diff --git a/disko/GLaDOS/default.nix b/disko/GLaDOS/default.nix index 42aeb33..c605347 100644 --- a/disko/GLaDOS/default.nix +++ b/disko/GLaDOS/default.nix @@ -1,9 +1,9 @@ { disko.devices = { disk = { - main = { + sda1 = { type = "disk"; - device = "/dev/disk/by-path/pci-0000:01:00.0-nvme-1"; + device = "/dev/disk/by-path/pci-0000:06:00.0-ata-6"; content = { type = "gpt"; partitions = { @@ -14,45 +14,64 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; + mountOptions = [ + "defaults" + ]; }; }; - nvme_luks = { + luks = { size = "100%"; content = { type = "luks"; - name = "nvme_crypted"; - extraOpenArgs = [ ]; + name = "crypted"; + extraOpenArgs = []; settings = { # if you want to use the key for interactive login be sure there is no trailing newline # for example use `echo -n "password" > /tmp/secret.key` #keyFile = "/tmp/secret.key"; allowDiscards = true; }; + #additionalKeyFiles = ["/tmp/additionalSecret.key"]; content = { type = "lvm_pv"; - vg = "nvme_pool"; + vg = "pool"; }; }; }; }; }; }; + #sdc = { + #device = "/dev/disk/by-path/pci-0000:06:00.0-ata-2"; + #type = "disk"; + #content = { + #type = "gpt"; + #partitions = { + #root = { + #size = "100%"; + #content = { + #type = "filesystem"; + #format = "ext4"; + #mountpoint = "/media"; + #}; + #}; + #}; + #}; + #}; }; lvm_vg = { - nvme_pool = { + pool = { type = "lvm_vg"; lvs = { - nvme_swap = { - size = "32G"; + swap = { + size = "16G"; content = { type = "swap"; - discardPolicy = "both"; resumeDevice = true; # resume from hiberation from this device }; }; - nvme_root = { - size = "100%"; + root = { + size = "100%FREE"; content = { type = "filesystem"; format = "ext4"; @@ -65,5 +84,13 @@ }; }; }; + nodev = { + "/home/lillian/Downloads" = { + fsType = "tmpfs"; + mountOptions = [ + "size=4G" + ]; + }; + }; }; } diff --git a/flake.nix b/flake.nix index 2822f98..9382a34 100644 --- a/flake.nix +++ b/flake.nix @@ -180,18 +180,6 @@ # NixOS configuration entrypoint # Available through 'nixos-rebuild --flake .#your-hostname' nixosConfigurations = { - nixIso = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = {inherit inputs outputs;}; - modules = - sharedModules - ++ desktopModules - ++ [ - ./nixos/hosts/iso/configuration.nix - "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix" - ]; - }; - EDI = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = {inherit inputs outputs;}; diff --git a/home-manager/hosts/iso/id_ed25519.pub b/home-manager/hosts/iso/id_ed25519.pub deleted file mode 100644 index c1ae600..0000000 --- a/home-manager/hosts/iso/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeZHHAEoUh/Ly9F1xUSPZLPNE0Yh/wM2qWgKvlEBa8A lillian@GLaDOS diff --git a/home-manager/hosts/iso/lillian.nix b/home-manager/hosts/iso/lillian.nix index b76bd91..1922c62 100644 --- a/home-manager/hosts/iso/lillian.nix +++ b/home-manager/hosts/iso/lillian.nix @@ -11,11 +11,13 @@ # You can also split up your configuration and import pieces of it here: # ./nvim.nix + ../../desktop + ../../shared ]; home.packages = with pkgs; [ ]; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - home.stateVersion = "25.11"; + home.stateVersion = "25.05"; } diff --git a/nixos/desktop/default.nix b/nixos/desktop/default.nix index e64e83e..41689cc 100644 --- a/nixos/desktop/default.nix +++ b/nixos/desktop/default.nix @@ -30,7 +30,7 @@ }; environment.systemPackages = - with pkgs; [ + (with pkgs; [ # Custom tools dvd dvt @@ -85,17 +85,16 @@ libportal # User tools - freetube noisetorch qjackctl wireplumber #rustdesk - ] - # ++ (with pkgs-edge; [ - # list of latest packages from nixpkgs master - # Can be used to install latest version of some packages - # ]) - ; + ]) + ++ (with pkgs-edge; [ + freetube + # list of latest packages from nixpkgs master + # Can be used to install latest version of some packages + ]); sops = { secrets."nextcloud-password" = { mode = "0600"; diff --git a/nixos/hosts/GLaDOS/configuration.nix b/nixos/hosts/GLaDOS/configuration.nix index 4d01abb..238dd13 100644 --- a/nixos/hosts/GLaDOS/configuration.nix +++ b/nixos/hosts/GLaDOS/configuration.nix @@ -31,7 +31,6 @@ ]; environment.systemPackages = with pkgs; [ - gparted ]; services.vpn-ip = { diff --git a/nixos/hosts/iso/configuration.nix b/nixos/hosts/iso/configuration.nix index fd73d37..1c45890 100644 --- a/nixos/hosts/iso/configuration.nix +++ b/nixos/hosts/iso/configuration.nix @@ -10,20 +10,20 @@ # outputs.homeManagerModules.example # outputs.nixosModules.contabo.wan inputs.home-manager.nixosModules.home-manager - outputs.nixosModules.vpn-ip # Or modules exported from other flakes (such as nix-colors): # inputs.nix-colors.homeManagerModules.defaults # Import shared settings + ../../shared ]; - # programs.command-not-found.enable = lib.mkForce false; - # programs.nix-index.enable = true; - # programs.nix-index-database.comma.enable = true; + programs.command-not-found.enable = lib.mkForce false; + programs.nix-index.enable = true; + programs.nix-index-database.comma.enable = true; - # boot.tmp.cleanOnBoot = true; - # zramSwap.enable = false; - # networking.domain = ""; + boot.tmp.cleanOnBoot = true; + zramSwap.enable = false; + networking.domain = ""; services.openssh = { enable = true; # require public key authentication for better security @@ -45,9 +45,7 @@ #Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys sops.defaultSopsFile = ./secrets/sops.yaml; - services.vpn-ip.enable = false; - - # services.desktopManager.plasma6.enable = true; + services.desktopManager.plasma6.enable = true; environment.systemPackages = with pkgs; [ # Custom tools @@ -67,6 +65,7 @@ sbctl tpm2-tools tpm2-tss + waydroid zsh # KDE/QT @@ -82,14 +81,13 @@ kdePackages.plasma-pa kdePackages.sddm-kcm kdePackages.dolphin-plugins + libportal-qt5 libportal ]; # Enable networking networking.networkmanager.enable = true; - networking.hostName = "iso"; - # Contabo ipv6 nameservers: "2a02:c207::1:53" "2a02:c207::2:53" networking.firewall.enable = true; @@ -108,24 +106,24 @@ # Enable bluetooth hardware hardware.bluetooth.enable = true; - # security.tpm2.enable = true; - # security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so - # security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables - # users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices + security.tpm2.enable = true; + security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so + security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables + users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices # Set your time zone. time.timeZone = "Europe/Amsterdam"; - # programs.git = { - # enable = true; - # }; + programs.git = { + enable = true; + }; - # programs.direnv = { - # enable = true; - # }; + programs.direnv = { + enable = true; + }; - # # Enable completion of system packages by zsh - # environment.pathsToLink = ["/share/zsh"]; + # Enable completion of system packages by zsh + environment.pathsToLink = ["/share/zsh"]; # kde power settings do not turn off screen systemd = { @@ -138,17 +136,17 @@ }; }; - # home-manager = { - # extraSpecialArgs = {inherit inputs outputs;}; - # users = { - # # Import your home-manager configuration - # lillian = import ../../../home-manager/hosts/iso; - # }; - # }; + home-manager = { + extraSpecialArgs = {inherit inputs outputs;}; + users = { + # Import your home-manager configuration + lillian = import ../../../home-manager/hosts/iso; + }; + }; - # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; - # boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"]; + boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; + boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"]; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "25.11"; + system.stateVersion = "24.11"; } diff --git a/nixos/hosts/iso/secrets/sops.yaml b/nixos/hosts/iso/secrets/sops.yaml index 27763b5..92548c8 100644 --- a/nixos/hosts/iso/secrets/sops.yaml +++ b/nixos/hosts/iso/secrets/sops.yaml @@ -1,8 +1,9 @@ lillian-password: ENC[AES256_GCM,data:eQzZwGxK9Lw2gc8HDNw57odxPzTH4sa/2O97h3VAghRwLClmCYKT91kxj2F3kQ4iEctBl0GxdS4WoL3H9eE4/CAPffXdTmkdYg==,iv:2ezB4DNHFv5ceJ2gtATV12Azm3vFFDLX1qSSy+cKuMY=,tag:zxb5agUCDpi92bYV7+DmoA==,type:str] -ssh-private-key: ENC[AES256_GCM,data:YQ+9aKpBL9XYl0IBxpPttUli6/E25alUhO36dZwPPSIBLI1ehyczocQMxNRYNtB2xKYx4wPaYIndLBhj9VdTUgaOWUd2C6aU6YgXgFAsjgEwqVDZWRp7TrTHojtrS5HnJgfopx6EqPf/uljD9yQsOkubDDUbpYkpWX/3vixm9LJ1eRXxTxXW8D3O5OM2Z1NsqA7meVa1xhvWJokqS4sD5ntp1HT78Xmu62EweHQVGaznUvWZupYh0uCQd0tr6GVTZLHdyCdaFUGHRbRddBcljpBIRWaWkhIrkjejvptUZ4Ht/UN5XM5z+zfU3DxsDOxeJ7m83om9I3WdZSdq1aDXe+VFEfMrx/0QTk2LtAmOvujcN6wO7a77SD4Rpuvq8KH2CeKrwMLlFf2BeGIcGhvAhRYUVxtypM38DEdbf/7xIcw0vQP2zNZN4QWdukUInDndnAxMfbIXKpYI5OPRaZMTVui41hkS86LBfbd5RhTjyzrtIpVSq9XkKRX7d5i8Gcjb4ORpQvrNNYMo+TXCiLNTg3/q0My/jEhfjfTF,iv:EpKC9judTZ1+0Y2LC1OK2YzGH/orRpZNtE7O+ZZyU1E=,tag:S6ju/FkwIBbBA8YU3dRo1A==,type:str] -nextcloud-password: ENC[AES256_GCM,data:5u8j1wau5FewTe+t3YZ365Acfcrt09XDgCUNpDbuVKaNZIEW3gdR60XACQeAvsyQeznynILJnz7/txV2,iv:l1xYhUkQGdWYNNy1lG9xB5SgL9cn2FdzAs19iVCohlA=,tag:rT0flG+v9wd8jSUm8DrCjg==,type:str] -wg-private-key: ENC[AES256_GCM,data:3JpyscuzK4LG1lfM3oyQNBHy7BQ2WeTaSyaZoaNfS4U7KkpEaCp5EVLBYiY=,iv:odDG8xp+d+O4FuECfeCJn/z2ka4KSzSBvgBCmcMZ0S0=,tag:iPwnqgtap+i44Mru/S7TyA==,type:str] sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] age: - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz enc: | @@ -13,7 +14,8 @@ sops: dXlaN3dWOUl4Mys2V0x3Z3F6UVU4MVUKEJYpX8XhSNcM+7aUuxnIwrokY0/29Cnh yz0HAZkaj8FwvnPnafo5jmwVyi6WXECvX5E0NZfjKH4AF5vTu6Wukg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-14T18:00:16Z" - mac: ENC[AES256_GCM,data:NnX0hMrfeKJucgqgVUIUS0WOHerkDtKe3P+4vvWRCMX3eXg4Tsju8pZySZP7RSZX7+2W3OUHMOUuAum0YrVasTXuhm6jPvlbqvRnVXaVzCNheIUvTCF7LFeJEOQYKS5m8AiVKFRrxz+dGn90DSeijjajSePBjo8AnKyAOQEt1S8=,iv:1iJiqJU0vdDiWnJAYDlbOBBa9lBOODjjdlsRH54aTGI=,tag:JZtgVeLvFN6vcCZkRnuNcQ==,type:str] + lastmodified: "2024-03-20T18:17:48Z" + mac: ENC[AES256_GCM,data:3UHIoYPHC6n56CHguOVuoFd9VwCjGiD9VCYy2d5W+4XQEZpjnONX8fhwwWRm42COymz89tmqDmpDp88BnSU8uE14IaCIUoxfCaRiZtjAiHjouua2jr50aUV56pwyan8ZiiOjP8oP1VY/tsv1w0jWI9TjSTHvCdNLR8XEcf6bCrk=,iv:/lBJdkQgwZyiztQ9vSoHgY+WxXJKHFI93dxtOSunHNo=,tag:lLwrSdzoN9CzmyIdLOe5ig==,type:str] + pgp: [] unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.8.1 diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix index 3b4b4dd..9402ef1 100644 --- a/nixos/hosts/wheatley/configuration.nix +++ b/nixos/hosts/wheatley/configuration.nix @@ -306,7 +306,7 @@ # enable NAT enable = true; externalInterface = "end0"; - internalInterfaces = ["wg1" "mullvad"]; + internalInterfaces = ["wg1"]; }; firewall = { enable = true;