From 1cc3496ea0347a1a06b1c0ced64c1723c8da2f34 Mon Sep 17 00:00:00 2001 From: Agatha Lovelace Date: Sun, 26 Mar 2023 18:14:49 +0200 Subject: [PATCH] Add laptop configuration --- README.md | 14 ++++++- flake.lock | 24 ++++++------ flake.nix | 17 ++++++++- hosts/ritual/configuration.nix | 50 +++++++++++++++++++++++++ hosts/ritual/hardware-configuration.nix | 50 +++++++++++++++++++++++++ 5 files changed, 141 insertions(+), 14 deletions(-) create mode 100644 hosts/ritual/configuration.nix create mode 100644 hosts/ritual/hardware-configuration.nix diff --git a/README.md b/README.md index 2b3410f..9660dd3 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,10 @@ Using [colmena](https://github.com/zhaofengli/colmena) ## Hosts - `bloodletting`: Main server +- `ritual`: NixOS laptop ### Manual setup on blank system/migrations +Bloodletting: - `colmena apply` - deploy config - `passwd` - set user passwords - rsync state: @@ -19,7 +21,17 @@ Using [colmena](https://github.com/zhaofengli/colmena) - `mstdn-ebooks` - `nyandroid` - `prometheus2` - - `/home/ftp` + - `/home/ftp` + +Ritual: +- `colmena apply[-local]` - deploy config +- `mkdir -p ~/.gnupg` - create directory for gnupg +- manual configuration/login: + - Firefox + - Copy extension data + - Element + - Telegram Desktop + - Geary ### Rsyncd Modules Modded minecraft instance rsync modules can be accessed through `mc-[modpack]@bloodletting::mc-[modpack]` with `--rsh=ssh` diff --git a/flake.lock b/flake.lock index fab0107..7d27815 100644 --- a/flake.lock +++ b/flake.lock @@ -142,11 +142,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1678157206, - "narHash": "sha256-LUOJ2KUK9oCV4aKxsAaJP9mskONxm9UIwpocI1/dpDA=", + "lastModified": 1678284394, + "narHash": "sha256-oEXCoNxfEmxqGuYxW7cLwINW70jeRrYqgOC40G1WBr8=", "owner": "helix-editor", "repo": "helix", - "rev": "136d1164e06c8ae6f23d611e8fcc2c3e53b9bd80", + "rev": "34be71fb50738a7e9d9e5ee5090680a0d84a321c", "type": "github" }, "original": { @@ -163,11 +163,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1678109311, - "narHash": "sha256-Q64FoCH5rp3XHoC8u1+KyjLEFGTY7kX9YaIaYfugvfY=", + "lastModified": 1678271387, + "narHash": "sha256-H2dv/i1LRlunRtrESirELzfPWdlG/6ElDB1ksO529H4=", "owner": "nix-community", "repo": "home-manager", - "rev": "04d6cad67557512452decbfe888c68fa11338a96", + "rev": "36999b8d19eb6eebb41983ef017d7e0095316af2", "type": "github" }, "original": { @@ -281,11 +281,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1677932085, - "narHash": "sha256-+AB4dYllWig8iO6vAiGGYl0NEgmMgGHpy9gzWJ3322g=", + "lastModified": 1677063315, + "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3c5319ad3aa51551182ac82ea17ab1c6b0f0df89", + "rev": "988cc958c57ce4350ec248d2d53087777f9e1949", "type": "github" }, "original": { @@ -347,11 +347,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1678072060, - "narHash": "sha256-6a9Tbjhir5HxDx4uw0u6Z+LHUfYf7tsT9QxF9FN/32w=", + "lastModified": 1678137616, + "narHash": "sha256-T+lWTRdcYaOnZQW+Ehdlg+YldC2l9cq2GXJFPq22Nxc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "47c003416297e4d59a5e3e7a8b15cdbdf5110560", + "rev": "7edcdf7b169c33cd3eef9aba50521ce93ee666b8", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 346d6b1..f0469d2 100644 --- a/flake.nix +++ b/flake.nix @@ -22,7 +22,7 @@ nixpkgs = import nixpkgs { system = "x86_64-linux"; overlays = [ - (self: super: { helix = helix.packages.${self.system}.default; }) + (final: prev: { helix = helix.packages.${final.system}.default; }) ]; }; }; @@ -53,6 +53,21 @@ }; }; }; + + ritual = { + imports = [ + ./common + ./hosts/ritual/configuration.nix + (import "${home-manager}/nixos") + ]; + + deployment = { + targetUser = "root"; + targetHost = "ritual"; + + allowLocalDeployment = true; + }; + }; }; }; } diff --git a/hosts/ritual/configuration.nix b/hosts/ritual/configuration.nix new file mode 100644 index 0000000..0c7026d --- /dev/null +++ b/hosts/ritual/configuration.nix @@ -0,0 +1,50 @@ +{ config, pkgs, ... }: { + imports = [ + ./hardware-configuration.nix + ../../common/fragments/graphical + ../../common/fragments/yubikey.nix + ../../common/home_manager/common.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot/efi"; + + boot.loader.systemd-boot.configurationLimit = 5; + + # Setup keyfile + boot.initrd.secrets = { "/crypto_keyfile.bin" = null; }; + + networking.hostName = "ritual"; + + # Enable networking + networking.networkmanager.enable = true; + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + banner = '' + Hello mistress ^,,^ + ''; + passwordAuthentication = false; + }; + + virtualisation = { + podman = { + enable = true; + dockerCompat = true; + defaultNetwork.dnsname.enable = true; + }; + oci-containers = { backend = "podman"; }; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.11"; # Did you read the comment? +} + diff --git a/hosts/ritual/hardware-configuration.nix b/hosts/ritual/hardware-configuration.nix new file mode 100644 index 0000000..1e69949 --- /dev/null +++ b/hosts/ritual/hardware-configuration.nix @@ -0,0 +1,50 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.availableKernelModules = + [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/6d51e9df-99f3-4eb3-b2da-a1c9b7e405df"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; + + boot.initrd.luks.devices."luks-8807caf4-ae17-4b39-93bd-ddfa1f994a47".device = + "/dev/disk/by-uuid/8807caf4-ae17-4b39-93bd-ddfa1f994a47"; + + # Enable swap on luks + boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".device = + "/dev/disk/by-uuid/c503653d-47de-4914-9e41-d13d14a6cc22"; + boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".keyFile = + "/crypto_keyfile.bin"; + + fileSystems."/boot/efi" = { + device = "/dev/disk/by-uuid/9A5C-CE17"; + fsType = "vfat"; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/e20a4e05-44a6-4895-84ef-e3d176931b25"; }]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; +}