Big refactor, need to test still

2023-12-28 12:47:58 +01:00 · 2023-12-28 12:47:58 +01:00 · ba1d04f83a
commit ba1d04f83a
parent 85eb74721e
26 changed files with 17 additions and 16 deletions
--- a/nixos/hosts/EDI/configuration.nix
+++ b/nixos/hosts/EDI/configuration.nix
@ -0,0 +1,43 @@
+# This is your system's configuration file.
+# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  # You can import other NixOS modules here
+  imports = [
+    # Import home-manager's NixOS module
+    inputs.home-manager.nixosModules.home-manager
+    # If you want to use modules your own flake exports (from modules/nixos):
+    # outputs.nixosModules.example
+
+    # Or modules from other flakes (such as nixos-hardware):
+    # inputs.hardware.nixosModules.common-cpu-amd
+    # inputs.hardware.nixosModules.common-ssd
+
+    # You can also split up your configuration and import pieces of it here:
+    # ./users.nix
+
+    .././shared-desktop/configuration.nix
+
+    # Import your generated (nixos-generate-config) hardware configuration
+    ./hardware-configuration.nix
+  ];
+
+  home-manager = {
+    extraSpecialArgs = {inherit inputs outputs;};
+    users = {
+      # Import your home-manager configuration
+      lillian = import ../../home-manager/EDI-Lillian.nix;
+    };
+  };
+
+  networking.hostName = "EDI";
+
+  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+  system.stateVersion = "unstable";
+}
--- a/nixos/hosts/EDI/hardware-configuration.nix
+++ b/nixos/hosts/EDI/hardware-configuration.nix
@ -0,0 +1,44 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.kernel.sysctl."net.ipv4.icmp_echo_ignore_broadcasts" = 1;
+  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/f930d7c6-2798-4e25-abc1-81d02e9abf35";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/42ED-068B";
+    fsType = "vfat";
+  };
+
+  swapDevices = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s20f0u9u2c2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/nixos/hosts/EDI/secrets/sops.yaml
+++ b/nixos/hosts/EDI/secrets/sops.yaml
@ -0,0 +1,21 @@
+password: ENC[AES256_GCM,data:4EAU7m0RF3BWnIDdcRFkC+UcwcQ=,iv:s1gF8edUjatry3h/e5ZmBXLOEJO1iX8tiyuanzuJgJY=,tag:cicC8WzOnIhG8xIM09nrTw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2R2hoVEwvOGV5ZnlNZHFa
+            SkNLUmdLc29kVEZqeXJDSmxmd2ZmNzFCREg0CklvbUpTMTJ4OXk3K1FOK013Y01m
+            Lzk3czVrek56N1VpZkJkeUlDaDM1VXcKLS0tIHJNTitsT3kwNHpzWkIxM0VsZmtP
+            eUZ6b09pYlRVWFBuUm1Ua2l6Z0dacW8KeQdAVsxXsDiDMtFA2koSpDsw7Ib63vA0
+            GE/ubWDwwRc7wMPFGuofIe6TaDSFgtVXza+yo+i4y51+BOpwqxlYYA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-11-04T09:24:15Z"
+    mac: ENC[AES256_GCM,data:SoNQ2F2hye6l4B29dLOycZYNqdpluRWgsIj0ZJ5aanExBKq8REHyoXU11X+ItZkrHkyNHyDf1cpQSwyL0AMJG6KXn0z//hKuMijOF3AQ5fXgIu4vmutvpvvIQ/7rBxATsFq43QjIWHsSOOfi1HYpBRlDwc/oTCG9G//NzR9MqOo=,iv:uhZuK1wGPUbhby++T2diyleLWvGbFE+1HCuw0y73eTQ=,tag:lkWn+nYkGP0L0HyVjjYhCA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1