diff --git a/flake.lock b/flake.lock index de1330e..4af2e0d 100644 --- a/flake.lock +++ b/flake.lock @@ -83,11 +83,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1684596126, - "narHash": "sha256-4RZZmygeEXpuBqEXGs38ZAcWjWKGwu13Iqbxub6wuJk=", + "lastModified": 1686922395, + "narHash": "sha256-ysevinohPxdKp0RXyhDRsz1/vh1eXazg4AWp0n5X/U4=", "owner": "nix-community", "repo": "home-manager", - "rev": "27ef11f0218d9018ebb2948d40133df2b1de622d", + "rev": "9ba7b3990eb1f4782ea3f5fe7ac4f3c88dd7a32c", "type": "github" }, "original": { @@ -112,6 +112,21 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1686838567, + "narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1677676435, @@ -130,11 +145,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1683286087, - "narHash": "sha256-xseOd7W7xwF5GOF2RW8qhjmVGrKoBz+caBlreaNzoeI=", + "lastModified": 1686501370, + "narHash": "sha256-G0WuM9fqTPRc2URKP9Lgi5nhZMqsfHGrdEbrLvAPJcg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3e313808bd2e0a0669430787fb22e43b2f4bf8bf", + "rev": "75a5ebf473cd60148ba9aec0d219f72e5cf52519", "type": "github" }, "original": { @@ -146,11 +161,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1684570954, - "narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=", + "lastModified": 1686869522, + "narHash": "sha256-tbJ9B8WLCTnVP/LwESRlg0dII6Zyg2LmUU/mB9Lu98E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3005f20ce0aaa58169cdee57c8aa12e5f1b6e1b3", + "rev": "7c67f006ea0e7d0265f16d7df07cc076fdffd91f", "type": "github" }, "original": { @@ -203,6 +218,7 @@ "inputs": { "agenix": "agenix", "home-manager": "home-manager_2", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", "pwnix": "pwnix" } diff --git a/flake.nix b/flake.nix index 1e19955..3b9ce78 100644 --- a/flake.nix +++ b/flake.nix @@ -8,9 +8,10 @@ url = git+https://im.badat.dev/bad/pwnix.git; }; agenix.url = github:ryantm/agenix; + nixos-hardware.url = github:NixOS/nixos-hardware; }; - outputs = args@{ home-manager, nixpkgs, agenix, ... }: with nixpkgs; { + outputs = args@{ home-manager, nixpkgs, agenix, nixos-hardware, ... }: with nixpkgs; { # Configurations for NixOS machines. nixosConfigurations = @@ -41,6 +42,21 @@ specialArgs = args; }; + # Thinkpad + "lime" = lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + (mkUserConfig ./system/lime) + agenix.nixosModules.default + nixos-hardware.nixosModules.lenovo-thinkpad-x390 + nixos-hardware.nixosModules.common-gpu-nvidia-disable + ./system/lime/core.nix + ./shared/core + ./shared/secrets.nix + ]; + specialArgs = args; + }; + }; # Configurations for non-NixOS machines. @@ -60,4 +76,4 @@ }; -} \ No newline at end of file +} diff --git a/secret/backblaze.age b/secret/backblaze.age index a97ce5b..81cb2b0 100644 Binary files a/secret/backblaze.age and b/secret/backblaze.age differ diff --git a/secrets.nix b/secrets.nix index 731359f..60f0b9f 100644 --- a/secrets.nix +++ b/secrets.nix @@ -2,10 +2,15 @@ let strawberry = [ (builtins.readFile ./system/strawberry/keys/riley.pub) (builtins.readFile ./system/strawberry/keys/root.pub) ]; + lime = [ + (builtins.readFile ./system/lime/keys/riley.pub) + (builtins.readFile ./system/lime/keys/root.pub) + ]; dev-lt-63 = [ (builtins.readFile ./system/dev-lt-63/keys/riley.pub) ]; + all = strawberry ++ lime ++ dev-lt-63; in { # Secrets for backup cloud storage provider - "secret/backblaze.age".publicKeys = strawberry ++ dev-lt-63; + "secret/backblaze.age".publicKeys = all; } \ No newline at end of file diff --git a/shared/core/gui.nix b/shared/core/gui.nix index 92ef09d..2c2f326 100644 --- a/shared/core/gui.nix +++ b/shared/core/gui.nix @@ -12,7 +12,6 @@ in { config = lib.mkIf (cfg.enable) { hardware.opengl.enable = true; - hardware.nvidia.modesetting.enable = true; security.rtkit.enable = true; @@ -21,7 +20,6 @@ in { services.xserver = { enable = true; displayManager.gdm.enable = true; - videoDrivers = [ "nvidia" ]; }; services.pipewire = { diff --git a/shared/core/ssh.nix b/shared/core/ssh.nix index 037fd0e..61bb537 100644 --- a/shared/core/ssh.nix +++ b/shared/core/ssh.nix @@ -4,14 +4,11 @@ services.openssh = { enable = true; - settings.passwordAuthentication = false; + settings.PasswordAuthentication = false; }; users.users."riley" = { packages = [ pkgs.openssh ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDroUHLf56zlYLiMoD1JV5XXZNwY9tftobDttC6hnfiM riley@dev-lt-63" - ]; }; } \ No newline at end of file diff --git a/shared/home/gui/sway.nix b/shared/home/gui/sway.nix index 590f69f..eb9c726 100644 --- a/shared/home/gui/sway.nix +++ b/shared/home/gui/sway.nix @@ -53,12 +53,6 @@ in with lib; { # This is all required to get it to not die. enable = true; wrapperFeatures.gtk = true; - extraSessionCommands = '' - export WLR_NO_HARDWARE_CURSORS=1; - export WLR_RENDERER=vulkan; - export WLR_EGL_NO_MODIFIERS=1; - ''; - extraOptions = [ "--unsupported-gpu" ]; systemdIntegration = true; extraConfig = '' diff --git a/shared/home/mpd.nix b/shared/home/mpd.nix index bb1fce4..079591f 100644 --- a/shared/home/mpd.nix +++ b/shared/home/mpd.nix @@ -1,8 +1,9 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { services.mpd = { enable = true; + musicDirectory = "${config.home.homeDirectory}/music"; }; programs.ncmpcpp = { diff --git a/system/lime/core.nix b/system/lime/core.nix new file mode 100644 index 0000000..ddd55d2 --- /dev/null +++ b/system/lime/core.nix @@ -0,0 +1,19 @@ +{ lib, modulesPath, ... }: { + + imports = [./hardware-configuration.nix]; + + custom = { + gui.enable = true; + backups.enable = true; + }; + + networking.hostName = "lime"; + networking.networkmanager.enable = true; + + system.stateVersion = "22.11"; + services.xserver.libinput.enable = true; + + home-manager.users."riley".home.stateVersion = "22.11"; + +} + diff --git a/system/lime/hardware-configuration.nix b/system/lime/hardware-configuration.nix new file mode 100644 index 0000000..57662fb --- /dev/null +++ b/system/lime/hardware-configuration.nix @@ -0,0 +1,60 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub = { +efiSupport = true; +device = "nodev"; + enable = true; +}; + boot.loader.efi.canTouchEfiVariables = true; + + fileSystems."/" = + { device = "/dev/disk/by-label/NIXOS-ROOT"; + fsType = "btrfs"; + }; + + boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/bd5edcc6-35b7-4829-901f-8593c16f0324"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2745-1284"; + fsType = "vfat"; + }; + + swapDevices = [ + { + device = "/swap/swapfile"; + size = 16*1024; + } + ]; + +# Hibernation +# https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file +boot.resumeDevice = "/dev/disk/by-label/NIXOS-ROOT"; +boot.kernelParams = [ + # btrfs inspect-internal map-swapfile -r /swap/swapfile + "resume_offset=2630912" +]; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/system/lime/home.nix b/system/lime/home.nix new file mode 100644 index 0000000..4076320 --- /dev/null +++ b/system/lime/home.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + custom.gui = { + enable = true; + bar = { + network.wifi = "wlp0s20f3"; + }; + }; +} \ No newline at end of file diff --git a/system/lime/keys/riley.pub b/system/lime/keys/riley.pub new file mode 100644 index 0000000..4b8ea30 --- /dev/null +++ b/system/lime/keys/riley.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHC9GMwZQHCuD8vf3YGp/SSo5rHnQ56mwN6urpxLEK66 riley@lime diff --git a/system/lime/keys/root.pub b/system/lime/keys/root.pub new file mode 100644 index 0000000..5b420f3 --- /dev/null +++ b/system/lime/keys/root.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOF9N5hsJEdm/jBxAGjQdQg7s/EFheZJK3KHyNkt5uFc root@lime diff --git a/system/strawberry/core.nix b/system/strawberry/core.nix index 46ccc7a..33ab96c 100644 --- a/system/strawberry/core.nix +++ b/system/strawberry/core.nix @@ -47,4 +47,8 @@ swapDevices = [ { device = "/dev/nixos/swap"; } ]; + + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.nvidia.modesetting.enable = true; + } diff --git a/system/strawberry/home.nix b/system/strawberry/home.nix index 5705ff7..fdb86bf 100644 --- a/system/strawberry/home.nix +++ b/system/strawberry/home.nix @@ -7,4 +7,14 @@ network.eth = "enp9s0"; }; }; + + # Due to Hardware :tm: this is needed to get sway to not crash + wayland.windowManager.sway = { + extraSessionCommands = '' + export WLR_NO_HARDWARE_CURSORS=1; + export WLR_RENDERER=vulkan; + export WLR_EGL_NO_MODIFIERS=1; + ''; + extraOptions = [ "--unsupported-gpu" ]; + }; } \ No newline at end of file