diff --git a/disko/GLaDOS/default.nix b/disko/GLaDOS/default.nix index c605347..42aeb33 100644 --- a/disko/GLaDOS/default.nix +++ b/disko/GLaDOS/default.nix @@ -1,9 +1,9 @@ { disko.devices = { disk = { - sda1 = { + main = { type = "disk"; - device = "/dev/disk/by-path/pci-0000:06:00.0-ata-6"; + device = "/dev/disk/by-path/pci-0000:01:00.0-nvme-1"; content = { type = "gpt"; partitions = { @@ -14,64 +14,45 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; + mountOptions = [ "umask=0077" ]; }; }; - luks = { + nvme_luks = { size = "100%"; content = { type = "luks"; - name = "crypted"; - extraOpenArgs = []; + name = "nvme_crypted"; + extraOpenArgs = [ ]; settings = { # if you want to use the key for interactive login be sure there is no trailing newline # for example use `echo -n "password" > /tmp/secret.key` #keyFile = "/tmp/secret.key"; allowDiscards = true; }; - #additionalKeyFiles = ["/tmp/additionalSecret.key"]; content = { type = "lvm_pv"; - vg = "pool"; + vg = "nvme_pool"; }; }; }; }; }; }; - #sdc = { - #device = "/dev/disk/by-path/pci-0000:06:00.0-ata-2"; - #type = "disk"; - #content = { - #type = "gpt"; - #partitions = { - #root = { - #size = "100%"; - #content = { - #type = "filesystem"; - #format = "ext4"; - #mountpoint = "/media"; - #}; - #}; - #}; - #}; - #}; }; lvm_vg = { - pool = { + nvme_pool = { type = "lvm_vg"; lvs = { - swap = { - size = "16G"; + nvme_swap = { + size = "32G"; content = { type = "swap"; + discardPolicy = "both"; resumeDevice = true; # resume from hiberation from this device }; }; - root = { - size = "100%FREE"; + nvme_root = { + size = "100%"; content = { type = "filesystem"; format = "ext4"; @@ -84,13 +65,5 @@ }; }; }; - nodev = { - "/home/lillian/Downloads" = { - fsType = "tmpfs"; - mountOptions = [ - "size=4G" - ]; - }; - }; }; } diff --git a/flake.nix b/flake.nix index 9382a34..2822f98 100644 --- a/flake.nix +++ b/flake.nix @@ -180,6 +180,18 @@ # NixOS configuration entrypoint # Available through 'nixos-rebuild --flake .#your-hostname' nixosConfigurations = { + nixIso = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs outputs;}; + modules = + sharedModules + ++ desktopModules + ++ [ + ./nixos/hosts/iso/configuration.nix + "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix" + ]; + }; + EDI = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = {inherit inputs outputs;}; diff --git a/home-manager/hosts/iso/id_ed25519.pub b/home-manager/hosts/iso/id_ed25519.pub new file mode 100644 index 0000000..c1ae600 --- /dev/null +++ b/home-manager/hosts/iso/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeZHHAEoUh/Ly9F1xUSPZLPNE0Yh/wM2qWgKvlEBa8A lillian@GLaDOS diff --git a/home-manager/hosts/iso/lillian.nix b/home-manager/hosts/iso/lillian.nix index 1922c62..b76bd91 100644 --- a/home-manager/hosts/iso/lillian.nix +++ b/home-manager/hosts/iso/lillian.nix @@ -11,13 +11,11 @@ # You can also split up your configuration and import pieces of it here: # ./nvim.nix - ../../desktop - ../../shared ]; home.packages = with pkgs; [ ]; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - home.stateVersion = "25.05"; + home.stateVersion = "25.11"; } diff --git a/nixos/desktop/default.nix b/nixos/desktop/default.nix index 41689cc..e64e83e 100644 --- a/nixos/desktop/default.nix +++ b/nixos/desktop/default.nix @@ -30,7 +30,7 @@ }; environment.systemPackages = - (with pkgs; [ + with pkgs; [ # Custom tools dvd dvt @@ -85,16 +85,17 @@ libportal # User tools + freetube noisetorch qjackctl wireplumber #rustdesk - ]) - ++ (with pkgs-edge; [ - freetube - # list of latest packages from nixpkgs master - # Can be used to install latest version of some packages - ]); + ] + # ++ (with pkgs-edge; [ + # list of latest packages from nixpkgs master + # Can be used to install latest version of some packages + # ]) + ; sops = { secrets."nextcloud-password" = { mode = "0600"; diff --git a/nixos/hosts/GLaDOS/configuration.nix b/nixos/hosts/GLaDOS/configuration.nix index 238dd13..4d01abb 100644 --- a/nixos/hosts/GLaDOS/configuration.nix +++ b/nixos/hosts/GLaDOS/configuration.nix @@ -31,6 +31,7 @@ ]; environment.systemPackages = with pkgs; [ + gparted ]; services.vpn-ip = { diff --git a/nixos/hosts/iso/configuration.nix b/nixos/hosts/iso/configuration.nix index 1c45890..fd73d37 100644 --- a/nixos/hosts/iso/configuration.nix +++ b/nixos/hosts/iso/configuration.nix @@ -10,20 +10,20 @@ # outputs.homeManagerModules.example # outputs.nixosModules.contabo.wan inputs.home-manager.nixosModules.home-manager + outputs.nixosModules.vpn-ip # Or modules exported from other flakes (such as nix-colors): # inputs.nix-colors.homeManagerModules.defaults # Import shared settings - ../../shared ]; - programs.command-not-found.enable = lib.mkForce false; - programs.nix-index.enable = true; - programs.nix-index-database.comma.enable = true; + # programs.command-not-found.enable = lib.mkForce false; + # programs.nix-index.enable = true; + # programs.nix-index-database.comma.enable = true; - boot.tmp.cleanOnBoot = true; - zramSwap.enable = false; - networking.domain = ""; + # boot.tmp.cleanOnBoot = true; + # zramSwap.enable = false; + # networking.domain = ""; services.openssh = { enable = true; # require public key authentication for better security @@ -45,7 +45,9 @@ #Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys sops.defaultSopsFile = ./secrets/sops.yaml; - services.desktopManager.plasma6.enable = true; + services.vpn-ip.enable = false; + + # services.desktopManager.plasma6.enable = true; environment.systemPackages = with pkgs; [ # Custom tools @@ -65,7 +67,6 @@ sbctl tpm2-tools tpm2-tss - waydroid zsh # KDE/QT @@ -81,13 +82,14 @@ kdePackages.plasma-pa kdePackages.sddm-kcm kdePackages.dolphin-plugins - libportal-qt5 libportal ]; # Enable networking networking.networkmanager.enable = true; + networking.hostName = "iso"; + # Contabo ipv6 nameservers: "2a02:c207::1:53" "2a02:c207::2:53" networking.firewall.enable = true; @@ -106,24 +108,24 @@ # Enable bluetooth hardware hardware.bluetooth.enable = true; - security.tpm2.enable = true; - security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so - security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables - users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices + # security.tpm2.enable = true; + # security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so + # security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables + # users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices # Set your time zone. time.timeZone = "Europe/Amsterdam"; - programs.git = { - enable = true; - }; + # programs.git = { + # enable = true; + # }; - programs.direnv = { - enable = true; - }; + # programs.direnv = { + # enable = true; + # }; - # Enable completion of system packages by zsh - environment.pathsToLink = ["/share/zsh"]; + # # Enable completion of system packages by zsh + # environment.pathsToLink = ["/share/zsh"]; # kde power settings do not turn off screen systemd = { @@ -136,17 +138,17 @@ }; }; - home-manager = { - extraSpecialArgs = {inherit inputs outputs;}; - users = { - # Import your home-manager configuration - lillian = import ../../../home-manager/hosts/iso; - }; - }; + # home-manager = { + # extraSpecialArgs = {inherit inputs outputs;}; + # users = { + # # Import your home-manager configuration + # lillian = import ../../../home-manager/hosts/iso; + # }; + # }; - boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; - boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"]; + # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; + # boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"]; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "24.11"; + system.stateVersion = "25.11"; } diff --git a/nixos/hosts/iso/secrets/sops.yaml b/nixos/hosts/iso/secrets/sops.yaml index 92548c8..27763b5 100644 --- a/nixos/hosts/iso/secrets/sops.yaml +++ b/nixos/hosts/iso/secrets/sops.yaml @@ -1,9 +1,8 @@ lillian-password: ENC[AES256_GCM,data:eQzZwGxK9Lw2gc8HDNw57odxPzTH4sa/2O97h3VAghRwLClmCYKT91kxj2F3kQ4iEctBl0GxdS4WoL3H9eE4/CAPffXdTmkdYg==,iv:2ezB4DNHFv5ceJ2gtATV12Azm3vFFDLX1qSSy+cKuMY=,tag:zxb5agUCDpi92bYV7+DmoA==,type:str] +ssh-private-key: ENC[AES256_GCM,data:YQ+9aKpBL9XYl0IBxpPttUli6/E25alUhO36dZwPPSIBLI1ehyczocQMxNRYNtB2xKYx4wPaYIndLBhj9VdTUgaOWUd2C6aU6YgXgFAsjgEwqVDZWRp7TrTHojtrS5HnJgfopx6EqPf/uljD9yQsOkubDDUbpYkpWX/3vixm9LJ1eRXxTxXW8D3O5OM2Z1NsqA7meVa1xhvWJokqS4sD5ntp1HT78Xmu62EweHQVGaznUvWZupYh0uCQd0tr6GVTZLHdyCdaFUGHRbRddBcljpBIRWaWkhIrkjejvptUZ4Ht/UN5XM5z+zfU3DxsDOxeJ7m83om9I3WdZSdq1aDXe+VFEfMrx/0QTk2LtAmOvujcN6wO7a77SD4Rpuvq8KH2CeKrwMLlFf2BeGIcGhvAhRYUVxtypM38DEdbf/7xIcw0vQP2zNZN4QWdukUInDndnAxMfbIXKpYI5OPRaZMTVui41hkS86LBfbd5RhTjyzrtIpVSq9XkKRX7d5i8Gcjb4ORpQvrNNYMo+TXCiLNTg3/q0My/jEhfjfTF,iv:EpKC9judTZ1+0Y2LC1OK2YzGH/orRpZNtE7O+ZZyU1E=,tag:S6ju/FkwIBbBA8YU3dRo1A==,type:str] +nextcloud-password: ENC[AES256_GCM,data:5u8j1wau5FewTe+t3YZ365Acfcrt09XDgCUNpDbuVKaNZIEW3gdR60XACQeAvsyQeznynILJnz7/txV2,iv:l1xYhUkQGdWYNNy1lG9xB5SgL9cn2FdzAs19iVCohlA=,tag:rT0flG+v9wd8jSUm8DrCjg==,type:str] +wg-private-key: ENC[AES256_GCM,data:3JpyscuzK4LG1lfM3oyQNBHy7BQ2WeTaSyaZoaNfS4U7KkpEaCp5EVLBYiY=,iv:odDG8xp+d+O4FuECfeCJn/z2ka4KSzSBvgBCmcMZ0S0=,tag:iPwnqgtap+i44Mru/S7TyA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz enc: | @@ -14,8 +13,7 @@ sops: dXlaN3dWOUl4Mys2V0x3Z3F6UVU4MVUKEJYpX8XhSNcM+7aUuxnIwrokY0/29Cnh yz0HAZkaj8FwvnPnafo5jmwVyi6WXECvX5E0NZfjKH4AF5vTu6Wukg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-20T18:17:48Z" - mac: ENC[AES256_GCM,data:3UHIoYPHC6n56CHguOVuoFd9VwCjGiD9VCYy2d5W+4XQEZpjnONX8fhwwWRm42COymz89tmqDmpDp88BnSU8uE14IaCIUoxfCaRiZtjAiHjouua2jr50aUV56pwyan8ZiiOjP8oP1VY/tsv1w0jWI9TjSTHvCdNLR8XEcf6bCrk=,iv:/lBJdkQgwZyiztQ9vSoHgY+WxXJKHFI93dxtOSunHNo=,tag:lLwrSdzoN9CzmyIdLOe5ig==,type:str] - pgp: [] + lastmodified: "2025-08-14T18:00:16Z" + mac: ENC[AES256_GCM,data:NnX0hMrfeKJucgqgVUIUS0WOHerkDtKe3P+4vvWRCMX3eXg4Tsju8pZySZP7RSZX7+2W3OUHMOUuAum0YrVasTXuhm6jPvlbqvRnVXaVzCNheIUvTCF7LFeJEOQYKS5m8AiVKFRrxz+dGn90DSeijjajSePBjo8AnKyAOQEt1S8=,iv:1iJiqJU0vdDiWnJAYDlbOBBa9lBOODjjdlsRH54aTGI=,tag:JZtgVeLvFN6vcCZkRnuNcQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.10.2 diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix index 9402ef1..3b4b4dd 100644 --- a/nixos/hosts/wheatley/configuration.nix +++ b/nixos/hosts/wheatley/configuration.nix @@ -306,7 +306,7 @@ # enable NAT enable = true; externalInterface = "end0"; - internalInterfaces = ["wg1"]; + internalInterfaces = ["wg1" "mullvad"]; }; firewall = { enable = true;