rpqt/flocon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add host haze base nixos config

Browse Source
This commit is contained in:
Romain Paquet
2025-02-10 23:25:25 +01:00
parent 4292814f4c
commit a47014b41a
10 changed files with 208 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
flake.nix
View File

@@ -15,6 +15,19 @@
{
nixosConfigurations = {
# VivoBook laptop
haze = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs;
inherit (import ./parts) keys;
};
system = "x86_64-linux";
modules = [
./hosts/haze
./system
];
};
# Hetzner VPS
crocus = nixpkgs.lib.nixosSystem {
specialArgs = {

8
hosts/haze/boot.nix Normal file
View File

@@ -0,0 +1,8 @@
{
boot.loader = {
systemd-boot = {
enable = true;
};
efi.canTouchEfiVariables = true;
};
}

21
hosts/haze/default.nix Normal file
View File

@@ -0,0 +1,21 @@
{
inputs,
...
}:
{
imports = [
inputs.disko.nixosModules.disko
inputs.agenix.nixosModules.default
inputs.impermanence.nixosModules.impermanence
./disk.nix
./network.nix
./syncthing.nix
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.rpqt = ./home.nix;
}
];
}

76
hosts/haze/disk.nix Normal file
View File

@@ -0,0 +1,76 @@
{
disko.devices.disk.main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
settings.allowDiscards = true;
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"/arch-root" = { }; # archlinux root
"/home" = {
mountpoint = "/home";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"/persist" = {
mountpoint = "/persist";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "16G";
};
};
postCreateHook = ''
MNTPOINT="$(mktemp -d)"
mount "/dev/mapper/crypted" "$MNTPOINT" -o subvol=/
trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
'';
};
};
};
};
};
};
fileSystems."/persist".neededForBoot = true;
}

8
hosts/haze/network.nix Normal file
View File

@@ -0,0 +1,8 @@
{
networking.networkmanager = {
enable = true;
wifi.powersave = true;
};
users.users."rpqt".extraGroups = [ "networkmanager" ];
}

7
hosts/haze/secrets/secrets.nix Normal file
View File

@@ -0,0 +1,7 @@
let
keys = import ../../../parts/keys.nix;
in
{
"syncthing-key.pem.age".publicKeys = [ keys.hosts.haze ];
"syncthing-cert.pem.age".publicKeys = [ keys.hosts.haze ];
}

BIN
hosts/haze/secrets/syncthing-cert.pem.age Normal file
View File

Binary file not shown.

8
hosts/haze/secrets/syncthing-key.pem.age Normal file
View File

@@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 P3fsag cm2nekzBIMCAb/yXzY4L6jIH/Sa+rSMznT88WJNkP30
DMnRf0An69vywpHLD3RGHwE0dkaa6JIEahhQo14EEDc
--- f/kI+HBhWTQlXoWvCJaLJM70EsOkH4G8/5g9Eeu8uNc
<EFBFBD>T!<21><><12>\Β<>6<16>
<EFBFBD>T<><54>rϵKr<4B>9<EFBFBD><39>w<EFBFBD>̞<EFBFBD>8<04><><EFBFBD><EFBFBD>E<EFBFBD><45><EFBFBD><EFBFBD>,<2C>R.<2E><><EFBFBD><EFBFBD><EFBFBD>i<> <20><><EFBFBD><EFBFBD>_'2<>;i<>ń<EFBFBD>8d<04><><EFBFBD><EFBFBD><EFBFBD>&Dݫq<><71><EFBFBD>xd
<EFBFBD>3<EFBFBD>e<EFBFBD>xn<EFBFBD>g~<7E>/)݇a<DD87><13>W<><57><EFBFBD>G~<1F><><EFBFBD>BNV<4E><56>i<EFBFBD>a<05>{<7B><17><>u<EFBFBD>ە<1B>R=<3D><>M<EFBFBD>O)$HS<48><53>f<EFBFBD>f<<3C><>c<><63>?<3F><01>~*<2A>T<EFBFBD><07><>)Wtʁ<18><><EFBFBD>&<15><>8i<38><69><EFBFBD>z<EFBFBD><7A>:5<><35>[sc"<22><><1A><>& U<><55><EFBFBD>9<EFBFBD><39>'<27><>_<5F><7F>{xkE<6B><45>ؼY<0E>@<40><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>f<EFBFBD>U<EFBFBD>+<2B><>B<EFBFBD>u<EFBFBD>=<3D><>Y4<0F>e3<65>U<01><>QLSl5 U<><1B>!<10>h<EFBFBD><68>W<EFBFBD><57>@}<7D>OW<4F><57><EFBFBD>

11
hosts/haze/sway.nix Normal file
View File

@@ -0,0 +1,11 @@
{
services.gnome.gnome-keyring.enable = true;
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
users.users."rpqt".extraGroups = [ "video" ];
programs.light.enable = true;
}

56
hosts/haze/syncthing.nix Normal file
View File

@@ -0,0 +1,56 @@
{
config,
...
}:
let
user = "rpqt";
home = config.users.users.${user}.home;
in
{
age.secrets.syncthing-key.file = ./secrets/syncthing-key.pem.age;
age.secrets.syncthing-cert.file = ./secrets/syncthing-cert.pem.age;
services.syncthing = {
enable = true;
user = user;
group = "users";
dataDir = home;
configDir = "${home}/.config/syncthing";
key = config.age.secrets.syncthing-key.path;
cert = config.age.secrets.syncthing-cert.path;
openDefaultPorts = true;
overrideDevices = true;
overrideFolders = true;
settings = {
devices = {
"genepi" = {
id = "EA7DC7O-IHB47EQ-AWT2QBJ-AWPDF5S-W4EM66A-KQPCTHI-UX53WKM-QTSAHQ4";
};
"pixel-7a" = {
id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU";
};
};
folders = {
"Documents" = {
path = "${home}/Documents";
devices = [
"genepi"
];
};
"Music" = {
path = "${home}/Music";
devices = [
"genepi"
"pixel-7a"
];
};
"Videos" = {
path = "${home}/Videos";
devices = [
"genepi"
];
};
};
};
};
}