tristan/nix
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Bootwip

Browse source
This commit is contained in:
Tristan D. 2025-03-26 16:16:53 +01:00
parent 8a765f001b
commit 10b8fc11fc
Signed by: tristan
SSH key fingerprint: SHA256:9oFM1J63hYWJjCnLG6C0fxBS15rwNcWwdQNMOHYKJ/4
11 changed files with 64 additions and 83 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
flake.nix
View file

@ -188,7 +188,7 @@
emacs-overlay.overlay
inputs.nix-alien.overlays.default
inputs.nix-ld-rs.overlays.default
agenix-rekey.overlays.default
# agenix-rekey.overlays.default
devshell.overlays.default
];
config = {
@ -229,8 +229,8 @@
chaotic.nixosModules.default
envfs.nixosModules.envfs
stylix.nixosModules.stylix
agenix.nixosModules.default
agenix-rekey.nixosModules.default
# agenix.nixosModules.default
# agenix-rekey.nixosModules.default
];
args = {
inherit self inputs system;

BIN
secrets/rekeyed/nixos-fw16/1e80b286118d1a05182b8b59ae075c09-tristand_passwd_hash.age Normal file
View file

Binary file not shown.

8
secrets/rekeyed/nixos-fw16/259fceb88a8ac9aa592e2bd7ad37050f-oeko-smb.age Normal file
View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 nA0mnQ WtsuBNNRDJ2qBqqfKPYBjsG5J8RA1FLG22V4rcpmIAs
+b/BJpaLA/TCIMwRg0c7eO8UqIa+KPgpaOTmpVeW60k
-> m-grease
RCMzLSoDYLRPgxDe1bS2EOXDAD19QYDO3UI/0tzYNOGvcEMnHw
--- WBgm8Vf3dtFoPsTbBIoS73fD824cOm5COYSz66dcvYQ
¢˜6æ…{šÑ;æà³
‰Ä ÷³üJm‡ <<WÐ’Ñǧ‚×É]øÎ/<2F>ú‰5YÅOò<4F> §¢ÝaÐ>Î÷ÒZ7ª†ó"y

BIN
secrets/rekeyed/nixos-fw16/3f7ba2027615b520a68df8c74eba9558-tester_passwd_hash.age
View file

Binary file not shown.

BIN
secrets/rekeyed/nixos-fw16/9632fb41a7c8b72726e87096a9ec145a-tester_passwd_hash.age Normal file
View file

Binary file not shown.

9
secrets/rekeyed/nixos-fw16/d4ebce9353c576be067a9832580d7899-tristand_passwd_hash.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MqgTQA kHKU7lp3SvhVlgDk8qBbQU+nrV8O84CLtR32ZGATDw4
1E9KyKzKwio7ltF1H36tSLWSao0TPNNlbwJAwxhw3CI
-> +&-grease
y1YrcXJ8+mGdSTrJywOZM/E8jbHPSX9rARC6uKOHgESGkH1NWsINbEk0/1fYHi62
6Y+k9Ig9oX7taekoNCU
--- lgK5w16T9LaMc6yoWW+h+zVNyuKuoEoeJi8p7lura1Q
X
¢ò&ÃbZ[IßC>ÊԘОWp¼²ˆŠŠ?èµ ä[˜š-]À) HY¦(u/Ý°šÄû¹É–Ý÷Þ^摨à@„9öõýxVG.¾n £9»°‡Rr¡ŸàŽxzJf<4A>±Ûw K‡zbq÷ZÖ©ùf»FÎÓ ‹ê=†½¼Œ„P

8
secrets/rekeyed/nixos-fw16/d9071a3e62472d160241e0d2497a3b57-oeko-smb.age
View file

@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MqgTQA 7y3on/Y6P89gncEtSzn6dak659D+C0jT0Lo711yQaQ0
bsILI8jRG8MFJ2xSowtYyNYHPbcZmS+OFBbTrn7vNgo
-> a-grease /3
faRjVzpKpTOBeDIZVd+uK9AGzVH7LYbIH3QiTZMHE+zE21fI6yjGEQyIE2jsVhTq
q/PxcbNtJ9fZ2JCU43lGX7DveIYT7Z84vX955I3BkIppgQ4
--- dNDrqjg89dlNEf3ZkyW0fU7OyETfVPtRAw7JcRJxQ1o
ŠâCد<11>“ DXo¤ØÁ?9±ÿ©u°iÉÝ”s„çrºÞ©wyB¶~umȹ¶3Dæ€MÓëÏÅbé2táì€j`zDñXù

43
systems/nixos-fw16/default.nix
View file

@ -10,24 +10,24 @@
(modulesPath + "/installer/scan/not-detected.nix")
inputs.nixos-hardware.nixosModules.common-hidpi
inputs.nixos-hardware.nixosModules.framework-16-7040-amd
../../os-mods/age
../../os-mods/net_disks/oeko.nix
# ../../os-mods/age
# ../../os-mods/net_disks/oeko.nix
../../os-mods/amdgpu
../../os-mods/cachix
../../os-mods/common
../../os-mods/desktop
../../os-mods/desktop/audio.nix
../../os-mods/desktop/gaming.nix
../../os-mods/desktop/printing.nix
../../os-mods/netdata/client.nix
../../os-mods/network
# ../../os-mods/desktop/gaming.nix
# ../../os-mods/desktop/printing.nix
# ../../os-mods/netdata/client.nix
# ../../os-mods/network
../../os-mods/ryzenapu
../../os-mods/virt
# ../../os-mods/virt
../../users
./disks.nix
];
age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRFEtmoq36QmvAwv/xIVdvaf+B9Scbm5cUFFkP/c1nS root@nixos-f16";
# age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRFEtmoq36QmvAwv/xIVdvaf+B9Scbm5cUFFkP/c1nS root@nixos-f16";
nix.settings.builders-use-substitutes = true;
nix.distributedBuilds = true;
nix.buildMachines = [ ];
@ -127,17 +127,17 @@
};
};
specialisation = {
linux-latest.configuration = {
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
};
linux-zen.configuration = {
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_zen;
};
linux-cachyos.configuration = {
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos;
};
};
# specialisation = {
# linux-latest.configuration = {
# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
# };
# linux-zen.configuration = {
# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_zen;
# };
# linux-cachyos.configuration = {
# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos;
# };
# };
boot = {
# kernelPackages = pkgs.linuxPackages_latest; # bootstrap
# kernelPackages = pkgs.linuxPackages_zen; # bootstrap
@ -165,7 +165,8 @@
loader = {
timeout = 0;
systemd-boot = {
enable = false; # due to lanzaboote
# enable = false; # due to lanzaboote
enable = true; # bootstrap
configurationLimit = 12;
memtest86.enable = true;
@ -175,7 +176,7 @@
};
lanzaboote = {
enable = true;
# enable = true;
configurationLimit = 12;
# pkiBundle = "/etc/secureboot";
pkiBundle = "/var/lib/sbctl";

43
systems/nixos-fw16/disks.nix
View file

@ -16,8 +16,8 @@
config = {
boot = {
supportedFilesystems = [ "bcachefs" "vfat" ];
initrd.supportedFilesystems = [ "bcachefs" "vfat" ];
supportedFilesystems = [ "btrfs" "vfat" ];
initrd.supportedFilesystems = [ "btrfs" "vfat" ];
initrd.luks.devices =
lib.attrsets.mergeAttrsList
(
@ -38,27 +38,20 @@
);
};
fileSystems =
let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
perm_opts = "uid=1001,gid=100";
smb_opts = [
"vers=3,credentials=/home/tristand/.smb-secrets"
perm_opts
automount_opts
];
sshfs_opts = [
"allow_other,_netdev,reconnect,ServerAliveInterval=15,IdentityFile=/var/secrets/id_ed25519"
perm_opts
automount_opts
];
in
{
fileSystems = {
"/" = {
device = "/dev/mapper/crypt_ssd_4t_data";
# device = "UUID=f89215ba-3313-42d3-8f68-051ad2453870";
fsType = "bcachefs";
options = [ "relatime" ];
fsType = "btrfs";
options = [
"rw"
"autodefrag"
"compress=zstd"
"discard=async"
"relatime"
"space_cache=v2"
"ssd"
];
};
"/boot" = {
@ -66,17 +59,11 @@
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
# "/mnt/media_v2" = {
# device = "root@23.88.68.113:/media_v2";
# fsType = "sshfs";
# options = sshfs_opts;
# };
};
swapDevices = [
{ device = "/dev/disk/by-uuid/a8f478f0-ad5e-47ae-8e18-63060f7e5706"; }
{ device = "/dev/disk/by-uuid/59987b2a-c5c5-4547-95ad-f0d1dcdf8458"; }
# { device = "/dev/disk/by-uuid/a8f478f0-ad5e-47ae-8e18-63060f7e5706"; }
# { device = "/dev/disk/by-uuid/59987b2a-c5c5-4547-95ad-f0d1dcdf8458"; }
];
system.fsPackages = [ pkgs.sshfs ];

4
users/admin-thin.nix
View file

@ -8,9 +8,9 @@
imports = [
../home-mods/audio
../home-mods/common
../home-mods/firefox
../home-mods/firefox/zen-browser.nix
# ../home-mods/plasma
../home-mods/shell
# ../home-mods/shell
];
config.home = {

8
users/default.nix
View file

@ -13,7 +13,8 @@
extraGroups = [ "audio" "corectrl" "docker" "networkmanager" "i2c" "wheel" "libvirtd" "qemu-libvirtd" "input" ];
shell = pkgs.fish;
home = "/home/tester";
hashedPasswordFile = config.age.secrets.tester_passwd_hash.path;
# hashedPasswordFile = config.age.secrets.tester_passwd_hash.path;
initialPassword = "384249Nv";
};
tristand = {
isNormalUser = true;
@ -21,7 +22,8 @@
extraGroups = [ "audio" "corectrl" "dialout" "docker" "networkmanager" "i2c" "wheel" "libvirtd" "qemu-libvirtd" "input" ];
shell = pkgs.fish;
home = "/home/tristand";
hashedPasswordFile = config.age.secrets.tristand_passwd_hash.path;
# hashedPasswordFile = config.age.secrets.tristand_passwd_hash.path;
initialPassword = "384249Nv";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4xz3EgIRiRb/gmnCSq17kHd4MLilf05zYOFZrwOIrA tristand@nixos-fw16"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDS/4JFRaAPoUaDiwDRbbNoaJqsBzaE+DEdaQH9OezM root@nixos-fw16"
@ -51,7 +53,7 @@
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users.tristand = import ./admin-fat.nix {
users.tristand = import ./admin-thin.nix {
username = "tristand";
inherit pkgs config inputs system lib;