162 lines
4.9 KiB
Nix
162 lines
4.9 KiB
Nix
|
|
|
|
#############################################################
|
|
# ===========================================================
|
|
# Rehoboam - LT1
|
|
# Simple, Dev
|
|
# ===========================================================
|
|
#############################################################
|
|
|
|
{ inputs, configLib, ... }:
|
|
let
|
|
PRIMARYUSBID = "720657da-2c89-4f47-aba9-b43618778a3d";
|
|
BACKUPUSBID = "b501f1b9-7714-472c-988f-3c997f146a18";
|
|
in {
|
|
imports = [
|
|
#################### Every Host Needs This ####################
|
|
./hardware-configuration.nix
|
|
|
|
#################### Hardware Modules ####################
|
|
inputs.hardware.nixosModules.common-cpu-amd
|
|
inputs.hardware.nixosModules.common-gpu-amd
|
|
inputs.hardware.nixosModules.common-pc-ssd
|
|
|
|
#################### Disk Layout ####################
|
|
inputs.disko.nixosModules.disko
|
|
(configLib.relativeToRoot "hosts/common/disks/jehoboam.nix")
|
|
{
|
|
_module.args = {
|
|
disk = "/dev/vda";
|
|
withSwap = false;
|
|
};
|
|
}
|
|
]
|
|
++ (map configLib.relativeToRoot [
|
|
#################### Required Configs ####################
|
|
(configLib.relativeToRoot "hosts/common/core")
|
|
|
|
#################### Host-specific Optional Configs ####################
|
|
"hosts/common/optional/services/clamav.nix" # depends on optional/msmtp.nix
|
|
"hosts/common/optional/msmtp.nix" # required for emailing clamav alerts
|
|
"hosts/common/optional/services/openssh.nix" # allow remote ssh
|
|
"hosts/common/optional/pipewire.nix" # audio
|
|
|
|
# Desktop
|
|
"hosts/common/optional/services/greetd.nix" # display manager
|
|
"hosts/common/optional/hyprland.nix" # window manager
|
|
|
|
#################### Users to Create ####################
|
|
"hosts/common/users/sunzi"
|
|
"hosts/common/users/laozi"
|
|
|
|
]);
|
|
|
|
# set custom autologin options. see greetd.nix for details
|
|
# TODO is there a better spot for this?
|
|
autoLogin.enable = true;
|
|
autoLogin.username = "laozi";
|
|
|
|
# I18n & Time
|
|
time.timeZone = "Europe/Amsterdam";
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
# Starter config
|
|
console = {
|
|
font = "Lat2-Terminus16";
|
|
keyMap = "us";
|
|
# useXkbConfig = true; # use xkb.options in tty.
|
|
};
|
|
|
|
|
|
# services.gnome.gnome-keyring.enable = true;
|
|
# TODO enable and move to greetd area? may need authentication dir or something?
|
|
# services.pam.services.greetd.enableGnomeKeyring = true;
|
|
|
|
networking = {
|
|
hostName = "jeroboam";
|
|
# wireless.enable = true;
|
|
networkmanager.enable = true;
|
|
enableIPv6 = false;
|
|
};
|
|
|
|
boot = {
|
|
loader = {
|
|
systemd-boot.enable = true;
|
|
efi.canTouchEfiVariables = true;
|
|
timeout = 3;
|
|
};
|
|
initrd = {
|
|
kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"];
|
|
# Mount USB key before trying to decrypt root filesystem
|
|
postDeviceCommands = pkgs.lib.mkBefore ''
|
|
mkdir -m 0755 -p /key
|
|
sleep 2 # To make sure the usb key has been loaded
|
|
mount -n -t vfat -o ro `findfs UUID=${PRIMARYUSBID}` /key || mount -n -t vfat -o ro `findfs UUID=${BACKUPUSBID}` /key
|
|
'';
|
|
systemd.enable = true; # tpm2 unlock requires systemd initrd
|
|
luks.devices."crypted" = {
|
|
bypassWorkqueues = true;
|
|
device = "/dev/nvme0n1p2";
|
|
crypttabExtraOpts = [ "tpm2-device=auto" ]; # tpm2 unlock
|
|
preLVM = true;
|
|
|
|
# If using a USB or SD Card for decryption include the following.
|
|
allowDiscards = true;
|
|
keyFileSize = 4096;
|
|
# This is the disk id of your USB or SD Card.
|
|
# Get this by running `ls -l /dev/disk/by-id`,
|
|
# and copy the long string into the spot below.
|
|
keyFile = "/key/hdd.key";
|
|
|
|
# Use this if you want to fallback to the encryption password when the drive can't be found. HIGHLY RECCOMENDED!!!!
|
|
fallbackToPassword = true;
|
|
};
|
|
};
|
|
resumeDevice = config.fileSystems."/swap".device;
|
|
kernelParams = [
|
|
|
|
# hibernation
|
|
"resume_offset=533760"
|
|
]
|
|
};
|
|
|
|
# ================ HYPRLAND =================== #
|
|
environment.sessionVariables = {
|
|
# hack to get the cursor to become visible
|
|
WLR_NO_HARDWARE_CURSORS = "1";
|
|
# WLR_RENDERER_ALLOW_SOFTWARE = "1";
|
|
# WLR_DRM_DEVICES = "1";
|
|
|
|
# Hint electron apps to use wayland
|
|
NIXOS_OZONE_WL = "1";
|
|
}
|
|
|
|
|
|
programs.hyprland = {
|
|
enable = true;
|
|
nvidiaPatches = false;
|
|
xwayland.enable = true;
|
|
};
|
|
|
|
hardware = {
|
|
# Opengl
|
|
opengl.enable = true;
|
|
|
|
# Most wayland compositors need this
|
|
nvidia.modesetting.enable = false;
|
|
};
|
|
|
|
modules.btrfs-maintenance = {
|
|
fileSystems = [
|
|
# scrubbling one of subvolumes scrubs the whole filesystem
|
|
"/persist"
|
|
];
|
|
};
|
|
|
|
# Fix to enable VSCode to successfully remote SSH on a client to a NixOS host
|
|
# https://nixos.wiki/wiki/Visual_Studio_Code # Remote_SSH
|
|
# programs.nix-ld.enable = true;
|
|
|
|
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
|
system.stateVersion = "24.05";
|
|
} |