dala/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Introduce fuyuki

Browse source
This commit is contained in:
Victor Mignot 2024-07-26 20:34:42 +02:00 committed by Victor Mignot
parent a9c5c6b16e
commit acadf15578
Signed by: dala
GPG key ID: 5E7F2CE1BEAFED3D
5 changed files with 183 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.sops.yaml
View file

@ -2,6 +2,7 @@ keys:
- &london_system age1rr2u4kk5jc0zk5mmgcfzlddzz82u9ldqwnd2mkcspnps7pzegsms7fys7u - &london_system age1rr2u4kk5jc0zk5mmgcfzlddzz82u9ldqwnd2mkcspnps7pzegsms7fys7u
- &london_dala age19m7s6rl4l88nv0f7el70k9u9mv6fd0nq5nw5a3f6p3ffzch274lsksu3y7 - &london_dala age19m7s6rl4l88nv0f7el70k9u9mv6fd0nq5nw5a3f6p3ffzch274lsksu3y7
- &camelot_system age1qp54d5gzvpyedcv26uckz7lmy2a48m27astawa62hkey59qgmg8setufp5 - &camelot_system age1qp54d5gzvpyedcv26uckz7lmy2a48m27astawa62hkey59qgmg8setufp5
- &fuyuki_system age1lpk05l443jd7ra27hssvkc9xctpl990dy78tghmr4e8x7lfndy3qwhakwm
- &pgp_dala 2763F2B50E63CE401A3EB9C040DE2FEE4D3C5E2C - &pgp_dala 2763F2B50E63CE401A3EB9C040DE2FEE4D3C5E2C
creation_rules: creation_rules:
@ -27,3 +28,11 @@ creation_rules:
- *camelot_system - *camelot_system
pgp: pgp:
- *pgp_dala - *pgp_dala
# Fuyuki
- path_regex: configurations/fuyuki/secrets/secrets.yaml$
key_groups:
- age:
- *fuyuki_system
pgp:
- *pgp_dala

126
configurations/fuyuki/default.nix Normal file
View file

@ -0,0 +1,126 @@
{
config,
lib,
extraInfo,
pkgs,
...
}:
{
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [
"dm-snapshot"
"i915"
];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
services.tlp.enable = true;
useLatestKernel = true;
hwAccelerationGPU = "intel";
isProfessional = false;
allowUnfreePackages = true;
keymap = "us";
luksDevices = [
{
name = "crypted-nixos";
deviceUUID = "401036ff-8ad8-4738-a249-85391dac0430";
isPreLVM = true;
}
];
filesystems = [
{
mountpoint = "/";
deviceUUID = "663f1c4a-dce6-48b2-b8e2-a602e812c49b";
fsType = "ext4";
}
{
mountpoint = "/boot";
deviceUUID = "3F42-7C9B";
fsType = "vfat";
}
{
mountpoint = "/nix";
deviceUUID = "148a5295-396b-495b-b46e-1fa4e99cf9d0";
fsType = "ext4";
}
{
mountpoint = "/home";
deviceUUID = "16b6bd32-465c-4a42-a082-df42d912e5e5";
fsType = "ext4";
}
];
swapDeviceUUID = "0bc27219-00dd-4ae9-b946-ab65a68cbdf1";
sops = {
gnupg.sshKeyPaths = [ ];
age = {
sshKeyPaths = [ ];
keyFile = "/var/lib/sops-nix/key.txt";
};
defaultSopsFile = ./secrets/secrets.yaml;
secrets.wg0_private = { };
};
networking.wg-quick.interfaces.wg0 = {
address = [ "10.100.0.3/24" ];
listenPort = 51820;
privateKeyFile = config.sops.secrets.wg0_private.path;
dns = [ "10.100.0.1" ];
peers = [
# RockPro 64
{
publicKey = "XVmG3/rNsCqc8KCmOx3+UUn9DJOnJ40Uxid5JGdChR4=";
endpoint = "${extraInfo.wireguard.rockProEndpoint}:51820";
allowedIPs = [ "10.100.0.1/32" ];
persistentKeepalive = 25;
}
];
};
machineUsers = {
dala = {
description = "Dala";
groups = [
"wheel"
"network"
"audio"
"video"
"docker"
"wireshark"
];
uid = 1000;
shell = pkgs.fish;
enableHomeManagerProfile = true;
homeManagerConfig = {
programs.helix.enable = true;
desktop.monitors = [
{
name = "Chimei Innolux Corporation 0x14C9 Unknown";
resolution = "1920x1080@60.008Hz";
position = "0 0";
defaultWorkspace = 1;
}
];
nixpkgs.config.allowUnfree = true;
development.embedded.enableTools = true;
};
};
};
}

33
configurations/fuyuki/secrets/secrets.yaml Normal file
View file

@ -0,0 +1,33 @@
wg0_private: ENC[AES256_GCM,data:+59MHO/LNuoqcJZYB05ukVPgRT+RJOsn4IL6Pk16OsSFp22Ikd/t5AIyY8E=,iv:tg7Gl+Ad2bGTYmpkPS4nuIRYX5j9rhB2oOY4JX8YYKo=,tag:Tp3SQkxDUg2X1HZrVAVs5g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1lpk05l443jd7ra27hssvkc9xctpl990dy78tghmr4e8x7lfndy3qwhakwm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVWVQZ1ZmWlJyMTRGMmlr
TDRab1ZqWmx0cjNkb3YzQzF0NXlDK0tib2dZCkFXeXdhSTJDSnA3Nm4zNk50bDQr
RzdndkxxbkhHZldsb24wdmZXSGdMZ1UKLS0tIG14WnRPNG84YUJkUjFheE4zeHpS
Yi9zM01zUWx4ZUg0RmVIcDhWOFk1NDQKpmZvV9rmwF561rwb7fFjF8JoQ5Ofik+L
cMO7E1Df02f+Mxbg44Mz7nh5978ZAuEkxeAhP0rjjzxGyipWShWfjQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-26T18:29:32Z"
mac: ENC[AES256_GCM,data:XcpJnbtRxY8UbePnSVq2cBP8A2kekulMgFK7/tIJj63S6Ur72vx/Q9YoiSjwy1vhyhSnS3IBp9PSjEpiLF73Frxr4iQA9j42SvoXdS4h6Q6iQgnphGnKUbT8/GqQK/0cuyvqfBUH7y1BzsGcowvJBUmnWaMK2lJsx4O4/A5os+A=,iv:p+5aV2BMgOd3q/kdnNVZugEf5M5kY1r3kW7Db71cttE=,tag:1lyVYY2ykIW0tF0cab7Vxw==,type:str]
pgp:
- created_at: "2024-07-26T18:28:14Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D0ZiEKlLM+TsSAQdAejTjnmBOyBz6qc0KMhjtJwyOZL/yQcI56OuDbdgp7R4w
MVMW5no+XnlskkMfESs9REov8T2MjfO6lqqrUj1Q1IIQaP/QlQ9DIS4ejt4nskE3
1GgBCQIQPs6lEe9b6Ih2LYt9PaTZ5SSpfNNLsjcfK7lE6EEE9fiEDhhW2CkVN5dq
NejQOIQOv6/0Q4wqbrNzNcqi9UtfXk5XLsqfhJSTuBMne+FaJmmV3ET4TwYt/RH5
8XGa13+6HDSHTg==
=F/Hd
-----END PGP MESSAGE-----
fp: 2763F2B50E63CE401A3EB9C040DE2FEE4D3C5E2C
unencrypted_suffix: _unencrypted
version: 3.9.0

8
machines.nix
View file

@ -14,4 +14,12 @@
enableHomeManager = false; enableHomeManager = false;
stateVersion = "23.11"; stateVersion = "23.11";
}; };
fuyuki = {
machineType = "workstation";
nixpkgsUnstable = true;
system = "x86_64-linux";
enableHomeManager = true;
stateVersion = "22.05";
};
} }

7
modules/workstation/home-manager/desktop/sway.nix
View file

@ -56,6 +56,13 @@ in
xkb_layout = "us"; xkb_layout = "us";
xkb_options = "compose:ralt"; xkb_options = "compose:ralt";
}; };
"Synaptics TM3276-022" = {
dwt = "enabled";
tap = "enabled";
natural_scroll = "enabled";
middle_emulation = "enabled";
};
}; };
seat = { seat = {