Add firestar
This commit is contained in:
parent
4aa04bfe88
commit
3c121dee13
4 changed files with 244 additions and 0 deletions
81
firestar/default.nix
Normal file
81
firestar/default.nix
Normal file
|
@ -0,0 +1,81 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
./wireguard.nix
|
||||
];
|
||||
|
||||
# Nix cache
|
||||
nix.extraOptions = ''
|
||||
secret-key-files = /etc/nix/cache-priv-key.pem
|
||||
'';
|
||||
|
||||
# Bootloader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||
|
||||
# Setup keyfile
|
||||
boot.initrd.secrets = {
|
||||
"/crypto_keyfile.bin" = null;
|
||||
"/keyfile" = null;
|
||||
};
|
||||
|
||||
# Enable swap on luks
|
||||
boot.initrd.luks.devices."luks-28ea4268-e74a-4ed7-9484-b113c676124e".device = "/dev/disk/by-uuid/28ea4268-e74a-4ed7-9484-b113c676124e";
|
||||
boot.initrd.luks.devices."luks-28ea4268-e74a-4ed7-9484-b113c676124e".keyFile = "/crypto_keyfile.bin";
|
||||
|
||||
boot.initrd.luks.devices."cryptdrive4".device = "/dev/disk/by-uuid/d2119824-fe98-449b-9d1b-2ab552568493";
|
||||
boot.initrd.luks.devices."cryptdrive4".keyFile = "/keyfile";
|
||||
|
||||
boot.initrd.luks.devices."cryptdrive3".device = "/dev/disk/by-uuid/99dd440d-c6ed-4149-85a1-e8f22a6f2535";
|
||||
boot.initrd.luks.devices."cryptdrive3".keyFile = "/keyfile";
|
||||
|
||||
boot.initrd.luks.devices."cryptdrive2".device = "/dev/disk/by-uuid/fd0c26d4-db05-4218-826c-51a87dd39eb5";
|
||||
boot.initrd.luks.devices."cryptdrive2".keyFile = "/keyfile";
|
||||
|
||||
boot.initrd.luks.devices."cryptdrive1".device = "/dev/disk/by-uuid/20515efa-5380-4116-946e-7fe527ed3b92";
|
||||
boot.initrd.luks.devices."cryptdrive1".keyFile = "/keyfile";
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
|
||||
fileSystems = {
|
||||
"/home/asonix/Development".options = [ "compress=zstd" ];
|
||||
"/home/asonix/Diskimages".options = [ "compress=zstd" ];
|
||||
"/home/asonix/Documents".options = [ "compress=zstd" ];
|
||||
"/home/asonix/Downloads".options = [ "compress=zstd" ];
|
||||
"/home/asonix/Games".options = [ "compress=zstd" ];
|
||||
"/home/asonix/Games2".options = [ "compress=zstd" ];
|
||||
"/home/asonix/Music".options = [ "compress=zstd" ];
|
||||
"/home/asonix/Pictures".options = [ "compress=zstd" ];
|
||||
"/home/asonix/Videos".options = [ "compress=zstd" ];
|
||||
};
|
||||
|
||||
networking.hostName = "firestar"; # Define your hostname.
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# Or disable the firewall altogether.
|
||||
# networking.firewall.enable = false;
|
||||
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It's perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "22.05"; # Did you read the comment?
|
||||
|
||||
}
|
129
firestar/hardware-configuration.nix
Normal file
129
firestar/hardware-configuration.nix
Normal file
|
@ -0,0 +1,129 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/hardware/network/broadcom-43xx.nix")
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/09ed1efd-4baa-42f3-840b-6c4635f3acea";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."luks-0da55fa3-569a-4687-ab82-7618c5c8ec0a".device = "/dev/disk/by-uuid/0da55fa3-569a-4687-ab82-7618c5c8ec0a";
|
||||
|
||||
fileSystems."/boot/efi" =
|
||||
{ device = "/dev/disk/by-uuid/53F9-82A1";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/btrfs/nvme2" =
|
||||
{ device = "/dev/disk/by-uuid/fe880346-4ec8-4c64-8992-60127a484147";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."cryptdrive2".device = "/dev/disk/by-uuid/fd0c26d4-db05-4218-826c-51a87dd39eb5";
|
||||
|
||||
fileSystems."/home/asonix/Games2" =
|
||||
{ device = "/dev/disk/by-uuid/fe880346-4ec8-4c64-8992-60127a484147";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@games" ];
|
||||
};
|
||||
|
||||
fileSystems."/btrfs/nvme" =
|
||||
{ device = "/dev/disk/by-uuid/344b7e72-1098-448e-9d4f-8170af224605";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."cryptdrive1".device = "/dev/disk/by-uuid/20515efa-5380-4116-946e-7fe527ed3b92";
|
||||
|
||||
fileSystems."/home/asonix/Development" =
|
||||
{ device = "/dev/disk/by-uuid/344b7e72-1098-448e-9d4f-8170af224605";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@development" ];
|
||||
};
|
||||
|
||||
fileSystems."/btrfs/ssd" =
|
||||
{ device = "/dev/disk/by-uuid/60d35aa5-d38d-4070-9c90-c5adaed90862";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."cryptdrive3".device = "/dev/disk/by-uuid/99dd440d-c6ed-4149-85a1-e8f22a6f2535";
|
||||
|
||||
fileSystems."/home/asonix/Games" =
|
||||
{ device = "/dev/disk/by-uuid/60d35aa5-d38d-4070-9c90-c5adaed90862";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@games" ];
|
||||
};
|
||||
|
||||
fileSystems."/btrfs/hdd" =
|
||||
{ device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."cryptdrive4".device = "/dev/disk/by-uuid/d2119824-fe98-449b-9d1b-2ab552568493";
|
||||
|
||||
fileSystems."/home/asonix/Documents" =
|
||||
{ device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@documents" ];
|
||||
};
|
||||
|
||||
fileSystems."/home/asonix/Diskimages" =
|
||||
{ device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@diskimages" ];
|
||||
};
|
||||
|
||||
fileSystems."/home/asonix/Downloads" =
|
||||
{ device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@downloads" ];
|
||||
};
|
||||
|
||||
fileSystems."/home/asonix/Videos" =
|
||||
{ device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@videos" ];
|
||||
};
|
||||
|
||||
fileSystems."/home/asonix/Pictures" =
|
||||
{ device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@pictures" ];
|
||||
};
|
||||
|
||||
fileSystems."/home/asonix/Music" =
|
||||
{ device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@music" ];
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/ec3f1ad9-5f72-4a8e-8562-f25156c936a2"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp114s0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wg0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp113s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
# high-resolution display
|
||||
hardware.video.hidpi.enable = lib.mkDefault true;
|
||||
}
|
23
firestar/wireguard.nix
Normal file
23
firestar/wireguard.nix
Normal file
|
@ -0,0 +1,23 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [ 51820 ];
|
||||
};
|
||||
|
||||
networking.wg-quick.interfaces = {
|
||||
wg0 = {
|
||||
address = [ "192.168.5.10/24" ];
|
||||
dns = [ "192.168.5.1" ];
|
||||
privateKeyFile = "/etc/wireguard/privatekey";
|
||||
peers = [
|
||||
{
|
||||
publicKey = "lQYGzNIxgUrDmU32rlnmnc72dK7TSH7hxts3tMtE+VQ=";
|
||||
allowedIPs = [ "192.168.5.0/24" "192.168.6.0/24" "192.168.20.0/24" ];
|
||||
endpoint = "wg.asonix.dog:51820";
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
11
flake.nix
11
flake.nix
|
@ -4,6 +4,17 @@
|
|||
};
|
||||
|
||||
outputs = { self, nixpkgs, ... }@attrs: {
|
||||
nixosConfigurations.firestar = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = attrs;
|
||||
modules = [
|
||||
./desktop.nix
|
||||
./firestar
|
||||
./fonts.nix
|
||||
./packages.nix
|
||||
./user.nix
|
||||
];
|
||||
};
|
||||
nixosConfigurations.graystripe = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = attrs;
|
||||
|
|
Loading…
Reference in a new issue