From cfdbb58663cf01501fb90851a22263afc3a7b897 Mon Sep 17 00:00:00 2001 From: kalipso Date: Tue, 26 Nov 2024 13:02:44 +0100 Subject: [PATCH 1/3] [bakunin] init --- machines/bakunin/configuration.nix | 87 +++++++++++++++++++++ machines/bakunin/hardware-configuration.nix | 49 ++++++++++++ machines/configuration.nix | 9 +++ 3 files changed, 145 insertions(+) create mode 100644 machines/bakunin/configuration.nix create mode 100644 machines/bakunin/hardware-configuration.nix diff --git a/machines/bakunin/configuration.nix b/machines/bakunin/configuration.nix new file mode 100644 index 0000000..5a8158a --- /dev/null +++ b/machines/bakunin/configuration.nix @@ -0,0 +1,87 @@ +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ../modules/xserver.nix + ../modules/malobeo_user.nix + ../modules/sshd.nix + ../modules/minimal_tools.nix + ../modules/autoupdate.nix + ]; + + malobeo.autoUpdate = { + enable = true; + url = "https://hydra.dynamicdiscord.de"; + project = "malobeo"; + jobset = "infrastructure"; + cacheurl = "https://cache.dynamicdiscord.de"; + }; + + boot.loader.systemd-boot.enable = true; + + hardware.sane.enable = true; #scanner support + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + users.users.malobeo = { + packages = with pkgs; [ + firefox + thunderbird + telegram-desktop + tor-browser-bundle-bin + keepassxc + libreoffice + gimp + inkscape + okular + element-desktop + chromium + mpv + vlc + simple-scan + ]; + }; + + services.tor = { + enable = true; + client.enable = true; + }; + + services.printing.enable = true; + services.printing.drivers = [ + (pkgs.writeTextDir "share/cups/model/brother5350.ppd" (builtins.readFile ../modules/BR5350_2_GPL.ppd)) + pkgs.gutenprint + pkgs.gutenprintBin + pkgs.brlaser + pkgs.brgenml1lpr + pkgs.brgenml1cupswrapper + ]; + + # needed for printing drivers + nixpkgs.config.allowUnfree = true; + + services.acpid.enable = true; + + networking.hostName = "bakunin"; + networking.networkmanager.enable = true; + + sound.enable = true; + hardware.pulseaudio = { + enable = true; + zeroconf.discovery.enable = true; + extraConfig = '' + load-module module-zeroconf-discover + ''; + }; + + services.avahi = { + enable = true; + }; + + + time.timeZone = "Europe/Berlin"; + system.stateVersion = "23.05"; # Do.. Not.. Change.. +} + diff --git a/machines/bakunin/hardware-configuration.nix b/machines/bakunin/hardware-configuration.nix new file mode 100644 index 0000000..28b4c19 --- /dev/null +++ b/machines/bakunin/hardware-configuration.nix @@ -0,0 +1,49 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + +boot.initrd.luks.devices = { +root = { +device = "/dev/disk/by-uuid/35ae4fa2-1076-42ae-a04c-1752126b2aaf"; +preLVM = true; +allowDiscards = true; +}; +}; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/fe34ee57-9397-4311-94f2-a4fc0a3ef09c"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/402B-2026"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/b4a28946-dcc4-437d-a1b9-08d36f4b6b27"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/configuration.nix b/machines/configuration.nix index 4b7616a..df738e4 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -83,6 +83,15 @@ in ]; }; + + bakunin = nixosSystem { + system = "x86_64-linux"; + specialArgs.inputs = inputs; + modules = defaultModules ++ [ + ./bakunin/configuration.nix + ]; + }; + durruti = nixosSystem { system = "x86_64-linux"; specialArgs.inputs = inputs; -- 2.51.2 From f61ea6ce5c70c3e460ff84a0781bb8d131721510 Mon Sep 17 00:00:00 2001 From: kalipso Date: Tue, 26 Nov 2024 13:14:36 +0100 Subject: [PATCH 2/3] [bakunin] add disko device --- flake.nix | 2 + machines/configuration.nix | 3 +- machines/modules/disko/btrfs-laptop.nix | 63 +++++++++++++++++++++++++ 3 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 machines/modules/disko/btrfs-laptop.nix diff --git a/flake.nix b/flake.nix index c02f881..f5e5802 100644 --- a/flake.nix +++ b/flake.nix @@ -10,6 +10,8 @@ mfsync.url = "github:k4lipso/mfsync"; microvm.url = "github:astro/microvm.nix"; microvm.inputs.nixpkgs.follows = "nixpkgs"; + inputs.disko.url = "github:nix-community/disko/latest"; + inputs.disko.inputs.nixpkgs.follows = "nixpkgs"; utils = { url = "github:numtide/flake-utils"; diff --git a/machines/configuration.nix b/machines/configuration.nix index df738e4..bb50a90 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -83,12 +83,13 @@ in ]; }; - bakunin = nixosSystem { system = "x86_64-linux"; specialArgs.inputs = inputs; modules = defaultModules ++ [ ./bakunin/configuration.nix + inputs.disko.nixosModules.disko + ./modules/disko/btrfs-laptop.nix ]; }; diff --git a/machines/modules/disko/btrfs-laptop.nix b/machines/modules/disko/btrfs-laptop.nix new file mode 100644 index 0000000..aeedcbb --- /dev/null +++ b/machines/modules/disko/btrfs-laptop.nix @@ -0,0 +1,63 @@ +{ config, self, inputs, ... }: + +{ + imports = [ + inputs.disko.nixosModules.disko + ]; + + # https://github.com/nix-community/disko/blob/master/example/luks-btrfs-subvolumes.nix + disko.devices = { + disk = { + main = { + type = "disk"; + # When using disko-install, we will overwrite this value from the commandline + device = "/dev/disk/by-id/some-disk-id"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + passwordFile = "/tmp/secret.key"; # Interactive + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "20M"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} -- 2.51.2 From c0207dad3383f902b735bc01d2dd9986350ba5ce Mon Sep 17 00:00:00 2001 From: kalipso Date: Tue, 26 Nov 2024 13:22:52 +0100 Subject: [PATCH 3/3] [nixpkgs] fix typo --- flake.lock | 22 ++++++++++++++++++++++ flake.nix | 4 ++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/flake.lock b/flake.lock index e247a88..4e2cb07 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730135292, + "narHash": "sha256-CI27qHAbc3/tIe8sb37kiHNaeCqGxNimckCMj0lW5kg=", + "owner": "nix-community", + "repo": "disko", + "rev": "ab58501b2341bc5e0fc88f2f5983a679b075ddf5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "latest", + "repo": "disko", + "type": "github" + } + }, "ep3-bs": { "inputs": { "nixpkgs": [ @@ -203,6 +224,7 @@ }, "root": { "inputs": { + "disko": "disko", "ep3-bs": "ep3-bs", "home-manager": "home-manager", "mfsync": "mfsync", diff --git a/flake.nix b/flake.nix index f5e5802..ad9eac3 100644 --- a/flake.nix +++ b/flake.nix @@ -10,8 +10,8 @@ mfsync.url = "github:k4lipso/mfsync"; microvm.url = "github:astro/microvm.nix"; microvm.inputs.nixpkgs.follows = "nixpkgs"; - inputs.disko.url = "github:nix-community/disko/latest"; - inputs.disko.inputs.nixpkgs.follows = "nixpkgs"; + disko.url = "github:nix-community/disko/latest"; + disko.inputs.nixpkgs.follows = "nixpkgs"; utils = { url = "github:numtide/flake-utils"; -- 2.51.2