############################################################# # =========================================================== # Rehoboam - LT1 # Simple, Dev # =========================================================== ############################################################# { inputs, configLib, ... }: let PRIMARYUSBID = "720657da-2c89-4f47-aba9-b43618778a3d"; BACKUPUSBID = "b501f1b9-7714-472c-988f-3c997f146a18"; in { imports = [ #################### Every Host Needs This #################### ./hardware-configuration.nix #################### Hardware Modules #################### inputs.hardware.nixosModules.common-cpu-amd inputs.hardware.nixosModules.common-gpu-amd inputs.hardware.nixosModules.common-pc-ssd #################### Disk Layout #################### inputs.disko.nixosModules.disko (configLib.relativeToRoot "hosts/common/disks/rehoboam.nix") { _module.args = { disk = "/dev/vda"; withSwap = false; }; } ] ++ (map configLib.relativeToRoot [ #################### Required Configs #################### (configLib.relativeToRoot "hosts/common/core") #################### Host-specific Optional Configs #################### "hosts/common/optional/services/clamav.nix" # depends on optional/msmtp.nix "hosts/common/optional/msmtp.nix" # required for emailing clamav alerts "hosts/common/optional/services/openssh.nix" # Desktop "hosts/common/optional/services/greetd.nix" # display manager "hosts/common/optional/hyprland.nix" # window manager #################### Users to Create #################### "hosts/common/users/sunzi" "hosts/common/users/laozi" ]); # set custom autologin options. see greetd.nix for details # TODO is there a better spot for this? autoLogin.enable = true; autoLogin.username = "laozi"; # services.gnome.gnome-keyring.enable = true; # TODO enable and move to greetd area? may need authentication dir or something? # services.pam.services.greetd.enableGnomeKeyring = true; networking = { hostName = "sunzi"; # networkmanager.enable = true; enableIPv6 = false; }; boot = { loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; timeout = 3; }; initrd = { kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"]; # Mount USB key before trying to decrypt root filesystem postDeviceCommands = pkgs.lib.mkBefore '' mkdir -m 0755 -p /key sleep 2 # To make sure the usb key has been loaded mount -n -t vfat -o ro `findfs UUID=${PRIMARYUSBID}` /key || mount -n -t vfat -o ro `findfs UUID=${BACKUPUSBID}` /key ''; systemd.enable = true; # tpm2 unlock requires systemd initrd luks.devices."crypted" = { bypassWorkqueues = true; device = "/dev/nvme0n1p2"; crypttabExtraOpts = [ "tpm2-device=auto" ]; # tpm2 unlock preLVM = true; # If using a USB or SD Card for decryption include the following. allowDiscards = true; keyFileSize = 4096; # This is the disk id of your USB or SD Card. # Get this by running `ls -l /dev/disk/by-id`, # and copy the long string into the spot below. keyFile = "/key/keyfile"; # Use this if you want to fallback to the encryption password when the drive can't be found. HIGHLY RECCOMENDED!!!! fallbackToPassword = true; }; }; resumeDevice = config.fileSystems."/swap".device; kernelParams = [ # hibernation "resume_offset=533760" ] }; # ================ HYPRLAND =================== # environment.sessionVariables = { # hack to get the cursor to become visible WLR_NO_HARDWARE_CURSORS = "1"; # WLR_RENDERER_ALLOW_SOFTWARE = "1"; # WLR_DRM_DEVICES = "1"; # Hint electron apps to use wayland NIXOS_OZONE_WL = "1"; } programs.hyprland = { enable = true; nvidiaPatches = false; xwayland.enable = true; }; hardware = { # Opengl opengl.enable = true; # Most wayland compositors need this nvidia.modesetting.enable = false; }; modules.btrfs-maintenance = { fileSystems = [ # scrubbling one of subvolumes scrubs the whole filesystem "/persist" ]; }; # Fix to enable VSCode to successfully remote SSH on a client to a NixOS host # https://nixos.wiki/wiki/Visual_Studio_Code # Remote_SSH # programs.nix-ld.enable = true; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion system.stateVersion = "24.05"; }