materus/nixos-config
1
0
Fork 0
mirror of https://github.com/materusPL/nixos-config synced 2026-04-19 03:17:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

wake on lan udev, SSH initrd, flake lock update, TODO nix settings

Browse Source
This commit is contained in:
Mateusz Słodkowicz 2026-04-03 23:16:53 +02:00
parent d51b13294c
commit 3afafba3ce
Signed by: materus
SSH Key Fingerprint: SHA256:rzVduzTiiszuYfLPYD0SDZV+g8lxhpcRgpbOZA1X0Uo
12 changed files with 217 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
extra-files/ssh/waffentrager.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFrSFfoYf7J35GrjrNWgD140kv/p7qzlSI8Xrp+A16jc root@nixos

48
flake.lock generated
View File

@ -92,11 +92,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1774274588, "lastModified": 1775077333,
"narHash": "sha256-dnHvv5EMUgTzGZmA+3diYjQU2O6BEpGLEOgJ1Qe9LaY=", "narHash": "sha256-OXcxobt7lBkh1B8AjwreU+24myhtKpqeLfAeIyNLFY8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "cf9686ba26f5ef788226843bc31fda4cf72e373b", "rev": "49ca96b2714c5931e17401eff87f3edd42d2b0f2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -114,11 +114,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1774368172, "lastModified": 1775139622,
"narHash": "sha256-Vdfo8+2SQhgc7i+TCIkBXzypQCFAvNrWvhUkZQtFGKE=", "narHash": "sha256-/qfz8ZdwLuaO11ApSUsrgKQJVP/RehKo2u7YMfF4LCw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "5068d0b03e8b2cfae58441775aa849b7028a3d39", "rev": "eb6f347055769a23967dda70cdc8b46f7d247ab9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -178,11 +178,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1774320235, "lastModified": 1775098553,
"narHash": "sha256-tZpmUgKhyxtJo/ZLtUd4p8tC8PCaK1iFigELD/EFZMw=", "narHash": "sha256-OFWIVY1vzAbPE73ksKAMsFh11AXZ3MjIymRQ90Butnc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "d6064384db4f5383f5dc8a5dcba6d43495cffca6", "rev": "361b17a5b2f4536a119c794a367a29b07691f941",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -200,11 +200,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1774320235, "lastModified": 1775098553,
"narHash": "sha256-tZpmUgKhyxtJo/ZLtUd4p8tC8PCaK1iFigELD/EFZMw=", "narHash": "sha256-OFWIVY1vzAbPE73ksKAMsFh11AXZ3MjIymRQ90Butnc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "d6064384db4f5383f5dc8a5dcba6d43495cffca6", "rev": "361b17a5b2f4536a119c794a367a29b07691f941",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -286,11 +286,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1774106199, "lastModified": 1775036866,
"narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -318,11 +318,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1774244481, "lastModified": 1775002709,
"narHash": "sha256-4XfMXU0DjN83o6HWZoKG9PegCvKvIhNUnRUI19vzTcQ=", "narHash": "sha256-d3Yx83vSrN+2z/loBh4mJpyRqr9aAJqlke4TkpFmRJA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4590696c8693fea477850fe379a01544293ca4e2", "rev": "bcd464ccd2a1a7cd09aa2f8d4ffba83b761b1d0e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -384,11 +384,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1774303811, "lastModified": 1774910634,
"narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=", "narHash": "sha256-B+rZDPyktGEjOMt8PcHKYmgmKoF+GaNAFJhguktXAo0=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042", "rev": "19bf3d8678fbbfbc173beaa0b5b37d37938db301",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -406,11 +406,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1774303811, "lastModified": 1774910634,
"narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=", "narHash": "sha256-B+rZDPyktGEjOMt8PcHKYmgmKoF+GaNAFJhguktXAo0=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042", "rev": "19bf3d8678fbbfbc173beaa0b5b37d37938db301",
"type": "github" "type": "github"
}, },
"original": { "original": {

1
flake.nix
View File

@ -42,6 +42,7 @@
files = { files = {
ssh-keys = { ssh-keys = {
materus = ./extra-files/ssh/materus.pub; materus = ./extra-files/ssh/materus.pub;
waffentrager = ./extra-files/ssh/waffentrager.pub;
}; };
patches = { patches = {
bwrap = ./extra-files/patches/bubblewrap.patch; bwrap = ./extra-files/patches/bubblewrap.patch;

94
nix-config/host/materusPC/boot.nix Normal file
View File

@ -0,0 +1,94 @@
{
pkgs,
lib,
materusArgs,
mkk,
...
}:
{
boot.supportedFilesystems = [
"ntfs"
"btrfs"
"vfat"
"exfat"
"ext4"
];
boot.tmp.useTmpfs = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240";
gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240";
useOSProber = true;
memtest86.enable = true;
};
boot.plymouth.enable = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot.kernelParams = [ "ip=${mkk.local}" ];
# Use latest kernel.
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen;
boot.initrd = {
availableKernelModules = [
"r8169"
"wireguard"
];
luks.devices."ROOT_1".device = "/dev/disk/by-label/CRYPT_ROOT_1";
luks.devices."ROOT_2".device = "/dev/disk/by-label/CRYPT_ROOT_2";
secrets."/etc/secrets/30-wg-initrd.key" = "/mkk/keys/wireguard";
systemd = {
enable = true;
network = {
netdevs."30-wg-initrd" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg-initrd";
};
wireguardConfig = {
PrivateKeyFile = "/etc/secrets/30-wg-initrd.key";
};
wireguardPeers = [
{
AllowedIPs = [
"${mkk.wireguard.ip-masks.main}"
"${mkk.wireguard.peers.valkyrie.ip}/32"
];
PublicKey = "${mkk.wireguard.peers.valkyrie.pubKey}";
Endpoint = "${mkk.network.valkyrie.ip}:${mkk.wireguard.peers.valkyrie.port}";
PersistentKeepalive = 25;
}
];
};
networks."30-wg-initrd" = {
name = "wg-initrd";
addresses = [ { Address = "${mkk.wireguard.peers.materusPC.ip}/32"; } ];
};
networks."10-lan" = {
matchConfig.Name = "eno1";
networkConfig.DHCP = "yes";
};
};
};
network = {
enable = true;
flushBeforeStage2 = true;
ssh = {
enable = true;
port = 22;
authorizedKeyFiles = [ materusArgs.files.ssh-keys.materus ];
hostKeys = [
"/mkk/keys/ssh_host_ed25519_key"
"/mkk/keys/ssh_host_rsa_key"
];
};
};
};
}

8
nix-config/host/materusPC/configuration.nix
View File

@ -17,14 +17,6 @@ let
}); });
in in
{ {
# Use the systemd-boot EFI boot loader.
boot.plymouth.enable = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
# Use latest kernel.
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen;
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Warsaw"; time.timeZone = "Europe/Warsaw";

1
nix-config/host/materusPC/default.nix
View File

@ -6,6 +6,7 @@
./audio.nix ./audio.nix
./network.nix ./network.nix
./services.nix ./services.nix
./boot.nix
./virtualization/libvirt.nix ./virtualization/libvirt.nix
./virtualization/vfio.nix ./virtualization/vfio.nix

22
nix-config/host/materusPC/hardware-configuration.nix
View File

@ -76,25 +76,6 @@ in
] ]
++ video; ++ video;
boot.supportedFilesystems = [
"ntfs"
"btrfs"
"vfat"
"exfat"
"ext4"
];
boot.tmp.useTmpfs = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240";
gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240";
useOSProber = true;
memtest86.enable = true;
};
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/materusPC_ROOT"; device = "/dev/disk/by-label/materusPC_ROOT";
@ -108,9 +89,6 @@ in
]; ];
}; };
boot.initrd.luks.devices."ROOT_1".device = "/dev/disk/by-label/CRYPT_ROOT_1";
boot.initrd.luks.devices."ROOT_2".device = "/dev/disk/by-label/CRYPT_ROOT_2";
fileSystems."/home" = { fileSystems."/home" = {
device = "/dev/disk/by-label/materusPC_ROOT"; device = "/dev/disk/by-label/materusPC_ROOT";
fsType = "btrfs"; fsType = "btrfs";

3
nix-config/host/materusPC/network.nix
View File

@ -46,4 +46,7 @@
proxy = { }; proxy = { };
}; };
}; };
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="net", NAME=="en*", RUN+="${pkgs.ethtool}/bin/ethtool -s $name wol g"
'';
} }

BIN
nix-config/host/materusPC/private/default.nix
View File

Binary file not shown.

8
nix-config/host/materusPC/services.nix
View File

@ -3,8 +3,12 @@
imports = [ imports = [
#region KDE #region KDE
{ {
services.displayManager.sddm.enable = true; services.displayManager = {
services.displayManager.sddm.wayland.enable = true; autoLogin.enable = true;
autoLogin.user = "materus";
sddm.enable = true;
sddm.wayland.enable = true;
};
services.desktopManager.plasma6.enable = true; services.desktopManager.plasma6.enable = true;
services.desktopManager.plasma6.enableQt5Integration = true; services.desktopManager.plasma6.enableQt5Integration = true;

11
nix-config/shared/default.nix
View File

@ -1,5 +1,5 @@
isHm: isHm:
{ lib, materusArgs, ... }: { lib, materusArgs, config, ... }:
{ {
options.mkk.dir = lib.mkOption { options.mkk.dir = lib.mkOption {
@ -7,10 +7,15 @@ isHm:
type = lib.types.path; type = lib.types.path;
}; };
options.mkk.var = lib.mkOption {
default = {};
type = lib.types.attrs;
};
imports = [ imports = [
(import ./nvim.nix isHm) (import ./nvim.nix isHm)
]; ];
config.mkk.var = import ./private/variables.nix;
config._module.args.mkk = import ./private/variables.nix; config._module.args.mkk = config.mkk.var;
} }

78
nix-config/shared/nix.nix Normal file
View File

@ -0,0 +1,78 @@
{...}:{
config.nix.package = lib.mkDefault pkgs.nixVersions.latest;
config.nix.registry = lib.mkIf config.materus.profile.nix.enableRegistry {
nixpkgs-stable = {
from = { type = "indirect"; id = "nixpkgs-stable"; };
flake = materusCfg.materusFlake.inputs.nixpkgs-stable;
};
nixpkgs-unstable = {
from = { type = "indirect"; id = "nixpkgs-unstable"; };
flake = materusCfg.materusFlake.inputs.nixpkgs;
};
nixpkgs = {
from = { type = "indirect"; id = "nixpkgs"; };
flake = materusCfg.configInputs.nixpkgs;
};
emacs-overlay = {
from = { type = "indirect"; id = "emacs-overlay"; };
flake = materusCfg.configInputs.emacs-overlay;
};
flake-utils = {
from = { type = "indirect"; id = "flake-utils"; };
flake = materusCfg.configInputs.flake-utils;
};
nixos-hardware = {
from = { type = "indirect"; id = "nixos-hardware"; };
flake = materusCfg.configInputs.nixos-hardware;
};
nixerus = {
from = { type = "indirect"; id = "nixerus"; };
flake = materusCfg.configInputs.nixerus;
};
devshell = {
from = { type = "indirect"; id = "devshell"; };
flake = materusCfg.configInputs.devshell;
};
home-manager = {
from = { type = "indirect"; id = "home-manager"; };
flake = materusCfg.configInputs.home-manager;
};
sops-nix = {
from = { type = "indirect"; id = "sops-nix"; };
flake = materusCfg.configInputs.sops-nix;
};
base16 = {
from = { type = "indirect"; id = "base16"; };
flake = materusCfg.configInputs.base16;
};
git-agecrypt = {
from = { type = "indirect"; id = "git-agecrypt"; };
flake = materusCfg.configInputs.git-agecrypt;
};
plasma-manager = {
from = { type = "indirect"; id = "plasma-manager"; };
flake = materusCfg.configInputs.plasma-manager;
};
nur = {
from = { type = "indirect"; id = "nur"; };
flake = materusCfg.configInputs.nur;
};
nix-vscode-extensions = {
from = { type = "indirect"; id = "nix-vscode-extensions"; };
flake = materusCfg.configInputs.nix-vscode-extensions;
};
};
}