From 922ca907546fd387ff1e39c366e863e2ccd6b87c Mon Sep 17 00:00:00 2001 From: Adrian Kummerlaender Date: Thu, 13 Oct 2022 21:19:13 +0200 Subject: Add wip idefix config --- host/hardware/idefix.nix | 50 +++++++++++++++++++++++++++++++++++ host/idefix.nix | 53 ++++++++++++++++++++++++++++++++++++++ host/software/server/wireguard.nix | 4 +++ 3 files changed, 107 insertions(+) create mode 100644 host/hardware/idefix.nix create mode 100644 host/idefix.nix diff --git a/host/hardware/idefix.nix b/host/hardware/idefix.nix new file mode 100644 index 0000000..73795f8 --- /dev/null +++ b/host/hardware/idefix.nix @@ -0,0 +1,50 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ]; + kernelModules = [ ]; + secrets = { + "/crypto_keyfile.bin" = null; + }; + # Enable swap on luks + luks.devices."luks-d66399c9-3eb8-4ebc-9855-9aae346feabf".device = "/dev/disk/by-uuid/d66399c9-3eb8-4ebc-9855-9aae346feabf"; + luks.devices."luks-d66399c9-3eb8-4ebc-9855-9aae346feabf".keyFile = "/crypto_keyfile.bin"; + luks.devices."luks-1747c7bf-b0e6-4202-8e00-393c0e5a01f2".device = "/dev/disk/by-uuid/1747c7bf-b0e6-4202-8e00-393c0e5a01f2"; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + efi.efiSysMountPoint = "/boot/efi"; + }; + }; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/a368ee22-54d1-45ff-b61b-529b9b438e52"; + fsType = "ext4"; + }; + + + fileSystems."/boot/efi" = + { device = "/dev/disk/by-uuid/F393-BC14"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/51ac8775-7ff6-4869-addb-fe139198e7c8"; } + ]; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + hardware.bluetooth.enable = true; +} diff --git a/host/idefix.nix b/host/idefix.nix new file mode 100644 index 0000000..80711f2 --- /dev/null +++ b/host/idefix.nix @@ -0,0 +1,53 @@ +{ pkgs, ... }: + +{ + imports = [ + ./hardware/idefix.nix + ./software/desktop + ./software/desktop/gnome.nix + ]; + + console.keyMap = pkgs.lib.mkForce "us"; + + networking = { + hostName = "idefix"; + firewall.enable = false; + networkmanager.enable = true; + }; + + users.extraUsers.common.extraGroups = [ "networkmanager" ]; + + services = { + upower.enable = true; + acpid.enable = true; + blueman.enable = true; + xserver.libinput.enable = true; + }; + + powerManagement.powertop.enable = true; + + services.xserver = { + layout = pkgs.lib.mkForce "us"; + xkbVariant = pkgs.lib.mkForce ""; + }; + + networking.wireguard.interfaces = { + wg0 = { + ips = [ "10.100.0.8/24" ]; + + privateKeyFile = "/etc/wireguard/private"; + + peers = [ + { # automatix + publicKey = "B0tkjq+5SfECKx1gWEP5JVWOIaRWL2JNE7iSpMmN4F0="; + allowedIPs = [ "10.100.0.0/24" ]; + endpoint = "kummerlaender.eu:54321"; + + persistentKeepalive = 10; + } + ]; + }; + }; + + system.stateVersion = "22.05"; +} diff --git a/host/software/server/wireguard.nix b/host/software/server/wireguard.nix index 102fe80..29aaec5 100644 --- a/host/software/server/wireguard.nix +++ b/host/software/server/wireguard.nix @@ -38,6 +38,10 @@ publicKey = "0nd/5vZaerTCUpS6uXsulCTzI3ZsUT2N2pnh7zTo8wg="; allowedIPs = [ "10.100.0.7" ]; } + { # idefix + publicKey = "sF89wadXLEMXeNHNFPas7umP/QeyXMs3s7XGfXmY2lc="; + allowedIPs = [ "10.100.0.8" ]; + } ]; }; }; -- cgit v1.2.3