tristan/nix
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Bootwip

Browse source
This commit is contained in:
Tristan D. 2025-03-26 16:16:53 +01:00
parent 8a765f001b
commit 10b8fc11fc
Signed by: tristan
SSH key fingerprint: SHA256:9oFM1J63hYWJjCnLG6C0fxBS15rwNcWwdQNMOHYKJ/4
11 changed files with 64 additions and 83 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
flake.nix
View file

@ -188,7 +188,7 @@
emacs-overlay.overlay emacs-overlay.overlay
inputs.nix-alien.overlays.default inputs.nix-alien.overlays.default
inputs.nix-ld-rs.overlays.default inputs.nix-ld-rs.overlays.default
agenix-rekey.overlays.default # agenix-rekey.overlays.default
devshell.overlays.default devshell.overlays.default
]; ];
config = { config = {
@ -229,8 +229,8 @@
chaotic.nixosModules.default chaotic.nixosModules.default
envfs.nixosModules.envfs envfs.nixosModules.envfs
stylix.nixosModules.stylix stylix.nixosModules.stylix
agenix.nixosModules.default # agenix.nixosModules.default
agenix-rekey.nixosModules.default # agenix-rekey.nixosModules.default
]; ];
args = { args = {
inherit self inputs system; inherit self inputs system;

BIN
secrets/rekeyed/nixos-fw16/1e80b286118d1a05182b8b59ae075c09-tristand_passwd_hash.age Normal file
View file

Binary file not shown.

8
secrets/rekeyed/nixos-fw16/259fceb88a8ac9aa592e2bd7ad37050f-oeko-smb.age Normal file
View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 nA0mnQ WtsuBNNRDJ2qBqqfKPYBjsG5J8RA1FLG22V4rcpmIAs
+b/BJpaLA/TCIMwRg0c7eO8UqIa+KPgpaOTmpVeW60k
-> m-grease
RCMzLSoDYLRPgxDe1bS2EOXDAD19QYDO3UI/0tzYNOGvcEMnHw
--- WBgm8Vf3dtFoPsTbBIoS73fD824cOm5COYSz66dcvYQ
¢˜6æ…{šÑ;æà³
‰Ä ÷³üJm‡ <<WÐ’Ñǧ‚×É]øÎ/<2F>ú‰5YÅOò<4F> §¢ÝaÐ>Î÷ÒZ7ª†ó"y

BIN
secrets/rekeyed/nixos-fw16/3f7ba2027615b520a68df8c74eba9558-tester_passwd_hash.age
View file

Binary file not shown.

BIN
secrets/rekeyed/nixos-fw16/9632fb41a7c8b72726e87096a9ec145a-tester_passwd_hash.age Normal file
View file

Binary file not shown.

9
secrets/rekeyed/nixos-fw16/d4ebce9353c576be067a9832580d7899-tristand_passwd_hash.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MqgTQA kHKU7lp3SvhVlgDk8qBbQU+nrV8O84CLtR32ZGATDw4
1E9KyKzKwio7ltF1H36tSLWSao0TPNNlbwJAwxhw3CI
-> +&-grease
y1YrcXJ8+mGdSTrJywOZM/E8jbHPSX9rARC6uKOHgESGkH1NWsINbEk0/1fYHi62
6Y+k9Ig9oX7taekoNCU
--- lgK5w16T9LaMc6yoWW+h+zVNyuKuoEoeJi8p7lura1Q
X
¢ò&ÃbZ[IßC>ÊԘОWp¼²ˆŠŠ?èµ ä[˜š-]À) HY¦(u/Ý°šÄû¹É–Ý÷Þ^摨à@„9öõýxVG.¾n £9»°‡Rr¡ŸàŽxzJf<4A>±Ûw K‡zbq÷ZÖ©ùf»FÎÓ ‹ê=†½¼Œ„P

8
secrets/rekeyed/nixos-fw16/d9071a3e62472d160241e0d2497a3b57-oeko-smb.age
View file

@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MqgTQA 7y3on/Y6P89gncEtSzn6dak659D+C0jT0Lo711yQaQ0
bsILI8jRG8MFJ2xSowtYyNYHPbcZmS+OFBbTrn7vNgo
-> a-grease /3
faRjVzpKpTOBeDIZVd+uK9AGzVH7LYbIH3QiTZMHE+zE21fI6yjGEQyIE2jsVhTq
q/PxcbNtJ9fZ2JCU43lGX7DveIYT7Z84vX955I3BkIppgQ4
--- dNDrqjg89dlNEf3ZkyW0fU7OyETfVPtRAw7JcRJxQ1o
ŠâCد<11>“ DXo¤ØÁ?9±ÿ©u°iÉÝ”s„çrºÞ©wyB¶~umȹ¶3Dæ€MÓëÏÅbé2táì€j`zDñXù

43
systems/nixos-fw16/default.nix
View file

@ -10,24 +10,24 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
inputs.nixos-hardware.nixosModules.common-hidpi inputs.nixos-hardware.nixosModules.common-hidpi
inputs.nixos-hardware.nixosModules.framework-16-7040-amd inputs.nixos-hardware.nixosModules.framework-16-7040-amd
../../os-mods/age # ../../os-mods/age
../../os-mods/net_disks/oeko.nix # ../../os-mods/net_disks/oeko.nix
../../os-mods/amdgpu ../../os-mods/amdgpu
../../os-mods/cachix ../../os-mods/cachix
../../os-mods/common ../../os-mods/common
../../os-mods/desktop ../../os-mods/desktop
../../os-mods/desktop/audio.nix ../../os-mods/desktop/audio.nix
../../os-mods/desktop/gaming.nix # ../../os-mods/desktop/gaming.nix
../../os-mods/desktop/printing.nix # ../../os-mods/desktop/printing.nix
../../os-mods/netdata/client.nix # ../../os-mods/netdata/client.nix
../../os-mods/network # ../../os-mods/network
../../os-mods/ryzenapu ../../os-mods/ryzenapu
../../os-mods/virt # ../../os-mods/virt
../../users ../../users
./disks.nix ./disks.nix
]; ];
age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRFEtmoq36QmvAwv/xIVdvaf+B9Scbm5cUFFkP/c1nS root@nixos-f16"; # age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRFEtmoq36QmvAwv/xIVdvaf+B9Scbm5cUFFkP/c1nS root@nixos-f16";
nix.settings.builders-use-substitutes = true; nix.settings.builders-use-substitutes = true;
nix.distributedBuilds = true; nix.distributedBuilds = true;
nix.buildMachines = [ ]; nix.buildMachines = [ ];
@ -127,17 +127,17 @@
}; };
}; };
specialisation = { # specialisation = {
linux-latest.configuration = { # linux-latest.configuration = {
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}; # };
linux-zen.configuration = { # linux-zen.configuration = {
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_zen; # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_zen;
}; # };
linux-cachyos.configuration = { # linux-cachyos.configuration = {
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos; # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos;
}; # };
}; # };
boot = { boot = {
# kernelPackages = pkgs.linuxPackages_latest; # bootstrap # kernelPackages = pkgs.linuxPackages_latest; # bootstrap
# kernelPackages = pkgs.linuxPackages_zen; # bootstrap # kernelPackages = pkgs.linuxPackages_zen; # bootstrap
@ -165,7 +165,8 @@
loader = { loader = {
timeout = 0; timeout = 0;
systemd-boot = { systemd-boot = {
enable = false; # due to lanzaboote # enable = false; # due to lanzaboote
enable = true; # bootstrap
configurationLimit = 12; configurationLimit = 12;
memtest86.enable = true; memtest86.enable = true;
@ -175,7 +176,7 @@
}; };
lanzaboote = { lanzaboote = {
enable = true; # enable = true;
configurationLimit = 12; configurationLimit = 12;
# pkiBundle = "/etc/secureboot"; # pkiBundle = "/etc/secureboot";
pkiBundle = "/var/lib/sbctl"; pkiBundle = "/var/lib/sbctl";

61
systems/nixos-fw16/disks.nix
View file

@ -16,8 +16,8 @@
config = { config = {
boot = { boot = {
supportedFilesystems = [ "bcachefs" "vfat" ]; supportedFilesystems = [ "btrfs" "vfat" ];
initrd.supportedFilesystems = [ "bcachefs" "vfat" ]; initrd.supportedFilesystems = [ "btrfs" "vfat" ];
initrd.luks.devices = initrd.luks.devices =
lib.attrsets.mergeAttrsList lib.attrsets.mergeAttrsList
( (
@ -38,45 +38,32 @@
); );
}; };
fileSystems = fileSystems = {
let "/" = {
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; device = "/dev/mapper/crypt_ssd_4t_data";
perm_opts = "uid=1001,gid=100"; # device = "UUID=f89215ba-3313-42d3-8f68-051ad2453870";
smb_opts = [ fsType = "btrfs";
"vers=3,credentials=/home/tristand/.smb-secrets" options = [
perm_opts "rw"
automount_opts "autodefrag"
"compress=zstd"
"discard=async"
"relatime"
"space_cache=v2"
"ssd"
]; ];
sshfs_opts = [
"allow_other,_netdev,reconnect,ServerAliveInterval=15,IdentityFile=/var/secrets/id_ed25519"
perm_opts
automount_opts
];
in
{
"/" = {
device = "/dev/mapper/crypt_ssd_4t_data";
# device = "UUID=f89215ba-3313-42d3-8f68-051ad2453870";
fsType = "bcachefs";
options = [ "relatime" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/05A2-6A8A";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
# "/mnt/media_v2" = {
# device = "root@23.88.68.113:/media_v2";
# fsType = "sshfs";
# options = sshfs_opts;
# };
}; };
"/boot" = {
device = "/dev/disk/by-uuid/05A2-6A8A";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
};
swapDevices = [ swapDevices = [
{ device = "/dev/disk/by-uuid/a8f478f0-ad5e-47ae-8e18-63060f7e5706"; } # { device = "/dev/disk/by-uuid/a8f478f0-ad5e-47ae-8e18-63060f7e5706"; }
{ device = "/dev/disk/by-uuid/59987b2a-c5c5-4547-95ad-f0d1dcdf8458"; } # { device = "/dev/disk/by-uuid/59987b2a-c5c5-4547-95ad-f0d1dcdf8458"; }
]; ];
system.fsPackages = [ pkgs.sshfs ]; system.fsPackages = [ pkgs.sshfs ];

4
users/admin-thin.nix
View file

@ -8,9 +8,9 @@
imports = [ imports = [
../home-mods/audio ../home-mods/audio
../home-mods/common ../home-mods/common
../home-mods/firefox ../home-mods/firefox/zen-browser.nix
# ../home-mods/plasma # ../home-mods/plasma
../home-mods/shell # ../home-mods/shell
]; ];
config.home = { config.home = {

8
users/default.nix
View file

@ -13,7 +13,8 @@
extraGroups = [ "audio" "corectrl" "docker" "networkmanager" "i2c" "wheel" "libvirtd" "qemu-libvirtd" "input" ]; extraGroups = [ "audio" "corectrl" "docker" "networkmanager" "i2c" "wheel" "libvirtd" "qemu-libvirtd" "input" ];
shell = pkgs.fish; shell = pkgs.fish;
home = "/home/tester"; home = "/home/tester";
hashedPasswordFile = config.age.secrets.tester_passwd_hash.path; # hashedPasswordFile = config.age.secrets.tester_passwd_hash.path;
initialPassword = "384249Nv";
}; };
tristand = { tristand = {
isNormalUser = true; isNormalUser = true;
@ -21,7 +22,8 @@
extraGroups = [ "audio" "corectrl" "dialout" "docker" "networkmanager" "i2c" "wheel" "libvirtd" "qemu-libvirtd" "input" ]; extraGroups = [ "audio" "corectrl" "dialout" "docker" "networkmanager" "i2c" "wheel" "libvirtd" "qemu-libvirtd" "input" ];
shell = pkgs.fish; shell = pkgs.fish;
home = "/home/tristand"; home = "/home/tristand";
hashedPasswordFile = config.age.secrets.tristand_passwd_hash.path; # hashedPasswordFile = config.age.secrets.tristand_passwd_hash.path;
initialPassword = "384249Nv";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4xz3EgIRiRb/gmnCSq17kHd4MLilf05zYOFZrwOIrA tristand@nixos-fw16" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4xz3EgIRiRb/gmnCSq17kHd4MLilf05zYOFZrwOIrA tristand@nixos-fw16"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDS/4JFRaAPoUaDiwDRbbNoaJqsBzaE+DEdaQH9OezM root@nixos-fw16" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDS/4JFRaAPoUaDiwDRbbNoaJqsBzaE+DEdaQH9OezM root@nixos-fw16"
@ -51,7 +53,7 @@
home-manager = { home-manager = {
useUserPackages = true; useUserPackages = true;
useGlobalPkgs = true; useGlobalPkgs = true;
users.tristand = import ./admin-fat.nix { users.tristand = import ./admin-thin.nix {
username = "tristand"; username = "tristand";
inherit pkgs config inputs system lib; inherit pkgs config inputs system lib;