diff --git a/extra-files/ssh/waffentrager.pub b/extra-files/ssh/waffentrager.pub new file mode 100644 index 0000000..8b180df --- /dev/null +++ b/extra-files/ssh/waffentrager.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFrSFfoYf7J35GrjrNWgD140kv/p7qzlSI8Xrp+A16jc root@nixos \ No newline at end of file diff --git a/flake.lock b/flake.lock index bb35a16..1a6bddb 100644 --- a/flake.lock +++ b/flake.lock @@ -92,11 +92,11 @@ ] }, "locked": { - "lastModified": 1774274588, - "narHash": "sha256-dnHvv5EMUgTzGZmA+3diYjQU2O6BEpGLEOgJ1Qe9LaY=", + "lastModified": 1775077333, + "narHash": "sha256-OXcxobt7lBkh1B8AjwreU+24myhtKpqeLfAeIyNLFY8=", "owner": "nix-community", "repo": "home-manager", - "rev": "cf9686ba26f5ef788226843bc31fda4cf72e373b", + "rev": "49ca96b2714c5931e17401eff87f3edd42d2b0f2", "type": "github" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1774368172, - "narHash": "sha256-Vdfo8+2SQhgc7i+TCIkBXzypQCFAvNrWvhUkZQtFGKE=", + "lastModified": 1775139622, + "narHash": "sha256-/qfz8ZdwLuaO11ApSUsrgKQJVP/RehKo2u7YMfF4LCw=", "owner": "nix-community", "repo": "home-manager", - "rev": "5068d0b03e8b2cfae58441775aa849b7028a3d39", + "rev": "eb6f347055769a23967dda70cdc8b46f7d247ab9", "type": "github" }, "original": { @@ -178,11 +178,11 @@ ] }, "locked": { - "lastModified": 1774320235, - "narHash": "sha256-tZpmUgKhyxtJo/ZLtUd4p8tC8PCaK1iFigELD/EFZMw=", + "lastModified": 1775098553, + "narHash": "sha256-OFWIVY1vzAbPE73ksKAMsFh11AXZ3MjIymRQ90Butnc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "d6064384db4f5383f5dc8a5dcba6d43495cffca6", + "rev": "361b17a5b2f4536a119c794a367a29b07691f941", "type": "github" }, "original": { @@ -200,11 +200,11 @@ ] }, "locked": { - "lastModified": 1774320235, - "narHash": "sha256-tZpmUgKhyxtJo/ZLtUd4p8tC8PCaK1iFigELD/EFZMw=", + "lastModified": 1775098553, + "narHash": "sha256-OFWIVY1vzAbPE73ksKAMsFh11AXZ3MjIymRQ90Butnc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "d6064384db4f5383f5dc8a5dcba6d43495cffca6", + "rev": "361b17a5b2f4536a119c794a367a29b07691f941", "type": "github" }, "original": { @@ -286,11 +286,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1774106199, - "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", + "lastModified": 1775036866, + "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", + "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", "type": "github" }, "original": { @@ -318,11 +318,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1774244481, - "narHash": "sha256-4XfMXU0DjN83o6HWZoKG9PegCvKvIhNUnRUI19vzTcQ=", + "lastModified": 1775002709, + "narHash": "sha256-d3Yx83vSrN+2z/loBh4mJpyRqr9aAJqlke4TkpFmRJA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4590696c8693fea477850fe379a01544293ca4e2", + "rev": "bcd464ccd2a1a7cd09aa2f8d4ffba83b761b1d0e", "type": "github" }, "original": { @@ -384,11 +384,11 @@ ] }, "locked": { - "lastModified": 1774303811, - "narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=", + "lastModified": 1774910634, + "narHash": "sha256-B+rZDPyktGEjOMt8PcHKYmgmKoF+GaNAFJhguktXAo0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042", + "rev": "19bf3d8678fbbfbc173beaa0b5b37d37938db301", "type": "github" }, "original": { @@ -406,11 +406,11 @@ ] }, "locked": { - "lastModified": 1774303811, - "narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=", + "lastModified": 1774910634, + "narHash": "sha256-B+rZDPyktGEjOMt8PcHKYmgmKoF+GaNAFJhguktXAo0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042", + "rev": "19bf3d8678fbbfbc173beaa0b5b37d37938db301", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 81a0f15..28bbf2b 100644 --- a/flake.nix +++ b/flake.nix @@ -42,6 +42,7 @@ files = { ssh-keys = { materus = ./extra-files/ssh/materus.pub; + waffentrager = ./extra-files/ssh/waffentrager.pub; }; patches = { bwrap = ./extra-files/patches/bubblewrap.patch; diff --git a/nix-config/host/materusPC/boot.nix b/nix-config/host/materusPC/boot.nix new file mode 100644 index 0000000..0323749 --- /dev/null +++ b/nix-config/host/materusPC/boot.nix @@ -0,0 +1,94 @@ +{ + pkgs, + lib, + materusArgs, + mkk, + ... +}: +{ + boot.supportedFilesystems = [ + "ntfs" + "btrfs" + "vfat" + "exfat" + "ext4" + ]; + + boot.tmp.useTmpfs = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot/efi"; + boot.loader.grub = { + enable = true; + efiSupport = true; + device = "nodev"; + gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240"; + gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240"; + useOSProber = true; + memtest86.enable = true; + }; + + boot.plymouth.enable = true; + + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + boot.kernelParams = [ "ip=${mkk.local}" ]; + # Use latest kernel. + boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen; + + boot.initrd = { + + availableKernelModules = [ + "r8169" + "wireguard" + ]; + luks.devices."ROOT_1".device = "/dev/disk/by-label/CRYPT_ROOT_1"; + luks.devices."ROOT_2".device = "/dev/disk/by-label/CRYPT_ROOT_2"; + secrets."/etc/secrets/30-wg-initrd.key" = "/mkk/keys/wireguard"; + systemd = { + enable = true; + network = { + netdevs."30-wg-initrd" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg-initrd"; + }; + wireguardConfig = { + PrivateKeyFile = "/etc/secrets/30-wg-initrd.key"; + }; + wireguardPeers = [ + { + AllowedIPs = [ + "${mkk.wireguard.ip-masks.main}" + "${mkk.wireguard.peers.valkyrie.ip}/32" + ]; + PublicKey = "${mkk.wireguard.peers.valkyrie.pubKey}"; + Endpoint = "${mkk.network.valkyrie.ip}:${mkk.wireguard.peers.valkyrie.port}"; + PersistentKeepalive = 25; + } + ]; + }; + networks."30-wg-initrd" = { + name = "wg-initrd"; + addresses = [ { Address = "${mkk.wireguard.peers.materusPC.ip}/32"; } ]; + }; + networks."10-lan" = { + matchConfig.Name = "eno1"; + networkConfig.DHCP = "yes"; + }; + + }; + }; + network = { + enable = true; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 22; + authorizedKeyFiles = [ materusArgs.files.ssh-keys.materus ]; + hostKeys = [ + "/mkk/keys/ssh_host_ed25519_key" + "/mkk/keys/ssh_host_rsa_key" + ]; + }; + }; + }; +} diff --git a/nix-config/host/materusPC/configuration.nix b/nix-config/host/materusPC/configuration.nix index 68382ca..9851c1e 100644 --- a/nix-config/host/materusPC/configuration.nix +++ b/nix-config/host/materusPC/configuration.nix @@ -17,14 +17,6 @@ let }); in { - # Use the systemd-boot EFI boot loader. - - boot.plymouth.enable = true; - - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - - # Use latest kernel. - boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen; # Set your time zone. time.timeZone = "Europe/Warsaw"; diff --git a/nix-config/host/materusPC/default.nix b/nix-config/host/materusPC/default.nix index 540c441..ed79241 100644 --- a/nix-config/host/materusPC/default.nix +++ b/nix-config/host/materusPC/default.nix @@ -6,6 +6,7 @@ ./audio.nix ./network.nix ./services.nix + ./boot.nix ./virtualization/libvirt.nix ./virtualization/vfio.nix diff --git a/nix-config/host/materusPC/hardware-configuration.nix b/nix-config/host/materusPC/hardware-configuration.nix index 51067cd..d82d7b0 100644 --- a/nix-config/host/materusPC/hardware-configuration.nix +++ b/nix-config/host/materusPC/hardware-configuration.nix @@ -76,25 +76,6 @@ in ] ++ video; - boot.supportedFilesystems = [ - "ntfs" - "btrfs" - "vfat" - "exfat" - "ext4" - ]; - boot.tmp.useTmpfs = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot/efi"; - boot.loader.grub = { - enable = true; - efiSupport = true; - device = "nodev"; - gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240"; - gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240"; - useOSProber = true; - memtest86.enable = true; - }; fileSystems."/" = { device = "/dev/disk/by-label/materusPC_ROOT"; @@ -108,9 +89,6 @@ in ]; }; - boot.initrd.luks.devices."ROOT_1".device = "/dev/disk/by-label/CRYPT_ROOT_1"; - boot.initrd.luks.devices."ROOT_2".device = "/dev/disk/by-label/CRYPT_ROOT_2"; - fileSystems."/home" = { device = "/dev/disk/by-label/materusPC_ROOT"; fsType = "btrfs"; diff --git a/nix-config/host/materusPC/network.nix b/nix-config/host/materusPC/network.nix index 3d77588..476c320 100644 --- a/nix-config/host/materusPC/network.nix +++ b/nix-config/host/materusPC/network.nix @@ -46,4 +46,7 @@ proxy = { }; }; }; + services.udev.extraRules = '' + ACTION=="add", SUBSYSTEM=="net", NAME=="en*", RUN+="${pkgs.ethtool}/bin/ethtool -s $name wol g" + ''; } diff --git a/nix-config/host/materusPC/private/default.nix b/nix-config/host/materusPC/private/default.nix index 9b495e9..96f16c5 100644 Binary files a/nix-config/host/materusPC/private/default.nix and b/nix-config/host/materusPC/private/default.nix differ diff --git a/nix-config/host/materusPC/services.nix b/nix-config/host/materusPC/services.nix index 7655a33..77fb55f 100644 --- a/nix-config/host/materusPC/services.nix +++ b/nix-config/host/materusPC/services.nix @@ -3,8 +3,12 @@ imports = [ #region KDE { - services.displayManager.sddm.enable = true; - services.displayManager.sddm.wayland.enable = true; + services.displayManager = { + autoLogin.enable = true; + autoLogin.user = "materus"; + sddm.enable = true; + sddm.wayland.enable = true; + }; services.desktopManager.plasma6.enable = true; services.desktopManager.plasma6.enableQt5Integration = true; @@ -40,7 +44,7 @@ #endregion programs.kdeconnect.enable = true; services.libinput.enable = true; - + services.dbus.enable = true; services.dbus.packages = [ pkgs.gcr ]; diff --git a/nix-config/shared/default.nix b/nix-config/shared/default.nix index 24d667b..1c3e9a3 100644 --- a/nix-config/shared/default.nix +++ b/nix-config/shared/default.nix @@ -1,5 +1,5 @@ isHm: -{ lib, materusArgs, ... }: +{ lib, materusArgs, config, ... }: { options.mkk.dir = lib.mkOption { @@ -7,10 +7,15 @@ isHm: type = lib.types.path; }; + options.mkk.var = lib.mkOption { + default = {}; + type = lib.types.attrs; + }; + imports = [ (import ./nvim.nix isHm) ]; - - config._module.args.mkk = import ./private/variables.nix; + config.mkk.var = import ./private/variables.nix; + config._module.args.mkk = config.mkk.var; } diff --git a/nix-config/shared/nix.nix b/nix-config/shared/nix.nix new file mode 100644 index 0000000..4ad9f47 --- /dev/null +++ b/nix-config/shared/nix.nix @@ -0,0 +1,78 @@ +{...}:{ +config.nix.package = lib.mkDefault pkgs.nixVersions.latest; + config.nix.registry = lib.mkIf config.materus.profile.nix.enableRegistry { + nixpkgs-stable = { + from = { type = "indirect"; id = "nixpkgs-stable"; }; + flake = materusCfg.materusFlake.inputs.nixpkgs-stable; + }; + nixpkgs-unstable = { + from = { type = "indirect"; id = "nixpkgs-unstable"; }; + flake = materusCfg.materusFlake.inputs.nixpkgs; + }; + + nixpkgs = { + from = { type = "indirect"; id = "nixpkgs"; }; + flake = materusCfg.configInputs.nixpkgs; + }; + + emacs-overlay = { + from = { type = "indirect"; id = "emacs-overlay"; }; + flake = materusCfg.configInputs.emacs-overlay; + }; + + flake-utils = { + from = { type = "indirect"; id = "flake-utils"; }; + flake = materusCfg.configInputs.flake-utils; + }; + + nixos-hardware = { + from = { type = "indirect"; id = "nixos-hardware"; }; + flake = materusCfg.configInputs.nixos-hardware; + }; + + nixerus = { + from = { type = "indirect"; id = "nixerus"; }; + flake = materusCfg.configInputs.nixerus; + }; + + devshell = { + from = { type = "indirect"; id = "devshell"; }; + flake = materusCfg.configInputs.devshell; + }; + + home-manager = { + from = { type = "indirect"; id = "home-manager"; }; + flake = materusCfg.configInputs.home-manager; + }; + + sops-nix = { + from = { type = "indirect"; id = "sops-nix"; }; + flake = materusCfg.configInputs.sops-nix; + }; + + base16 = { + from = { type = "indirect"; id = "base16"; }; + flake = materusCfg.configInputs.base16; + }; + + git-agecrypt = { + from = { type = "indirect"; id = "git-agecrypt"; }; + flake = materusCfg.configInputs.git-agecrypt; + }; + + plasma-manager = { + from = { type = "indirect"; id = "plasma-manager"; }; + flake = materusCfg.configInputs.plasma-manager; + }; + + nur = { + from = { type = "indirect"; id = "nur"; }; + flake = materusCfg.configInputs.nur; + }; + nix-vscode-extensions = { + from = { type = "indirect"; id = "nix-vscode-extensions"; }; + flake = materusCfg.configInputs.nix-vscode-extensions; + }; + + }; + } \ No newline at end of file