conf/machines/egalmoth/configuration.nix +++ b/nix-conf/machines/egalmoth/configuration.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { imports = [ ./hardware-configuration.nix ]; @@ -77,10 +82,18 @@ services.xserver.xkb.layout = "gb"; services.printing.enable = true; - services.printing.drivers = [ pkgs.gutenprint pkgs.hplipWithPlugin ]; + services.printing.drivers = [ + pkgs.gutenprint + pkgs.hplipWithPlugin + ]; - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ "corefonts" "hplip" "zoom" ]; + nixpkgs.config.allowUnfreePredicate = + pkg: + builtins.elem (lib.getName pkg) [ + "corefonts" + "hplip" + "zoom" + ]; hardware.sane.enable = true; @@ -116,8 +129,15 @@ users.users.djm = { isNormalUser = true; description = "David Morgan"; - extraGroups = - [ "wheel" "networkmanager" "scanner" "lp" "plocate" "cdrom" "disk" ]; + extraGroups = [ + "wheel" + "networkmanager" + "scanner" + "lp" + "plocate" + "cdrom" + "disk" + ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" @@ -129,11 +149,13 @@ ''; security.doas = { enable = true; - extraRules = [{ - users = [ "djm" ]; - noPass = true; - keepEnv = true; - }]; + extraRules = [ + { + users = [ "djm" ]; + noPass = true; + keepEnv = true; + } + ]; }; services.locate = { @@ -207,4 +229,3 @@ system.stateVersion = "21.05"; # Did you read the comment? } - diff --git a/nix-conf/machines/egalmoth/hardware-configuration.nix b/nix-conf/machines/egalmoth/hardware-configuration.nix index 4d15bf4..e5cb5f7 100644 --- a/nix-conf/machines/egalmoth/hardware-configuration.nix +++ b/nix-conf/machines/egalmoth/hardware-configuration.nix @@ -1,13 +1,25 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = - [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; @@ -22,8 +34,7 @@ fsType = "vfat"; }; - swapDevices = - [{ device = "/dev/disk/by-uuid/a130cacb-d7e0-4fb8-a312-a34d19f00796"; }]; + swapDevices = [ { device = "/dev/disk/by-uuid/a130cacb-d7e0-4fb8-a312-a34d19f00796"; } ]; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; } |