From 3c121dee13825a48a1bbb102ec528dc06509e9bb Mon Sep 17 00:00:00 2001 From: Aode Date: Fri, 10 Feb 2023 20:27:39 -0600 Subject: [PATCH] Add firestar --- firestar/default.nix | 81 +++++++++++++++++ firestar/hardware-configuration.nix | 129 ++++++++++++++++++++++++++++ firestar/wireguard.nix | 23 +++++ flake.nix | 11 +++ 4 files changed, 244 insertions(+) create mode 100644 firestar/default.nix create mode 100644 firestar/hardware-configuration.nix create mode 100644 firestar/wireguard.nix diff --git a/firestar/default.nix b/firestar/default.nix new file mode 100644 index 0000000..c84e37c --- /dev/null +++ b/firestar/default.nix @@ -0,0 +1,81 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./wireguard.nix + ]; + + # Nix cache + nix.extraOptions = '' + secret-key-files = /etc/nix/cache-priv-key.pem + ''; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot/efi"; + + # Setup keyfile + boot.initrd.secrets = { + "/crypto_keyfile.bin" = null; + "/keyfile" = null; + }; + + # Enable swap on luks + boot.initrd.luks.devices."luks-28ea4268-e74a-4ed7-9484-b113c676124e".device = "/dev/disk/by-uuid/28ea4268-e74a-4ed7-9484-b113c676124e"; + boot.initrd.luks.devices."luks-28ea4268-e74a-4ed7-9484-b113c676124e".keyFile = "/crypto_keyfile.bin"; + + boot.initrd.luks.devices."cryptdrive4".device = "/dev/disk/by-uuid/d2119824-fe98-449b-9d1b-2ab552568493"; + boot.initrd.luks.devices."cryptdrive4".keyFile = "/keyfile"; + + boot.initrd.luks.devices."cryptdrive3".device = "/dev/disk/by-uuid/99dd440d-c6ed-4149-85a1-e8f22a6f2535"; + boot.initrd.luks.devices."cryptdrive3".keyFile = "/keyfile"; + + boot.initrd.luks.devices."cryptdrive2".device = "/dev/disk/by-uuid/fd0c26d4-db05-4218-826c-51a87dd39eb5"; + boot.initrd.luks.devices."cryptdrive2".keyFile = "/keyfile"; + + boot.initrd.luks.devices."cryptdrive1".device = "/dev/disk/by-uuid/20515efa-5380-4116-946e-7fe527ed3b92"; + boot.initrd.luks.devices."cryptdrive1".keyFile = "/keyfile"; + + boot.kernelPackages = pkgs.linuxPackages_latest; + + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + fileSystems = { + "/home/asonix/Development".options = [ "compress=zstd" ]; + "/home/asonix/Diskimages".options = [ "compress=zstd" ]; + "/home/asonix/Documents".options = [ "compress=zstd" ]; + "/home/asonix/Downloads".options = [ "compress=zstd" ]; + "/home/asonix/Games".options = [ "compress=zstd" ]; + "/home/asonix/Games2".options = [ "compress=zstd" ]; + "/home/asonix/Music".options = [ "compress=zstd" ]; + "/home/asonix/Pictures".options = [ "compress=zstd" ]; + "/home/asonix/Videos".options = [ "compress=zstd" ]; + }; + + networking.hostName = "firestar"; # Define your hostname. + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.05"; # Did you read the comment? + +} diff --git a/firestar/hardware-configuration.nix b/firestar/hardware-configuration.nix new file mode 100644 index 0000000..dc8d812 --- /dev/null +++ b/firestar/hardware-configuration.nix @@ -0,0 +1,129 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/hardware/network/broadcom-43xx.nix") + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/09ed1efd-4baa-42f3-840b-6c4635f3acea"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-0da55fa3-569a-4687-ab82-7618c5c8ec0a".device = "/dev/disk/by-uuid/0da55fa3-569a-4687-ab82-7618c5c8ec0a"; + + fileSystems."/boot/efi" = + { device = "/dev/disk/by-uuid/53F9-82A1"; + fsType = "vfat"; + }; + + fileSystems."/btrfs/nvme2" = + { device = "/dev/disk/by-uuid/fe880346-4ec8-4c64-8992-60127a484147"; + fsType = "btrfs"; + }; + + boot.initrd.luks.devices."cryptdrive2".device = "/dev/disk/by-uuid/fd0c26d4-db05-4218-826c-51a87dd39eb5"; + + fileSystems."/home/asonix/Games2" = + { device = "/dev/disk/by-uuid/fe880346-4ec8-4c64-8992-60127a484147"; + fsType = "btrfs"; + options = [ "subvol=@games" ]; + }; + + fileSystems."/btrfs/nvme" = + { device = "/dev/disk/by-uuid/344b7e72-1098-448e-9d4f-8170af224605"; + fsType = "btrfs"; + }; + + boot.initrd.luks.devices."cryptdrive1".device = "/dev/disk/by-uuid/20515efa-5380-4116-946e-7fe527ed3b92"; + + fileSystems."/home/asonix/Development" = + { device = "/dev/disk/by-uuid/344b7e72-1098-448e-9d4f-8170af224605"; + fsType = "btrfs"; + options = [ "subvol=@development" ]; + }; + + fileSystems."/btrfs/ssd" = + { device = "/dev/disk/by-uuid/60d35aa5-d38d-4070-9c90-c5adaed90862"; + fsType = "btrfs"; + }; + + boot.initrd.luks.devices."cryptdrive3".device = "/dev/disk/by-uuid/99dd440d-c6ed-4149-85a1-e8f22a6f2535"; + + fileSystems."/home/asonix/Games" = + { device = "/dev/disk/by-uuid/60d35aa5-d38d-4070-9c90-c5adaed90862"; + fsType = "btrfs"; + options = [ "subvol=@games" ]; + }; + + fileSystems."/btrfs/hdd" = + { device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e"; + fsType = "btrfs"; + }; + + boot.initrd.luks.devices."cryptdrive4".device = "/dev/disk/by-uuid/d2119824-fe98-449b-9d1b-2ab552568493"; + + fileSystems."/home/asonix/Documents" = + { device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e"; + fsType = "btrfs"; + options = [ "subvol=@documents" ]; + }; + + fileSystems."/home/asonix/Diskimages" = + { device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e"; + fsType = "btrfs"; + options = [ "subvol=@diskimages" ]; + }; + + fileSystems."/home/asonix/Downloads" = + { device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e"; + fsType = "btrfs"; + options = [ "subvol=@downloads" ]; + }; + + fileSystems."/home/asonix/Videos" = + { device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e"; + fsType = "btrfs"; + options = [ "subvol=@videos" ]; + }; + + fileSystems."/home/asonix/Pictures" = + { device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e"; + fsType = "btrfs"; + options = [ "subvol=@pictures" ]; + }; + + fileSystems."/home/asonix/Music" = + { device = "/dev/disk/by-uuid/bce8bc87-faf2-4b9e-90d2-cb8281c40c7e"; + fsType = "btrfs"; + options = [ "subvol=@music" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/ec3f1ad9-5f72-4a8e-8562-f25156c936a2"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.docker0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp114s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wg0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp113s0.useDHCP = lib.mkDefault true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + # high-resolution display + hardware.video.hidpi.enable = lib.mkDefault true; +} diff --git a/firestar/wireguard.nix b/firestar/wireguard.nix new file mode 100644 index 0000000..88f8bec --- /dev/null +++ b/firestar/wireguard.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +{ + networking.firewall = { + allowedUDPPorts = [ 51820 ]; + }; + + networking.wg-quick.interfaces = { + wg0 = { + address = [ "192.168.5.10/24" ]; + dns = [ "192.168.5.1" ]; + privateKeyFile = "/etc/wireguard/privatekey"; + peers = [ + { + publicKey = "lQYGzNIxgUrDmU32rlnmnc72dK7TSH7hxts3tMtE+VQ="; + allowedIPs = [ "192.168.5.0/24" "192.168.6.0/24" "192.168.20.0/24" ]; + endpoint = "wg.asonix.dog:51820"; + persistentKeepalive = 25; + } + ]; + }; + }; +} diff --git a/flake.nix b/flake.nix index 7d15f44..a57a617 100644 --- a/flake.nix +++ b/flake.nix @@ -4,6 +4,17 @@ }; outputs = { self, nixpkgs, ... }@attrs: { + nixosConfigurations.firestar = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = attrs; + modules = [ + ./desktop.nix + ./firestar + ./fonts.nix + ./packages.nix + ./user.nix + ]; + }; nixosConfigurations.graystripe = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = attrs;