pupbrained/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

update

Browse source
This commit is contained in:
Mars 2024-11-11 15:57:56 -05:00
parent 781c570a55
commit 5e44ad7ffd
Signed by: pupbrained
GPG key ID: 0FF5B8826803F895
6 changed files with 1246 additions and 593 deletions
Download patch file Download diff file Expand all files Collapse all files

320
systems/x86_64-linux/navis/default.nix
View file

@ -9,32 +9,32 @@
fileSystems = {
"/" = {
device = "/dev/mapper/enc";
device = "/dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b";
fsType = "btrfs";
options = ["subvol=root"];
};
"/home" = {
device = "/dev/mapper/enc";
device = "/dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
"/nix" = {
device = "/dev/mapper/enc";
device = "/dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
"/persist" = {
device = "/dev/mapper/enc";
device = "/dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b";
neededForBoot = true;
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd"];
};
"/var/log" = {
device = "/dev/mapper/enc";
device = "/dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b";
fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"];
neededForBoot = true;
@ -74,6 +74,12 @@
wheelNeedsPassword = false;
execWheelOnly = true;
};
tpm2 = {
enable = true;
pkcs11.enable = true;
tctiEnvironment.enable = true;
};
};
fonts = {
@ -105,16 +111,48 @@
console.catppuccin.enable = true;
systemd.user.extraConfig = let
path = lib.concatStringsSep ":" [
"/run/wrappers/bin"
"/etc/profiles/per-user/%u/bin"
"/nix/var/nix/profiles/default/bin"
"/run/current-system/sw/bin"
];
in ''
DefaultEnvironment="PATH=${path}"
'';
systemd = {
tpm2.enable = true;
network.networks = {
"10-lan1" = {
DHCP = "yes";
matchConfig.MACAddress = "04:42:1a:02:fe:f5";
dhcpV4Config.RouteMetric = 10;
dhcpV6Config.RouteMetric = 10;
networkConfig = {
IPv6PrivacyExtensions = "yes";
MulticastDNS = true;
};
};
"10-wlan1" = {
DHCP = "yes";
matchConfig.MACAddress = "64:49:7d:c1:01:10";
dhcpV4Config.RouteMetric = 40;
dhcpV6Config.RouteMetric = 40;
networkConfig = {
IPv6PrivacyExtensions = "yes";
MulticastDNS = true;
};
};
};
user.extraConfig = let
path = lib.concatStringsSep ":" [
"/run/wrappers/bin"
"/etc/profiles/per-user/%u/bin"
"/nix/var/nix/profiles/default/bin"
"/run/current-system/sw/bin"
];
in ''
DefaultEnvironment="PATH=${path}"
'';
};
age = {
secrets.passwd.file = ../../../secrets/passwd.age;
@ -142,14 +180,15 @@
};
systemPackages = with pkgs; [
inputs.agenix.packages.${system}.default
ddccontrol-db
nautilus
inputs.agenix.packages.${system}.default
looking-glass-client
nautilus
qemu
snowfallorg.flake
sound-theme-freedesktop
uutils-coreutils-noprefix
virtio-win
qemu
(warp-terminal.override {waylandSupport = true;})
winetricks
wineWowPackages.staging
@ -160,10 +199,10 @@
persistence."/persist" = {
hideMounts = true;
directories = [
"/etc/NetworkManager"
"/etc/ssh"
"/root/.ssh"
"/var/lib/bluetooth"
"/var/lib/iwd"
"/var/lib/libvirt"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
@ -176,47 +215,68 @@
blacklistedKernelModules = ["nouveau" "i915"];
kernelPackages = pkgs.linuxPackages_cachyos;
supportedFilesystems = ["btrfs" "ntfs"];
# Encrypted device
initrd.luks.devices."enc".device = "/dev/disk/by-uuid/9952fcd1-46eb-4c9c-ab7d-361d31fdb9a2";
tmp.useTmpfs = true;
initrd.postDeviceCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount /dev/dm-0 /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
initrd = {
# Encrypted device
luks.devices."enc".device = "/dev/disk/by-uuid/9952fcd1-46eb-4c9c-ab7d-361d31fdb9a2";
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
systemd = {
enable = true;
emergencyAccess = true;
dbus.enable = true;
network = {
enable = true;
networks = {
inherit (config.systemd.network.networks) "10-lan1" "10-wlan1";
};
};
initrdBin = with pkgs; [
iwd
nix
vim
];
services.wipe-root = {
requires = ["dev-mapper-enc.device"];
after = ["dev-mapper-enc.device"];
wantedBy = ["initrd.target"];
script = lib.mkAfter ''
mkdir /btrfs_tmp
mount /dev/mapper/enc /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
plymouth = {
enable = true;
catppuccin.enable = true;
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
};
};
extraModprobeConfig =
"options nvidia "
+ lib.concatStringsSep " " [
"NVreg_UsePageAttributeTable=1"
"NVreg_EnablePCIeGen3=1"
"NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100"
"NVreg_UsePageAttributeTable=1"
];
kernelParams = [
@ -325,126 +385,6 @@
flake = "/home/marshall/nix-config";
};
nix-ld = {
enable = true;
libraries = with pkgs; [
SDL
SDL2
SDL2_image
SDL2_mixer
SDL2_ttf
SDL_image
SDL_mixer
SDL_ttf
alsa-lib
at-spi2-atk
at-spi2-core
atk
bzip2
cairo
cups
curlWithGnuTls
dbus
dbus-glib
desktop-file-utils
e2fsprogs
expat
flac
fontconfig
freeglut
freetype
fribidi
fuse
fuse3
gdk-pixbuf
glew110
glib
gmp
gst_all_1.gst-plugins-base
gst_all_1.gst-plugins-ugly
gst_all_1.gstreamer
gtk2
harfbuzz
icu
keyutils.lib
libgcc
libGL
libGLU
libappindicator-gtk2
libcaca
libcanberra
libcap
libclang.lib
libdbusmenu
libdrm
libgcrypt
libgpg-error
libidn
libjack2
libjpeg
libmikmod
libogg
libpng12
libpulseaudio
librsvg
libsamplerate
libthai
libtheora
libtiff
libudev0-shim
libusb1
libuuid
libvdpau
libvorbis
libvpx
libxcrypt-legacy
libxkbcommon
libxml2
mesa
nspr
nss
openssl
p11-kit
pango
pixman
python3
speex
stdenv.cc.cc
tbb
udev
vulkan-loader
wayland
xorg.libICE
xorg.libSM
xorg.libX11
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXft
xorg.libXi
xorg.libXinerama
xorg.libXmu
xorg.libXrandr
xorg.libXrender
xorg.libXt
xorg.libXtst
xorg.libXxf86vm
xorg.libpciaccess
xorg.libxcb
xorg.xcbutil
xorg.xcbutilimage
xorg.xcbutilkeysyms
xorg.xcbutilrenderutil
xorg.xcbutilwm
xorg.xkeyboardconfig
xz
zlib
];
};
obs-studio = {
enable = true;
enableVirtualCamera = true;
@ -452,12 +392,13 @@
};
networking = {
useDHCP = lib.mkDefault true;
hostName = "navis";
firewall.enable = false;
networkmanager.enable = false;
hostName = "navis";
nameservers = ["1.1.1.1" "1.0.0.1"];
networkmanager.dns = "none";
networkmanager.enable = true;
useDHCP = lib.mkForce true;
useNetworkd = true;
wireless.iwd.enable = true;
};
time = {
@ -505,9 +446,12 @@
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
alsa = {
enable = true;
support32Bit = true;
};
};
};
@ -515,10 +459,18 @@
mutableUsers = false;
users.marshall = {
isNormalUser = true;
extraGroups = ["wheel" "gamemode" "libvirtd" "qemu-libvirtd" "disk" "networkmanager"];
shell = pkgs.fish;
hashedPasswordFile = config.age.secrets.passwd.path;
isNormalUser = true;
shell = pkgs.fish;
extraGroups = [
"disk"
"gamemode"
"libvirtd"
"qemu-libvirtd"
"tss"
"wheel"
];
};
};
@ -554,19 +506,17 @@
xdg.portal = {
enable = true;
config = {
common = {
default = [
"cosmic"
"gtk"
];
};
};
xdgOpenUsePortal = true;
config.common.default = [
"cosmic"
"gtk"
];
extraPortals = [
pkgs.xdg-desktop-portal-cosmic
pkgs.xdg-desktop-portal-gtk
];
xdgOpenUsePortal = true;
};
system.stateVersion = "24.05";

1011
systems/x86_64-linux/navis/facter.json
View file

File diff suppressed because it is too large Load diff