initial setup for the framework destkop (named rivendell)

1 files changed, 62 insertions, 0 deletions

diff --git a/machines/nixos/x86_64-linux/rivendell/default.nix b/machines/nixos/x86_64-linux/rivendell/default.nix
new file mode 100644
index 0000000..8c71cbf
--- /dev/null
+++ b/machines/nixos/x86_64-linux/rivendell/default.nix
@@ -0,0 +1,62 @@
+{
+  lib,
+  adminUser,
+  config,
+  ...
+}:
+{
+  imports = [
+    ./disks.nix
+    ./hardware-configuration.nix
+    {
+      home-manager.users.${adminUser.name} = {
+        imports = [
+          ./home.nix
+          { home.stateVersion = "25.05"; }
+        ];
+      };
+    }
+  ];
+
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.systemd-boot.enable = true;
+
+  networking.hostName = "rivendell";
+  networking.useDHCP = lib.mkDefault true;
+  systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP;
+
+  users.users.builder = {
+    openssh.authorizedKeys.keys = [
+      # my personal key
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
+      # remote builder ssh key
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFGxdplt9WwGjdhoYkmPe2opZMJShtpqnGCI+swrgvw"
+    ];
+    isNormalUser = true;
+    group = "nogroup";
+  };
+
+  boot.kernelParams = [
+    "ip=dhcp"
+  ];
+
+  boot.initrd.network = {
+    enable = true;
+    postCommands = "echo 'cryptsetup-askpass' >> /root/.profile";
+    flushBeforeStage2 = true;
+    ssh = {
+      enable = true;
+      port = 911;
+      hostKeys = [
+        "/etc/initrd/ssh_host_ed25519_key"
+      ];
+      authorizedKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
+      ];
+    };
+  };
+
+  nix.settings.trusted-users = [ "builder" ];
+
+  system.stateVersion = "23.11"; # Did you read the comment?
+}