diff --git a/flake.lock b/flake.lock index 030df64..4fcae03 100644 --- a/flake.lock +++ b/flake.lock @@ -100,6 +100,27 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1746728054, + "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=", + "owner": "nix-community", + "repo": "disko", + "rev": "ff442f5d1425feb86344c028298548024f21256d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "latest", + "repo": "disko", + "type": "github" + } + }, "firefox-addons": { "inputs": { "nixpkgs": [ @@ -442,6 +463,7 @@ "agenix": "agenix", "arkenfox-userjs": "arkenfox-userjs", "deploy-rs": "deploy-rs", + "disko": "disko", "firefox-addons": "firefox-addons", "flake-parts": "flake-parts", "flake-utils": "flake-utils", diff --git a/flake.nix b/flake.nix index 30a3d2f..f9295b2 100644 --- a/flake.nix +++ b/flake.nix @@ -19,6 +19,11 @@ rec { nixos-hardware.url = "github:NixOS/nixos-hardware"; + disko = { + url = "github:nix-community/disko/latest"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + flake-parts = { url = "github:hercules-ci/flake-parts"; inputs.nixpkgs-lib.follows = "nixpkgs"; diff --git a/hosts/cmdframe/default.nix b/hosts/cmdframe/default.nix new file mode 100644 index 0000000..cb95dfc --- /dev/null +++ b/hosts/cmdframe/default.nix @@ -0,0 +1,42 @@ +{ config, ... }: + +{ + imports = [ + ./disk-config.nix + ../../hardware/base.nix + ../../hardware/bluetooth.nix + ../../system/desktop.nix + ../../system/printing/home.nix + ../../desktop + ../../desktop/cosmic.nix + ../../virtualisation/containers.nix + ../../virtualisation/podman.nix + ../../virtualisation/libvirt.nix + ../../modules/systemdNotify.nix + ]; + + services.fprintd.enable = true; + + programs.zsh.enable = true; + + services.openssh = { + enable = true; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + }; + + services.tailscale.extraUpFlags = [ + "--accept-routes" + "--operator=felschr" + ]; + + systemd.notify.enable = true; + systemd.notify.method = "libnotify"; + systemd.notify.libnotify.user = "felschr"; + + # only change this when specified in release notes + system.stateVersion = "25.05"; +} diff --git a/hosts/cmdframe/disk-config.nix b/hosts/cmdframe/disk-config.nix new file mode 100644 index 0000000..dfde48e --- /dev/null +++ b/hosts/cmdframe/disk-config.nix @@ -0,0 +1,69 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "enc"; + settings = { + allowDiscards = true; + }; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@" = { + mountpoint = "/"; + mountOptions = [ + "compress-force=zstd:1" + "noatime" + ]; + }; + "@/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "compress-force=zstd:1" + "noatime" + ]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = [ + "compress-force=zstd:1" + "noatime" + ]; + }; + "@snapshots" = { + mountpoint = "/.snapshots"; + mountOptions = [ + "compress-force=zstd:1" + "noatime" + ]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/cmdframe/hardware.nix b/hosts/cmdframe/hardware.nix new file mode 100644 index 0000000..a80e590 --- /dev/null +++ b/hosts/cmdframe/hardware.nix @@ -0,0 +1,5 @@ +_: + +# TODO +{ +} diff --git a/hosts/flake-module.nix b/hosts/flake-module.nix index 70607e7..c963958 100644 --- a/hosts/flake-module.nix +++ b/hosts/flake-module.nix @@ -1,6 +1,9 @@ { self, inputs, ... }: { flake = { + diskoConfigurations = { + cmdframe = import ./cmdframe/disk-config.nix; + }; nixosConfigurations = { home-pc = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -73,6 +76,33 @@ inherit inputs; }; }; + cmdframe = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + inputs.disko.nixosModules.disko + inputs.nixpkgs.nixosModules.notDetected + inputs.nixos-hardware.nixosModules.framework-amd-ai-300-series + (self.lib.createSystemModule "cmdframe" { + hardwareConfig = ../hosts/cmdframe/hardware.nix; + config = ../hosts/cmdframe/default.nix; + }) + (self.lib.createUserModule "felschr" { + homeModule = self.homeModules.felschr-work; + user.extraGroups = [ + "wheel" + "networkmanager" + "audio" + "disk" + "libvirtd" + "qemu-libvirtd" + ]; + usesContainers = true; + }) + ]; + specialArgs = { + inherit inputs; + }; + }; }; deploy.nodes.home-server = {