wake on lan udev, SSH initrd, flake lock update, TODO nix settings

nix-config/host/materusPC/boot.nix

@@ -0,0 +1,94 @@
+{
+  pkgs,
+  lib,
+  materusArgs,
+  mkk,
+  ...
+}:
+{
+  boot.supportedFilesystems = [
+    "ntfs"
+    "btrfs"
+    "vfat"
+    "exfat"
+    "ext4"
+  ];
+
+  boot.tmp.useTmpfs = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = true;
+    device = "nodev";
+    gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240";
+    gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240";
+    useOSProber = true;
+    memtest86.enable = true;
+  };
+
+  boot.plymouth.enable = true;
+
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+  boot.kernelParams = [ "ip=${mkk.local}" ];
+  # Use latest kernel.
+  boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen;
+
+  boot.initrd = {
+
+    availableKernelModules = [
+      "r8169"
+      "wireguard"
+    ];
+    luks.devices."ROOT_1".device = "/dev/disk/by-label/CRYPT_ROOT_1";
+    luks.devices."ROOT_2".device = "/dev/disk/by-label/CRYPT_ROOT_2";
+    secrets."/etc/secrets/30-wg-initrd.key" = "/mkk/keys/wireguard";
+    systemd = {
+      enable = true;
+      network = {
+        netdevs."30-wg-initrd" = {
+          netdevConfig = {
+            Kind = "wireguard";
+            Name = "wg-initrd";
+          };
+          wireguardConfig = {
+            PrivateKeyFile = "/etc/secrets/30-wg-initrd.key";
+          };
+          wireguardPeers = [
+            {
+              AllowedIPs = [
+                "${mkk.wireguard.ip-masks.main}"
+                "${mkk.wireguard.peers.valkyrie.ip}/32"
+              ];
+              PublicKey = "${mkk.wireguard.peers.valkyrie.pubKey}";
+              Endpoint = "${mkk.network.valkyrie.ip}:${mkk.wireguard.peers.valkyrie.port}";
+              PersistentKeepalive = 25;
+            }
+          ];
+        };
+        networks."30-wg-initrd" = {
+          name = "wg-initrd";
+          addresses = [ { Address = "${mkk.wireguard.peers.materusPC.ip}/32"; } ];
+        };
+        networks."10-lan" = {
+          matchConfig.Name = "eno1";
+          networkConfig.DHCP = "yes";
+        };
+
+      };
+    };
+    network = {
+      enable = true;
+      flushBeforeStage2 = true;
+      ssh = {
+        enable = true;
+        port = 22;
+        authorizedKeyFiles = [ materusArgs.files.ssh-keys.materus ];
+        hostKeys = [
+          "/mkk/keys/ssh_host_ed25519_key"
+          "/mkk/keys/ssh_host_rsa_key"
+        ];
+      };
+    };
+  };
+}

nix-config/host/materusPC/configuration.nix

@@ -17,14 +17,6 @@ let
   });
 in
 {
-  # Use the systemd-boot EFI boot loader.
-
-  boot.plymouth.enable = true;
-
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
-  # Use latest kernel.
-  boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen;
 
   # Set your time zone.
   time.timeZone = "Europe/Warsaw";

nix-config/host/materusPC/default.nix

@@ -6,6 +6,7 @@
     ./audio.nix
     ./network.nix
     ./services.nix
+    ./boot.nix
 
     ./virtualization/libvirt.nix
     ./virtualization/vfio.nix

nix-config/host/materusPC/hardware-configuration.nix

@@ -76,25 +76,6 @@ in
   ]
   ++ video;
 
-  boot.supportedFilesystems = [
-    "ntfs"
-    "btrfs"
-    "vfat"
-    "exfat"
-    "ext4"
-  ];
-  boot.tmp.useTmpfs = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.efi.efiSysMountPoint = "/boot/efi";
-  boot.loader.grub = {
-    enable = true;
-    efiSupport = true;
-    device = "nodev";
-    gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240";
-    gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240";
-    useOSProber = true;
-    memtest86.enable = true;
-  };
 
   fileSystems."/" = {
     device = "/dev/disk/by-label/materusPC_ROOT";
@@ -108,9 +89,6 @@ in
     ];
   };
 
-  boot.initrd.luks.devices."ROOT_1".device = "/dev/disk/by-label/CRYPT_ROOT_1";
-  boot.initrd.luks.devices."ROOT_2".device = "/dev/disk/by-label/CRYPT_ROOT_2";
-
   fileSystems."/home" = {
     device = "/dev/disk/by-label/materusPC_ROOT";
     fsType = "btrfs";

nix-config/host/materusPC/network.nix

@@ -46,4 +46,7 @@
       proxy = { };
     };
   };
+  services.udev.extraRules = ''
+    ACTION=="add", SUBSYSTEM=="net", NAME=="en*", RUN+="${pkgs.ethtool}/bin/ethtool -s $name wol g"
+  '';
 }

nix-config/host/materusPC/services.nix

@@ -3,8 +3,12 @@
   imports = [
     #region KDE
     {
-      services.displayManager.sddm.enable = true;
-      services.displayManager.sddm.wayland.enable = true;
+      services.displayManager = {
+        autoLogin.enable = true;
+        autoLogin.user = "materus";
+        sddm.enable = true;
+        sddm.wayland.enable = true;
+      };
 
       services.desktopManager.plasma6.enable = true;
       services.desktopManager.plasma6.enableQt5Integration = true;
@@ -40,7 +44,7 @@
   #endregion
   programs.kdeconnect.enable = true;
   services.libinput.enable = true;
-  
+
   services.dbus.enable = true;
   services.dbus.packages = [ pkgs.gcr ];
 

nix-config/shared/default.nix

@@ -1,5 +1,5 @@
 isHm:
-{ lib, materusArgs, ... }:
+{ lib, materusArgs, config, ... }:
 {
 
   options.mkk.dir = lib.mkOption {
@@ -7,10 +7,15 @@ isHm:
     type = lib.types.path;
   };
 
+  options.mkk.var = lib.mkOption {
+    default = {};
+    type = lib.types.attrs;
+  };
+
   imports = [
     (import ./nvim.nix isHm)
   ];
-
-  config._module.args.mkk = import ./private/variables.nix;
+  config.mkk.var = import ./private/variables.nix;
+  config._module.args.mkk = config.mkk.var;
 
 }

nix-config/shared/nix.nix

@@ -0,0 +1,78 @@
+{...}:{
+config.nix.package = lib.mkDefault  pkgs.nixVersions.latest;
+  config.nix.registry = lib.mkIf config.materus.profile.nix.enableRegistry {
+    nixpkgs-stable = {
+      from = { type = "indirect"; id = "nixpkgs-stable"; };
+      flake = materusCfg.materusFlake.inputs.nixpkgs-stable;
+    };
+    nixpkgs-unstable = {
+      from = { type = "indirect"; id = "nixpkgs-unstable"; };
+      flake = materusCfg.materusFlake.inputs.nixpkgs;
+    };
+
+    nixpkgs = {
+      from = { type = "indirect"; id = "nixpkgs"; };
+      flake = materusCfg.configInputs.nixpkgs;
+    };
+
+    emacs-overlay = {
+      from = { type = "indirect"; id = "emacs-overlay"; };
+      flake = materusCfg.configInputs.emacs-overlay;
+    };
+
+    flake-utils = {
+      from = { type = "indirect"; id = "flake-utils"; };
+      flake = materusCfg.configInputs.flake-utils;
+    };
+
+    nixos-hardware = {
+      from = { type = "indirect"; id = "nixos-hardware"; };
+      flake = materusCfg.configInputs.nixos-hardware;
+    };
+
+    nixerus = {
+      from = { type = "indirect"; id = "nixerus"; };
+      flake = materusCfg.configInputs.nixerus;
+    };
+
+    devshell = {
+      from = { type = "indirect"; id = "devshell"; };
+      flake = materusCfg.configInputs.devshell;
+    };
+
+    home-manager = {
+      from = { type = "indirect"; id = "home-manager"; };
+      flake = materusCfg.configInputs.home-manager;
+    };
+
+    sops-nix = {
+      from = { type = "indirect"; id = "sops-nix"; };
+      flake = materusCfg.configInputs.sops-nix;
+    };
+
+    base16 = {
+      from = { type = "indirect"; id = "base16"; };
+      flake = materusCfg.configInputs.base16;
+    };
+
+    git-agecrypt = {
+      from = { type = "indirect"; id = "git-agecrypt"; };
+      flake = materusCfg.configInputs.git-agecrypt;
+    };
+
+    plasma-manager = {
+      from = { type = "indirect"; id = "plasma-manager"; };
+      flake = materusCfg.configInputs.plasma-manager;
+    };
+
+    nur = {
+      from = { type = "indirect"; id = "nur"; };
+      flake = materusCfg.configInputs.nur;
+    };
+    nix-vscode-extensions = {
+      from = { type = "indirect"; id = "nix-vscode-extensions"; };
+      flake = materusCfg.configInputs.nix-vscode-extensions;
+    };
+
+  };
+  }