diff --git a/flake.lock b/flake.lock index a9c3792..b91ba33 100644 --- a/flake.lock +++ b/flake.lock @@ -332,11 +332,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1715447595, - "narHash": "sha256-VsVAUQOj/cS1LCOmMjAGeRksXIAdPnFIjCQ0XLkCsT0=", + "lastModified": 1715534503, + "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "062ca2a9370a27a35c524dc82d540e6e9824b652", + "rev": "2057814051972fa1453ddfb0d98badbea9b83c06", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 1a30099..22d4107 100644 --- a/flake.nix +++ b/flake.nix @@ -119,6 +119,20 @@ } ]; }; + fujitsu = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = attrs; + modules = [ + nix-index-database.nixosModules.nix-index + impermanence.nixosModules.impermanence + agenix.nixosModules.default + ./hosts/fujitsu + ./shared + { + nixpkgs.overlays = [ self.overlays.default ]; + } + ]; + }; falkenstein = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = attrs; diff --git a/hosts/fujitsu/default.nix b/hosts/fujitsu/default.nix new file mode 100644 index 0000000..7dc15f2 --- /dev/null +++ b/hosts/fujitsu/default.nix @@ -0,0 +1,61 @@ +{ pkgs, ... }: +{ + imports = [ + ./hardware-configuration.nix + ./modules/networks + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ]; + services.btrfs.autoScrub.enable = true; + + environment.persistence."/nix/persist/system" = { + directories = [ + "/etc/ssh" + "/root/.borgmatic" + "/root/.local/share/zsh" + "/root/.config/borg/security" + ]; + files = [ + "/etc/machine-id" + ]; + }; + + time.timeZone = "Europe/Berlin"; + console = { + font = "Lat2-Terminus16"; + keyMap = "dvorak"; + }; + + environment.systemPackages = with pkgs; [ + vim + htop-vim + helix + lsof + btdu + tcpdump + mtr + ]; + programs.git = { + enable = true; + config = { + user.name = "Rouven Seifert"; + user.email = "rouven@rfive.de"; + }; + }; + + services.openssh.enable = true; + services.journald.gateway.enable = true; + programs.mosh.enable = true; + + users.users.root.initialHashedPassword = "$y$j9T$hYM7FT2hn3O7OWBn9uz8e0$XquxONcPSke6YjdRGwOzGxC0/92hgP7PIB0y0K.Qdr/"; + users.users.root.openssh.authorizedKeys.keyFiles = [ + ../../keys/ssh/rouven-thinkpad + ../../keys/ssh/root-thinkpad + ../../keys/ssh/rouven-pixel + ../../keys/ssh/root-falkenstein + ]; + + system.stateVersion = "24.05"; # Did you read the comment? +} + diff --git a/hosts/fujitsu/hardware-configuration.nix b/hosts/fujitsu/hardware-configuration.nix new file mode 100644 index 0000000..75fc55a --- /dev/null +++ b/hosts/fujitsu/hardware-configuration.nix @@ -0,0 +1,44 @@ +{ config, lib, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "mode=755" ]; + }; + + fileSystems."/boot" = { + device = "/dev/sda2"; + fsType = "btrfs"; + options = [ "subvol=boot" "noatime" ]; + }; + + fileSystems."/nix" = { + device = "/dev/sda2"; + fsType = "btrfs"; + options = [ "subvol=nix" "compress=zstd" "noatime" ]; + }; + + fileSystems."/var/lib" = { + device = "/dev/sda2"; + fsType = "btrfs"; + options = [ "subvol=lib" "compress=zstd" "noatime" ]; + }; + + fileSystems."/var/log" = { + device = "/dev/sda2"; + fsType = "btrfs"; + options = [ "subvol=log" "compress=zstd" "noatime" ]; + }; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/fujitsu/modules/networks/default.nix b/hosts/fujitsu/modules/networks/default.nix new file mode 100644 index 0000000..47e61c2 --- /dev/null +++ b/hosts/fujitsu/modules/networks/default.nix @@ -0,0 +1,47 @@ +{ ... }: +{ + networking = { + hostName = "fujitsu"; + domain = "rfive.de"; + useNetworkd = true; + enableIPv6 = true; + nftables.enable = true; + firewall = { + extraInputRules = '' + ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks" + ''; + }; + }; + services.resolved = { + enable = true; + fallbackDns = [ + "9.9.9.9" + "149.112.112.112" + "2620:fe::fe" + "2620:fe::9" + ]; + }; + + + systemd.network = { + enable = true; + networks."10-loopback" = { + matchConfig.Name = "lo"; + linkConfig.RequiredForOnline = false; + }; + networks."10-wired" = { + matchConfig.Name = "enp2s0"; + address = [ "192.168.42.3/24" ]; + routes = [{ + routeConfig.Gateway = "192.168.42.1"; + }]; + networkConfig = { + DNS = [ + "192.168.42.1" + ]; + LLDP = true; + EmitLLDP = "nearest-bridge"; + }; + }; + }; +} diff --git a/hosts/iso/default.nix b/hosts/iso/default.nix index 7797518..645a8e6 100644 --- a/hosts/iso/default.nix +++ b/hosts/iso/default.nix @@ -11,6 +11,7 @@ programs.git.enable = true; environment.systemPackages = with pkgs; [ helix + vim ]; # in case we need to rescue a zfs machine diff --git a/hosts/nuc/hardware-configuration.nix b/hosts/nuc/hardware-configuration.nix index 2ac61dc..10991c5 100644 --- a/hosts/nuc/hardware-configuration.nix +++ b/hosts/nuc/hardware-configuration.nix @@ -16,42 +16,36 @@ boot.extraModulePackages = [ ]; services.fstrim.enable = true; - fileSystems."/" = - { - device = "tmpfs"; - fsType = "tmpfs"; - options = [ "mode=755" ]; - }; + fileSystems."/" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "mode=755" ]; + }; - fileSystems."/var/lib" = - { - device = "/dev/disk/by-uuid/16b0bd14-1b07-477d-a20d-982f9467f6df"; - fsType = "btrfs"; - options = [ "subvol=lib" "compress=zstd" "discard=async" "noatime" ]; - }; + fileSystems."/var/lib" = { + device = "/dev/disk/by-uuid/16b0bd14-1b07-477d-a20d-982f9467f6df"; + fsType = "btrfs"; + options = [ "subvol=lib" "compress=zstd" "discard=async" "noatime" ]; + }; - fileSystems."/var/log" = - { - device = "/dev/disk/by-uuid/16b0bd14-1b07-477d-a20d-982f9467f6df"; - fsType = "btrfs"; - options = [ "subvol=log" "compress=zstd" "discard=async" "noatime" ]; - }; + fileSystems."/var/log" = { + device = "/dev/disk/by-uuid/16b0bd14-1b07-477d-a20d-982f9467f6df"; + fsType = "btrfs"; + options = [ "subvol=log" "compress=zstd" "discard=async" "noatime" ]; + }; - fileSystems."/nix" = - { - device = "/dev/disk/by-uuid/16b0bd14-1b07-477d-a20d-982f9467f6df"; - fsType = "btrfs"; - options = [ "subvol=nix" "compress=zstd" "discard=async" "noatime" ]; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/16b0bd14-1b07-477d-a20d-982f9467f6df"; + fsType = "btrfs"; + options = [ "subvol=nix" "compress=zstd" "discard=async" "noatime" ]; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/0135-7C8C"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/0135-7C8C"; + fsType = "vfat"; + }; - swapDevices = - [{ device = "/dev/disk/by-uuid/fdedb47c-a370-4005-ac37-1c186e667de0"; }]; + swapDevices = [{ device = "/dev/disk/by-uuid/fdedb47c-a370-4005-ac37-1c186e667de0"; }]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix index eedc098..08129be 100644 --- a/hosts/thinkpad/modules/networks/uni.nix +++ b/hosts/thinkpad/modules/networks/uni.nix @@ -23,7 +23,7 @@ identity="rose159e@tu-dresden.de" password="@EDUROAM_AUTH@" phase2="auth=PAP" - bssid_ignore=7c:5a:1c:02:3d:ef + bssid_ignore=7c:5a:1c:02:3d:ef,82:5a:1c:02:3d:ef ''; extraConfig = '' scan_ssid=1 diff --git a/hosts/vm/hardware-configuration.nix b/hosts/vm/hardware-configuration.nix index 612cba4..90cb1db 100644 --- a/hosts/vm/hardware-configuration.nix +++ b/hosts/vm/hardware-configuration.nix @@ -11,13 +11,12 @@ boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { - - # Replace with actual config - device = "/dev/sda"; - fsType = "ext4"; - }; + # fileSystems."/" = + # { + # # Replace with actual config + # device = "/dev/sda"; + # fsType = "ext4"; + # }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/shared/systemd.nix b/shared/systemd.nix index cb53f89..bb6a7d5 100644 --- a/shared/systemd.nix +++ b/shared/systemd.nix @@ -3,7 +3,8 @@ { systemd = { - package = lib.mkDefault (nixpkgs-systemd-256.legacyPackages.x86_64-linux.systemd.override { withHomed = false; }); + # package = lib.mkDefault (nixpkgs-systemd-256.legacyPackages.x86_64-linux.systemd.override { withHomed = false; }); + package = lib.mkDefault (pkgs.systemd.override { withHomed = false; }); sleep.extraConfig = '' HibernateDelaySec=2h ''; diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index fe33497..36cdcc6 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -24,6 +24,7 @@ # internet google-chrome + liferea # messaging tdesktop @@ -35,7 +36,7 @@ # cryptography yubikey-manager - # python311Packages.pyhanko # broken, TODO fix + python311Packages.pyhanko # broken, TODO fix bitwarden-cli # misc