diff --git a/.sops.yaml b/.sops.yaml index 223fdfa..9cd38a3 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,12 @@ keys: + - &seb-desktop age18x6herevmcuhcmeh47ll6p9ck9zk4ga6gfxwlc8yl49rwjxm7qusylwfgc - &dell-laptop age1jl9s4vp78wuwymjxaje6fg4ax0gg5aq8pn8khfmtn5rvap0d83tqfr05dv creation_rules: + - path_regex: hosts/seb-desktop/secrets.yaml$ + key_groups: + - age: + - *seb-desktop - path_regex: hosts/dell-laptop/secrets.yaml$ key_groups: - age: - - *dell-laptop + - *dell-laptop \ No newline at end of file diff --git a/flake.lock b/flake.lock index 94f61f8..850fb56 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1711006105, + "narHash": "sha256-pvjqjx4L2Hx/NP3RWcwLjk+ABtMODAJ9+rgreU6fP6I=", + "owner": "nix-community", + "repo": "disko", + "rev": "a8c966ee117c278a5aabc6f00b00ef62eb7e28f6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -94,6 +114,7 @@ }, "root": { "inputs": { + "disko": "disko", "home-manager": "home-manager", "nh": "nh", "nix-index-database": "nix-index-database", diff --git a/flake.nix b/flake.nix index 486782d..94ef51e 100644 --- a/flake.nix +++ b/flake.nix @@ -7,6 +7,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; @@ -36,6 +41,14 @@ ./users/seb ]; }; + seb-desktop = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/seb-desktop + ./users/seb + ]; + }; }; devShells.${system}.default = pkgs.mkShell { diff --git a/hosts/seb-desktop/default.nix b/hosts/seb-desktop/default.nix new file mode 100644 index 0000000..201113a --- /dev/null +++ b/hosts/seb-desktop/default.nix @@ -0,0 +1,37 @@ +{ + inputs, + pkgs, + ... +}: { + imports = [ + ../default.nix + ./hardware.nix + + inputs.disko.nixosModules.default + ./disko.nix + ]; + + networking.hostName = "seb-desktop"; + + environment.sessionVariables.FLAKE = "/home/seb/Projects/nixos/my-config"; + + myConfig = { + boot-loader.systemd-boot.enable = true; + + dm.lightdm.enable = true; + de.qtile.enable = true; + + sound.pipewire.enable = true; + auto-gc.enable = true; + vm.qemu.enable = true; + flatpak.enable = true; + vpn.lgs.enable = true; + comma.enable = true; + sops.enable = true; + nix-helper.enable = true; + printing.enable = true; + }; + + boot.kernelPackages = pkgs.linuxPackages_latest; + services.gvfs.enable = true; +} diff --git a/hosts/seb-desktop/disko.nix b/hosts/seb-desktop/disko.nix new file mode 100644 index 0000000..ac1eb11 --- /dev/null +++ b/hosts/seb-desktop/disko.nix @@ -0,0 +1,32 @@ +{ + disko.devices = { + disk = { + vdb = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/seb-desktop/hardware.nix b/hosts/seb-desktop/hardware.nix new file mode 100644 index 0000000..90b43b6 --- /dev/null +++ b/hosts/seb-desktop/hardware.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/seb-desktop/secrets.yaml b/hosts/seb-desktop/secrets.yaml new file mode 100644 index 0000000..7ac5059 --- /dev/null +++ b/hosts/seb-desktop/secrets.yaml @@ -0,0 +1,26 @@ +password: + seb: ENC[AES256_GCM,data:7mfTHRoomM43w+d5qWtHF3KJZWEC0HFGXvnotzkhS2qmo6PQVYLLraJ9bekK56wWX/z9sxv056oIP5OKCWSC0FFBVzisBFsQug==,iv:gVs69D65ho9+UBxcMy6wGMHTdhBPzD6khQfQgMkaqh8=,tag:u8U/4B42jYDwxz9CuGC9tw==,type:str] +vpn: + lgs: + crt: ENC[AES256_GCM,data:P0I/ybuMRHLZyPF6hc7XIxtFWo7rE1JquHVYeglq3Vhbzjy7rVLUbh+Wq8XPgWcnjaTGIcU6vL+SLL+FUbQt4UsZTYOQ1E7Gw3msENnAM/6eV0yFrGYPkeKICB60fchLHEZy3Mbh7MF+QpA6vIt424uFE7rvTlfjTm1vtmL1utT+wMZ6F74WlrchEknlX9y8ZlO2jatnMbOM9hdAlISoXKi6jnM3ubJgsQ6GKFD8dINXSd2Qv6ljxau6cAnACnb4QU1zUPcXwExj6KvbS3j4nGUEY+sTozfXwPAzTaVC+Ji4zqAzJsttdkgn7AWEfiiPp0P1zNamMNzKxUhdIWzYanHzLlf/3bZAnExc3SQpkDGmubNQcqsD7sfGrdTI5bI0GFfSs/zGrS8jltpuar7LtO9cNi5/ZHtwsO9TWjGmmFS4T63834aA/Yb8pLNPMJRDD4qmjofrmXp/JYCgc2cuLrT4cLjUPulHnffKKGDpQb/WGpCTeBlfS9OiQJL43Eh1ygsP7LaYlW5VoLQXqy6bu0cZyeIyYSBWODieFoS2kkc7P0nK5dMh1EHq6itEDDMFU5H/2yKugu2xoWlWGi0tuXx7ZHgtylAw/n400fE7kfkKfEmRUr7HyaKpn+GOGQTnuQMXYLcJ7Rmt40KydbhP9X2+LeoAX0aUkmHUU+FP2/9aRZUNDKnB1FjEy0icFOpjTvkVUxm/KT4NnqOhpoh/pqCAncNZNs6tYCyyczmujeRt1KaWI4n5FMvYjPmEpybCH4EOe9Jq3RrdTpdziZqeQg3gbq4I6uSs63zS3GJoWICbO0NdVDoxwlROIlIjaq/8MfYybKdKiCzVb4wXT7N4WNekxAxmvcKk5cAHsmxOL8R9smwjNyIekYAPjOic2MQD0BDuIEmGWNflVSUbSe2xoiwirUwLrL0+pJTaKjJcabWNTg3w1Ie+9Aw1C/UqBRmiAQBjCGoMbAU5y7BFp8qCHSfEr6fnQSUYQUvyKt2Z2A9iYBmv8/5NVN13HSr0qDEIMhLkK0F2G80oTadJ1oEmn1zAI3UolioV51GgY7HFsSYxnr4kL31wIrF3LzKist9kOEwopoFify2Lh5eY5QZYF0qHyFGWKTnccnKXelfoXMm1hXu2eP2Jk0C4CFr2AXMGGYfzXf9i70K+eaquYnOpvSgq9BY2plTUHdvkw097NVmBI8W7xQF2WfLsFxKRRGZvkXFxWKPHxvt7Q4w7oFBL4OnRWanGaFZewPikBXwUFkcZ3DPtgjv4vCPkrM5q7jYni/Qu/p3vV/7obFORWKJuBssgINAx8kJB9I65kwk3mjipXA++hAvo5onkpTh09XLKnTHzhPQ6d5Y1m6/19GB5TpuH05AOfuztl1ZaG0GJ2yBdCzW81Yz/+MGehKLE60xuHFX+HUcCWULsLmFgfb96tLVI/tHc4wEyUsqT4sEm/JGPlQGSYkgP957BQAApfIoVcY/CeY0YJsCQ5u7JHLUGtxauoUwqPfTy49oVREhPqz4h/PDUd2mshIEjG/L0g2+P32iTGPPXUk0tu1wQA3AkWE07RKT+4IX9OusaOI/VO18bg3brf6/3wa+NSUplff5aseX/i9Cx9OtAJcc/eJmIoaA04KFGV6WmY8F5ZO2nA3MwS3OC5kr2BcyUQv7WJnsZSapGIlZ3CR3ni8jyRTKcM6LrwdUfvtkTK0PF1PAV9wyqNXayT+VptI50ohFoIPxgsVhi/4mg1O66VW2cQkOWnOYqulCuIA5Gav5QEowMDh+nDFcwvtCRXGv74JGP08kiHUvQOEes676fNuYC0wx1eajz4zQKijGQn3jMPNq+7FusR1jw6tHl2slSpjyJer7L5sr69JoHfhwhFa1INSOYjak86/IG/Stwd+B7n1Hz8lytzFbRcp53nxMO13o0Sex4/Yy6ECHz0Pnq5pEdf7S6vSiBNmun6ZtyB060AaTmAVi6VLt1BC8qxjhW+8r13Liy/fyHnEl62Asief4eGia9Pkuwq3S6yqoTCkLXKXEeYdKMQH6FOs5TwFVMUsPe0YW9tjumUK0dZ3H4z3calWlHt5KPlJn6oAVyvQG0P2/+W5nJJ/UsfE3547TvaQSnesyRsnz8F1+TLiqjKjYXOKtRAwTkS412tcDU36wDKco6aCmdnZTwYlHZw4ZxeQ==,iv:3ZJ9yT9swwsmuGlm9jY/4To38UUO7K8JTMUsGZxX4GM=,tag:6dlVVdMqgEhWOhBUizjgKg==,type:str] + key: ENC[AES256_GCM,data:8vHUUhxBWoSp5WHGUgrGCCSkJK3Ju+ShElhbictHRdNnJOKhWcVri5Yx4R8c/ZnXRRiqQBZFJIkoarsM3IOEEbXoFz1YCme3DjWeoWkql6U7YIBArvsh2dJK+E21+ksgdJmwozkM0yMEXBovEVEtrTTVSF+zJHLG7BI08Pk1R3k1IOKUaWHkA7NkHFFZj3udDM7BZ8Vwrps6kkusVCBswptrIZAPAQqAU+KkMhlxEJg2lsIbUqxd4pLj5yPDny34KXMXuaWY+WV2g7dSicrILb1n0XkAToPiQDKmNCi3cx/0ej70tyvk5TkUZy8hbIn4pTWhq85LEfKWAwWoN7+2sI3cjzlGTg8cphwLCRIHtZeXrwm5gFhKd4L1oX790PeAtRSo5YhVB3q+3jbOh5hpJ5NWMfvP2o2KN7vBwGG30cMcHoYaKPIF5aldKL193rEXmWmL8bkiCrx/h/t4lN5BWBGCPKobX5GpWMG9k3Z4VwaYg1BsYdiAUzrbzKdCKIFPgZ7VBMoMFFUm/4oHKq9hI5kUOK0IuJ+kEoernkcGCIkzSibKkljgUusIRIxZspXQXjX9weY7ZrDj58f3KtiG3Mp2CdvfyBxIDG/vr1/1CTD1LTtJZpWBbTN7BHQUPcA3Q+ioRa2W+i9+VoMLdTrYhXFjUr9eLMZlL1YithrMIn8NLHqjWpLwBtHYIxoriefSWUEM8aBKJFgHh5oZZFd1l/kZbu8aM18UZDVt6i8HJs2wmjwwkw73RV+QYPH/+Tc/qJvygcFVyMUYlMhbGfGzwpglFMuMhSPHTyA=,iv:yyDXKiPQgG70xzL3PW/ly9NcC0UAAH+v3hkdp+z7Zbs=,tag:PW/PZbPtH8XtSXSqB46jbw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18x6herevmcuhcmeh47ll6p9ck9zk4ga6gfxwlc8yl49rwjxm7qusylwfgc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVlVzRHpVdVNaZ0crRHBK + MUJSOXhmV0JtYnY2d3Rsb3NUL0lXYzlJeEhnCjFzcDgrR3pFWGoxQXV0S3JZK0lL + dEJ0UENjWVh6WjdjMXBuU3ZyV2I1WTAKLS0tIGNTbTVtbVl6MEtwTVpGS2VVMzB5 + SzVZMDNXNzhkMUdsYVgzRDMydGR4VTQKK3YYdk3tHd1U4rvyVgQ95+s4Le7E8NDe + 5KD0bWmg7CcehhRWQfBDzBsg63QcyIcq728PptprwGqik7WZEg0b9w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-22T21:02:27Z" + mac: ENC[AES256_GCM,data:9ITwNgbTUzL/ozXupuF+cSNB6BjmfYYzw4oNq5z6Z47Duu5SFpA50TLGKxeXX3YSOsyRf92rspO0OwmaqZcZx27aOAHm892jG/8xpaw1lt+t5ojaDaNr8CDGFjozjEayNEtprMiPTufAElQtkg2slDRJOYZ+iL4hNrxS1MBjHVA=,iv:CAZV7Rw4ovDuvtOS+n5+wFRi7SZU41CLFput+eSOmqQ=,tag:qy6zwmLtCc+CTAymWvM7dw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1