migrate to clan

2025-05-16 15:46:47 +02:00
parent f817ba1405
commit f1ec59c3af
60 changed files with 225 additions and 391 deletions
--- a/machines/haze/boot.nix
+++ b/machines/haze/boot.nix
@@ -0,0 +1,21 @@
+{
+  boot.loader = {
+    systemd-boot = {
+      enable = true;
+    };
+    efi.canTouchEfiVariables = true;
+  };
+
+  console = {
+    earlySetup = true;
+    useXkbConfig = true;
+  };
+
+  services = {
+    xserver = {
+      xkb.layout = "fr";
+    };
+  };
+
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+}
--- a/machines/haze/chat.nix
+++ b/machines/haze/chat.nix
@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    beeper
+    discord
+    element-desktop
+  ];
+}
--- a/machines/haze/configuration.nix
+++ b/machines/haze/configuration.nix
@@ -0,0 +1,68 @@
+{
+  inputs,
+  ...
+}:
+{
+  imports = [
+    # inputs.disko.nixosModules.disko
+    inputs.agenix.nixosModules.default
+    ./boot.nix
+    ./chat.nix
+    ./firefox.nix
+    ./gimp.nix
+    ./gnome.nix
+    ./hibernate.nix
+    ./niri.nix
+    ./ssh.nix
+    ./steam.nix
+    ./thunderbird.nix
+    ./network.nix
+    ./syncthing.nix
+    ./video.nix
+    ../../system
+
+    inputs.clan-core.clanModules.state-version
+
+    inputs.home-manager.nixosModules.home-manager
+    {
+      home-manager.useGlobalPkgs = true;
+      home-manager.useUserPackages = true;
+      home-manager.users.rpqt = ./home.nix;
+      home-manager.extraSpecialArgs = { inherit inputs; };
+    }
+  ];
+
+  networking.hostName = "haze";
+  clan.core.networking.targetHost = "rpqt@haze.local";
+
+  specialisation = {
+    hyprland.configuration =
+      { ... }:
+      {
+        imports = [ ./hyprland.nix ];
+        disabledModules = [ ./niri.nix ];
+      };
+    sway.configuration =
+      { ... }:
+      {
+        imports = [ ./sway.nix ];
+        disabledModules = [ ./niri.nix ];
+      };
+  };
+
+  # Remote builds
+  nix = {
+    distributedBuilds = true;
+    buildMachines = [
+      {
+        sshUser = "nixremote";
+        sshKey = "/etc/ssh/ssh_host_ed25519_key";
+        systems = [ "aarch64-linux" ];
+        hostName = "genepi";
+      }
+    ];
+    extraOptions = ''
+      builders-use-substitutes = true
+    '';
+  };
+}
--- a/machines/haze/discord.nix
+++ b/machines/haze/discord.nix
@@ -0,0 +1 @@
+
--- a/machines/haze/disko.nix
+++ b/machines/haze/disko.nix
@@ -0,0 +1,76 @@
+{
+  disko.devices.disk.main = {
+    type = "disk";
+    device = "/dev/nvme0n1";
+    content = {
+      type = "gpt";
+      partitions = {
+        ESP = {
+          size = "512M";
+          type = "EF00";
+          content = {
+            type = "filesystem";
+            format = "vfat";
+            mountpoint = "/boot";
+            mountOptions = [ "umask=0077" ];
+          };
+        };
+        luks = {
+          size = "100%";
+          content = {
+            type = "luks";
+            name = "crypted";
+            settings.allowDiscards = true;
+            content = {
+              type = "btrfs";
+              extraArgs = [ "-f" ];
+              subvolumes = {
+                "/root" = {
+                  mountpoint = "/";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
+                };
+                "/arch-root" = { }; # archlinux root
+                "/home" = {
+                  mountpoint = "/home";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
+                };
+                "/nix" = {
+                  mountpoint = "/nix";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
+                };
+                "/persist" = {
+                  mountpoint = "/persist";
+                  mountOptions = [
+                    "compress=zstd"
+                    "noatime"
+                  ];
+                };
+                "/swap" = {
+                  mountpoint = "/.swapvol";
+                  swap.swapfile.size = "16G";
+                };
+              };
+              postCreateHook = ''
+                MNTPOINT="$(mktemp -d)"
+                mount "/dev/mapper/crypted" "$MNTPOINT" -o subvol=/
+                trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
+                btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
+              '';
+            };
+          };
+        };
+      };
+    };
+  };
+
+  fileSystems."/persist".neededForBoot = true;
+}
--- a/machines/haze/firefox.nix
+++ b/machines/haze/firefox.nix
@@ -0,0 +1,7 @@
+{ pkgs, ... }:
+{
+  programs.firefox = {
+    enable = true;
+    nativeMessagingHosts.packages = [ pkgs.passff-host ];
+  };
+}
--- a/machines/haze/gimp.nix
+++ b/machines/haze/gimp.nix
@@ -0,0 +1,4 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = [ pkgs.gimp ];
+}
--- a/machines/haze/gnome.nix
+++ b/machines/haze/gnome.nix
@@ -0,0 +1,30 @@
+{ pkgs, ... }:
+{
+  services.xserver = {
+    enable = true;
+    displayManager.gdm.enable = true;
+    desktopManager.gnome.enable = true;
+    xkb.layout = "fr";
+  };
+
+  environment.gnome.excludePackages = (
+    with pkgs;
+    [
+      atomix # puzzle game
+      cheese # webcam tool
+      epiphany # web browser
+      # evince # document viewer
+      geary # email reader
+      gedit # text editor
+      gnome-characters
+      gnome-music
+      gnome-photos
+      gnome-terminal
+      gnome-tour
+      hitori # sudoku game
+      iagno # go game
+      tali # poker game
+      totem # video player
+    ]
+  );
+}
--- a/machines/haze/hardware-configuration.nix
+++ b/machines/haze/hardware-configuration.nix
@@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  hardware.enableRedistributableFirmware = true;
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
+  boot.kernelModules = [ "kvm-intel" ];
+
+  hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware;
+}
--- a/machines/haze/hibernate.nix
+++ b/machines/haze/hibernate.nix
@@ -0,0 +1,3 @@
+{
+  boot.initrd.systemd.enable = true;
+}
--- a/machines/haze/home.nix
+++ b/machines/haze/home.nix
@@ -0,0 +1,17 @@
+{
+  imports = [
+    ../../home/chat.nix
+    ../../home/cli.nix
+    ../../home/common.nix
+    ../../home/desktop
+    ../../home/dev.nix
+    ../../home/dotfiles.nix
+    ../../home/helix.nix
+    ../../home/mail
+    ../../home/minecraft.nix
+    ../../home/desktop
+    ../../home/desktop/gnome.nix
+    ../../home/desktop/niri.nix
+    ../../home/desktop/sway.nix
+  ];
+}
--- a/machines/haze/hyprland.nix
+++ b/machines/haze/hyprland.nix
@@ -0,0 +1,3 @@
+{
+  programs.hyprland.enable = true;
+}
--- a/machines/haze/network.nix
+++ b/machines/haze/network.nix
@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+  networking.networkmanager = {
+    enable = true;
+    wifi.powersave = true;
+  };
+
+  users.users."rpqt".extraGroups = [ "networkmanager" ];
+
+  environment.systemPackages = [ pkgs.networkmanager-openconnect ];
+}
--- a/machines/haze/niri.nix
+++ b/machines/haze/niri.nix
@@ -0,0 +1,19 @@
+{ pkgs, ... }:
+{
+  programs.niri.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    brightnessctl
+    i3bar-river
+    mako
+    pavucontrol
+    playerctl
+    swaybg
+    swaylock
+    tofi
+    wl-gammarelay-rs
+    xwayland-satellite
+  ];
+
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+}
--- a/machines/haze/secrets/secrets.nix
+++ b/machines/haze/secrets/secrets.nix
@@ -0,0 +1,13 @@
+let
+  keys = import ../../../parts/keys.nix;
+in
+{
+  "syncthing-key.pem.age".publicKeys = [
+    keys.hosts.haze
+    keys.rpqt.haze
+  ];
+  "syncthing-cert.pem.age".publicKeys = [
+    keys.hosts.haze
+    keys.rpqt.haze
+  ];
+}
--- a/machines/haze/secrets/syncthing-cert.pem.age
+++ b/machines/haze/secrets/syncthing-cert.pem.age
--- a/machines/haze/secrets/syncthing-key.pem.age
+++ b/machines/haze/secrets/syncthing-key.pem.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 P3fsag cm2nekzBIMCAb/yXzY4L6jIH/Sa+rSMznT88WJNkP30
+DMnRf0An69vywpHLD3RGHwE0dkaa6JIEahhQo14EEDc
+--- f/kI+HBhWTQlXoWvCJaLJM70EsOkH4G8/5g9Eeu8uNc
+
+<EFBFBD>T!<21><><12>\Β<>6<16>
+<EFBFBD>T<><54>rϵKr<4B>9<EFBFBD><39>w<EFBFBD>̞<EFBFBD>8<04><><EFBFBD><EFBFBD>E<EFBFBD><45><EFBFBD><EFBFBD>,<2C>R.<2E><><EFBFBD><EFBFBD><EFBFBD>i<> <20><><EFBFBD><EFBFBD>_'2<>;i<>ń<EFBFBD>8d<04><><EFBFBD><EFBFBD><EFBFBD>&Dݫq<><71><EFBFBD>xd
+<EFBFBD>3<EFBFBD>e<EFBFBD>xn<EFBFBD>g~<7E>/)݇a<DD87><13>W<><57><EFBFBD>G~<1F><><EFBFBD>BNV<4E><56>i<EFBFBD>a<05>{<7B><17><>u<EFBFBD>ە<1B>R=<3D><>M<EFBFBD>O)$HS<48><53>f<EFBFBD>f<<3C><>c<><63>?<3F><01>~*<2A>T<EFBFBD><07><>)Wtʁ<18><><EFBFBD>&<15><>8i<38><69><EFBFBD>z<EFBFBD><7A>:5<><35>[sc"<22><><1A><>& U<><55><EFBFBD>9<EFBFBD><39>'<27><>_<5F><7F>{xkE<6B><45>ؼY<0E>@<40><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>f<EFBFBD>U<EFBFBD>+<2B><>B<EFBFBD>u<EFBFBD>=<3D><>Y4<0F>e3<65>U<01><>QLSl5 U<>qښ<1B>!<10>h<EFBFBD><68>W<EFBFBD><57>@}<7D>OW<4F><57><EFBFBD>
--- a/machines/haze/ssh.nix
+++ b/machines/haze/ssh.nix
@@ -0,0 +1,3 @@
+{
+  programs.ssh.startAgent = true;
+}
--- a/machines/haze/steam.nix
+++ b/machines/haze/steam.nix
@@ -0,0 +1,8 @@
+{
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+    dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+    localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
+  };
+}
--- a/machines/haze/sway.nix
+++ b/machines/haze/sway.nix
@@ -0,0 +1,11 @@
+{
+  services.gnome.gnome-keyring.enable = true;
+
+  programs.sway = {
+    enable = true;
+    wrapperFeatures.gtk = true;
+  };
+
+  users.users."rpqt".extraGroups = [ "video" ];
+  programs.light.enable = true;
+}
--- a/machines/haze/syncthing.nix
+++ b/machines/haze/syncthing.nix
@@ -0,0 +1,63 @@
+{
+  config,
+  ...
+}:
+let
+  user = "rpqt";
+  home = config.users.users.${user}.home;
+in
+{
+  # age.secrets.syncthing-key.file = ./secrets/syncthing-key.pem.age;
+  # age.secrets.syncthing-cert.file = ./secrets/syncthing-cert.pem.age;
+
+  services.syncthing = {
+    enable = false;
+    user = user;
+    group = "users";
+    dataDir = home;
+    configDir = "${home}/.config/syncthing";
+    key = config.age.secrets.syncthing-key.path;
+    cert = config.age.secrets.syncthing-cert.path;
+    openDefaultPorts = true;
+    overrideDevices = true;
+    overrideFolders = true;
+    settings = {
+      devices = {
+        "genepi" = {
+          id = "EA7DC7O-IHB47EQ-AWT2QBJ-AWPDF5S-W4EM66A-KQPCTHI-UX53WKM-QTSAHQ4";
+        };
+        "pixel-7a" = {
+          id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU";
+        };
+      };
+      folders = {
+        "Documents" = {
+          path = "${home}/Documents";
+          devices = [
+            "genepi"
+            "pixel-7a"
+          ];
+        };
+        "Music" = {
+          path = "${home}/Music";
+          devices = [
+            "genepi"
+            "pixel-7a"
+          ];
+        };
+        "Pictures" = {
+          path = "${home}/Pictures";
+          devices = [
+            "genepi"
+          ];
+        };
+        "Videos" = {
+          path = "${home}/Videos";
+          devices = [
+            "genepi"
+          ];
+        };
+      };
+    };
+  };
+}
--- a/machines/haze/thunderbird.nix
+++ b/machines/haze/thunderbird.nix
@@ -0,0 +1,3 @@
+{
+  programs.thunderbird.enable = true;
+}
--- a/machines/haze/video.nix
+++ b/machines/haze/video.nix
@@ -0,0 +1,4 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [ mpv ];
+}