diff --git a/flake.lock b/flake.lock index d28f030..d241f3a 100644 --- a/flake.lock +++ b/flake.lock @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1681301498, - "narHash": "sha256-GVp3UML9MI6gd9RK3Mjkype7/leDfEuWIkou59Iv8Sk=", + "lastModified": 1681303095, + "narHash": "sha256-0lj5ZGMhXdeYbbQQ5Y0fv0OcKe0zXfn4H2VOn31l/9o=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "a68feb5aa09264beee57a88ee85aefb89680db3b", + "rev": "efee6a1cda278b8589bfe335c66d8fb272027bca", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 1f61282..137ed43 100644 --- a/flake.nix +++ b/flake.nix @@ -107,6 +107,15 @@ sops-nix.nixosModules.sops ]; }; + falkenstein-1 = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs.inputs = attrs; + modules = [ + ./hosts/falkenstein-1 + ./shared + sops-nix.nixosModules.sops + ]; + }; }; }; } diff --git a/hosts/falkenstein-1/default.nix b/hosts/falkenstein-1/default.nix new file mode 100644 index 0000000..8c04eec --- /dev/null +++ b/hosts/falkenstein-1/default.nix @@ -0,0 +1,58 @@ +{ config, pkgs, ... }: +{ + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + imports = + [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./modules/networks + ./modules/nginx + ]; + + boot = { + loader = { + grub = { + enable = true; + version = 2; + efiSupport = true; + efiInstallAsRemovable = true; + device = "/dev/sda"; + }; + efi.efiSysMountPoint = "/boot/efi"; + }; + kernelPackages = pkgs.linuxPackages_latest; + #tmpOnTmpfs = true; + }; + + time.timeZone = "Europe/Berlin"; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + keyMap = "dvorak"; + }; + + environment.systemPackages = with pkgs; [ + vim + wget + htop-vim + ]; + programs.git = { + enable = true; + config = { + user.name = "Rouven Seifert"; + user.email = "rouven@rfive.de"; + }; + }; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keyFiles = [ + #../../keys/ssh/rouven-thinkpad + ../../keys/ssh/rouven-pixel + ../../keys/ssh/rouven-smartcard + ]; + + system.stateVersion = "22.11"; + +} + diff --git a/hosts/falkenstein-1/modules/networks/default.nix b/hosts/falkenstein-1/modules/networks/default.nix new file mode 100644 index 0000000..da1161c --- /dev/null +++ b/hosts/falkenstein-1/modules/networks/default.nix @@ -0,0 +1,21 @@ +{ config, ... }: +{ + networking = { + hostName = "nuc"; + useNetworkd = true; + enableIPv6 = true; + }; + systemd.network = { + enable = true; + networks."10-loopback" = { + matchConfig.Name = "lo"; + linkConfig.RequiredForOnline = false; + }; + networks."10-wired" = { + matchConfig.Name = "ens3"; + networkConfig = { + DHCP = "yes"; + }; + }; + }; +} diff --git a/hosts/falkenstein-1/modules/nginx/default.nix b/hosts/falkenstein-1/modules/nginx/default.nix new file mode 100644 index 0000000..8c74006 --- /dev/null +++ b/hosts/falkenstein-1/modules/nginx/default.nix @@ -0,0 +1,11 @@ +{ config, ... }: +{ + networking.firewall.allowedTCPPorts = [ 80 443 ]; + services.nginx.enable = true; + security.acme = { + acceptTerms = true; + defaults = { + email = "rouven@rfive.de"; + }; + }; +}