diff --git a/flake.nix b/flake.nix index 36d90a2a..701bf33a 100644 --- a/flake.nix +++ b/flake.nix @@ -72,6 +72,19 @@ ]; }; + nixedo = nixpkgs.lib.nixosSystem { + specialArgs = specialArgs // { + headless = true; + hostname = "nixedo"; + }; + + modules = [ + agenix.nixosModules.default + + ./nix/hosts/nixedo + ]; + }; + t490 = nixpkgs.lib.nixosSystem { specialArgs = specialArgs // { hostname = "t490"; diff --git a/nix/home/opdavies/hosts/nixedo.nix b/nix/home/opdavies/hosts/nixedo.nix new file mode 100644 index 00000000..ef00c48a --- /dev/null +++ b/nix/home/opdavies/hosts/nixedo.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + features = { + cli = { + direnv.enable = true; + }; + + desktop = { + gtk.enable = true; + }; + }; +} diff --git a/nix/hosts/lemp11/default.nix b/nix/hosts/lemp11/default.nix index 3baef024..7c94665b 100644 --- a/nix/hosts/lemp11/default.nix +++ b/nix/hosts/lemp11/default.nix @@ -26,8 +26,5 @@ ../common ./configuration.nix - ./secrets.nix - - ./modules/nginx.nix ]; } diff --git a/nix/hosts/nixedo/configuration.nix b/nix/hosts/nixedo/configuration.nix new file mode 100644 index 00000000..9ebdd5d4 --- /dev/null +++ b/nix/hosts/nixedo/configuration.nix @@ -0,0 +1,147 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ + headless, + hostname, + inputs, + outputs, + pkgs, + self, + system, + username, + ... +}: + +{ + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # home-manager.backupFileExtension + home-manager = { + backupFileExtension = "bak2"; + extraSpecialArgs = { + inherit + hostname + inputs + outputs + headless + self + system + username + ; + }; + useGlobalPkgs = true; + useUserPackages = true; + + users."${username}" = import "${self}/nix/home/${username}"; + }; + + nixpkgs = { + config = { + allowUnfree = true; + + permittedInsecurePackages = [ "electron-27.3.11" ]; + }; + + overlays = [ + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.stable-packages + ]; + }; + + nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot/efi"; + + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/London"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_GB.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_GB.UTF-8"; + LC_IDENTIFICATION = "en_GB.UTF-8"; + LC_MEASUREMENT = "en_GB.UTF-8"; + LC_MONETARY = "en_GB.UTF-8"; + LC_NAME = "en_GB.UTF-8"; + LC_NUMERIC = "en_GB.UTF-8"; + LC_PAPER = "en_GB.UTF-8"; + LC_TELEPHONE = "en_GB.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "gb"; + variant = ""; + }; + + # Configure console keymap + console.keyMap = "uk"; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.opdavies = { + isNormalUser = true; + description = "Oliver Davies"; + extraGroups = [ + "docker" + "media" + "networkmanager" + "wheel" + ]; + packages = with pkgs; [ + cryptsetup + ]; + }; + + users.groups.media = { }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + system.stateVersion = "24.11"; +} diff --git a/nix/hosts/nixedo/default.nix b/nix/hosts/nixedo/default.nix new file mode 100644 index 00000000..1bd01be5 --- /dev/null +++ b/nix/hosts/nixedo/default.nix @@ -0,0 +1,28 @@ +{ + features = { + cli = { + docker.enable = true; + }; + + homelab = { + forgejo.enable = true; + gitea.enable = true; + immich.enable = true; + jellyfin.enable = true; + paperless.enable = true; + pihole.enable = true; + tubearchivist-container.enable = true; + # vaultwarden.enable = true; + }; + }; + + imports = [ + ../common + + ./configuration.nix + ./secrets.nix + ./extra.nix + + ./modules/nginx.nix + ]; +} diff --git a/nix/hosts/nixedo/extra.nix b/nix/hosts/nixedo/extra.nix new file mode 100644 index 00000000..02188827 --- /dev/null +++ b/nix/hosts/nixedo/extra.nix @@ -0,0 +1,9 @@ +{ + programs.dconf.enable = true; + + services.logind.lidSwitchExternalPower = "ignore"; + + age.identityPaths = [ + "/home/opdavies/.ssh/id_rsa" + ]; +} diff --git a/nix/hosts/nixedo/hardware-configuration.nix b/nix/hosts/nixedo/hardware-configuration.nix new file mode 100644 index 00000000..bc7ab4db --- /dev/null +++ b/nix/hosts/nixedo/hardware-configuration.nix @@ -0,0 +1,54 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.kernelParams = [ "i8042.reset" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/7c6d69ec-ba06-4ddb-b9c4-62b3994fda91"; + fsType = "ext4"; + }; + + fileSystems."/boot/efi" = { + device = "/dev/disk/by-uuid/B729-9A75"; + fsType = "vfat"; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/5db0a0e6-93fb-4d0b-8fb0-fdb3cb76b89d"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s13f0u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nix/hosts/lemp11/modules/nginx.nix b/nix/hosts/nixedo/modules/nginx.nix similarity index 100% rename from nix/hosts/lemp11/modules/nginx.nix rename to nix/hosts/nixedo/modules/nginx.nix diff --git a/nix/hosts/lemp11/secrets.nix b/nix/hosts/nixedo/secrets.nix similarity index 100% rename from nix/hosts/lemp11/secrets.nix rename to nix/hosts/nixedo/secrets.nix diff --git a/nix/modules/nixos/autorandr.nix b/nix/modules/nixos/autorandr.nix index b00d34dd..202c4ced 100644 --- a/nix/modules/nixos/autorandr.nix +++ b/nix/modules/nixos/autorandr.nix @@ -16,6 +16,15 @@ desktop.name = "HDMI-1"; }; + nixedo = { + internal = { + fingerprint = "00ffffffffffff000dae081400000000251d0104a51f117802ee95a3544c99260f505400000001010101010101010101010101010101363680a0703820403020350035ad1000001a000000fe004e3134304843472d4551310a20000000fe00434d4e0a202020202020202020000000fe004e3134304843472d4551310a200084"; + name = "eDP-1"; + }; + + desktop.name = "HDMI-1"; + }; + t490 = { internal = { fingerprint = "00ffffffffffff0030e4fa0500000000001c0104a51f117802aa95955e598e271b5054000000010101010101010101010101010101012e3680a070381f403020350035ae1000001ab62c80f4703816403020350035ae1000001a000000fe004c4720446973706c61790a2020000000fe004c503134305746412d53504432004d"; diff --git a/nix/secrets/secrets.nix b/nix/secrets/secrets.nix index 1b6cd8f5..5552e141 100644 --- a/nix/secrets/secrets.nix +++ b/nix/secrets/secrets.nix @@ -2,6 +2,7 @@ let hosts = { hetznix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMk8n03VeShc0q4ztcaNrmScwM7u0j6fFVtmupy2RlM2"; lemp11 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZ+ljJKd6uqdAk+fqxwtObI4Stab2N9Bjo4QFHY/v8n"; + nixedo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage"; t490 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage"; }; @@ -12,11 +13,13 @@ in { "cloudflare.age".publicKeys = [ hosts.hetznix + hosts.t490 users.opdavies ]; "tubearchivist.age".publicKeys = [ hosts.lemp11 + hosts.nixedo users.opdavies ]; }