mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cleanup names

Browse Source
This commit is contained in:
mjallen18
2025-08-26 20:28:55 -05:00
parent 02085e7ff1
commit d6ae29f16f
56 changed files with 1406 additions and 1336 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
systems/x86_64-linux/nuc-nixos/boot.nix Executable file
View File

@@ -0,0 +1,54 @@
{ pkgs, ... }:
let
configLimit = 20;
kernel = pkgs.linuxPackages_latest;
in
{
# Configure bootloader with lanzaboot and secureboot
boot = {
kernelModules = [ "nct6775" ];
loader = {
systemd-boot = {
enable = true;
configurationLimit = configLimit;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
lanzaboote = {
enable = false;
pkiBundle = "/etc/secureboot";
settings = {
console-mode = "max";
};
configurationLimit = configLimit;
};
# Override kernel to latest
kernelPackages = kernel;
kernelParams = [
"nohibernate"
];
consoleLogLevel = 3;
bootspec.enable = true;
initrd = {
kernelModules = [
# "tpm"
# "tpm_tis"
# "tpm_crb"
# "tpm_infineon"
];
systemd = {
enable = true;
tpm2.enable = true;
};
};
};
}

52
systems/x86_64-linux/nuc-nixos/default.nix Normal file
View File

@@ -0,0 +1,52 @@
{
namespace,
...
}:
{
imports = [
./boot.nix
# ./hardware-configuration.nix
./users.nix
./sops.nix
];
security.tpm2 = {
enable = true;
};
${namespace} = {
services.home-assistant.enable = true;
hardware.disko = {
enable = true;
filesystem = "btrfs";
};
impermanence.enable = true;
network = {
hostName = "nuc-nixos";
useNetworkd = false;
ipv4 = {
method = "manual";
address = "10.0.1.4/24";
gateway = "10.0.1.1";
dns = "10.0.1.1";
interface = "wlo1";
};
wifi = {
enable = true;
profiles = {
"Joey's Jungle 6G" = {
ssid = "Joey's Jungle 6G";
keyMgmt = "sae";
};
};
};
firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [ 8192 ];
allowedUDPPorts = [ 8192 ];
};
};
};
}

79
systems/x86_64-linux/nuc-nixos/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,79 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
"usbhid"
"uas"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = lib.mkForce {
device = "none";
fsType = "tmpfs";
options = [ "mode=755" ];
};
fileSystems."/boot" = lib.mkForce {
device = "UUID=0FCB-EC63"; # "/dev/disk/by-partlabel/disk-main-ESP";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
fileSystems."/var/log" = lib.mkForce {
device = "UUID=88d9c058-757d-c06e-0fb7-a612f2db8a7a"; # "/dev/disk/by-partlabel/disk-main-root";
fsType = "bcachefs";
options = [ "X-mount.subdir=log" ];
};
fileSystems."/root" = lib.mkForce {
device = lib.mkDefault "UUID=88d9c058-757d-c06e-0fb7-a612f2db8a7a"; # "/dev/disk/by-partlabel/disk-main-root";
fsType = "bcachefs";
options = [ "X-mount.subdir=root" ];
};
fileSystems."/etc" = lib.mkForce {
device = lib.mkDefault "UUID=88d9c058-757d-c06e-0fb7-a612f2db8a7a"; # "/dev/disk/by-partlabel/disk-main-root";
fsType = "bcachefs";
options = [ "X-mount.subdir=etc" ];
};
fileSystems."/nix" = lib.mkForce {
device = lib.mkDefault "UUID=88d9c058-757d-c06e-0fb7-a612f2db8a7a"; # "/dev/disk/by-partlabel/disk-main-root";
fsType = "bcachefs";
options = [
"X-mount.subdir=nix"
"verbose"
];
};
fileSystems."/home" = lib.mkForce {
device = lib.mkDefault "UUID=88d9c058-757d-c06e-0fb7-a612f2db8a7a"; # "/dev/disk/by-partlabel/disk-main-root";
fsType = "bcachefs";
options = [ "X-mount.subdir=home" ];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

59
systems/x86_64-linux/nuc-nixos/networking.nix Executable file
View File

@@ -0,0 +1,59 @@
{ config, lib, ... }:
let
ports = [
8192
];
in
{
# Networking configs
networking = {
hostName = lib.mkForce "nuc-nixos";
useNetworkd = true;
# Disable Network Manager
networkmanager = {
enable = true;
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = {
"Joey's Jungle 6G" = {
connection = {
id = "Joey's Jungle 6G";
type = "wifi";
};
ipv4 = lib.mkForce {
address1 = "10.0.1.4/24";
dns = "10.0.1.1";
gateway = "10.0.1.1";
method = "manual";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 6G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
};
firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = ports;
allowedUDPPorts = ports;
};
};
}

34
systems/x86_64-linux/nuc-nixos/sops.nix Executable file
View File

@@ -0,0 +1,34 @@
{ lib, ... }:
{
# Permission modes are in octal representation (same as chmod),
# the digits represent: user|group|others
# 7 - full (rwx)
# 6 - read and write (rw-)
# 5 - read and execute (r-x)
# 4 - read only (r--)
# 3 - write and execute (-wx)
# 2 - write only (-w-)
# 1 - execute only (--x)
# 0 - none (---)
# Either a user id or group name representation of the secret owner
# It is recommended to get the user name from `config.users.users.<?name>.name` to avoid misconfiguration
# Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------
# Secrets
# ------------------------------
secrets = {
};
# ------------------------------
# Templates
# ------------------------------
templates = {
#
};
};
}

46
systems/x86_64-linux/nuc-nixos/users.nix Executable file
View File

@@ -0,0 +1,46 @@
{ pkgs, lib, ... }:
let
user = "admin";
# passwordFile = config.sops.secrets."jallen-nas/admin_password".path;
in
{
# Define a user account. Don't forget to set a password with passwd.
users = {
# See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users
mutableUsers = false;
# Admin account
users = {
"${user}" = {
isNormalUser = true;
linger = true;
extraGroups = [
"wheel"
"networkmanager"
"docker"
"podman"
"libvirtd"
];
# hashedPasswordFile = passwordFile;
password = lib.mkForce "BogieDudie1";
shell = pkgs.zsh;
packages = with pkgs; [
];
openssh.authorizedKeys.keys = [
# macBook
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
# desktop windows
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
# desktop nixos
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
];
};
root = {
isSystemUser = true;
isNormalUser = false;
shell = pkgs.zsh;
};
};
};
}