nixos-config-priv/systems/jeroboam/default.nix



#############################################################
# ===========================================================
#  Rehoboam - LT1
#  Simple, Dev
# ===========================================================
#############################################################

{ inputs, configLib, ... }: 
let
  PRIMARYUSBID = "720657da-2c89-4f47-aba9-b43618778a3d";
  BACKUPUSBID = "b501f1b9-7714-472c-988f-3c997f146a18";
in {
  imports = [
    #################### Every Host Needs This ####################
    ./hardware-configuration.nix

    #################### Hardware Modules ####################
    inputs.hardware.nixosModules.common-cpu-amd
    inputs.hardware.nixosModules.common-gpu-amd
    inputs.hardware.nixosModules.common-pc-ssd

    #################### Disk Layout ####################
    inputs.disko.nixosModules.disko
    (configLib.relativeToRoot "hosts/common/disks/jehoboam.nix")
    {
      _module.args = {
        disk = "/dev/vda";
        withSwap = false;
      };
    }
  ]
  ++ (map configLib.relativeToRoot [
    #################### Required Configs ####################
    (configLib.relativeToRoot "hosts/common/core")

    #################### Host-specific Optional Configs ####################
    "hosts/common/optional/services/clamav.nix" # depends on optional/msmtp.nix
    "hosts/common/optional/msmtp.nix" # required for emailing clamav alerts
    "hosts/common/optional/services/openssh.nix" # allow remote ssh 
    "hosts/common/optional/pipewire.nix" # audio

    # Desktop
    "hosts/common/optional/services/greetd.nix" # display manager
    "hosts/common/optional/hyprland.nix" # window manager

    #################### Users to Create ####################
    "hosts/common/users/sunzi"
    "hosts/common/users/laozi"

  ]);

  # set custom autologin options. see greetd.nix for details
  # TODO is there a better spot for this?
  autoLogin.enable = true;
  autoLogin.username = "laozi";

  # I18n & Time
  time.timeZone = "Europe/Amsterdam";
  i18n.defaultLocale = "en_US.UTF-8";

  # Starter config
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  #  useXkbConfig = true; # use xkb.options in tty.
  };


  # services.gnome.gnome-keyring.enable = true;
  # TODO enable and move to greetd area? may need authentication dir or something?
  # services.pam.services.greetd.enableGnomeKeyring = true;

  networking = {
    hostName = "jeroboam";
    # wireless.enable = true;
    networkmanager.enable = true;
    enableIPv6 = false;
  };

  boot = {
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
      timeout = 3;
    };
    initrd = {
        kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"];
        # Mount USB key before trying to decrypt root filesystem
        postDeviceCommands = pkgs.lib.mkBefore ''
          mkdir -m 0755 -p /key
          sleep 2 # To make sure the usb key has been loaded
          mount -n -t vfat -o ro `findfs UUID=${PRIMARYUSBID}` /key || mount -n -t vfat -o ro `findfs UUID=${BACKUPUSBID}` /key
        '';
        systemd.enable = true; # tpm2 unlock requires systemd initrd
        luks.devices."crypted" = {
            bypassWorkqueues = true;
            device = "/dev/nvme0n1p2";
            crypttabExtraOpts = [ "tpm2-device=auto" ]; # tpm2 unlock
            preLVM = true;

            # If using a USB or SD Card for decryption include the following.
            allowDiscards = true;
            keyFileSize = 4096;
            # This is the disk id of your USB or SD Card.
            # Get this by running `ls -l /dev/disk/by-id`,
            # and copy the long string into the spot below.
            keyFile = "/key/hdd.key";

            # Use this if you want to fallback to the encryption password when the drive can't be found. HIGHLY RECCOMENDED!!!!
            fallbackToPassword = true;
        };
    };
    resumeDevice = config.fileSystems."/swap".device;
    kernelParams = [

      # hibernation
      "resume_offset=533760"
    ]
  };
  
  # ================ HYPRLAND =================== #
  environment.sessionVariables = {
    # hack to get the cursor to become visible
    WLR_NO_HARDWARE_CURSORS = "1";
    # WLR_RENDERER_ALLOW_SOFTWARE = "1";
    # WLR_DRM_DEVICES = "1";

    # Hint electron apps to use wayland
    NIXOS_OZONE_WL = "1";
  }


  programs.hyprland = {
  enable = true;
  nvidiaPatches = false;
  xwayland.enable = true;
};

hardware = {
    # Opengl
    opengl.enable = true;

    # Most wayland compositors need this
    nvidia.modesetting.enable = false;
};

modules.btrfs-maintenance = {
    fileSystems = [
      # scrubbling one of subvolumes scrubs the whole filesystem
      "/persist"
    ];
  };

  # Fix to enable VSCode to successfully remote SSH on a client to a NixOS host
  # https://nixos.wiki/wiki/Visual_Studio_Code # Remote_SSH
  # programs.nix-ld.enable = true;

  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
  system.stateVersion = "24.05";
}
asdf 2024-06-07 11:37:13 +00:00
Update systems/jeroboam/default.nix 2024-06-09 01:25:52 +00:00
			`#############################################################`
			`# ===========================================================`
			`# Rehoboam - LT1`
			`# Simple, Dev`
			`# ===========================================================`
			`#############################################################`

usb unattended 2024-06-09 02:33:27 +00:00			`{ inputs, configLib, ... }:`
			`let`
Update primary usb uuid 2024-06-09 14:50:37 +00:00			`PRIMARYUSBID = "720657da-2c89-4f47-aba9-b43618778a3d";`
usb unattended 2024-06-09 02:33:27 +00:00			`BACKUPUSBID = "b501f1b9-7714-472c-988f-3c997f146a18";`
			`in {`
Update systems/jeroboam/default.nix 2024-06-09 01:25:52 +00:00			`imports = [`
			`#################### Every Host Needs This ####################`
			`./hardware-configuration.nix`

			`#################### Hardware Modules ####################`
			`inputs.hardware.nixosModules.common-cpu-amd`
			`inputs.hardware.nixosModules.common-gpu-amd`
			`inputs.hardware.nixosModules.common-pc-ssd`

			`#################### Disk Layout ####################`
			`inputs.disko.nixosModules.disko`
Templating for system init. Networking, pipewire for audio, time, i18n, console, 2024-06-09 15:41:39 +00:00			`(configLib.relativeToRoot "hosts/common/disks/jehoboam.nix")`
Update systems/jeroboam/default.nix 2024-06-09 01:25:52 +00:00			`{`
			`_module.args = {`
			`disk = "/dev/vda";`
			`withSwap = false;`
			`};`
			`}`
			`]`
			`++ (map configLib.relativeToRoot [`
			`#################### Required Configs ####################`
			`(configLib.relativeToRoot "hosts/common/core")`

			`#################### Host-specific Optional Configs ####################`
			`"hosts/common/optional/services/clamav.nix" # depends on optional/msmtp.nix`
			`"hosts/common/optional/msmtp.nix" # required for emailing clamav alerts`
Templating for system init. Networking, pipewire for audio, time, i18n, console, 2024-06-09 15:41:39 +00:00			`"hosts/common/optional/services/openssh.nix" # allow remote ssh`
			`"hosts/common/optional/pipewire.nix" # audio`
Update systems/jeroboam/default.nix 2024-06-09 01:25:52 +00:00
			`# Desktop`
			`"hosts/common/optional/services/greetd.nix" # display manager`
			`"hosts/common/optional/hyprland.nix" # window manager`

			`#################### Users to Create ####################`
			`"hosts/common/users/sunzi"`
			`"hosts/common/users/laozi"`

			`]);`

			`# set custom autologin options. see greetd.nix for details`
			`# TODO is there a better spot for this?`
			`autoLogin.enable = true;`
			`autoLogin.username = "laozi";`

Templating for system init. Networking, pipewire for audio, time, i18n, console, 2024-06-09 15:41:39 +00:00			`# I18n & Time`
			`time.timeZone = "Europe/Amsterdam";`
			`i18n.defaultLocale = "en_US.UTF-8";`

			`# Starter config`
			`console = {`
			`font = "Lat2-Terminus16";`
			`keyMap = "us";`
			`# useXkbConfig = true; # use xkb.options in tty.`
			`};`


Update systems/jeroboam/default.nix 2024-06-09 01:25:52 +00:00			`# services.gnome.gnome-keyring.enable = true;`
			`# TODO enable and move to greetd area? may need authentication dir or something?`
			`# services.pam.services.greetd.enableGnomeKeyring = true;`

			`networking = {`
Templating for system init. Networking, pipewire for audio, time, i18n, console, 2024-06-09 15:41:39 +00:00			`hostName = "jeroboam";`
			`# wireless.enable = true;`
			`networkmanager.enable = true;`
Update systems/jeroboam/default.nix 2024-06-09 01:25:52 +00:00			`enableIPv6 = false;`
			`};`

			`boot = {`
			`loader = {`
			`systemd-boot.enable = true;`
			`efi.canTouchEfiVariables = true;`
			`timeout = 3;`
			`};`
			`initrd = {`
usb unattended 2024-06-09 02:33:27 +00:00			`kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"];`
			`# Mount USB key before trying to decrypt root filesystem`
			`postDeviceCommands = pkgs.lib.mkBefore ''`
			`mkdir -m 0755 -p /key`
			`sleep 2 # To make sure the usb key has been loaded`
			mount -n -t vfat -o ro `findfs UUID=${PRIMARYUSBID}` /key \|\| mount -n -t vfat -o ro `findfs UUID=${BACKUPUSBID}` /key
			`'';`
Update systems/jeroboam/default.nix 2024-06-09 01:25:52 +00:00			`systemd.enable = true; # tpm2 unlock requires systemd initrd`
usb unattended 2024-06-09 02:33:27 +00:00			`luks.devices."crypted" = {`
Update systems/jeroboam/default.nix 2024-06-09 01:25:52 +00:00			`bypassWorkqueues = true;`
			`device = "/dev/nvme0n1p2";`
			`crypttabExtraOpts = [ "tpm2-device=auto" ]; # tpm2 unlock`
luks upd 2024-06-09 01:42:13 +00:00			`preLVM = true;`

			`# If using a USB or SD Card for decryption include the following.`
			`allowDiscards = true;`
			`keyFileSize = 4096;`
			`# This is the disk id of your USB or SD Card.`
			# Get this by running `ls -l /dev/disk/by-id`,
			`# and copy the long string into the spot below.`
specifying hdd.key file on mounted usb 2024-06-09 15:18:56 +00:00			`keyFile = "/key/hdd.key";`
luks upd 2024-06-09 01:42:13 +00:00
			`# Use this if you want to fallback to the encryption password when the drive can't be found. HIGHLY RECCOMENDED!!!!`
			`fallbackToPassword = true;`
Update systems/jeroboam/default.nix 2024-06-09 01:25:52 +00:00			`};`
			`};`
Update systems/jeroboam/default.nix 2024-06-09 01:40:10 +00:00			`resumeDevice = config.fileSystems."/swap".device;`
			`kernelParams = [`

			`# hibernation`
			`"resume_offset=533760"`
			`]`
Update systems/jeroboam/default.nix 2024-06-09 01:25:52 +00:00			`};`

			`# ================ HYPRLAND =================== #`
			`environment.sessionVariables = {`
			`# hack to get the cursor to become visible`
			`WLR_NO_HARDWARE_CURSORS = "1";`
			`# WLR_RENDERER_ALLOW_SOFTWARE = "1";`
			`# WLR_DRM_DEVICES = "1";`

			`# Hint electron apps to use wayland`
			`NIXOS_OZONE_WL = "1";`
			`}`


			`programs.hyprland = {`
asdf 2024-06-07 11:37:13 +00:00			`enable = true;`
			`nvidiaPatches = false;`
			`xwayland.enable = true;`
			`};`

			`hardware = {`
Update systems/jeroboam/default.nix 2024-06-09 01:25:52 +00:00			`# Opengl`
asdf 2024-06-07 11:37:13 +00:00			`opengl.enable = true;`

			`# Most wayland compositors need this`
			`nvidia.modesetting.enable = false;`
			`};`
Update systems/jeroboam/default.nix 2024-06-09 01:25:52 +00:00
Update systems/jeroboam/default.nix 2024-06-09 01:40:10 +00:00			`modules.btrfs-maintenance = {`
			`fileSystems = [`
			`# scrubbling one of subvolumes scrubs the whole filesystem`
			`"/persist"`
			`];`
			`};`

Update systems/jeroboam/default.nix 2024-06-09 01:25:52 +00:00			`# Fix to enable VSCode to successfully remote SSH on a client to a NixOS host`
			`# https://nixos.wiki/wiki/Visual_Studio_Code # Remote_SSH`
			`# programs.nix-ld.enable = true;`

			`# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion`
			`system.stateVersion = "24.05";`
			`}`