From eda67ab40e97414f4a79dd96bad73daf4f0ffb99 Mon Sep 17 00:00:00 2001 From: Swarsel Date: Mon, 23 Sep 2024 22:40:03 +0200 Subject: [PATCH] feat: add hardware-configuration for winters --- SwarselSystems.org | 22 ++++++---- modules/nixos/setup.nix | 3 ++ profiles/server/common/nginx.nix | 5 ++- profiles/server/common/sops.nix | 2 +- profiles/server/winters/default.nix | 12 +++--- .../server/winters/hardware-configuration.nix | 41 +++++++++++++++++++ 6 files changed, 67 insertions(+), 18 deletions(-) create mode 100644 profiles/server/winters/hardware-configuration.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index 11b7465..b72cfb6 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -2044,12 +2044,12 @@ My work machine. Built for more security, this is the gold standard of my config flakePath = "/home/swarsel/.dotfiles"; server = { enable = true; - kavita = true; - navidrome = true; - jellyfin = true; - spotifyd = true; - mpd = true; - matrix = true; + kavita = false; + navidrome = false; + jellyfin = false; + spotifyd = false; + mpd = false; + matrix = false; }; shellAliases = { nswitch = "cd /.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; @@ -4657,6 +4657,9 @@ I usually use =mutableUsers = false= in my NixOS configuration. However, on a ne #+begin_src nix :tangle modules/nixos/setup.nix { lib, ... }: + let + inherit (lib) mkOption types; + in { options.swarselsystems.flakePath = mkOption { @@ -6568,7 +6571,7 @@ Also, the system state version is set here. No need to touch it. **** sops #+begin_src nix :tangle profiles/server/common/sops.nix - { pkgs, ... }: + { pkgs, config, ... }: { sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; @@ -6588,10 +6591,11 @@ Also, the system state version is set here. No need to touch it. lego ]; - users.users.acme = {}; + # users.users.acme = {}; sops = { - secrets.dnstokenfull = { owner = "acme"; }; + # secrets.dnstokenfull = { owner = "acme"; }; + secrets.dnstokenfull = {}; templates."certs.secret".content = '' CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} ''; diff --git a/modules/nixos/setup.nix b/modules/nixos/setup.nix index 4bf7cbe..7a03d93 100644 --- a/modules/nixos/setup.nix +++ b/modules/nixos/setup.nix @@ -1,4 +1,7 @@ { lib, ... }: +let + inherit (lib) mkOption types; +in { options.swarselsystems.flakePath = mkOption { diff --git a/profiles/server/common/nginx.nix b/profiles/server/common/nginx.nix index 2883003..43920d3 100644 --- a/profiles/server/common/nginx.nix +++ b/profiles/server/common/nginx.nix @@ -4,10 +4,11 @@ lego ]; - users.users.acme = { }; + # users.users.acme = {}; sops = { - secrets.dnstokenfull = { owner = "acme"; }; + # secrets.dnstokenfull = { owner = "acme"; }; + secrets.dnstokenfull = { }; templates."certs.secret".content = '' CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} ''; diff --git a/profiles/server/common/sops.nix b/profiles/server/common/sops.nix index 2abe2a7..a0b71bb 100644 --- a/profiles/server/common/sops.nix +++ b/profiles/server/common/sops.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; diff --git a/profiles/server/winters/default.nix b/profiles/server/winters/default.nix index 97a6a1c..d9d18be 100644 --- a/profiles/server/winters/default.nix +++ b/profiles/server/winters/default.nix @@ -41,12 +41,12 @@ flakePath = "/home/swarsel/.dotfiles"; server = { enable = true; - kavita = true; - navidrome = true; - jellyfin = true; - spotifyd = true; - mpd = true; - matrix = true; + kavita = false; + navidrome = false; + jellyfin = false; + spotifyd = false; + mpd = false; + matrix = false; }; shellAliases = { nswitch = "cd /.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; diff --git a/profiles/server/winters/hardware-configuration.nix b/profiles/server/winters/hardware-configuration.nix new file mode 100644 index 0000000..eab4757 --- /dev/null +++ b/profiles/server/winters/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/30e2f96a-b01d-4c27-9ebb-d5d7e9f0031f"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/F0D8-8BD1"; + fsType = "vfat"; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/a8eb6f3b-69bf-4160-90aa-9247abc108e0"; }]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}