diff --git a/flake.lock b/flake.lock index 4bab678..a2f410e 100644 --- a/flake.lock +++ b/flake.lock @@ -67,26 +67,6 @@ "type": "github" } }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1752113600, - "narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=", - "owner": "nix-community", - "repo": "disko", - "rev": "79264292b7e3482e5702932949de9cbb69fedf6d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, "flake-registry": { "flake": false, "locked": { @@ -245,7 +225,6 @@ "inputs": { "agenix": "agenix", "devshell": "devshell", - "disko": "disko", "flake-registry": "flake-registry", "flake-utils": "flake-utils", "home-manager": "home-manager", diff --git a/flake.nix b/flake.nix index 622f9f0..6ccece0 100644 --- a/flake.nix +++ b/flake.nix @@ -4,10 +4,6 @@ inputs = { nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; - }; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 7a0cd6c..96364ff 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -34,7 +34,7 @@ in }; plugins = [ ]; - initContent = '' + initExtra = '' source ${pkgs.zsh-git-prompt}/share/zsh-git-prompt/zshrc.sh source ${pkgs.fzf}/share/fzf/key-bindings.zsh source ${pkgs.fzf}/share/fzf/completion.zsh diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 38c38da..adacb51 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,7 +1,6 @@ { self, agenix, - disko, home-manager, homepage, nixos-hardware, @@ -32,40 +31,6 @@ let }; in { - stolas = - let - system = "x86_64-linux"; - in - nixosSystem { - inherit nixpkgs system; - - extraModules = [ - # TODO lanzaboote.nixosModules.lanzaboote - disko.nixosModules.disko - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - dadada.pkgs = self.packages.${system}; - dadada.inputs = inputs // { - dadada = self; - }; - } - nixos-hardware.nixosModules.framework-amd-ai-300-series - home-manager.nixosModules.home-manager - ( - { pkgs, ... }: - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { dadada.home.helix.package = pkgs.helix; } - ]; - home-manager.users.dadada = import ../home; - } - ) - ./stolas - ]; - }; - gorgon = let system = "x86_64-linux"; @@ -81,10 +46,12 @@ in dadada = self; }; } + nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 + home-manager.nixosModules.home-manager ( - { pkgs, ... }: + { pkgs, lib, ... }: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 0976788..b681d72 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -13,8 +13,8 @@ in ./upgrade-pg-cluster.nix ]; - boot.tmp.useTmpfs = lib.mkDefault true; - boot.tmp.tmpfsSize = lib.mkDefault "50%"; + boot.tmp.useTmpfs = true; + boot.tmp.tmpfsSize = "50%"; i18n.defaultLocale = mkDefault "en_US.UTF-8"; console = mkDefault { diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 8e0b52f..d9f0bde 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -48,7 +48,7 @@ with lib; alsa.support32Bit = true; pulse.enable = true; }; - services.pulseaudio.enable = false; + hardware.pulseaudio.enable = false; dadada.backupClient.gs = { enable = true; diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix deleted file mode 100644 index 04fd504..0000000 --- a/nixos/stolas/default.nix +++ /dev/null @@ -1,190 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - - imports = [ - ../modules/profiles/laptop.nix - ./disks.nix - ]; - - boot = { - # TODO lanzaboote = { - # enable = true; - # pkiBundle = "/var/lib/sbctl"; - #}; - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; - initrd = { - availableKernelModules = [ - "nvme" - "ehci_pci" - "xhci_pci" - "usb_storage" - "sd_mod" - "rtsx_pci_sdmmc" - ]; - # TODO disable for lanzaboote - systemd.enable = true; - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - #boot.loader.systemd-boot.enable = lib.mkForce false; - luks.devices = { - root = { - # TODO - device = "/dev/disk/by-uuid/todo"; - allowDiscards = true; - # TODO lanzaboote + TPM2 unlock with PIN https://www.freedesktop.org/software/systemd/man/251/systemd-cryptenroll.html#--tpm2-with-pin=BOOL - #crypttabExtraOpts = [ "fido2-device=auto" ]; - }; - }; - }; - }; - - environment.systemPackages = [ - # For debugging and troubleshooting Secure Boot. - pkgs.sbctl - ]; - - hardware = { - # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features - bluetooth.enable = true; - framework.laptop13.audioEnhancement.enable = true; - graphics = { - enable = true; - extraPackages = with pkgs; [ - vaapiVdpau - libvdpau-va-gl - ]; - }; - }; - - powerManagement = { - enable = true; - cpuFreqGovernor = "schedutil"; - # TODO: Limit charge of battery, does this work without kernel patches from hardware.frameworkenableKmod? - powerUpCommands = '' - echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold - ''; - }; - - networking = { - hostName = "stolas"; - firewall = { - enable = true; - allowedTCPPorts = [ - 22000 # Syncthing - ]; - allowedUDPPorts = [ - 21027 # Syncthing - ]; - }; - }; - - nix = { - settings.max-jobs = lib.mkDefault 16; - }; - - # TODO dadada.backupClient.backup1.enable = true; - # dadada.backupClient.backup2 = { - # enable = true; - # passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; - # sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; - # repo = "u355513-subX@u355513-subX.your-storagebox.de:/home/backup"; - # }; - - programs = { - adb.enable = true; - firefox = { - enable = true; - package = pkgs.firefox-wayland; - }; - gnupg.agent.enable = true; - ssh.startAgent = true; - wireshark.enable = true; - }; - - services = { - avahi.enable = true; - desktopManager.plasma6.enable = true; - displayManager = { - sddm.enable = true; - sddm.wayland.enable = true; - }; - gnome.gnome-keyring.enable = lib.mkForce false; - smartd.enable = true; - printing = { - enable = true; - browsing = true; - }; - paperless = { - # TODO migrate DB - enable = true; - passwordFile = config.age.secrets.paperless.path; - }; - tlp.enable = false; - }; - - system = { - stateVersion = "25.05"; - }; - - systemd.tmpfiles.rules = - let - cfg = config.services.paperless; - in - [ - ( - if cfg.consumptionDirIsPublic then - "d '${cfg.consumptionDir}' 777 - - - -" - else - "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" - ) - ]; - - systemd.services = { - modem-manager.enable = lib.mkForce false; - "dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; - }; - - systemd.sleep.extraConfig = '' - HibernateDelaySec=1h - ''; - - virtualisation.libvirtd.enable = true; - - users = { - users = { - dadada = { - initialHashedPassword = "$y$j9T$43qGBeY6hg6AXQmcVkS131$6AeRDOe6XAnmgA/AkJGaSIYTj5dbQLd9vrQ7zSyi5TA"; - isNormalUser = true; - extraGroups = [ - "wheel" - "networkmanager" - "libvirtd" - "adbusers" - "kvm" - "video" - "scanner" - "lp" - "docker" - "dialout" - "wireshark" - "paperless" - ]; - shell = "/run/current-system/sw/bin/zsh"; - }; - }; - }; - - age.secrets = { - paperless = { - file = "${config.dadada.secrets.path}/paperless.age"; - mode = "700"; - owner = "paperless"; - }; - }; - - # Create compressing swap space in RAM - zramSwap.enable = true; -} diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix deleted file mode 100644 index 6b07f9b..0000000 --- a/nixos/stolas/disks.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ - disko.devices = { - nodev."/nix/var/nix/builds" = { - fsType = "tmpfs"; - mountOptions = [ - "size=80%" - "defaults" - "mode=755" - ]; - }; - disk = { - main = { - type = "disk"; - device = "/dev/disk/by-uuid/TODO"; - content = { - type = "gpt"; - partitions = { - ESP = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - # TODO tmpfs for nix/var/nix/builds - luks = { - size = "100%"; - content = { - type = "luks"; - name = "crypted"; - #passwordFile = "/tmp/secret.key"; # Interactive - settings = { - allowDiscards = true; - #keyFile = "/tmp/secret.key"; - }; - #additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "compress=zstd" - "relatime" - ]; - }; - "/home" = { - mountpoint = "/home"; - mountOptions = [ - "compress=zstd" - "noatime" - ]; - }; - "/dadada" = { - mountpoint = "/home/dadada"; - mountOptions = [ - "compress=zstd" - "relatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "compress=zstd" - "noatime" - ]; - }; - "/var" = { - mountpoint = "/var"; - mountOptions = [ - "compress=zstd" - "noatime" - ]; - }; - "/paperless" = { - mountpoint = "/var/lib/paperless"; - mountOptions = [ - "compress=zstd" - "noatime" - ]; - }; - "/swap" = { - mountpoint = "/.swapvol"; - swap.swapfile.size = "64G"; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; -}