diff --git a/configs/common.nix b/configs/common.nix index 34e859c..74ab008 100644 --- a/configs/common.nix +++ b/configs/common.nix @@ -74,8 +74,22 @@ }; }; - # Work around for https://github.com/NixOS/nixpkgs/issues/124215 - documentation.info.enable = false; + sops = { + defaultSopsFile = lib.mkDefault ../secrets.yaml; + validateSopsFiles = true; + age = { + sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; + keyFile = "/persist/var/lib/sops-nix/key.txt"; + generateKey = true; + }; + + secrets = { + hashedPassword = { + neededForUsers = true; + sopsFile = ../secrets.yaml; + }; + }; + }; environment = { # Don't install the /lib/ld-linux.so.2 stub. This saves one instance of nixpkgs. diff --git a/configs/user-baremetal.nix b/configs/user-baremetal.nix new file mode 100755 index 0000000..005af3a --- /dev/null +++ b/configs/user-baremetal.nix @@ -0,0 +1,49 @@ +{ + config, + pkgs, + inputs, + home-manager, + ... +}: { + fonts = { + enableDefaultPackages = true; + fontDir.enable = true; + + packages = with pkgs; [ + (nerdfonts.override {fonts = ["Meslo" "RobotoMono"];}) + + corefonts + + google-fonts + + liberation_ttf + + libertinus + + gyre-fonts + noto-fonts + noto-fonts-cjk-sans + noto-fonts-emoji + noto-fonts-extra + + open-sans + stix-two + twemoji-color-font + ]; + }; + + environment.systemPackages = with pkgs; [ + czkawka # fslint before + grsync + handbrake + keepassxc + nextcloud-client + pinta + rustdesk-flutter + simple-scan + telegram-desktop + discord + kdenlive + shotcut + ]; +} diff --git a/configs/user-gui.nix b/configs/user-gui.nix index b0d5976..ae80e1b 100644 --- a/configs/user-gui.nix +++ b/configs/user-gui.nix @@ -18,9 +18,13 @@ packages = with pkgs; [ (nerdfonts.override {fonts = ["Meslo" "RobotoMono"];}) corefonts - google-fonts + + # google-fonts + liberation_ttf + libertinus + gyre-fonts noto-fonts noto-fonts-cjk-sans @@ -53,15 +57,13 @@ simple-scan telegram-desktop - discord - kdenlive - shotcut + # discord + # kdenlive + # shotcut vorta kitty - lan-mouse_git - libreoffice ]; persistence."/persist" = { diff --git a/flake.lock b/flake.lock index ab616d8..dc4f291 100644 --- a/flake.lock +++ b/flake.lock @@ -161,11 +161,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1732459504, - "narHash": "sha256-WSHxq6cZz/GWkEK8LeYR4PM5Wh/KsG+WTZklB4pHJSQ=", + "lastModified": 1732532987, + "narHash": "sha256-mqusSz4l0vXJmi8KAxCh6xZChsWQ4jF7kVHpbmuxIqU=", "owner": "taj-ny", "repo": "kwin-effects-forceblur", - "rev": "669ba8729d5703823c2e9712e2d68abe57eb342e", + "rev": "fb56661dacfea439741264d9a17a96afb415ccd5", "type": "github" }, "original": { @@ -264,11 +264,11 @@ ] }, "locked": { - "lastModified": 1732186149, - "narHash": "sha256-N9JGWe/T8BC0Tss2Cv30plvZUYoiRmykP7ZdY2on2b0=", + "lastModified": 1732575825, + "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=", "owner": "mic92", "repo": "sops-nix", - "rev": "53c853fb1a7e4f25f68805ee25c83d5de18dc699", + "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 4b390d2..29491ff 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,6 @@ description = "Your new nix config"; inputs = { - # nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixos-hardware.url = "github:nixos/nixos-hardware/master"; @@ -112,13 +111,13 @@ ]; }; - nixos-virtualbox = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; + nixos-vm = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; specialArgs = {inherit inputs outputs;}; modules = [ + inputs.sops-nix.nixosModules.sops impermanence.nixosModules.impermanence - sops-nix.nixosModules.sops - ./machine/nixos-virtualbox/configuration.nix + ./machine/nixos-vm/configuration.nix ]; }; }; diff --git a/machine/nixos-vm/configuration.nix b/machine/nixos-vm/configuration.nix new file mode 100755 index 0000000..70b2496 --- /dev/null +++ b/machine/nixos-vm/configuration.nix @@ -0,0 +1,55 @@ +{ + config, + pkgs, + lib, + outputs, + ... +}: { + nixpkgs = { + overlays = [ + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.unstable-packages + ]; + config = {allowUnfree = true;}; + }; + + imports = [ + ./hardware-configuration.nix + ../../configs/common.nix + ../../configs/docker.nix + ../../configs/plasma.nix + ../../configs/user.nix + ../../configs/user-gui.nix + ]; + + networking.hostName = "nixos-vm"; # Define your hostname. + time.timeZone = "Europe/Berlin"; + boot = { + kernelPackages = pkgs.linuxPackages_latest; + }; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = false; + +# hardware.parallels = { +# enable = true; + # autoMountShares = true; +# }; + + services = { + k3s = { + enable = false; + role = "server"; + }; + }; + + networking = { + firewall.enable = false; + networkmanager = {enable = true;}; + }; + + system.stateVersion = "24.11"; +} diff --git a/machine/nixos-vm/hardware-configuration.nix b/machine/nixos-vm/hardware-configuration.nix new file mode 100644 index 0000000..fe8530c --- /dev/null +++ b/machine/nixos-vm/hardware-configuration.nix @@ -0,0 +1,88 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + boot = { + initrd = { + availableKernelModules = ["xhci_pci" "sr_mod"]; + kernelModules = ["dm-snapshot"]; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/45ecad42-0026-4ba1-a4d5-a273878cd587"; + fsType = "btrfs"; + options = [ + "subvol=root" + "compress=zstd" + "nodiratime" + "noatime" + ]; + }; + + "/home" = { + device = "/dev/disk/by-uuid/45ecad42-0026-4ba1-a4d5-a273878cd587"; + fsType = "btrfs"; + options = [ + "subvol=home" + "compress=zstd" + "nodiratime" + "noatime" + ]; + }; + + "/nix" = { + device = "/dev/disk/by-uuid/45ecad42-0026-4ba1-a4d5-a273878cd587"; + fsType = "btrfs"; + options = [ + "subvol=nix" + "compress=zstd" + "nodiratime" + "noatime" + ]; + }; + + "/persist" = { + device = "/dev/disk/by-uuid/45ecad42-0026-4ba1-a4d5-a273878cd587"; + fsType = "btrfs"; + options = [ + "subvol=persist" + "compress=zstd" + "nodiratime" + "noatime" + ]; + neededForBoot = true; + }; + + "/var/log" = { + device = "/dev/disk/by-uuid/45ecad42-0026-4ba1-a4d5-a273878cd587"; + fsType = "btrfs"; + options = [ + "subvol=log" + "compress=zstd" + "nodiratime" + "noatime" + ]; + neededForBoot = true; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/1023-617C"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/1b23dce3-e85e-4d83-be57-388a3d6e36e2";} + ]; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; + # hardware.parallels.enable = true; + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) ["prl-tools"]; +} diff --git a/machine/vps-arm/configuration.nix b/machine/vps-arm/configuration.nix index b5c5984..fbd2767 100644 --- a/machine/vps-arm/configuration.nix +++ b/machine/vps-arm/configuration.nix @@ -20,7 +20,6 @@ in { ../../services/frigate.nix ../../services/gitea.nix ../../services/nextcloud.nix - # ../../services/rustdesk-server.nix ../../services/uptime-kuma.nix ../../services/headscale.nix ../../services/goaccess.nix @@ -28,13 +27,6 @@ in { sops = { defaultSopsFile = ../../secrets-vps-arm.yaml; - validateSopsFiles = true; - age = { - sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; - keyFile = "/persist/var/lib/sops-nix/key.txt"; - generateKey = true; - }; - secrets = { borg-key = { owner = config.users.users.alex.name; @@ -60,11 +52,6 @@ in { owner = config.services.gitea.user; group = config.services.gitea.group; }; - - hashedPassword = { - neededForUsers = true; - sopsFile = ../../secrets.yaml; - }; }; };