diff --git a/README.md b/README.md index 4314095..4e6f487 100644 --- a/README.md +++ b/README.md @@ -121,10 +121,11 @@ used flakes: ```bash nix run github:nix-community/nixos-anywhere -- \ + --disko-mode disko \ --disk-encryption-keys /tmp/disk.key /tmp/disk.key \ --extra-files "$temp" \ --flake .# \ - --target-host root@ + root@ ``` ## Inspired by diff --git a/flake.lock b/flake.lock index 7a52254..490b4af 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1775087534, - "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1775585728, - "narHash": "sha256-8Psjt+TWvE4thRKktJsXfR6PA/fWWsZ04DVaY6PUhr4=", + "lastModified": 1774104215, + "narHash": "sha256-EAtviqz0sEAxdHS4crqu7JGR5oI3BwaqG0mw7CmXkO8=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "580633fa3fe5fc0379905986543fd7495481913d", + "rev": "f799ae951fde0627157f40aec28dec27b22076d0", "type": "github" }, "original": { @@ -222,27 +222,26 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1775232991, - "narHash": "sha256-QkmL6kwmQXBN24FVOZSfFkNpUgu8jHfdYPoA2H8sA7k=", - "owner": "Stunkymonkey", + "lastModified": 1774567711, + "narHash": "sha256-uVlOHBvt6Vc/iYNJXLPa4c3cLXwMllOCVfAaLAcphIo=", + "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d6ee262f8d4db0815b08c76714becc09af11f962", + "rev": "3f6f874dfc34d386d10e434c48ad966c4832243e", "type": "github" }, "original": { - "owner": "Stunkymonkey", - "ref": "dell-precision-5820", + "owner": "NixOS", "repo": "nixos-hardware", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1775811116, - "narHash": "sha256-t+HZK42pB6N+i5RGbuy7Xluez/VvWbembBdvzsc23Ss=", + "lastModified": 1774388614, + "narHash": "sha256-tFwzTI0DdDzovdE9+Ras6CUss0yn8P9XV4Ja6RjA+nU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "54170c54449ea4d6725efd30d719c5e505f1c10e", + "rev": "1073dad219cb244572b74da2b20c7fe39cb3fa9e", "type": "github" }, "original": { @@ -253,11 +252,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1774748309, - "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=", + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "333c4e0545a6da976206c74db8773a1645b5870a", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", "type": "github" }, "original": { @@ -298,11 +297,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1775710090, - "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=", + "lastModified": 1774386573, + "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4c1018dae018162ec878d42fec712642d214fdfa", + "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", "type": "github" }, "original": { @@ -355,11 +354,11 @@ ] }, "locked": { - "lastModified": 1775971308, - "narHash": "sha256-VKp9bhVSm0bT6JWctFy06ocqxGGnWHi1NfoE90IgIcY=", + "lastModified": 1774303811, + "narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=", "owner": "Mic92", "repo": "sops-nix", - "rev": "31ac5fe5d015f76b54058c69fcaebb66a55871a4", + "rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 94b3cea..82a6947 100644 --- a/flake.nix +++ b/flake.nix @@ -11,8 +11,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # nixos-hardware.url = "github:NixOS/nixos-hardware"; - nixos-hardware.url = "github:Stunkymonkey/nixos-hardware/dell-precision-5820"; + nixos-hardware.url = "github:NixOS/nixos-hardware"; nixinate = { url = "github:matthewcroughan/nixinate"; diff --git a/machines/.sops.yaml b/machines/.sops.yaml index 3934bfb..ca27a02 100644 --- a/machines/.sops.yaml +++ b/machines/.sops.yaml @@ -5,7 +5,6 @@ keys: - &workman age1f2e644jteyeppfaatajtvjmsupl0e7nzx97ded6m0cgzw04l84ks5xl9l2 - &thinkman age1spt854cdscqs757a8kazth52rv4p9udh54suw9lpzlqg5savyapq2u0c03 - &serverle age14nt7qcsrye0vrpk0xcgcfmhkxwwumna39fpn83g3x0zml62skatqpnmhk4 - - &playman age15d6y9s30t6ggdec4aqycxr4lht98rz77w5rvpnplf3fnqcgyau2qgcwh3g - &newton age1s9spl75rwhgm3cvvqsr9rze5m0kuxqes2tsxjmq07xg5ycn5j47s2m0dlu creation_rules: - path_regex: workman/secrets.yaml$ @@ -28,8 +27,3 @@ creation_rules: - age: - *admin_felix - *serverle - - path_regex: playman/secrets.yaml$ - key_groups: - - age: - - *admin_felix - - *playman diff --git a/machines/configurations.nix b/machines/configurations.nix index 4523824..2c41f81 100644 --- a/machines/configurations.nix +++ b/machines/configurations.nix @@ -82,12 +82,5 @@ in ./serverle/configuration.nix ]; }; - playman = nixosSystem { - system = "x86_64-linux"; - modules = defaultModules ++ [ - nixos-hardware.nixosModules.dell-precision-5820 - ./playman/configuration.nix - ]; - }; }; } diff --git a/machines/playman/boot.nix b/machines/playman/boot.nix deleted file mode 100644 index 53beb65..0000000 --- a/machines/playman/boot.nix +++ /dev/null @@ -1,17 +0,0 @@ -_: { - boot = { - loader = { - timeout = 0; - systemd-boot = { - enable = true; - configurationLimit = 10; - editor = true; - }; - efi.canTouchEfiVariables = true; - }; - initrd = { - systemd.enable = true; # for a nice password prompt - verbose = false; - }; - }; -} diff --git a/machines/playman/configuration.nix b/machines/playman/configuration.nix deleted file mode 100644 index 4b23a63..0000000 --- a/machines/playman/configuration.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ ... }: -{ - imports = [ - ./boot.nix - ./disko-config.nix - ./hardware-configuration.nix - ./network.nix - ./nixinate.nix - ./profiles.nix - ./services.nix - ./system.nix - ]; - - networking.hostName = "playman"; - - sops = { - defaultSopsFile = ./secrets.yaml; - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - gnupg.sshKeyPaths = [ ]; - }; - - # needed for cross-compilation - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - - system = { - stateVersion = "25.11"; - autoUpgrade.enable = true; - }; -} diff --git a/machines/playman/disko-config.nix b/machines/playman/disko-config.nix deleted file mode 100644 index 3718ec7..0000000 --- a/machines/playman/disko-config.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - disko.devices = { - disk = { - vdb = { - type = "disk"; - device = "/dev/disk/by-id/nvme-eui.ace42e817028d9c6"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; # for grub MBR - }; - ESP = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - luks = { - size = "100%"; - content = { - type = "luks"; - name = "encrypted"; - settings.allowDiscards = true; - passwordFile = "/tmp/disk.key"; - content = { - type = "lvm_pv"; - vg = "pool"; - }; - }; - }; - }; - }; - }; - }; - lvm_vg = { - pool = { - type = "lvm_vg"; - lvs = { - root = { - size = "100G"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - home = { - size = "500G"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/home"; - }; - }; - swap = { - size = "32GB"; - content = { - type = "swap"; - resumeDevice = true; - }; - }; - }; - }; - }; - }; -} diff --git a/machines/playman/hardware-configuration.nix b/machines/playman/hardware-configuration.nix deleted file mode 100644 index 39d5775..0000000 --- a/machines/playman/hardware-configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - pkgs, - ... -}: -{ - boot.kernelPackages = pkgs.linuxPackages_latest; - - my.hardware = { - bluetooth.enable = true; - debug.enable = true; - drive-monitor = { - enable = true; - OnFailureMail = "server@buehler.rocks"; - }; - firmware = { - enable = true; - cpuFlavor = "intel"; - }; - graphics = { - enable = true; - gpuFlavor = "nvidia"; - }; - keychron.enable = true; - yubikey.enable = true; - }; -} diff --git a/machines/playman/network.nix b/machines/playman/network.nix deleted file mode 100644 index abb0e3f..0000000 --- a/machines/playman/network.nix +++ /dev/null @@ -1,6 +0,0 @@ -_: { - networking = { - domain = "buehler.rocks"; - search = [ "buehler.rocks" ]; - }; -} diff --git a/machines/playman/nixinate.nix b/machines/playman/nixinate.nix deleted file mode 100644 index 1a571be..0000000 --- a/machines/playman/nixinate.nix +++ /dev/null @@ -1,8 +0,0 @@ -_: { - _module.args.nixinate = { - host = "playman.local"; - sshUser = "felix"; - buildOn = "remote"; - substituteOnTarget = true; - }; -} diff --git a/machines/playman/profiles.nix b/machines/playman/profiles.nix deleted file mode 100644 index 9b7d573..0000000 --- a/machines/playman/profiles.nix +++ /dev/null @@ -1,11 +0,0 @@ -# enabled profiles -_: { - my.profiles = { - clean.enable = true; - development.enable = true; - gaming.enable = true; - nix.enable = true; - sync.enable = true; - update.enable = true; - }; -} diff --git a/machines/playman/secrets.yaml b/machines/playman/secrets.yaml deleted file mode 100644 index b80b53e..0000000 --- a/machines/playman/secrets.yaml +++ /dev/null @@ -1,30 +0,0 @@ -users: - felix: - password: ENC[AES256_GCM,data:MHiZkTDna6nz6JhCst0uQA7MKDLtXzIqZuJEYHPgC6dRmGckYBUR0mXqh+5lLlCOeqtGbyBFKQ7tv7hpgIOX2lVyX4V99IICzw==,iv:p9ZtVpL2u64iEQuo3TF+5kFaWLd0wHT16lT4Wx8QLyo=,tag:o9g2wKQfNQyv3078tL58Nw==,type:str] -borgbackup: - password: ENC[AES256_GCM,data:bWZUeX09dxLjiHVsymKi3zArtxW4aEkVU/eLa3RbdvI=,iv:sRxy7Y0EggxXf6tGQZJdVfggcBbQD+1w2hvJgQCyr3Y=,tag:Up/opwQwl8+t1Yt26012GQ==,type:str] - ssh_key: ENC[AES256_GCM,data:k5gDazMB8sVwJANws8nORGvM8baxwx+kniFIlc50WaJplerbsk1ZspxRes5vnMeEM0UBawtBkHUXpcXVo5KXU/hXd1sDHQe3CFBhKjSFwls3b9LSmt81mBYjrlPeHMah5/PHOz5RDj5skpZ7rd5AzVOfu+aB4qUogl/gAP9aEMdtuIBx/uKXba3ER5590vLpd1Q4sxAuiWnkXi02rgW6Pzyx9RqcUU9KWLQuhfnyeEZ+PPjR4NHPJBr4TkUJ3DR2UziCtlOH1H0kKeDIj/pWqXKx8C5p7RRRkPxZ/qLmDqMtt3Cjs7MlDFUijvfnDSieKoa3JIZw9Kb9AlomkgfqrCOUEaNCBZEq/ovAj7SXm13t50SFGZfTRVul3AcToRxauzhrKXvoUbvKu0Qd4zSOPIXU4tnxodCrWraEbAXKJ+uqKH6N2RA8vxnT06Yqv9SY75hDbPIDvK/44+YWrQU5hNWYKZ+Afnadps2+huqNLbiih+/0AzTAAhtqUYsuQS+1ybTT5fsoakMssRf+wyi8,iv:vGaEIaeQGGOgLMu9oZwr/+N1/IzPPuOElMXczEZkwSw=,tag:VKzmy3Zy1C+VUgqAkscGfg==,type:str] -sops: - age: - - recipient: age1hf8m9upp00dr7qv2kmqdr50fpvd9ejzkfu8yknqnuda2aas2tvrs4l3u7m - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFblpKaTJIVTlVMHRjemZX - VWhmbU1vTzlxRDNQM1N3Y2tHb3ZZdUwvSFdFCnc4cTkyaWtxTEhEbUpXd0d3bnFJ - QkdaRHRvK2ZqazZGdGFoZFJwTUVCOUkKLS0tIGc4SUtZeGg3QXhwcW9NVk4zMVVo - andwd2Eydk5oRzBRTlNwdzFVQ1QwYmsK7Rn/P4JCjajb0seyzFRcnIxsz2WgkbYf - wF7wsXoBZrwGPu2otrn2G/4IYrXYn5Gf2K/sjKVo/PtsnHLRWEWgBw== - -----END AGE ENCRYPTED FILE----- - - recipient: age15d6y9s30t6ggdec4aqycxr4lht98rz77w5rvpnplf3fnqcgyau2qgcwh3g - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4KzgwZzIrbVFFWE1OWWsr - ZElTQjhLOWgzZGRXcnV0dnpYejFhVWRXREhRCkxjU2NNQmdLQzY2Wm4yZjlSWWRu - OEpmcXcvblh1N0Exck1mMmRLZmd6VHcKLS0tIE5hUGV1eTRYUk51RXY3R2Q0ckVn - aHlUbExuSDlQZWN6TlEzdjAyNTBiaUUKM2w9fi0MJa4ujpkcrtyQqmjOYaTsbdBJ - wBDbuJ1EazT47T4g9ycilbFS6LvugfJxfrzN0mW3XEuiWkrsYIIsPw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-03T15:10:27Z" - mac: ENC[AES256_GCM,data:p3Ke6ZCuuBYOzrcLGtnC4Kk8Y8S+EM8WlyT0hNFyoA/Ds6aI+FtOuNKfZN4Znh2KbLZBOaz6UJ+jDaMrfaRPJY13HlklysuSGari9Y7YdxdkcMvfl/nlGfhE7A0Wgm/m7LF2N33BAd2NrPKpPF2Omu8moIMcQ+xy5GKzVb/hiHU=,iv:3Tq29JZkVmh0/L01+mlmW/5N1bXOecElsMwg+m9Kpq0=,tag:S0m79vu0ywsaj/t+mtLfQw==,type:str] - unencrypted_suffix: _unencrypted - version: 3.12.1 diff --git a/machines/playman/services.nix b/machines/playman/services.nix deleted file mode 100644 index be7974d..0000000 --- a/machines/playman/services.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Deployed services -{ config, ... }: -let - inherit (config.sops) secrets; -in -{ - sops.secrets = { - "borgbackup/password" = { }; - "borgbackup/ssh_key" = { }; - }; - - # List services that you want to enable: - my.services = { - backup = { - enable = true; - OnFailureMail = "server@buehler.rocks"; - passwordFile = secrets."borgbackup/password".path; - sshKeyFile = secrets."borgbackup/ssh_key".path; - paths = [ "/" ]; - }; - # remote build - remote-build.enable = true; - - ssh-server = { - enable = true; - }; - initrd-ssh = { - enable = true; - }; - vpn = { - enable = true; - }; - }; -} diff --git a/machines/playman/system.nix b/machines/playman/system.nix deleted file mode 100644 index 25b65db..0000000 --- a/machines/playman/system.nix +++ /dev/null @@ -1,7 +0,0 @@ -# enabled system services -_: { - my.system = { - avahi.enable = true; - podman.enable = true; - }; -} diff --git a/machines/thinkman/hardware-configuration.nix b/machines/thinkman/hardware-configuration.nix index 0727182..af5463d 100644 --- a/machines/thinkman/hardware-configuration.nix +++ b/machines/thinkman/hardware-configuration.nix @@ -1,4 +1,8 @@ -_: { +_: +let + cpuFlavor = "intel"; +in +{ # video driver boot.initrd.kernelModules = [ "i915" ]; @@ -16,11 +20,11 @@ _: { drive-monitor.enable = true; firmware = { enable = true; - cpuFlavor = "intel"; + inherit cpuFlavor; }; graphics = { enable = true; - gpuFlavor = "intel"; + inherit cpuFlavor; }; id-card.enable = true; keychron.enable = true; diff --git a/machines/workman/hardware-configuration.nix b/machines/workman/hardware-configuration.nix index 6cd67f1..b15c33b 100644 --- a/machines/workman/hardware-configuration.nix +++ b/machines/workman/hardware-configuration.nix @@ -2,6 +2,9 @@ pkgs, ... }: +let + cpuFlavor = "amd"; +in { boot.kernelPackages = pkgs.linuxPackages_latest; @@ -27,11 +30,11 @@ drive-monitor.enable = true; firmware = { enable = true; - cpuFlavor = "amd"; + inherit cpuFlavor; }; graphics = { enable = true; - gpuFlavor = "amd"; + inherit cpuFlavor; }; id-card.enable = true; keychron.enable = true; diff --git a/modules/hardware/graphics/default.nix b/modules/hardware/graphics/default.nix index 4608559..4f9befe 100644 --- a/modules/hardware/graphics/default.nix +++ b/modules/hardware/graphics/default.nix @@ -10,12 +10,11 @@ in { options.my.hardware.graphics = { enable = lib.mkEnableOption "graphics configuration"; - gpuFlavor = lib.mkOption { + cpuFlavor = lib.mkOption { type = lib.types.nullOr ( lib.types.enum [ "amd" "intel" - "nvidia" ] ); default = null; @@ -30,7 +29,7 @@ in hardware.graphics.enable = true; } # Intel GPU - (lib.mkIf (cfg.gpuFlavor == "intel") { + (lib.mkIf (cfg.cpuFlavor == "intel") { nixpkgs.config.packageOverrides = pkgs: { intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; }; }; @@ -42,9 +41,7 @@ in ]; }) - (lib.mkIf (cfg.gpuFlavor == "amd") { - }) - (lib.mkIf (cfg.gpuFlavor == "nvidia") { + (lib.mkIf (cfg.cpuFlavor == "amd") { }) ] );