mirror of
https://github.com/kittywitch/nixfiles.git
synced 2026-02-10 04:49:19 -08:00
114 lines
2.6 KiB
Nix
114 lines
2.6 KiB
Nix
_: let
|
|
hostConfig = {
|
|
config,
|
|
lib,
|
|
tree,
|
|
...
|
|
}: let
|
|
inherit (lib.lists) singleton;
|
|
drives = {
|
|
root = {
|
|
raw = "/dev/disk/by-uuid/af144e7f-e35b-49e7-be90-ef7001cc2abd";
|
|
luks = "luks-af144e7f-e35b-49e7-be90-ef7001cc2abd";
|
|
result = {
|
|
device = "/dev/disk/by-uuid/cf7fc410-4e27-4797-8464-a409766928c1";
|
|
fsType = "ext4";
|
|
};
|
|
};
|
|
boot = rec {
|
|
raw = "/dev/disk/by-uuid/D0D8-F8BF";
|
|
result = {
|
|
device = raw;
|
|
fsType = "vfat";
|
|
};
|
|
};
|
|
swap = {
|
|
raw = "/dev/disk/by-uuid/111c4857-5d73-4e75-89c7-43be9b044ade";
|
|
luks = "luks-111c4857-5d73-4e75-89c7-43be9b044ade";
|
|
result = {
|
|
device = "/dev/disk/by-uuid/bebdb14c-4707-4e05-848f-5867764b7c27";
|
|
};
|
|
};
|
|
};
|
|
in {
|
|
imports =
|
|
(with tree.nixos.hardware; [
|
|
b550m-itx-ac
|
|
])
|
|
++ (with tree.nixos.profiles; [
|
|
graphical
|
|
wireless
|
|
gaming
|
|
])
|
|
++ (with tree.nixos.environments; [
|
|
kde
|
|
]);
|
|
|
|
home-manager.users.kat.imports =
|
|
(with tree.home.profiles; [
|
|
graphical
|
|
devops
|
|
])
|
|
++ (with tree.home.environments; [
|
|
kde
|
|
]);
|
|
|
|
boot = {
|
|
loader = {
|
|
grub = {
|
|
enableCryptodisk = true;
|
|
};
|
|
};
|
|
initrd = {
|
|
luks.devices = {
|
|
${drives.swap.luks} = {
|
|
device = drives.swap.raw;
|
|
keyFile = "/crypto_keyfile.bin";
|
|
};
|
|
${drives.root.luks}.device = drives.root.raw;
|
|
};
|
|
#
|
|
secrets = {
|
|
"/crypto_keyfile.bin" = null;
|
|
};
|
|
availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
|
|
};
|
|
kernelModules = ["nct6775"];
|
|
supportedFilesystems = ["ntfs"];
|
|
};
|
|
|
|
fileSystems = {
|
|
"/" = drives.root.result;
|
|
"/boot" = drives.boot.result;
|
|
};
|
|
|
|
swapDevices = singleton drives.swap.result;
|
|
|
|
services.openssh = {
|
|
hostKeys = [
|
|
{
|
|
bits = 4096;
|
|
path = "/var/lib/secrets/${config.networking.hostName}-osh-pk";
|
|
type = "rsa";
|
|
}
|
|
{
|
|
path = "/var/lib/secrets/${config.networking.hostName}-ed25519-osh-pk";
|
|
type = "ed25519";
|
|
}
|
|
];
|
|
extraConfig = ''
|
|
HostCertificate /var/lib/secrets/${config.networking.hostName}-osh-cert
|
|
HostCertificate /var/lib/secrets/${config.networking.hostName}-osh-ed25519-cert
|
|
'';
|
|
};
|
|
|
|
system.stateVersion = "21.11";
|
|
};
|
|
in {
|
|
arch = "x86_64";
|
|
ci.enable = false; # System currently not used
|
|
type = "NixOS";
|
|
modules = [
|
|
hostConfig
|
|
];
|
|
}
|