motiejus
/
config
1
Fork 0
Code Packages Releases Activity

fwminex: reinstall

This commit is contained in:
Motiejus Jakštys 2024-07-16 05:40:40 +03:00
parent 3ace354089
commit f47b8d09f8
2 changed files with 63 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
flake.nix
View File

@ -205,25 +205,19 @@
modules = [ modules = [
{nixpkgs.overlays = overlays;} {nixpkgs.overlays = overlays;}
./hosts/fwminex/configuration.nix ./hosts/fwminex/configuration.nix
./modules
./modules/profiles/desktop
nur.nixosModules.nur
agenix.nixosModules.default
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
nixos-hardware.nixosModules.framework-12th-gen-intel nixos-hardware.nixosModules.framework-12th-gen-intel
nix-index-database.nixosModules.nix-index
{ #agenix.nixosModules.default
age.secrets = { #{
motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age; # age.secrets = {
root-passwd-hash.file = ./secrets/root_passwd_hash.age; # motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
sasl-passwd.file = ./secrets/postfix_sasl_passwd.age; # root-passwd-hash.file = ./secrets/root_passwd_hash.age;
syncthing-key.file = ./secrets/fwminex/syncthing/key.pem.age; # sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
syncthing-cert.file = ./secrets/fwminex/syncthing/cert.pem.age; # syncthing-key.file = ./secrets/fwminex/syncthing/key.pem.age;
}; # syncthing-cert.file = ./secrets/fwminex/syncthing/cert.pem.age;
} # };
#}
]; ];
specialArgs = {inherit myData;} // inputs; specialArgs = {inherit myData;} // inputs;

140
hosts/fwminex/configuration.nix
View File

@ -1,89 +1,84 @@
{ {myData, ...}: let
pkgs, nvme = "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_2TB_S6P1NS0TA01331A_1";
config, in {
myData,
...
}: {
imports = [ imports = [
../../modules/profiles/autorandr ../../modules
../../modules/profiles/btrfs
]; ];
boot = { boot = {
initrd.availableKernelModules = ["usb_storage" "sd_mod" "xhci_pci" "thunderbolt" "nvme" "usbhid"]; kernelModules = ["kvm-intel"];
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
supportedFilesystems = ["zfs"]; initrd = {
zfs = { availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usbhid" "tpm_tis"];
forceImportRoot = false; systemd = {
devNodes = "/dev/disk/by-id/"; enableTpm2 = true;
emergencyAccess = true;
};
luks.devices = {
luksroot = {
device = "${nvme}-part3";
allowDiscards = true;
crypttabExtraOpts = ["tpm2-device=auto"];
};
};
}; };
}; };
security.tpm2.enable = true;
swapDevices = [
{
device = "${nvme}-part2";
randomEncryption.enable = true;
}
];
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "rpool/nixos/root"; device = "/dev/mapper/luksroot";
fsType = "zfs"; fsType = "btrfs";
options = ["compress=zstd"];
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_2TB_S6P1NS0TA01331A_1-part2"; device = "${nvme}-part1";
fsType = "vfat"; fsType = "vfat";
}; };
"/home" = {
device = "rpool/nixos/home";
fsType = "zfs";
};
"/nix" = {
device = "rpool/nixos/nix";
fsType = "zfs";
};
"/var/lib" = {
device = "rpool/nixos/var/lib";
fsType = "zfs";
};
"/var/log" = {
device = "rpool/nixos/var/log";
fsType = "zfs";
};
}; };
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
boot.binfmt.emulatedSystems = ["aarch64-linux"];
systemd.services.zfs-mount.enable = false; systemd.services.zfs-mount.enable = false;
mj = { mj = {
stateVersion = "23.05"; stateVersion = "24.05";
timeZone = "Europe/Vilnius"; timeZone = "Europe/Vilnius";
username = "motiejus"; username = "motiejus";
base = { base.users = {
zfs.enable = true;
users = {
enable = true; enable = true;
devTools = true; user.initialPassword = "live";
root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; #root.hashedPasswordFile = config.age.secrets.root-work-passwd-hash.path;
user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; #user.hashedPasswordFile = config.age.secrets.motiejus-work-passwd-hash.path;
};
snapshot = {
enable = true;
mountpoints = ["/home" "/var/lib" "/var/log"];
};
unitstatus = {
enable = true;
email = "motiejus+alerts@jakstys.lt";
};
}; };
services = { services = {
sshguard.enable = false; sshguard.enable = false;
tailscale = { tailscale = {
enable = true; enable = true;
verboseLogs = true; verboseLogs = false;
}; };
#remote-builder.client = let
# host = myData.hosts."fra1-a.servers.jakst";
#in {
# enable = true;
# inherit (host) system supportedFeatures;
# hostName = host.jakstIP;
# sshKey = "/etc/ssh/ssh_host_ed25519_key";
#};
node_exporter = { node_exporter = {
enable = true; enable = true;
extraSubnets = [myData.subnets.vno1.cidr]; extraSubnets = [myData.subnets.vno1.cidr];
@ -99,46 +94,15 @@
}; };
}; };
postfix = { #postfix = {
enable = true; # enable = true;
saslPasswdPath = config.age.secrets.sasl-passwd.path; # saslPasswdPath = config.age.secrets.sasl-passwd.path;
}; #};
syncthing = {
enable = true;
dataDir = "/home/motiejus/";
user = "motiejus";
group = "users";
};
wifibackup = {
enable = true;
toPath = "/home/${config.mj.username}/M-Active/.wifi";
toUser = config.mj.username;
};
remote-builder.client = let
host = myData.hosts."fra1-a.servers.jakst";
in {
enable = true;
inherit (host) system supportedFeatures;
hostName = host.jakstIP;
sshKey = "/etc/ssh/ssh_host_ed25519_key";
}; };
}; };
};
programs.mepo.enable = true;
virtualisation.virtualbox.host.enable = true;
users.extraGroups.vboxusers.members = ["motiejus"];
environment.systemPackages = with pkgs; [
tesseract
];
networking = { networking = {
hostId = "3a54afcd"; hostId = "a6b19da0";
hostName = "fwminex"; hostName = "fwminex";
domain = "motiejus.jakst"; domain = "motiejus.jakst";
firewall.rejectPackets = true; firewall.rejectPackets = true;