From 4395628eaca81798f43ebe4ad6598ebfcfb73197 Mon Sep 17 00:00:00 2001 From: Riley Apeldoorn Date: Sat, 17 Jun 2023 07:53:58 +0200 Subject: [PATCH 01/10] Add `lime` system --- flake.nix | 13 ++++++++++ system/lime/core.nix | 59 ++++++++++++++++++++++++++++++++++++++++++++ system/lime/home.nix | 10 ++++++++ 3 files changed, 82 insertions(+) create mode 100644 system/lime/core.nix create mode 100644 system/lime/home.nix diff --git a/flake.nix b/flake.nix index 1e19955..64db92e 100644 --- a/flake.nix +++ b/flake.nix @@ -41,6 +41,19 @@ specialArgs = args; }; + # Thinkpad + "lime" = lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + (mkUserConfig ./system/lime) + agenix.nixosModules.default + ./system/lime/core.nix + ./shared/core + ./shared/secrets.nix + ]; + specialArgs = args; + }; + }; # Configurations for non-NixOS machines. diff --git a/system/lime/core.nix b/system/lime/core.nix new file mode 100644 index 0000000..1c79c33 --- /dev/null +++ b/system/lime/core.nix @@ -0,0 +1,59 @@ +{ lib, ... }: { + + custom = { + gui.enable = true; + backups.enable = true; + }; + + system.stateVersion = "22.11"; + home-manager.users.riley.home.stateVersion = "22.11"; + + networking = { + hostName = "lime"; + interfaces."wlp0s20f3".useDHCP = true; + interfaces."enp0s31f6".useDHCP = true; + }; + + boot = { + initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "usbhid" + "usb_storage" + "sd_mod" + "sdhci_pci" + ]; + kernelModules = [ "kvm-intel" ]; + loader.systemd-boot = { + enable = true; + editor = false; + configurationLimit = 10; + }; + loader.efi.canTouchEfiVariables = true; + initrd.luks.devices.root.device = "/dev/disk/by-uuid/bd5edcc6-35b7-4829-901f-8593c16f0324"; + resumeDevice = "/dev/disk/by-label/NIXOS-ROOT"; + kernelParams = [ + # btrfs inspect-internal map-swapfile -r /swap/swapfile + "resume_offset=2630912" + ]; + }; + + fileSystems."/" = { + device = "/dev/disk/by-label/NIXOS-ROOT"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/2745-1284"; + fsType = "vfat"; + }; + + swapDevices = [{ + device = "/swap/swapfile"; + size = 16 * 1024; + }]; + + nixpkgs.hostPlatform = "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + +} diff --git a/system/lime/home.nix b/system/lime/home.nix new file mode 100644 index 0000000..4076320 --- /dev/null +++ b/system/lime/home.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + custom.gui = { + enable = true; + bar = { + network.wifi = "wlp0s20f3"; + }; + }; +} \ No newline at end of file -- 2.45.2 From 132e88caebc415b9f663516307afd51e038ec806 Mon Sep 17 00:00:00 2001 From: Riley Apeldoorn Date: Sat, 17 Jun 2023 07:59:50 +0200 Subject: [PATCH 02/10] Fix MPD config for state version >= 22.11 --- shared/home/mpd.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/shared/home/mpd.nix b/shared/home/mpd.nix index bb1fce4..079591f 100644 --- a/shared/home/mpd.nix +++ b/shared/home/mpd.nix @@ -1,8 +1,9 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { services.mpd = { enable = true; + musicDirectory = "${config.home.homeDirectory}/music"; }; programs.ncmpcpp = { -- 2.45.2 From 84fdac48651c7af5ee99a6ad820556899db138de Mon Sep 17 00:00:00 2001 From: Riley Apeldoorn Date: Sat, 17 Jun 2023 08:12:27 +0200 Subject: [PATCH 03/10] Switch to grub for `lime` --- system/lime/core.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/system/lime/core.nix b/system/lime/core.nix index 1c79c33..94d0d1e 100644 --- a/system/lime/core.nix +++ b/system/lime/core.nix @@ -24,10 +24,10 @@ "sdhci_pci" ]; kernelModules = [ "kvm-intel" ]; - loader.systemd-boot = { + loader.grub = { enable = true; - editor = false; - configurationLimit = 10; + efiSupport = true; + device = "nodev"; }; loader.efi.canTouchEfiVariables = true; initrd.luks.devices.root.device = "/dev/disk/by-uuid/bd5edcc6-35b7-4829-901f-8593c16f0324"; -- 2.45.2 From 54f72cbcc0d648a363facad6104fb131c5479637 Mon Sep 17 00:00:00 2001 From: Riley Apeldoorn Date: Sat, 17 Jun 2023 08:23:25 +0200 Subject: [PATCH 04/10] Make NVIDIA driver bullshit only apply to `strawberry` --- shared/core/gui.nix | 2 -- system/strawberry/core.nix | 4 ++++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/shared/core/gui.nix b/shared/core/gui.nix index 92ef09d..2c2f326 100644 --- a/shared/core/gui.nix +++ b/shared/core/gui.nix @@ -12,7 +12,6 @@ in { config = lib.mkIf (cfg.enable) { hardware.opengl.enable = true; - hardware.nvidia.modesetting.enable = true; security.rtkit.enable = true; @@ -21,7 +20,6 @@ in { services.xserver = { enable = true; displayManager.gdm.enable = true; - videoDrivers = [ "nvidia" ]; }; services.pipewire = { diff --git a/system/strawberry/core.nix b/system/strawberry/core.nix index 46ccc7a..33ab96c 100644 --- a/system/strawberry/core.nix +++ b/system/strawberry/core.nix @@ -47,4 +47,8 @@ swapDevices = [ { device = "/dev/nixos/swap"; } ]; + + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.nvidia.modesetting.enable = true; + } -- 2.45.2 From 0dab2619f25de379e3f2d572662f61d4789c5e15 Mon Sep 17 00:00:00 2001 From: Riley Apeldoorn Date: Sat, 17 Jun 2023 10:15:20 +0200 Subject: [PATCH 05/10] Import generated config because the network is broken otherwise --- flake.lock | 16 +++++++ flake.nix | 6 ++- system/lime/configuration.nix | 33 ++++++++++++++ system/lime/core.nix | 56 +++--------------------- system/lime/hardware-configuration.nix | 60 ++++++++++++++++++++++++++ 5 files changed, 118 insertions(+), 53 deletions(-) create mode 100644 system/lime/configuration.nix create mode 100644 system/lime/hardware-configuration.nix diff --git a/flake.lock b/flake.lock index de1330e..06738a4 100644 --- a/flake.lock +++ b/flake.lock @@ -112,6 +112,21 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1686838567, + "narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1677676435, @@ -203,6 +218,7 @@ "inputs": { "agenix": "agenix", "home-manager": "home-manager_2", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", "pwnix": "pwnix" } diff --git a/flake.nix b/flake.nix index 64db92e..117189d 100644 --- a/flake.nix +++ b/flake.nix @@ -8,9 +8,10 @@ url = git+https://im.badat.dev/bad/pwnix.git; }; agenix.url = github:ryantm/agenix; + nixos-hardware.url = github:NixOS/nixos-hardware; }; - outputs = args@{ home-manager, nixpkgs, agenix, ... }: with nixpkgs; { + outputs = args@{ home-manager, nixpkgs, agenix, nixos-hardware, ... }: with nixpkgs; { # Configurations for NixOS machines. nixosConfigurations = @@ -47,6 +48,7 @@ modules = [ (mkUserConfig ./system/lime) agenix.nixosModules.default + nixos-hardware.nixosModules.lenovo-thinkpad-x390 ./system/lime/core.nix ./shared/core ./shared/secrets.nix @@ -73,4 +75,4 @@ }; -} \ No newline at end of file +} diff --git a/system/lime/configuration.nix b/system/lime/configuration.nix new file mode 100644 index 0000000..eab4ead --- /dev/null +++ b/system/lime/configuration.nix @@ -0,0 +1,33 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the systemd-boot EFI boot loader. + services.xserver.enable = true; + services.xserver.desktopManager.lxqt.enable = true; + services.xserver.displayManager.gdm.enable = true; + programs.firefox.enable = true; + + networking.hostName = "lime"; + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + + # Enable touchpad support (enabled default in most desktopManager). + services.xserver.libinput.enable = true; + + system.stateVersion = "22.11"; # Did you read the comment? + + programs.git.enable = true; + nix.settings.experimental-features = ["nix-command" "flakes"]; +} diff --git a/system/lime/core.nix b/system/lime/core.nix index 94d0d1e..2e3155e 100644 --- a/system/lime/core.nix +++ b/system/lime/core.nix @@ -1,59 +1,13 @@ -{ lib, ... }: { +{ lib, modulesPath, ... }: { + + imports = [./configuration.nix]; custom = { gui.enable = true; backups.enable = true; }; - system.stateVersion = "22.11"; - home-manager.users.riley.home.stateVersion = "22.11"; - - networking = { - hostName = "lime"; - interfaces."wlp0s20f3".useDHCP = true; - interfaces."enp0s31f6".useDHCP = true; - }; - - boot = { - initrd.availableKernelModules = [ - "nvme" - "xhci_pci" - "usbhid" - "usb_storage" - "sd_mod" - "sdhci_pci" - ]; - kernelModules = [ "kvm-intel" ]; - loader.grub = { - enable = true; - efiSupport = true; - device = "nodev"; - }; - loader.efi.canTouchEfiVariables = true; - initrd.luks.devices.root.device = "/dev/disk/by-uuid/bd5edcc6-35b7-4829-901f-8593c16f0324"; - resumeDevice = "/dev/disk/by-label/NIXOS-ROOT"; - kernelParams = [ - # btrfs inspect-internal map-swapfile -r /swap/swapfile - "resume_offset=2630912" - ]; - }; - - fileSystems."/" = { - device = "/dev/disk/by-label/NIXOS-ROOT"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/2745-1284"; - fsType = "vfat"; - }; - - swapDevices = [{ - device = "/swap/swapfile"; - size = 16 * 1024; - }]; - - nixpkgs.hostPlatform = "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + home-manager.users."riley".home.stateVersion = "22.11"; } + diff --git a/system/lime/hardware-configuration.nix b/system/lime/hardware-configuration.nix new file mode 100644 index 0000000..57662fb --- /dev/null +++ b/system/lime/hardware-configuration.nix @@ -0,0 +1,60 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub = { +efiSupport = true; +device = "nodev"; + enable = true; +}; + boot.loader.efi.canTouchEfiVariables = true; + + fileSystems."/" = + { device = "/dev/disk/by-label/NIXOS-ROOT"; + fsType = "btrfs"; + }; + + boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/bd5edcc6-35b7-4829-901f-8593c16f0324"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2745-1284"; + fsType = "vfat"; + }; + + swapDevices = [ + { + device = "/swap/swapfile"; + size = 16*1024; + } + ]; + +# Hibernation +# https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file +boot.resumeDevice = "/dev/disk/by-label/NIXOS-ROOT"; +boot.kernelParams = [ + # btrfs inspect-internal map-swapfile -r /swap/swapfile + "resume_offset=2630912" +]; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} -- 2.45.2 From d8e1ffc81c9c1167efbb68f465ee53148300eba4 Mon Sep 17 00:00:00 2001 From: Riley Apeldoorn Date: Sat, 17 Jun 2023 10:18:57 +0200 Subject: [PATCH 06/10] Add riley@lime public key --- system/lime/keys/riley.pub | 1 + 1 file changed, 1 insertion(+) create mode 100644 system/lime/keys/riley.pub diff --git a/system/lime/keys/riley.pub b/system/lime/keys/riley.pub new file mode 100644 index 0000000..4b8ea30 --- /dev/null +++ b/system/lime/keys/riley.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHC9GMwZQHCuD8vf3YGp/SSo5rHnQ56mwN6urpxLEK66 riley@lime -- 2.45.2 From 8f4b74c188f6135bcb8d1f5b3d225b97a130c033 Mon Sep 17 00:00:00 2001 From: Riley Apeldoorn Date: Sat, 17 Jun 2023 12:51:00 +0200 Subject: [PATCH 07/10] Update locks --- flake.lock | 18 +++++++++--------- flake.nix | 3 ++- shared/core/ssh.nix | 5 +---- 3 files changed, 12 insertions(+), 14 deletions(-) diff --git a/flake.lock b/flake.lock index 06738a4..4af2e0d 100644 --- a/flake.lock +++ b/flake.lock @@ -83,11 +83,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1684596126, - "narHash": "sha256-4RZZmygeEXpuBqEXGs38ZAcWjWKGwu13Iqbxub6wuJk=", + "lastModified": 1686922395, + "narHash": "sha256-ysevinohPxdKp0RXyhDRsz1/vh1eXazg4AWp0n5X/U4=", "owner": "nix-community", "repo": "home-manager", - "rev": "27ef11f0218d9018ebb2948d40133df2b1de622d", + "rev": "9ba7b3990eb1f4782ea3f5fe7ac4f3c88dd7a32c", "type": "github" }, "original": { @@ -145,11 +145,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1683286087, - "narHash": "sha256-xseOd7W7xwF5GOF2RW8qhjmVGrKoBz+caBlreaNzoeI=", + "lastModified": 1686501370, + "narHash": "sha256-G0WuM9fqTPRc2URKP9Lgi5nhZMqsfHGrdEbrLvAPJcg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3e313808bd2e0a0669430787fb22e43b2f4bf8bf", + "rev": "75a5ebf473cd60148ba9aec0d219f72e5cf52519", "type": "github" }, "original": { @@ -161,11 +161,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1684570954, - "narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=", + "lastModified": 1686869522, + "narHash": "sha256-tbJ9B8WLCTnVP/LwESRlg0dII6Zyg2LmUU/mB9Lu98E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3005f20ce0aaa58169cdee57c8aa12e5f1b6e1b3", + "rev": "7c67f006ea0e7d0265f16d7df07cc076fdffd91f", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 117189d..3b9ce78 100644 --- a/flake.nix +++ b/flake.nix @@ -48,7 +48,8 @@ modules = [ (mkUserConfig ./system/lime) agenix.nixosModules.default - nixos-hardware.nixosModules.lenovo-thinkpad-x390 + nixos-hardware.nixosModules.lenovo-thinkpad-x390 + nixos-hardware.nixosModules.common-gpu-nvidia-disable ./system/lime/core.nix ./shared/core ./shared/secrets.nix diff --git a/shared/core/ssh.nix b/shared/core/ssh.nix index 037fd0e..61bb537 100644 --- a/shared/core/ssh.nix +++ b/shared/core/ssh.nix @@ -4,14 +4,11 @@ services.openssh = { enable = true; - settings.passwordAuthentication = false; + settings.PasswordAuthentication = false; }; users.users."riley" = { packages = [ pkgs.openssh ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDroUHLf56zlYLiMoD1JV5XXZNwY9tftobDttC6hnfiM riley@dev-lt-63" - ]; }; } \ No newline at end of file -- 2.45.2 From 571e1daa82b958787a2e8afaa2a1ebe1ff880d5f Mon Sep 17 00:00:00 2001 From: Riley Apeldoorn Date: Sat, 17 Jun 2023 12:51:34 +0200 Subject: [PATCH 08/10] Disable vulkan in sway --- shared/home/gui/sway.nix | 8 ++++---- system/lime/configuration.nix | 6 +++--- system/lime/core.nix | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/shared/home/gui/sway.nix b/shared/home/gui/sway.nix index 590f69f..20a9ef9 100644 --- a/shared/home/gui/sway.nix +++ b/shared/home/gui/sway.nix @@ -54,11 +54,11 @@ in with lib; { enable = true; wrapperFeatures.gtk = true; extraSessionCommands = '' - export WLR_NO_HARDWARE_CURSORS=1; - export WLR_RENDERER=vulkan; - export WLR_EGL_NO_MODIFIERS=1; + #export WLR_NO_HARDWARE_CURSORS=1; + #export WLR_RENDERER=vulkan; + #export WLR_EGL_NO_MODIFIERS=1; ''; - extraOptions = [ "--unsupported-gpu" ]; + #extraOptions = [ "--unsupported-gpu" ]; systemdIntegration = true; extraConfig = '' diff --git a/system/lime/configuration.nix b/system/lime/configuration.nix index eab4ead..d11c5f3 100644 --- a/system/lime/configuration.nix +++ b/system/lime/configuration.nix @@ -11,9 +11,9 @@ ]; # Use the systemd-boot EFI boot loader. - services.xserver.enable = true; - services.xserver.desktopManager.lxqt.enable = true; - services.xserver.displayManager.gdm.enable = true; + # services.xserver.enable = true; + # services.xserver.desktopManager.lxqt.enable = true; + # services.xserver.displayManager.gdm.enable = true; programs.firefox.enable = true; networking.hostName = "lime"; diff --git a/system/lime/core.nix b/system/lime/core.nix index 2e3155e..73552c2 100644 --- a/system/lime/core.nix +++ b/system/lime/core.nix @@ -1,6 +1,6 @@ { lib, modulesPath, ... }: { - imports = [./configuration.nix]; + imports = [./hardware-configuration.nix ./configuration.nix]; custom = { gui.enable = true; -- 2.45.2 From 3cef5b6f970d5e7ee1b726bc0bbae7f131af06d1 Mon Sep 17 00:00:00 2001 From: Riley Apeldoorn Date: Sat, 17 Jun 2023 12:59:29 +0200 Subject: [PATCH 09/10] Move strawberry sway hacks to its home.nix --- shared/home/gui/sway.nix | 6 ------ system/strawberry/home.nix | 10 ++++++++++ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/shared/home/gui/sway.nix b/shared/home/gui/sway.nix index 20a9ef9..eb9c726 100644 --- a/shared/home/gui/sway.nix +++ b/shared/home/gui/sway.nix @@ -53,12 +53,6 @@ in with lib; { # This is all required to get it to not die. enable = true; wrapperFeatures.gtk = true; - extraSessionCommands = '' - #export WLR_NO_HARDWARE_CURSORS=1; - #export WLR_RENDERER=vulkan; - #export WLR_EGL_NO_MODIFIERS=1; - ''; - #extraOptions = [ "--unsupported-gpu" ]; systemdIntegration = true; extraConfig = '' diff --git a/system/strawberry/home.nix b/system/strawberry/home.nix index 5705ff7..fdb86bf 100644 --- a/system/strawberry/home.nix +++ b/system/strawberry/home.nix @@ -7,4 +7,14 @@ network.eth = "enp9s0"; }; }; + + # Due to Hardware :tm: this is needed to get sway to not crash + wayland.windowManager.sway = { + extraSessionCommands = '' + export WLR_NO_HARDWARE_CURSORS=1; + export WLR_RENDERER=vulkan; + export WLR_EGL_NO_MODIFIERS=1; + ''; + extraOptions = [ "--unsupported-gpu" ]; + }; } \ No newline at end of file -- 2.45.2 From 03369e88a895f732163d48f8b6671300545b9f55 Mon Sep 17 00:00:00 2001 From: Riley Apeldoorn Date: Sat, 17 Jun 2023 13:24:54 +0200 Subject: [PATCH 10/10] Allow backblaze secrets to be accessed by `lime` --- secret/backblaze.age | Bin 727 -> 820 bytes secrets.nix | 7 ++++++- system/lime/configuration.nix | 33 --------------------------------- system/lime/core.nix | 8 +++++++- system/lime/keys/root.pub | 1 + 5 files changed, 14 insertions(+), 35 deletions(-) delete mode 100644 system/lime/configuration.nix create mode 100644 system/lime/keys/root.pub diff --git a/secret/backblaze.age b/secret/backblaze.age index a97ce5be624b56eb2888f1d1df0c8fc730440a84..81cb2b0757788e2e3fbb82a7006d77d2321b2f5e 100644 GIT binary patch literal 820 zcmZ9_&5P7#0Dy79L+MD7dJsg*rfgkU!fY~0-bq5)rI}1Jn@lFNlbOty7xOjAY%-Z7 zlSwAQg7n}bLg_)59=3ZBTfv(i^dAt#A_!Wf)IAA;JqX={hwZ8My7%Ydr`cA~@{K49 z;_=j9n?^R0lnTWSXf|_-mWcsSqM=@HHjNZgI`pEXm~`4~w-Birij0iqwNj!fRi<4V zD%2b|Ss-aG4=s%5!)ek55sC{H9p6r=7N^$|x;pm~Gh{7hYRE>|470K?9M?jx-{{!T z!f>@w#s`f!Urf+}Vm8B6Z1h>2>DT=ZoQV}g>!V!UYo!GsZ^|?%*>Jcmk0$gm9ALb^ z#m(Ua>*JeI4%}qem?*NNr^hw?)8sNx1m}KW@B;&P0pEr-6#+s&9fp7x`EGS?NF%py znN>9D5QT{<#S@(jM6|)<_Ka#pf?$VyVhIkZ&c;$sM2qb=$2B#eU7`hHm8`8Y zVuc$M*pzhI+*GMgL0;+wWk%;FLO9eUA6K`7UZa4F5MHuG#$dfDBja36@SKvp%_yVt zuA=as7b#KR>kzDaT#FNSptqnhNp4mXuS=yGhe}D_$O6pj39#Zgt_0_p>V&CZlPuCU z3U)0Tby!iSj7ig~@E&E((ONSlvaUU5D+Yn0jH*Z=AvpAZZB!TReKXgn=^~!j*?B5AOf^<@@^4^Ai^zefUwa-k$!)c9+jZ zH+Mc?PxeO7d$p^Ve^P$?{^egk!&jbFFOHYOKYrNS{o=yzlS%hsbd3TvbGanExh~&T L*S!y~@BIBAeLEZ} delta 676 zcmWm9%WKnc007`km`Koz2aAF(2gj7GHt91_arCjad9-PoCTRkWrEQwE&7;k)k916n zAnc&RU^g9l6~uWNsEA&4sIVQJf_Rt*1yRQkhA2z~@%s2)JbwGX))%yL!0D&%T40{F~ zpTs*on=a#N$#LsBH^Zs%o{QvWOB9-v5_2vQuc=(x7cWDKSZ8Ar?IW?a1>!-Its+vz zXM|Z)jU#lO%4;dNMqs?(EdQ^}ne2>LcQh4f@H92a>StgCAHT?mr(pw@Y|{@RU;s!y zO6P@a*C$e@k*g&u9g8zfza!fSrbMeny9o$a6S)AGovLOt4R@|s5)x8dMTKA+!lV!= z=glf=rE8)ggaj_3hKNo!pl}2g>*fL|sMwSyRJt)UX$pKGXU1a%BvMe7hD6e}0aVl> zuh$D(MoTHAnTTGLIsn5vaiJn++$=7la-(1)C9Rk1=b3stTn$2`ab=^maDV$Cf8hFO zdF=P@@OkdY$ULH+9o<)XzTmuCnHceJ%W(Fw=hmjY^%q%12gkpU6Zd|_6k+$;r-{wC z>sL?Q{;-|`d3|#9No;hl+56h~Gxqd`_Za_e=Zj|v{dj3;d8qJkX3e$UDO=*HwZkNR q=iF=Fx%ptHF??wG^2_9pqf2|^O=#@o^!$rwk5>G5{p3&2;+uaLxAHsy diff --git a/secrets.nix b/secrets.nix index 731359f..60f0b9f 100644 --- a/secrets.nix +++ b/secrets.nix @@ -2,10 +2,15 @@ let strawberry = [ (builtins.readFile ./system/strawberry/keys/riley.pub) (builtins.readFile ./system/strawberry/keys/root.pub) ]; + lime = [ + (builtins.readFile ./system/lime/keys/riley.pub) + (builtins.readFile ./system/lime/keys/root.pub) + ]; dev-lt-63 = [ (builtins.readFile ./system/dev-lt-63/keys/riley.pub) ]; + all = strawberry ++ lime ++ dev-lt-63; in { # Secrets for backup cloud storage provider - "secret/backblaze.age".publicKeys = strawberry ++ dev-lt-63; + "secret/backblaze.age".publicKeys = all; } \ No newline at end of file diff --git a/system/lime/configuration.nix b/system/lime/configuration.nix deleted file mode 100644 index d11c5f3..0000000 --- a/system/lime/configuration.nix +++ /dev/null @@ -1,33 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Use the systemd-boot EFI boot loader. - # services.xserver.enable = true; - # services.xserver.desktopManager.lxqt.enable = true; - # services.xserver.displayManager.gdm.enable = true; - programs.firefox.enable = true; - - networking.hostName = "lime"; - networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - - # Set your time zone. - time.timeZone = "Europe/Amsterdam"; - - - # Enable touchpad support (enabled default in most desktopManager). - services.xserver.libinput.enable = true; - - system.stateVersion = "22.11"; # Did you read the comment? - - programs.git.enable = true; - nix.settings.experimental-features = ["nix-command" "flakes"]; -} diff --git a/system/lime/core.nix b/system/lime/core.nix index 73552c2..ddd55d2 100644 --- a/system/lime/core.nix +++ b/system/lime/core.nix @@ -1,12 +1,18 @@ { lib, modulesPath, ... }: { - imports = [./hardware-configuration.nix ./configuration.nix]; + imports = [./hardware-configuration.nix]; custom = { gui.enable = true; backups.enable = true; }; + networking.hostName = "lime"; + networking.networkmanager.enable = true; + + system.stateVersion = "22.11"; + services.xserver.libinput.enable = true; + home-manager.users."riley".home.stateVersion = "22.11"; } diff --git a/system/lime/keys/root.pub b/system/lime/keys/root.pub new file mode 100644 index 0000000..5b420f3 --- /dev/null +++ b/system/lime/keys/root.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOF9N5hsJEdm/jBxAGjQdQg7s/EFheZJK3KHyNkt5uFc root@lime -- 2.45.2