Add firestar

2023-02-10 20:27:39 -06:00 · 2023-02-10 20:27:39 -06:00 · 3c121dee13
commit 3c121dee13
parent 4aa04bfe88
4 changed files with 244 additions and 0 deletions
--- a/firestar/default.nix
+++ b/firestar/default.nix
@ -0,0 +1,81 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ./wireguard.nix
+    ];
+
+  # Nix cache
+  nix.extraOptions = ''
+  secret-key-files = /etc/nix/cache-priv-key.pem
+  '';
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+
+  # Setup keyfile
+  boot.initrd.secrets = {
+    "/crypto_keyfile.bin" = null;
+    "/keyfile" = null;
+  };
+
+  # Enable swap on luks
+  boot.initrd.luks.devices."luks-28ea4268-e74a-4ed7-9484-b113c676124e".device = "/dev/disk/by-uuid/28ea4268-e74a-4ed7-9484-b113c676124e";
+  boot.initrd.luks.devices."luks-28ea4268-e74a-4ed7-9484-b113c676124e".keyFile = "/crypto_keyfile.bin";
+
+  boot.initrd.luks.devices."cryptdrive4".device = "/dev/disk/by-uuid/d2119824-fe98-449b-9d1b-2ab552568493";
+  boot.initrd.luks.devices."cryptdrive4".keyFile = "/keyfile";
+
+  boot.initrd.luks.devices."cryptdrive3".device = "/dev/disk/by-uuid/99dd440d-c6ed-4149-85a1-e8f22a6f2535";
+  boot.initrd.luks.devices."cryptdrive3".keyFile = "/keyfile";
+
+  boot.initrd.luks.devices."cryptdrive2".device = "/dev/disk/by-uuid/fd0c26d4-db05-4218-826c-51a87dd39eb5";
+  boot.initrd.luks.devices."cryptdrive2".keyFile = "/keyfile";
+
+  boot.initrd.luks.devices."cryptdrive1".device = "/dev/disk/by-uuid/20515efa-5380-4116-946e-7fe527ed3b92";
+  boot.initrd.luks.devices."cryptdrive1".keyFile = "/keyfile";
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+  fileSystems = {
+    "/home/asonix/Development".options = [ "compress=zstd" ];
+    "/home/asonix/Diskimages".options = [ "compress=zstd" ];
+    "/home/asonix/Documents".options = [ "compress=zstd" ];
+    "/home/asonix/Downloads".options = [ "compress=zstd" ];
+    "/home/asonix/Games".options = [ "compress=zstd" ];
+    "/home/asonix/Games2".options = [ "compress=zstd" ];
+    "/home/asonix/Music".options = [ "compress=zstd" ];
+    "/home/asonix/Pictures".options = [ "compress=zstd" ];
+    "/home/asonix/Videos".options = [ "compress=zstd" ];
+  };
+
+  networking.hostName = "firestar"; # Define your hostname.
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.05"; # Did you read the comment?
+
+}
--- a/firestar/hardware-configuration.nix
+++ b/firestar/hardware-configuration.nix
@ -0,0 +1,129 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/hardware/network/broadcom-43xx.nix")
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/09ed1efd-4baa-42f3-840b-6c4635f3acea";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."luks-0da55fa3-569a-4687-ab82-7618c5c8ec0a".device = "/dev/disk/by-uuid/0da55fa3-569a-4687-ab82-7618c5c8ec0a";
+
+  fileSystems."/boot/efi" =
+    { device = "/dev/disk/by-uuid/53F9-82A1";
+      fsType = "vfat";
+    };
+
+  fileSystems."/btrfs/nvme2" =
+    { device = "/dev/disk/by-uuid/fe880346-4ec8-4c64-8992-60127a484147";
+      fsType = "btrfs";
+    };
+
+  boot.initrd.luks.devices."cryptdrive2".device = "/dev/disk/by-uuid/fd0c26d4-db05-4218-826c-51a87dd39eb5";
+
+  fileSystems."/home/asonix/Games2" =
+    { device = "/dev/disk/by-uuid/fe880346-4ec8-4c64-8992-60127a484147";
+      fsType = "btrfs";
+      options = [ "subvol=@games" ];
+    };
+
+  fileSystems."/btrfs/nvme" =
+    { device = "/dev/disk/by-uuid/344b7e72-1098-448e-9d4f-8170af224605";
+      fsType = "btrfs";
+    };
+
+  boot.initrd.luks.devices."cryptdrive1".device = "/dev/disk/by-uuid/20515efa-5380-4116-946e-7fe527ed3b92";
+
+  fileSystems."/home/asonix/Development" =
+    { device = "/dev/disk/by-uuid/344b7e72-1098-448e-9d4f-8170af224605";
+      fsType = "btrfs";
+      options = [ "subvol=@development" ];
+    };
+
+  fileSystems."/btrfs/ssd" =
+    { device = "/dev/disk/by-uuid/60d35aa5-d38d-4070-9c90-c5adaed90862";
+      fsType = "btrfs";
+    };
+
+  boot.initrd.luks.devices."cryptdrive3".device = "/dev/disk/by-uuid/99dd440d-c6ed-4149-85a1-e8f22a6f2535";
+
+  fileSystems."/home/asonix/Games" =
+    { device = "/dev/disk/by-uuid/60d35aa5-d38d-4070-9c90-c5adaed90862";
+      fsType = "btrfs";
+      options = [ "subvol=@games" ];
+    };
+
+  fileSystems."/btrfs/hdd" =
+    { device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e";
+      fsType = "btrfs";
+    };
+
+  boot.initrd.luks.devices."cryptdrive4".device = "/dev/disk/by-uuid/d2119824-fe98-449b-9d1b-2ab552568493";
+
+  fileSystems."/home/asonix/Documents" =
+    { device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e";
+      fsType = "btrfs";
+      options = [ "subvol=@documents" ];
+    };
+
+  fileSystems."/home/asonix/Diskimages" =
+    { device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e";
+      fsType = "btrfs";
+      options = [ "subvol=@diskimages" ];
+    };
+
+  fileSystems."/home/asonix/Downloads" =
+    { device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e";
+      fsType = "btrfs";
+      options = [ "subvol=@downloads" ];
+    };
+
+  fileSystems."/home/asonix/Videos" =
+    { device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e";
+      fsType = "btrfs";
+      options = [ "subvol=@videos" ];
+    };
+
+  fileSystems."/home/asonix/Pictures" =
+    { device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e";
+      fsType = "btrfs";
+      options = [ "subvol=@pictures" ];
+    };
+
+  fileSystems."/home/asonix/Music" =
+    { device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e";
+      fsType = "btrfs";
+      options = [ "subvol=@music" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/ec3f1ad9-5f72-4a8e-8562-f25156c936a2"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp114s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wg0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp113s0.useDHCP = lib.mkDefault true;
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  # high-resolution display
+  hardware.video.hidpi.enable = lib.mkDefault true;
+}
--- a/firestar/wireguard.nix
+++ b/firestar/wireguard.nix
@ -0,0 +1,23 @@
+{ config, pkgs, ... }:
+
+{
+  networking.firewall = {
+    allowedUDPPorts = [ 51820 ];
+  };
+
+  networking.wg-quick.interfaces = {
+    wg0 = {
+      address = [ "192.168.5.10/24" ];
+      dns = [ "192.168.5.1" ];
+      privateKeyFile = "/etc/wireguard/privatekey";
+      peers = [
+        {
+          publicKey = "lQYGzNIxgUrDmU32rlnmnc72dK7TSH7hxts3tMtE+VQ=";
+          allowedIPs = [ "192.168.5.0/24" "192.168.6.0/24" "192.168.20.0/24" ];
+          endpoint = "wg.asonix.dog:51820";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };
+}
--- a/flake.nix
+++ b/flake.nix
@ -4,6 +4,17 @@
  };

  outputs = { self, nixpkgs, ... }@attrs: {
+    nixosConfigurations.firestar = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      specialArgs = attrs;
+      modules = [
+        ./desktop.nix
+	./firestar
+	./fonts.nix
+	./packages.nix
+	./user.nix
+      ];
+    };
    nixosConfigurations.graystripe = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      specialArgs = attrs;