felix/nixos
1
0
Fork 0
mirror of https://github.com/Stunkymonkey/nixos.git synced 2025-05-24 09:54:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

restructure folder organisation

Browse source
This commit is contained in:
Felix Buehler 2022-12-05 20:32:39 +01:00
parent 599d55fa6a
commit 9cf7be677d
72 changed files with 95 additions and 98 deletions
Download patch file Download diff file Expand all files Collapse all files

71
machines/thinkman/configuration.nix Normal file
View file

@ -0,0 +1,71 @@
{ config, pkgs, lib, ... }:
{
imports = [
./disks.nix
./hardware-configuration.nix
./services.nix
../../legacy/modules/3d-design.nix
../../legacy/modules/android.nix
../../legacy/modules/avahi.nix
../../legacy/modules/bluetooth-audio.nix
../../legacy/modules/clean.nix
../../legacy/modules/desktop-default.nix
../../legacy/modules/desktop-development.nix
../../legacy/modules/development.nix
../../legacy/modules/docker.nix
../../legacy/modules/filesystem.nix
../../legacy/modules/gaming.nix
../../legacy/modules/hardware-base.nix
../../legacy/modules/intel-video.nix
../../legacy/modules/intel.nix
../../legacy/modules/kvm.nix
../../legacy/modules/location.nix
../../legacy/modules/media.nix
../../legacy/modules/meeting.nix
../../legacy/modules/nix.nix
../../legacy/modules/power.nix
../../legacy/modules/presentation.nix
../../legacy/modules/printer.nix
../../legacy/modules/screen-sharing.nix
../../legacy/modules/sway.nix
../../legacy/modules/sync.nix
../../legacy/modules/systemd-user.nix
../../legacy/modules/systemduefi.nix
../../legacy/modules/tex.nix
../../legacy/modules/thunderbolt.nix
../../legacy/modules/webcam.nix
];
networking.hostName = "thinkman";
sops = {
defaultSopsFile = ./secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
gnupg.sshKeyPaths = [ ];
};
nix.extraOptions = ''
extra-platforms = aarch64-linux i686-linux
'';
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
# Use latest kernel
boot.kernelPackages = pkgs.linuxPackages_latest;
# Nix
nix = {
autoOptimiseStore = true;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
daemonCPUSchedPolicy = "idle";
daemonIOSchedPriority = 7;
};
system = {
stateVersion = "22.05";
autoUpgrade.enable = true;
};
}

30
machines/thinkman/disks.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, lib, pkgs, ... }:
{
boot.initrd.luks.devices."luks-drive" = {
name = "luks-drive";
device = "/dev/disk/by-partlabel/Crypt";
preLVM = true;
allowDiscards = true;
};
fileSystems."/" = {
device = "/dev/disk/by-label/thinkman-root";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/thinkman-bo";
fsType = "vfat";
};
fileSystems."/home" = {
device = "/dev/disk/by-label/thinkman-home";
fsType = "ext4";
};
swapDevices = [{
device = "/dev/disk/by-label/thinkman-swap";
}];
}

13
machines/thinkman/hardware-configuration.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, ... }:
{
# video driver
boot.initrd.kernelModules = [ "i915" ];
# Special power management settings for ThinkPads
services.tlp.enable = true;
my.hardware = {
nitrokey.enable = true;
sound.enable = true;
};
}

35
machines/thinkman/secrets.yaml Normal file
View file

@ -0,0 +1,35 @@
users:
felix:
password: ENC[AES256_GCM,data:Zlq+j/zqbiIBEvew,iv:k2/Jjwi/jfBnc2fYFZeJyWmr0QlvgeMl5IU7Zzl0LvY=,tag:fImYKHSfQ0bKV2E+P5El0Q==,type:str]
borgbackup:
password: ENC[AES256_GCM,data:RF385VVV1aUjZA5FcJGwizhiAlINW7HiFA==,iv:W1+khhHyKfDKD7vs0t442g28MJ+0zu5ZpKYMmrmvEyM=,tag:whQ4euwgukHaTTJIAwpYSg==,type:str]
private_ssh_key: ENC[AES256_GCM,data:0mYCkjmoYgvPly2R/dZ8GNqlJDJI60drzdnrgD3ia6q8IegsYrl5fVevt7WV0nWYE2Jk05+RXdbZ1acsXtpRXcW9tIIsa+PzY64jzz08tlER2uGcj/wNtc+MQoy8elPWXdaL5MaAfggJk6gSxXCn+DBYplqA2hGy7jJ8q3lYoo+ssswzfjTV5wZu0OEa6psPu55+m3euRRBSRxdy2oHxnSh/q140n94HUEGIu9xGp+RGyM9DvVgonxr94sE8AMXCXLDFebNzSuLDuO7j4CSKNjR2ylECbFFUgTrX4fYbTzu6hxPqbb2/LiorI5kgGLkahV0iMqGwxv+ltbhvqgrDqiFoaat54+eHtxt0UPlgZawu0f3OUj+dT+5Nb2zzTmweJ+XaMPX3pVNc9oVwqDA7y7gNqf006D3vzzYATCPWSEFWWFgPnQ8WOEBV0h1FdD120ufHblMikSiVWhYyeqX+N2r1hiNiqdG2oUpil5mo8Pnutr8DLCkB4KovgXfHT6OAOjBduYXKcvBMvVJ2fHv9,iv:+QGru0TgNc7qK4+5eQVQJ8pCFH8Jj5XfxEC8e7c6EzA=,tag:inFmf2OujP8JPvUhCphaCw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hf8m9upp00dr7qv2kmqdr50fpvd9ejzkfu8yknqnuda2aas2tvrs4l3u7m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuMHpBZmU4ZVo5UitOQ1la
UUNZNEU5OVFqM2hsY2g0YzRkemRvbUdyYVVjCjhFbDR2cUxTYUU2dU1Oekc4VEZ5
K2JEd1JZMkFhUXhFaTVnTytFeFU4TmcKLS0tIG5zTGZ4OG9GN2tNVE5zUG95dXFk
cG01NlA0YlpzcENqWjJMUkQwZXJMcUEKv94rjj5iHY1HAZQiE5yleC4f0WABcXbm
Wf4xYYCCWUmcTKXabIyPWn9eCNYCQgy29YTcTKu4/8BvebrGkRHuHw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1spt854cdscqs757a8kazth52rv4p9udh54suw9lpzlqg5savyapq2u0c03
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLSUlHb04rMGR5YWFhUUZq
QXVHYnZQUUdQc0FzbTgyalBPZktBdDVvZ2lRClpzcDltOFA0eFlqTGRUNFptcW1C
WGZyamIyNEFTQXQ4R2pmdU9FS3lma0kKLS0tIFphS0ZhbmxDb3A5MnVvaVJGT1Iw
bzY2ZTY1QUtSRjlOZ1E0Vkw5Q1cxYmMKqwvWUv2XpRIenGwCpZuwKQc0ZsiX2AAx
pmIh4f10G7wr1rLeodRi2KxYIrrudPbxEWIuzmBRyHc7+3EPpzLetw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-10-02T21:24:35Z"
mac: ENC[AES256_GCM,data:Ckv+LA/dLXFoX5iqKjqX1CGCiUMGEQx/AtqVYaQc00846ntYYQlKKYppOSlKFiwjumHHH1RRsuBryYHlms1FeQX5n/QT1Rjsa9lHElDtFuds9U1Px27zjothI8TBVLZeaU2rccPNf2cHEa0eVmM5YU3WylAUv0ZUJ+HGLZzJlUM=,iv:ZZwDYQFYpgO6zu/ReEObFGMAevF3G7mv5TQ7P/hoC24=,tag:J/SpkLXKp/pdZp6fix89fQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

19
machines/thinkman/services.nix Normal file
View file

@ -0,0 +1,19 @@
# Deployed services
{ config, lib, ... }:
let
secrets = config.sops.secrets;
in
{
sops.secrets."borgbackup/password" = { };
sops.secrets."borgbackup/private_ssh_key" = { };
# List services that you want to enable:
my.services = {
backup = {
enable = true;
OnFailureNotification = true;
passwordFile = secrets."borgbackup/password".path;
sshKeyFile = secrets."borgbackup/private_ssh_key".path;
};
};
}