diff --git a/flake.lock b/flake.lock
index 6e0a257..4fcae03 100644
--- a/flake.lock
+++ b/flake.lock
@@ -10,11 +10,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1747514353,
- "narHash": "sha256-E1WjB+zvDw4x058mg3MIdK5j2huvnNpTEEt2brhg2H8=",
+ "lastModified": 1747575206,
+ "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
"owner": "ryantm",
"repo": "agenix",
- "rev": "6697e8babbd8f323dfd5e28f160a0128582c128b",
+ "rev": "4835b1dc898959d8547a871ef484930675cb47f1",
"type": "github"
},
"original": {
@@ -100,6 +100,27 @@
"type": "github"
}
},
+ "disko": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1746728054,
+ "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
+ "owner": "nix-community",
+ "repo": "disko",
+ "rev": "ff442f5d1425feb86344c028298548024f21256d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "latest",
+ "repo": "disko",
+ "type": "github"
+ }
+ },
"firefox-addons": {
"inputs": {
"nixpkgs": [
@@ -108,11 +129,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
- "lastModified": 1747541019,
- "narHash": "sha256-j3GieFJQqdtDLQmGMVhtiPy/3gP3PjlPybKywN4hOOQ=",
+ "lastModified": 1749009805,
+ "narHash": "sha256-eRv4m89aPJvIAX9mZQcJM+l3sYG+OJvcLsiHvAvXalg=",
"owner": "rycee",
"repo": "nur-expressions",
- "rev": "830ffcdb44051917600abb79007e8593e9effc53",
+ "rev": "622c38d004cdded682d9a5ab7323181dc6efb0c1",
"type": "gitlab"
},
"original": {
@@ -177,11 +198,11 @@
]
},
"locked": {
- "lastModified": 1743550720,
- "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+ "lastModified": 1748821116,
+ "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
"owner": "hercules-ci",
"repo": "flake-parts",
- "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+ "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
"type": "github"
},
"original": {
@@ -278,11 +299,11 @@
]
},
"locked": {
- "lastModified": 1747556831,
- "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=",
+ "lastModified": 1748665073,
+ "narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33",
+ "rev": "282e1e029cb6ab4811114fc85110613d72771dea",
"type": "github"
},
"original": {
@@ -332,11 +353,11 @@
},
"nixos-hardware": {
"locked": {
- "lastModified": 1747129300,
- "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=",
+ "lastModified": 1748942041,
+ "narHash": "sha256-HEu2gTct7nY0tAPRgBtqYepallryBKR1U8B4v2zEEqA=",
"owner": "NixOS",
"repo": "nixos-hardware",
- "rev": "e81fd167b33121269149c57806599045fd33eeed",
+ "rev": "fc7c4714125cfaa19b048e8aaf86b9c53e04d853",
"type": "github"
},
"original": {
@@ -347,11 +368,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1747428706,
- "narHash": "sha256-XVds9FkRrY59xRNNq14FNsFGqDiexXX/mlHcX4hPyyk=",
+ "lastModified": 1749024892,
+ "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "2e1496bf8652ff4af4e4d4737277f71e4a4f5cb2",
+ "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef",
"type": "github"
},
"original": {
@@ -363,11 +384,11 @@
},
"nixpkgs-unstable": {
"locked": {
- "lastModified": 1747327360,
- "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=",
+ "lastModified": 1748929857,
+ "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46",
+ "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
"type": "github"
},
"original": {
@@ -402,11 +423,11 @@
"systems": "systems_3"
},
"locked": {
- "lastModified": 1747556457,
- "narHash": "sha256-L1iSnAQYsveQs1haZ9CcidvYKhYotchzgM9GqYie0Rg=",
+ "lastModified": 1749025503,
+ "narHash": "sha256-Me3mk/wLz4msOQAASCaf2+mQizje1Q37rgNfExJse6M=",
"owner": "astro",
"repo": "nix-openwrt-imagebuilder",
- "rev": "568956f921869b6f36af3809fab4a914ed17082c",
+ "rev": "1b157ee2f34fc67f365a62c5a4fca63ba86040c6",
"type": "github"
},
"original": {
@@ -442,6 +463,7 @@
"agenix": "agenix",
"arkenfox-userjs": "arkenfox-userjs",
"deploy-rs": "deploy-rs",
+ "disko": "disko",
"firefox-addons": "firefox-addons",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
diff --git a/flake.nix b/flake.nix
index 30a3d2f..f9295b2 100644
--- a/flake.nix
+++ b/flake.nix
@@ -19,6 +19,11 @@ rec {
nixos-hardware.url = "github:NixOS/nixos-hardware";
+ disko = {
+ url = "github:nix-community/disko/latest";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+
flake-parts = {
url = "github:hercules-ci/flake-parts";
inputs.nixpkgs-lib.follows = "nixpkgs";
diff --git a/home/felschr-work.nix b/home/felschr-work.nix
index 43fd5e1..1ccc9f4 100644
--- a/home/felschr-work.nix
+++ b/home/felschr-work.nix
@@ -17,6 +17,7 @@ with pkgs;
./signal.nix
./browsers
./planck.nix
+ ./services/easyeffects.nix
];
programs.gpg.enable = true;
@@ -25,7 +26,7 @@ with pkgs;
enable = true;
enableSshSupport = true;
# use auth subkey's keygrip: gpg2 -K --with-keygrip
- sshKeys = [ "8A6213DCDAF86BD3A63549FCFDF71B2C92DAE02C" ];
+ sshKeys = [ "70DBD13E3BCAF806D416647D9C51321E2F1312CF" ];
defaultCacheTtl = 600;
defaultCacheTtlSsh = 600;
pinentry.package = pkgs.pinentry-gnome3;
@@ -36,20 +37,18 @@ with pkgs;
programs.ssh.enable = true;
- programs.git = {
- defaultProfile = "work";
- };
+ programs.git.defaultProfile = "work";
home.packages = with pkgs; [
- fh
-
# system
gparted
gnome-firmware-updater
mission-center
# productivity
+ obsidian
libreoffice-fresh
+ curtail
# dev & admin
pods
@@ -61,11 +60,20 @@ with pkgs;
collision
metadata-cleaner
raider
+ gnome-obfuscate
+ yubikey-manager
+ yubioath-flutter
+ localsend
+ onionshare-gui
# entertainment
celluloid
+ # ai
+ unstable.alpaca
+
# other
+ zotero
emblem
];
diff --git a/hosts/cmdframe/default.nix b/hosts/cmdframe/default.nix
new file mode 100644
index 0000000..cb95dfc
--- /dev/null
+++ b/hosts/cmdframe/default.nix
@@ -0,0 +1,42 @@
+{ config, ... }:
+
+{
+ imports = [
+ ./disk-config.nix
+ ../../hardware/base.nix
+ ../../hardware/bluetooth.nix
+ ../../system/desktop.nix
+ ../../system/printing/home.nix
+ ../../desktop
+ ../../desktop/cosmic.nix
+ ../../virtualisation/containers.nix
+ ../../virtualisation/podman.nix
+ ../../virtualisation/libvirt.nix
+ ../../modules/systemdNotify.nix
+ ];
+
+ services.fprintd.enable = true;
+
+ programs.zsh.enable = true;
+
+ services.openssh = {
+ enable = true;
+ settings = {
+ KbdInteractiveAuthentication = false;
+ PasswordAuthentication = false;
+ PermitRootLogin = "no";
+ };
+ };
+
+ services.tailscale.extraUpFlags = [
+ "--accept-routes"
+ "--operator=felschr"
+ ];
+
+ systemd.notify.enable = true;
+ systemd.notify.method = "libnotify";
+ systemd.notify.libnotify.user = "felschr";
+
+ # only change this when specified in release notes
+ system.stateVersion = "25.05";
+}
diff --git a/hosts/cmdframe/disk-config.nix b/hosts/cmdframe/disk-config.nix
new file mode 100644
index 0000000..dfde48e
--- /dev/null
+++ b/hosts/cmdframe/disk-config.nix
@@ -0,0 +1,69 @@
+{
+ disko.devices = {
+ disk = {
+ main = {
+ type = "disk";
+ device = "/dev/nvme0n1";
+ content = {
+ type = "gpt";
+ partitions = {
+ ESP = {
+ size = "2G";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ mountOptions = [ "umask=0077" ];
+ };
+ };
+ luks = {
+ size = "100%";
+ content = {
+ type = "luks";
+ name = "enc";
+ settings = {
+ allowDiscards = true;
+ };
+ content = {
+ type = "btrfs";
+ extraArgs = [ "-f" ];
+ subvolumes = {
+ "@" = {
+ mountpoint = "/";
+ mountOptions = [
+ "compress-force=zstd:1"
+ "noatime"
+ ];
+ };
+ "@/nix" = {
+ mountpoint = "/nix";
+ mountOptions = [
+ "compress-force=zstd:1"
+ "noatime"
+ ];
+ };
+ "@home" = {
+ mountpoint = "/home";
+ mountOptions = [
+ "compress-force=zstd:1"
+ "noatime"
+ ];
+ };
+ "@snapshots" = {
+ mountpoint = "/.snapshots";
+ mountOptions = [
+ "compress-force=zstd:1"
+ "noatime"
+ ];
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/hosts/cmdframe/hardware.nix b/hosts/cmdframe/hardware.nix
new file mode 100644
index 0000000..a80e590
--- /dev/null
+++ b/hosts/cmdframe/hardware.nix
@@ -0,0 +1,5 @@
+_:
+
+# TODO
+{
+}
diff --git a/hosts/flake-module.nix b/hosts/flake-module.nix
index 70607e7..c963958 100644
--- a/hosts/flake-module.nix
+++ b/hosts/flake-module.nix
@@ -1,6 +1,9 @@
{ self, inputs, ... }:
{
flake = {
+ diskoConfigurations = {
+ cmdframe = import ./cmdframe/disk-config.nix;
+ };
nixosConfigurations = {
home-pc = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
@@ -73,6 +76,33 @@
inherit inputs;
};
};
+ cmdframe = inputs.nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ inputs.disko.nixosModules.disko
+ inputs.nixpkgs.nixosModules.notDetected
+ inputs.nixos-hardware.nixosModules.framework-amd-ai-300-series
+ (self.lib.createSystemModule "cmdframe" {
+ hardwareConfig = ../hosts/cmdframe/hardware.nix;
+ config = ../hosts/cmdframe/default.nix;
+ })
+ (self.lib.createUserModule "felschr" {
+ homeModule = self.homeModules.felschr-work;
+ user.extraGroups = [
+ "wheel"
+ "networkmanager"
+ "audio"
+ "disk"
+ "libvirtd"
+ "qemu-libvirtd"
+ ];
+ usesContainers = true;
+ })
+ ];
+ specialArgs = {
+ inherit inputs;
+ };
+ };
};
deploy.nodes.home-server = {