From 56278c47b5bfedd3aaf84a1ad0ae44c0a47a17bb Mon Sep 17 00:00:00 2001 From: Annika Merris Date: Wed, 4 Sep 2024 10:09:19 -0400 Subject: [PATCH] Adding Parents Device --- flake.lock | 39 +++++++++++---- flake.nix | 8 ++++ hosts/parents/default.nix | 48 +++++++++++++++++++ hosts/parents/disk-config.nix | 60 ++++++++++++++++++++++++ hosts/parents/hardware-configuration.nix | 26 ++++++++++ hosts/parents/netbird.nix | 14 ++++++ hosts/parents/nixos-anywhere.nix | 14 ++++++ secrets/secrets.yaml | 5 +- 8 files changed, 203 insertions(+), 11 deletions(-) create mode 100644 hosts/parents/default.nix create mode 100644 hosts/parents/disk-config.nix create mode 100644 hosts/parents/hardware-configuration.nix create mode 100644 hosts/parents/netbird.nix create mode 100644 hosts/parents/nixos-anywhere.nix diff --git a/flake.lock b/flake.lock index 793701f..2d9fe98 100644 --- a/flake.lock +++ b/flake.lock @@ -17,6 +17,26 @@ "url": "https://flakehub.com/f/catppuccin/vscode/%2A.tar.gz" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725377834, + "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", + "owner": "nix-community", + "repo": "disko", + "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -57,11 +77,11 @@ ] }, "locked": { - "lastModified": 1724435763, - "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", + "lastModified": 1725180166, + "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", "owner": "nix-community", "repo": "home-manager", - "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", + "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", "type": "github" }, "original": { @@ -146,11 +166,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1724479785, - "narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=", + "lastModified": 1725103162, + "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be", + "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", "type": "github" }, "original": { @@ -179,6 +199,7 @@ "root": { "inputs": { "catppuccin-vsc": "catppuccin-vsc", + "disko": "disko", "home-manager": "home-manager", "lix": "lix", "lix-module": "lix-module", @@ -192,11 +213,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1723501126, - "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", + "lastModified": 1725201042, + "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", + "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 037892d..6f627cd 100644 --- a/flake.nix +++ b/flake.nix @@ -27,6 +27,11 @@ url = "https://flakehub.com/f/catppuccin/vscode/*.tar.gz"; }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # solaar = { # url = "github:Svenum/Solaar-Flake/latest"; # inputs.nixpkgs.follows = "nixpkgs"; @@ -70,6 +75,9 @@ envy = import ./hosts/envy { inherit inputs globals; }; + parents = import ./hosts/parents { + inherit inputs globals; + }; virt-nix = import ./hosts/virt-nix { inherit inputs globals; }; diff --git a/hosts/parents/default.nix b/hosts/parents/default.nix new file mode 100644 index 0000000..c43b94d --- /dev/null +++ b/hosts/parents/default.nix @@ -0,0 +1,48 @@ +# parents +# System configuration for the Chromebox I am leaving at my parent's + +{ inputs, globals, ... }: + +with inputs; + +inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + globals + lix-module.nixosModules.default + home-manager.nixosModules.home-manager + sops-nix.nixosModules.sops + disko.nixosModules.disko + ./hardware-configuration.nix + ./disk-config.nix + ./netbird.nix + ./nixos-anywhere.nix + ../../modules/common + ../../modules/nixos + ] { + home-manager.useGlobalPkgs = true; + + physical = true; + networking.hostName = "parents"; + networking.useDHCP = nixpkgs.lib.mkDefault true; + + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + age.keyFile = "/home/annika/.config/sops/age/keys.txt"; + age.sshKeyPaths = [ "/home/annika/.ssh/id_ed25519" ]; + }; + + time.timeZone = "America/New_York"; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nixpkgs.config.allowUnfree = true; + system.stateVersion = "23.11"; + home-manager.backupFileExtension = "backup"; + + audio.enable = false; + gui.enable = false; + services.openssh.enable = true; + services.flatpak.enable = false; + docker.enable = true; + }; +} diff --git a/hosts/parents/disk-config.nix b/hosts/parents/disk-config.nix new file mode 100644 index 0000000..5f88a17 --- /dev/null +++ b/hosts/parents/disk-config.nix @@ -0,0 +1,60 @@ +{ lib, ... }: +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/disk/by-diskseq/1"; + content = { + type = "gpc"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1M"; + end = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-L" "nixos" "-f" ]; + subvolumes = { + "/rootfs" = { + mountpoint = "/"; + }; + "/home" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/home"; + }; + "/home/annika" = { }; + "/nix" = { + mountOptions = [ "compress=zstd" "noatime" ]; + mountpoint = "/nix"; + }; + "/swap" = { + mountpoint = "/swap"; + swap = { + swapfile.size = "8G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/var/log".neededForBoot = true; +} diff --git a/hosts/parents/hardware-configuration.nix b/hosts/parents/hardware-configuration.nix new file mode 100644 index 0000000..872b8f2 --- /dev/null +++ b/hosts/parents/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/parents/netbird.nix b/hosts/parents/netbird.nix new file mode 100644 index 0000000..eddf411 --- /dev/null +++ b/hosts/parents/netbird.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: { + sops.secrets."netbird/setup_keys/parents" = { + owner = config.users.users.annika.name; + group = config.users.users.annika.group; + }; + netbird = { + enable = true; + opts = { + management_url = "https://netbird.moosenet.work:443"; + admin_url = "https://netbird.moosenet.work"; + setup_key_file = config.sops.secrets."netbird/setup_keys/parents".path; + }; + }; +} diff --git a/hosts/parents/nixos-anywhere.nix b/hosts/parents/nixos-anywhere.nix new file mode 100644 index 0000000..ab9a820 --- /dev/null +++ b/hosts/parents/nixos-anywhere.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: { + # Stuff for nixos-anywhere + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + + environment.systemPackages = map lib.lowPrio [ pkgs.curl pkgs.gitMinimal ]; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG9NhsAOBwWBdBeenfaPoRtqQrAIgg7E5m4sKYQU9cFx annika@kim" + ]; + +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 37763a5..5134fa0 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -6,6 +6,7 @@ annika_password: ENC[AES256_GCM,data:qRdNYmU7Z0A0r3rhyTQMa9I/uNjlSMSjPzRNDBUvpV8 netbird: setup_keys: end_user: ENC[AES256_GCM,data:XjgsnBmh0pzRoFBlrB9Bcaa6vtyw9Uzy0lzqLyl74S4TBMQu,iv:QMXT9RivPRerlc6/L0GACUp0Eys1fPWMX9BBbaHKoOM=,tag:2wG7cz0bV+axaAszxz6ueQ==,type:str] + parents: ENC[AES256_GCM,data:XasXHf/XJtNtGRyWY5sklBV9LU4+E4NOtnmITP7+U+7E9rl2,iv:WdcjOewjEDkvrTZHVJig7acgzwn/mZg5XNfiY4f4S6o=,tag:jbJfx83uU/cZRKJTtv5VAQ==,type:str] servers: ENC[AES256_GCM,data:2x2OPHTTTK3bltlzE/bQWuy+4l5/qxlkmyS8Ll1rvZVm5L0t,iv:+kXwJCQsg4qxNWzhTekwaSHOdTlM1HHFwIBK9iRKMA0=,tag:aQjYYU0MvMccwoOBtvzYdg==,type:str] sops: kms: [] @@ -31,8 +32,8 @@ sops: akR2d2ZrWjd5cWZ4NnJoSko3SWR3NmsKuq10DkZpKclYzpcl1BURi3oiHCNabrih svx2Rm2xAvWQZldB3i0Bhie7NszqWM0qQ82dKUkia8GDmz8HNC3pdA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-02T21:20:03Z" - mac: ENC[AES256_GCM,data:5lz7qVbblzjAA3Kpmckvb1AhuuuHDu2g2vO/mh0h3DQFdX5t32VkM7FBsrl+i0r79yduhRhZ2cqNpvmeWPmwvQ1g4tctunqwul139WEfm39P1gqRXCP1PfVIwCT6WOhMwnzd6UyCSA57CbjJodMXHIj/A3nre0L5DgPJFy5imNQ=,iv:58d0HqoTobZcv2S3+L5Fe3lk+ctxLiDBOlTnjsQZGQM=,tag:p/i0C2jAcijaCN2vLy8blQ==,type:str] + lastmodified: "2024-09-04T13:21:53Z" + mac: ENC[AES256_GCM,data:mVeCbhTdTYkSDkLnZdU9IUBYxEdlpwhlzVpsCy9NGRvkNQ4Q83qf6qsEHY0v/QHaLBJfvGeyICitEFwdw7VOgnbQF9YHn9k+lav+SlFKvCHdzkBnGAD2YV6yXOolWPr2TrAxVpyvcUJcCzvQdH+xOp8p8/m3Qk0erXgqJ1XnPCU=,iv:eoEqyhTGpAlypmJ7rl0eEioGiw1R5TL1HP3I2ukpnSE=,tag:JaXVD+bKB9i7ouhaXRDR3Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0