secrets #10
13 changed files with 340 additions and 122 deletions
9
nixos/.sops.yaml
Normal file
9
nixos/.sops.yaml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
keys:
|
||||||
|
- &tdpeuter@Tibo-NixFat age1q2gqur3t4fu8flsuu2zdnule37vdkh6egpt6a2e3ytx433x8gpvsr4hw6l
|
||||||
|
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: secrets/[^/]+\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *tdpeuter@Tibo-NixFat
|
||||||
|
|
|
@ -19,6 +19,10 @@
|
||||||
utils.follows = "flake-utils";
|
utils.follows = "flake-utils";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
sops-nix = {
|
||||||
|
url = "github:Mic92/sops-nix";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
utils = {
|
utils = {
|
||||||
url = "github:gytis-ivaskevicius/flake-utils-plus";
|
url = "github:gytis-ivaskevicius/flake-utils-plus";
|
||||||
inputs.flake-utils.follows = "flake-utils";
|
inputs.flake-utils.follows = "flake-utils";
|
||||||
|
@ -27,7 +31,7 @@
|
||||||
|
|
||||||
outputs = inputs@{
|
outputs = inputs@{
|
||||||
self, nixpkgs,
|
self, nixpkgs,
|
||||||
devshell, flake-utils, home-manager, utils,
|
devshell, flake-utils, home-manager, sops-nix, utils,
|
||||||
... }:
|
... }:
|
||||||
let
|
let
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
@ -43,11 +47,13 @@
|
||||||
inherit system;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
home-manager.nixosModule
|
home-manager.nixosModule
|
||||||
|
sops-nix.nixosModules.sops
|
||||||
./modules
|
./modules
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
hosts = {
|
hosts = {
|
||||||
|
Tibo-NixDesk.modules = [ ./hosts/Tibo-NixDesk ];
|
||||||
Tibo-NixFat.modules = [ ./hosts/Tibo-NixFat ];
|
Tibo-NixFat.modules = [ ./hosts/Tibo-NixFat ];
|
||||||
Tibo-NixTest.modules = [ ./hosts/Tibo-NixTest ];
|
Tibo-NixTest.modules = [ ./hosts/Tibo-NixTest ];
|
||||||
};
|
};
|
||||||
|
|
79
nixos/hosts/Tibo-NixDesk/default.nix
Normal file
79
nixos/hosts/Tibo-NixDesk/default.nix
Normal file
|
@ -0,0 +1,79 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ # Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
../../modules/hardware/nvidia
|
||||||
|
|
||||||
|
../../modules/apps/virtualbox
|
||||||
|
../../modules/des/gnome
|
||||||
|
];
|
||||||
|
|
||||||
|
# Bootloader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||||
|
|
||||||
|
# Enable networking
|
||||||
|
networking.hostName = "Tibo-NixDesk"; # Define your hostname.
|
||||||
|
networking.networkmanager.enable = true;
|
||||||
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Brussels";
|
||||||
|
|
||||||
|
# Select internationalisation properties.
|
||||||
|
i18n.defaultLocale = "en_GB.utf8";
|
||||||
|
|
||||||
|
# Configure keymap in X11
|
||||||
|
services.xserver = {
|
||||||
|
layout = "us";
|
||||||
|
xkbVariant = "";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Enable sound with pipewire.
|
||||||
|
sound.enable = true;
|
||||||
|
hardware.pulseaudio.enable = false;
|
||||||
|
security.rtkit.enable = true;
|
||||||
|
services.pipewire = {
|
||||||
|
enable = true;
|
||||||
|
alsa.enable = true;
|
||||||
|
alsa.support32Bit = true;
|
||||||
|
pulse.enable = true;
|
||||||
|
# If you want to use JACK applications, uncomment this
|
||||||
|
#jack.enable = true;
|
||||||
|
|
||||||
|
# use the example session manager (no others are packaged yet so this is enabled by default,
|
||||||
|
# no need to redefine it in your config for now)
|
||||||
|
#media-session.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
|
# started in user sessions.
|
||||||
|
# programs.mtr.enable = true;
|
||||||
|
# programs.gnupg.agent = {
|
||||||
|
# enable = true;
|
||||||
|
# enableSSHSupport = true;
|
||||||
|
# };
|
||||||
|
|
||||||
|
# List services that you want to enable:
|
||||||
|
|
||||||
|
# Enable the OpenSSH daemon.
|
||||||
|
# services.openssh.enable = true;
|
||||||
|
|
||||||
|
# Open ports in the firewall.
|
||||||
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
# networking.firewall.enable = false;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "22.11"; # Did you read the comment?
|
||||||
|
|
||||||
|
}
|
38
nixos/hosts/Tibo-NixDesk/hardware-configuration.nix
Normal file
38
nixos/hosts/Tibo-NixDesk/hardware-configuration.nix
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-uuid/5e4bacff-07fb-4d3a-8ac6-d535c913659b";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot/efi" =
|
||||||
|
{ device = "/dev/disk/by-uuid/4D30-B01D";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
|
@ -3,6 +3,7 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
../../modules/hardware/nvidia.nix
|
||||||
|
|
||||||
../../modules/apps/virtualbox
|
../../modules/apps/virtualbox
|
||||||
../../modules/des/gnome
|
../../modules/des/gnome
|
||||||
|
@ -43,10 +44,6 @@
|
||||||
# };
|
# };
|
||||||
|
|
||||||
services.xserver = {
|
services.xserver = {
|
||||||
enable = true;
|
|
||||||
|
|
||||||
videoDrivers = [ "nvidia" ]; # Also for wayland compositors
|
|
||||||
|
|
||||||
# Configure keymap in X11
|
# Configure keymap in X11
|
||||||
layout = "us";
|
layout = "us";
|
||||||
xkbVariant = "";
|
xkbVariant = "";
|
||||||
|
@ -78,21 +75,6 @@
|
||||||
# Enable touchpad support (enabled default in most desktopManager).
|
# Enable touchpad support (enabled default in most desktopManager).
|
||||||
services.xserver.libinput.enable = true;
|
services.xserver.libinput.enable = true;
|
||||||
|
|
||||||
# NVIDIA drivers
|
|
||||||
hardware = {
|
|
||||||
opengl.enable = true;
|
|
||||||
nvidia = {
|
|
||||||
open = true;
|
|
||||||
# package = config.boot.kernelPackages.nvidiaPackages.stable;
|
|
||||||
modesetting.enable = true;
|
|
||||||
# prime = {
|
|
||||||
# offload.enable = true;
|
|
||||||
# intelBusId = "PCI::00:02:0";
|
|
||||||
# nvidiaBusId = "PCI:01:00:0";
|
|
||||||
# };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Allow unfree packages
|
# Allow unfree packages
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./alacritty
|
./alacritty
|
||||||
./firefox
|
./firefox
|
||||||
|
./steam
|
||||||
./thunderbird
|
./thunderbird
|
||||||
# ./virtualbox
|
# ./virtualbox
|
||||||
];
|
];
|
||||||
|
|
8
nixos/modules/apps/steam/default.nix
Normal file
8
nixos/modules/apps/steam/default.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{ inputs, lib, config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
programs.steam = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
|
@ -26,6 +26,8 @@
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
home-manager.useGlobalPkgs = true;
|
||||||
|
|
||||||
home-manager.users.tdpeuter = { pkgs, ... }: {
|
home-manager.users.tdpeuter = { pkgs, ... }: {
|
||||||
home = {
|
home = {
|
||||||
username = "tdpeuter";
|
username = "tdpeuter";
|
||||||
|
@ -60,7 +62,6 @@
|
||||||
|
|
||||||
programs = {
|
programs = {
|
||||||
home-manager.enable = true;
|
home-manager.enable = true;
|
||||||
|
|
||||||
direnv = {
|
direnv = {
|
||||||
enable = true;
|
enable = true;
|
||||||
nix-direnv.enable = true;
|
nix-direnv.enable = true;
|
||||||
|
|
|
@ -8,14 +8,32 @@
|
||||||
displayManager.gdm.enable = true;
|
displayManager.gdm.enable = true;
|
||||||
desktopManager.gnome.enable = true;
|
desktopManager.gnome.enable = true;
|
||||||
|
|
||||||
|
excludePackages = with pkgs; [
|
||||||
|
xterm
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
gnomeExtensions.launch-new-instance
|
||||||
|
];
|
||||||
|
|
||||||
environment.gnome.excludePackages = (with pkgs; [
|
environment.gnome.excludePackages = (with pkgs; [
|
||||||
|
epiphany # Web browser
|
||||||
|
gnome-console
|
||||||
gnome-photos
|
gnome-photos
|
||||||
|
gnome-text-editor
|
||||||
gnome-tour
|
gnome-tour
|
||||||
xterm
|
|
||||||
]) ++ (with pkgs.gnome; [
|
]) ++ (with pkgs.gnome; [
|
||||||
|
geary # Mail client
|
||||||
gedit
|
gedit
|
||||||
gnome-terminal
|
gnome-calendar
|
||||||
|
gnome-clocks
|
||||||
|
gnome-contacts
|
||||||
|
gnome-maps
|
||||||
|
gnome-music
|
||||||
|
gnome-weather
|
||||||
|
simple-scan
|
||||||
|
totem # Movie player
|
||||||
|
yelp # Help viewer
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
32
nixos/modules/des/plasma/default.nix
Normal file
32
nixos/modules/des/plasma/default.nix
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.xserver = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
displayManager.sddm = {
|
||||||
|
enable = true;
|
||||||
|
# https://discourse.nixos.org/t/plasma-wayland-session-not-available-from-sddm/13447/2
|
||||||
|
settings.Wayland.SessionDir = "${pkgs.plasma5Packages.plasma-workspace}/share/wayland-sessions";
|
||||||
|
};
|
||||||
|
|
||||||
|
desktopManager.plasma5 = {
|
||||||
|
enable = true;
|
||||||
|
useQtScaling = true;
|
||||||
|
|
||||||
|
excludePackages = with pkgs.libsForQt5; [
|
||||||
|
elisa
|
||||||
|
okular
|
||||||
|
khelpcenter
|
||||||
|
konsole
|
||||||
|
print-manager
|
||||||
|
plasma-systemmonitor
|
||||||
|
gwenview
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
excludePackages = with pkgs; [
|
||||||
|
xterm
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
33
nixos/modules/hardware/nvidia.nix
Normal file
33
nixos/modules/hardware/nvidia.nix
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
{ inputs, lib, config, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
|
||||||
|
export __NV_PRIME_RENDER_OFFLOAD=1
|
||||||
|
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
|
||||||
|
export __GLX_VENDOR_LIBRARY_NAME=nvidia
|
||||||
|
export __VK_LAYER_NV_optimus=NVIDIA_only
|
||||||
|
exec "$@"
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
services.xserver.videoDrivers = [ "nvidia" ];
|
||||||
|
|
||||||
|
hardware = {
|
||||||
|
opengl.enable = true;
|
||||||
|
nvidia = {
|
||||||
|
open = true;
|
||||||
|
package = config.boot.kernelPackages.nvidiaPackages.stable;
|
||||||
|
modesetting.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Offloading
|
||||||
|
# environment.systemPackages = [ nvidia-offload ];
|
||||||
|
# hardware.nvidia.prime = {
|
||||||
|
# offload.enable = true;
|
||||||
|
# intelBusId = "PCI::00:02:0";
|
||||||
|
# nvidiaBusId = "PCI:01:00:0";
|
||||||
|
# };
|
||||||
|
}
|
8
nixos/modules/utils/ssh/default.nix
Normal file
8
nixos/modules/utils/ssh/default.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
passwordAuthentication = false;
|
||||||
|
};
|
||||||
|
}
|
3
nixos/secrets/sops/age/keys.txt
Normal file
3
nixos/secrets/sops/age/keys.txt
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
# created: 2023-04-11T14:44:53+02:00
|
||||||
|
# public key: age1q2gqur3t4fu8flsuu2zdnule37vdkh6egpt6a2e3ytx433x8gpvsr4hw6l
|
||||||
|
AGE-SECRET-KEY-10J7MWCWQQY33TVNMQ9AMH4TH5LULSVAZ539P9QG3NA2Z3LTMXAFS2QQ4NG
|
Loading…
Reference in a new issue