feat(hosts): add cmdframe

initial cmdframe configuration
feat(home): update felschr-work config
2025-06-04 18:35:07 +02:00 · 2025-06-04 18:33:55 +02:00 · 2025-06-04 18:33:55 +02:00
7 changed files with 211 additions and 30 deletions
--- a/flake.lock
+++ b/flake.lock
@ -10,11 +10,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1747514353,
-        "narHash": "sha256-E1WjB+zvDw4x058mg3MIdK5j2huvnNpTEEt2brhg2H8=",
+        "lastModified": 1747575206,
+        "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "6697e8babbd8f323dfd5e28f160a0128582c128b",
+        "rev": "4835b1dc898959d8547a871ef484930675cb47f1",
        "type": "github"
      },
      "original": {
@ -100,6 +100,27 @@
        "type": "github"
      }
    },
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1746728054,
+        "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "ff442f5d1425feb86344c028298548024f21256d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "latest",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
    "firefox-addons": {
      "inputs": {
        "nixpkgs": [
@ -108,11 +129,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1747541019,
-        "narHash": "sha256-j3GieFJQqdtDLQmGMVhtiPy/3gP3PjlPybKywN4hOOQ=",
+        "lastModified": 1749009805,
+        "narHash": "sha256-eRv4m89aPJvIAX9mZQcJM+l3sYG+OJvcLsiHvAvXalg=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "830ffcdb44051917600abb79007e8593e9effc53",
+        "rev": "622c38d004cdded682d9a5ab7323181dc6efb0c1",
        "type": "gitlab"
      },
      "original": {
@ -177,11 +198,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1743550720,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "lastModified": 1748821116,
+        "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
        "type": "github"
      },
      "original": {
@ -278,11 +299,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747556831,
-        "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=",
+        "lastModified": 1748665073,
+        "narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33",
+        "rev": "282e1e029cb6ab4811114fc85110613d72771dea",
        "type": "github"
      },
      "original": {
@ -332,11 +353,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1747129300,
-        "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=",
+        "lastModified": 1748942041,
+        "narHash": "sha256-HEu2gTct7nY0tAPRgBtqYepallryBKR1U8B4v2zEEqA=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "e81fd167b33121269149c57806599045fd33eeed",
+        "rev": "fc7c4714125cfaa19b048e8aaf86b9c53e04d853",
        "type": "github"
      },
      "original": {
@ -347,11 +368,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1747428706,
-        "narHash": "sha256-XVds9FkRrY59xRNNq14FNsFGqDiexXX/mlHcX4hPyyk=",
+        "lastModified": 1749024892,
+        "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2e1496bf8652ff4af4e4d4737277f71e4a4f5cb2",
+        "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef",
        "type": "github"
      },
      "original": {
@ -363,11 +384,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1747327360,
-        "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=",
+        "lastModified": 1748929857,
+        "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46",
+        "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
        "type": "github"
      },
      "original": {
@ -402,11 +423,11 @@
        "systems": "systems_3"
      },
      "locked": {
-        "lastModified": 1747556457,
-        "narHash": "sha256-L1iSnAQYsveQs1haZ9CcidvYKhYotchzgM9GqYie0Rg=",
+        "lastModified": 1749025503,
+        "narHash": "sha256-Me3mk/wLz4msOQAASCaf2+mQizje1Q37rgNfExJse6M=",
        "owner": "astro",
        "repo": "nix-openwrt-imagebuilder",
-        "rev": "568956f921869b6f36af3809fab4a914ed17082c",
+        "rev": "1b157ee2f34fc67f365a62c5a4fca63ba86040c6",
        "type": "github"
      },
      "original": {
@ -442,6 +463,7 @@
        "agenix": "agenix",
        "arkenfox-userjs": "arkenfox-userjs",
        "deploy-rs": "deploy-rs",
+        "disko": "disko",
        "firefox-addons": "firefox-addons",
        "flake-parts": "flake-parts",
        "flake-utils": "flake-utils",
--- a/flake.nix
+++ b/flake.nix
@ -19,6 +19,11 @@ rec {

    nixos-hardware.url = "github:NixOS/nixos-hardware";

+    disko = {
+      url = "github:nix-community/disko/latest";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    flake-parts = {
      url = "github:hercules-ci/flake-parts";
      inputs.nixpkgs-lib.follows = "nixpkgs";
--- a/home/felschr-work.nix
+++ b/home/felschr-work.nix
@ -17,6 +17,7 @@ with pkgs;
    ./signal.nix
    ./browsers
    ./planck.nix
+    ./services/easyeffects.nix
  ];

  programs.gpg.enable = true;
@ -25,7 +26,7 @@ with pkgs;
    enable = true;
    enableSshSupport = true;
    # use auth subkey's keygrip: gpg2 -K --with-keygrip
-    sshKeys = [ "8A6213DCDAF86BD3A63549FCFDF71B2C92DAE02C" ];
+    sshKeys = [ "70DBD13E3BCAF806D416647D9C51321E2F1312CF" ];
    defaultCacheTtl = 600;
    defaultCacheTtlSsh = 600;
    pinentry.package = pkgs.pinentry-gnome3;
@ -36,20 +37,18 @@ with pkgs;

  programs.ssh.enable = true;

-  programs.git = {
-    defaultProfile = "work";
-  };
+  programs.git.defaultProfile = "work";

  home.packages = with pkgs; [
-    fh
-
    # system
    gparted
    gnome-firmware-updater
    mission-center

    # productivity
+    obsidian
    libreoffice-fresh
+    curtail

    # dev & admin
    pods
@ -61,11 +60,20 @@ with pkgs;
    collision
    metadata-cleaner
    raider
+    gnome-obfuscate
+    yubikey-manager
+    yubioath-flutter
+    localsend
+    onionshare-gui

    # entertainment
    celluloid

+    # ai
+    unstable.alpaca
+
    # other
+    zotero
    emblem
  ];

--- a/hosts/cmdframe/default.nix
+++ b/hosts/cmdframe/default.nix
@ -0,0 +1,42 @@
+{ config, ... }:
+
+{
+  imports = [
+    ./disk-config.nix
+    ../../hardware/base.nix
+    ../../hardware/bluetooth.nix
+    ../../system/desktop.nix
+    ../../system/printing/home.nix
+    ../../desktop
+    ../../desktop/cosmic.nix
+    ../../virtualisation/containers.nix
+    ../../virtualisation/podman.nix
+    ../../virtualisation/libvirt.nix
+    ../../modules/systemdNotify.nix
+  ];
+
+  services.fprintd.enable = true;
+
+  programs.zsh.enable = true;
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      KbdInteractiveAuthentication = false;
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+    };
+  };
+
+  services.tailscale.extraUpFlags = [
+    "--accept-routes"
+    "--operator=felschr"
+  ];
+
+  systemd.notify.enable = true;
+  systemd.notify.method = "libnotify";
+  systemd.notify.libnotify.user = "felschr";
+
+  # only change this when specified in release notes
+  system.stateVersion = "25.05";
+}
--- a/hosts/cmdframe/disk-config.nix
+++ b/hosts/cmdframe/disk-config.nix
@ -0,0 +1,69 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "2G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "enc";
+                settings = {
+                  allowDiscards = true;
+                };
+                content = {
+                  type = "btrfs";
+                  extraArgs = [ "-f" ];
+                  subvolumes = {
+                    "@" = {
+                      mountpoint = "/";
+                      mountOptions = [
+                        "compress-force=zstd:1"
+                        "noatime"
+                      ];
+                    };
+                    "@/nix" = {
+                      mountpoint = "/nix";
+                      mountOptions = [
+                        "compress-force=zstd:1"
+                        "noatime"
+                      ];
+                    };
+                    "@home" = {
+                      mountpoint = "/home";
+                      mountOptions = [
+                        "compress-force=zstd:1"
+                        "noatime"
+                      ];
+                    };
+                    "@snapshots" = {
+                      mountpoint = "/.snapshots";
+                      mountOptions = [
+                        "compress-force=zstd:1"
+                        "noatime"
+                      ];
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/cmdframe/hardware.nix
+++ b/hosts/cmdframe/hardware.nix
@ -0,0 +1,5 @@
+_:
+
+# TODO
+{
+}
--- a/hosts/flake-module.nix
+++ b/hosts/flake-module.nix
@ -1,6 +1,9 @@
 { self, inputs, ... }:
 {
  flake = {
+    diskoConfigurations = {
+      cmdframe = import ./cmdframe/disk-config.nix;
+    };
    nixosConfigurations = {
      home-pc = inputs.nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
@ -73,6 +76,33 @@
          inherit inputs;
        };
      };
+      cmdframe = inputs.nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          inputs.disko.nixosModules.disko
+          inputs.nixpkgs.nixosModules.notDetected
+          inputs.nixos-hardware.nixosModules.framework-amd-ai-300-series
+          (self.lib.createSystemModule "cmdframe" {
+            hardwareConfig = ../hosts/cmdframe/hardware.nix;
+            config = ../hosts/cmdframe/default.nix;
+          })
+          (self.lib.createUserModule "felschr" {
+            homeModule = self.homeModules.felschr-work;
+            user.extraGroups = [
+              "wheel"
+              "networkmanager"
+              "audio"
+              "disk"
+              "libvirtd"
+              "qemu-libvirtd"
+            ];
+            usesContainers = true;
+          })
+        ];
+        specialArgs = {
+          inherit inputs;
+        };
+      };
    };

    deploy.nodes.home-server = {
Author	SHA1	Message	Date
Felix Schröter	43c35fb2a8	feat(hosts): add cmdframe initial cmdframe configuration	2025-06-04 18:35:07 +02:00
Felix Schröter	67f8fa2cb5	feat(home): update felschr-work config	2025-06-04 18:33:55 +02:00
Felix Schröter	1ceb05f7c1	chore(flake): update inputs	2025-06-04 18:33:55 +02:00