feat(hosts): add cmdframe

initial cmdframe configuration
2025-06-04 18:03:55 +02:00 · 2025-06-04 18:03:55 +02:00 · 43c35fb2a8
commit 43c35fb2a8
parent 67f8fa2cb5
6 changed files with 173 additions and 0 deletions
--- a/flake.lock
+++ b/flake.lock
@ -100,6 +100,27 @@
        "type": "github"
      }
    },
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1746728054,
+        "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "ff442f5d1425feb86344c028298548024f21256d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "latest",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
    "firefox-addons": {
      "inputs": {
        "nixpkgs": [
@ -442,6 +463,7 @@
        "agenix": "agenix",
        "arkenfox-userjs": "arkenfox-userjs",
        "deploy-rs": "deploy-rs",
+        "disko": "disko",
        "firefox-addons": "firefox-addons",
        "flake-parts": "flake-parts",
        "flake-utils": "flake-utils",
--- a/flake.nix
+++ b/flake.nix
@ -19,6 +19,11 @@ rec {

    nixos-hardware.url = "github:NixOS/nixos-hardware";

+    disko = {
+      url = "github:nix-community/disko/latest";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    flake-parts = {
      url = "github:hercules-ci/flake-parts";
      inputs.nixpkgs-lib.follows = "nixpkgs";
--- a/hosts/cmdframe/default.nix
+++ b/hosts/cmdframe/default.nix
@ -0,0 +1,42 @@
+{ config, ... }:
+
+{
+  imports = [
+    ./disk-config.nix
+    ../../hardware/base.nix
+    ../../hardware/bluetooth.nix
+    ../../system/desktop.nix
+    ../../system/printing/home.nix
+    ../../desktop
+    ../../desktop/cosmic.nix
+    ../../virtualisation/containers.nix
+    ../../virtualisation/podman.nix
+    ../../virtualisation/libvirt.nix
+    ../../modules/systemdNotify.nix
+  ];
+
+  services.fprintd.enable = true;
+
+  programs.zsh.enable = true;
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      KbdInteractiveAuthentication = false;
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+    };
+  };
+
+  services.tailscale.extraUpFlags = [
+    "--accept-routes"
+    "--operator=felschr"
+  ];
+
+  systemd.notify.enable = true;
+  systemd.notify.method = "libnotify";
+  systemd.notify.libnotify.user = "felschr";
+
+  # only change this when specified in release notes
+  system.stateVersion = "25.05";
+}
--- a/hosts/cmdframe/disk-config.nix
+++ b/hosts/cmdframe/disk-config.nix
@ -0,0 +1,69 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "2G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "enc";
+                settings = {
+                  allowDiscards = true;
+                };
+                content = {
+                  type = "btrfs";
+                  extraArgs = [ "-f" ];
+                  subvolumes = {
+                    "@" = {
+                      mountpoint = "/";
+                      mountOptions = [
+                        "compress-force=zstd:1"
+                        "noatime"
+                      ];
+                    };
+                    "@/nix" = {
+                      mountpoint = "/nix";
+                      mountOptions = [
+                        "compress-force=zstd:1"
+                        "noatime"
+                      ];
+                    };
+                    "@home" = {
+                      mountpoint = "/home";
+                      mountOptions = [
+                        "compress-force=zstd:1"
+                        "noatime"
+                      ];
+                    };
+                    "@snapshots" = {
+                      mountpoint = "/.snapshots";
+                      mountOptions = [
+                        "compress-force=zstd:1"
+                        "noatime"
+                      ];
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/cmdframe/hardware.nix
+++ b/hosts/cmdframe/hardware.nix
@ -0,0 +1,5 @@
+_:
+
+# TODO
+{
+}
--- a/hosts/flake-module.nix
+++ b/hosts/flake-module.nix
@ -1,6 +1,9 @@
 { self, inputs, ... }:
 {
  flake = {
+    diskoConfigurations = {
+      cmdframe = import ./cmdframe/disk-config.nix;
+    };
    nixosConfigurations = {
      home-pc = inputs.nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
@ -73,6 +76,33 @@
          inherit inputs;
        };
      };
+      cmdframe = inputs.nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          inputs.disko.nixosModules.disko
+          inputs.nixpkgs.nixosModules.notDetected
+          inputs.nixos-hardware.nixosModules.framework-amd-ai-300-series
+          (self.lib.createSystemModule "cmdframe" {
+            hardwareConfig = ../hosts/cmdframe/hardware.nix;
+            config = ../hosts/cmdframe/default.nix;
+          })
+          (self.lib.createUserModule "felschr" {
+            homeModule = self.homeModules.felschr-work;
+            user.extraGroups = [
+              "wheel"
+              "networkmanager"
+              "audio"
+              "disk"
+              "libvirtd"
+              "qemu-libvirtd"
+            ];
+            usesContainers = true;
+          })
+        ];
+        specialArgs = {
+          inherit inputs;
+        };
+      };
    };

    deploy.nodes.home-server = {