diff options
Diffstat (limited to '')
5 files changed, 194 insertions, 0 deletions
diff --git a/machines/nixos/x86_64-linux/installer/default.nix b/machines/nixos/x86_64-linux/installer/default.nix new file mode 100644 index 0000000..e914571 --- /dev/null +++ b/machines/nixos/x86_64-linux/installer/default.nix @@ -0,0 +1,21 @@ +{ adminUser, modulesPath, ... }: +{ + # run `nix build .#nixosConfigurations.iso.config.system.build.isoImage` to build the image + imports = [ + "${modulesPath}/installer/cd-dvd/channel.nix" + "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" + { + home-manager.users.${adminUser.name} = { + imports = [ + { home.stateVersion = "25.05"; } + ]; + }; + } + ]; + + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.device = "nodev"; + + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/machines/nixos/x86_64-linux/rivendell/default.nix b/machines/nixos/x86_64-linux/rivendell/default.nix new file mode 100644 index 0000000..8c71cbf --- /dev/null +++ b/machines/nixos/x86_64-linux/rivendell/default.nix @@ -0,0 +1,62 @@ +{ + lib, + adminUser, + config, + ... +}: +{ + imports = [ + ./disks.nix + ./hardware-configuration.nix + { + home-manager.users.${adminUser.name} = { + imports = [ + ./home.nix + { home.stateVersion = "25.05"; } + ]; + }; + } + ]; + + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; + + networking.hostName = "rivendell"; + networking.useDHCP = lib.mkDefault true; + systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; + + users.users.builder = { + openssh.authorizedKeys.keys = [ + # my personal key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" + # remote builder ssh key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFGxdplt9WwGjdhoYkmPe2opZMJShtpqnGCI+swrgvw" + ]; + isNormalUser = true; + group = "nogroup"; + }; + + boot.kernelParams = [ + "ip=dhcp" + ]; + + boot.initrd.network = { + enable = true; + postCommands = "echo 'cryptsetup-askpass' >> /root/.profile"; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 911; + hostKeys = [ + "/etc/initrd/ssh_host_ed25519_key" + ]; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" + ]; + }; + }; + + nix.settings.trusted-users = [ "builder" ]; + + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/machines/nixos/x86_64-linux/rivendell/disks.nix b/machines/nixos/x86_64-linux/rivendell/disks.nix new file mode 100644 index 0000000..8cb1f32 --- /dev/null +++ b/machines/nixos/x86_64-linux/rivendell/disks.nix @@ -0,0 +1,67 @@ +let + btrfsopt = [ + "compress=zstd" + "noatime" + ]; +in +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "fmask=0022" + "dmask=0022" + ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "nixos"; + passwordFile = "/tmp/pass"; + settings = { + allowDiscards = true; + }; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = btrfsopt; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = btrfsopt; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = btrfsopt; + }; + "@data" = { + mountpoint = "/data"; + mountOptions = btrfsopt; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/machines/nixos/x86_64-linux/rivendell/hardware-configuration.nix b/machines/nixos/x86_64-linux/rivendell/hardware-configuration.nix new file mode 100644 index 0000000..02de536 --- /dev/null +++ b/machines/nixos/x86_64-linux/rivendell/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + inputs, + lib, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + inputs.nixos-hardware.nixosModules.framework-desktop-amd-ai-max-300-series + ]; + + services.fwupd.enable = true; + hardware.enableRedistributableFirmware = true; + + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "thunderbolt" + "usbhid" + "usb_storage" + "sd_mod" + "r8169" # ethernet driver + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/nixos/x86_64-linux/rivendell/home.nix b/machines/nixos/x86_64-linux/rivendell/home.nix new file mode 100644 index 0000000..8f0935e --- /dev/null +++ b/machines/nixos/x86_64-linux/rivendell/home.nix @@ -0,0 +1,6 @@ +{ self, ... }: +{ + imports = [ + "${self}/home/programs/bat.nix" + ]; +} |