From aa05056e55dfa143b38776737802b7dfb8a2c0e4 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sun, 12 Oct 2025 15:45:01 -0700 Subject: initial setup for the framework destkop (named rivendell) --- machines/nixos/x86_64-linux/rivendell/default.nix | 62 +++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 machines/nixos/x86_64-linux/rivendell/default.nix (limited to 'machines/nixos/x86_64-linux/rivendell/default.nix') diff --git a/machines/nixos/x86_64-linux/rivendell/default.nix b/machines/nixos/x86_64-linux/rivendell/default.nix new file mode 100644 index 0000000..8c71cbf --- /dev/null +++ b/machines/nixos/x86_64-linux/rivendell/default.nix @@ -0,0 +1,62 @@ +{ + lib, + adminUser, + config, + ... +}: +{ + imports = [ + ./disks.nix + ./hardware-configuration.nix + { + home-manager.users.${adminUser.name} = { + imports = [ + ./home.nix + { home.stateVersion = "25.05"; } + ]; + }; + } + ]; + + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; + + networking.hostName = "rivendell"; + networking.useDHCP = lib.mkDefault true; + systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; + + users.users.builder = { + openssh.authorizedKeys.keys = [ + # my personal key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" + # remote builder ssh key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFGxdplt9WwGjdhoYkmPe2opZMJShtpqnGCI+swrgvw" + ]; + isNormalUser = true; + group = "nogroup"; + }; + + boot.kernelParams = [ + "ip=dhcp" + ]; + + boot.initrd.network = { + enable = true; + postCommands = "echo 'cryptsetup-askpass' >> /root/.profile"; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 911; + hostKeys = [ + "/etc/initrd/ssh_host_ed25519_key" + ]; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" + ]; + }; + }; + + nix.settings.trusted-users = [ "builder" ]; + + system.stateVersion = "23.11"; # Did you read the comment? +} -- cgit v1.2.3