From 64f486a5a2bce853bc26c947686abe85a300cb15 Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Thu, 31 Oct 2024 16:12:42 +0100 Subject: [PATCH 1/9] Add limette and disko-config --- flake.lock | 22 +++++++ flake.nix | 3 + machines/limette/README.md | 0 machines/limette/configuration.nix | 93 ++++++++++++++++++++++++++++++ machines/limette/disko-config.nix | 66 +++++++++++++++++++++ 5 files changed, 184 insertions(+) create mode 100644 machines/limette/README.md create mode 100644 machines/limette/configuration.nix create mode 100644 machines/limette/disko-config.nix diff --git a/flake.lock b/flake.lock index 88b5f8bc..48a9bd55 100644 --- a/flake.lock +++ b/flake.lock @@ -64,6 +64,27 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730135292, + "narHash": "sha256-CI27qHAbc3/tIe8sb37kiHNaeCqGxNimckCMj0lW5kg=", + "owner": "nix-community", + "repo": "disko", + "rev": "ab58501b2341bc5e0fc88f2f5983a679b075ddf5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "latest", + "repo": "disko", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -561,6 +582,7 @@ "alertmanager-ntfy": "alertmanager-ntfy", "aoe-taunt-discord-bot": "aoe-taunt-discord-bot", "caddy-patched": "caddy-patched", + "disko": "disko", "flake-compat": "flake-compat", "forgit": "forgit", "go-karma-bot": "go-karma-bot", diff --git a/flake.nix b/flake.nix index 06214f2a..e2b8e759 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,9 @@ inputs = { + disko.url = "github:nix-community/disko/latest"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + caddy-patched = { url = "github:pinpox/nixos-caddy-patched"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/machines/limette/README.md b/machines/limette/README.md new file mode 100644 index 00000000..e69de29b diff --git a/machines/limette/configuration.nix b/machines/limette/configuration.nix new file mode 100644 index 00000000..524291d7 --- /dev/null +++ b/machines/limette/configuration.nix @@ -0,0 +1,93 @@ +{ + pkgs, + lib, + nixos-hardware, + disko, + ... +}: +{ + + services.gnome.gnome-keyring.enable = true; + hardware.keyboard.qmk.enable = true; + + imports = [ + nixos-hardware.nixosModules.lenovo-thinkpad-x230 + # ./hardware-configuration.nix + ./disko-config.nix + disko.nixosModules.disko + + ]; + + disko.devices.disk.main.imageSize = "10G"; + # disko.devices.disk.root.device = "/dev/sda"; + + programs.sway.enable = true; + + hardware.graphics = { + enable = true; + enable32Bit = true; + + extraPackages = with pkgs; [ + intel-media-driver # LIBVA_DRIVER_NAME=iHD + ]; + }; + environment.sessionVariables = { + LIBVA_DRIVER_NAME = "iHD"; + NIXOS_OZONE_WL = "1"; + }; + + xdg.portal = { + enable = true; + wlr = { + enable = true; + settings = { + + # See xdg-desktop-portal-wlr(5) for supported values. + screencast = { + # output_name = "HDMI-A-1"; + max_fps = 30; + # exec_before = "disable_notifications.sh"; + # exec_after = "enable_notifications.sh"; + chooser_type = "simple"; + chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or"; + }; + }; + }; + extraPortals = [ + pkgs.xdg-desktop-portal-gtk + pkgs.xdg-desktop-portal-wlr + ]; + }; + + services.fwupd.enable = true; + services.acpid.enable = true; + + # Often hangs + systemd.services = { + NetworkManager-wait-online.enable = lib.mkForce false; + systemd-networkd-wait-online.enable = lib.mkForce false; + }; + + lollypops.extraTasks = { + rebuild-nosecrets = { + desc = "Rebuild without deloying secrets"; + cmds = [ ]; + deps = [ + "deploy-flake" + "rebuild" + ]; + }; + }; + + environment.systemPackages = [ + pkgs.xdg-desktop-portal + pkgs.xdg-desktop-portal-wlr + ]; + + pinpox.desktop = { + enable = true; + wireguardIp = "192.168.7.8"; + hostname = "limette"; + bootDevice = "/dev/disk/by-label/root"; + }; +} diff --git a/machines/limette/disko-config.nix b/machines/limette/disko-config.nix new file mode 100644 index 00000000..ea567fa9 --- /dev/null +++ b/machines/limette/disko-config.nix @@ -0,0 +1,66 @@ +# # USAGE in your configuration.nix. +# # Update devices to match your hardware. +# # { +# # imports = [ ./disko-config.nix ]; +# # disko.devices.disk.root.device = "/dev/sda"; +# # disko.devices.disk.data1.device = "/dev/sdb"; +# # disko.devices.disk.data2.device = "/dev/sdc"; +# # } +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/vdb"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + extraOpenArgs = [ ]; + settings = { + allowDiscards = true; + }; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} From a62f38c3e700dd8368050661e37bc7556d2ee240 Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Tue, 5 Nov 2024 10:54:19 +0100 Subject: [PATCH 2/9] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'forgit': 'github:wfxr/forgit/60b651de7ea6143921ebd39b69150736b1985870?narHash=sha256-8BMFL3WktkkB8m6asbNeb9swnLWi3jHo012fBXGa8ls%3D' (2024-10-18) → 'github:wfxr/forgit/2d5f8f48f510146c59fe5531f2eb61d2f1344367?narHash=sha256-oYToU9mdP0Wb/j%2Bk8/SO%2Bnjjk92CApAlxU2iDe7QJqQ%3D' (2024-11-04) • Updated input 'home-manager': 'github:nix-community/home-manager/e83414058edd339148dc142a8437edb9450574c8?narHash=sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0%3D' (2024-10-27) → 'github:nix-community/home-manager/8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661?narHash=sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo%2BGYdmEPaYi1bZB6uf0%3D' (2024-11-03) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/da14839ac5f38ee6adbdb4e6db09b5eef6d6ccdc?narHash=sha256-F8vJtG389i9fp3k2/UDYHMed3PLCJYfxCqwiVP7b9ig%3D' (2024-10-31) → 'github:NixOS/nixos-hardware/1b0b927860d7eb367ee6a3123ddeb7a8e24bd836?narHash=sha256-cH9emjYIbDYTde/CKOmU97rh7sKuyfedzPcTz4OTJkE%3D' (2024-11-05) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/807e9154dcb16384b1b765ebe9cd2bba2ac287fd?narHash=sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU%3D' (2024-10-29) → 'github:nixos/nixpkgs/7ffd9ae656aec493492b44d0ddfb28e79a1ea25d?narHash=sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY%3D' (2024-11-02) • Updated input 'nur': 'github:nix-community/NUR/63bded559a2f06eb05835b8331be4de5a3b0ec5a?narHash=sha256-q8iZMOxu5OjWDiNbE%2BLI83tXvxHUl2zrPKefojnksFE%3D' (2024-10-31) → 'github:nix-community/NUR/ca7969ff2ec6ffc542dcf37c9fff09068938be1a?narHash=sha256-IXijJOaruWRtIt5ySERCd8rI5jKjVXg1q/oDvHPsXdw%3D' (2024-11-05) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 48a9bd55..9b28eab3 100644 --- a/flake.lock +++ b/flake.lock @@ -191,11 +191,11 @@ "forgit": { "flake": false, "locked": { - "lastModified": 1729244272, - "narHash": "sha256-8BMFL3WktkkB8m6asbNeb9swnLWi3jHo012fBXGa8ls=", + "lastModified": 1730711879, + "narHash": "sha256-oYToU9mdP0Wb/j+k8/SO+njjk92CApAlxU2iDe7QJqQ=", "owner": "wfxr", "repo": "forgit", - "rev": "60b651de7ea6143921ebd39b69150736b1985870", + "rev": "2d5f8f48f510146c59fe5531f2eb61d2f1344367", "type": "github" }, "original": { @@ -231,11 +231,11 @@ ] }, "locked": { - "lastModified": 1730016908, - "narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=", + "lastModified": 1730633670, + "narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=", "owner": "nix-community", "repo": "home-manager", - "rev": "e83414058edd339148dc142a8437edb9450574c8", + "rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661", "type": "github" }, "original": { @@ -388,11 +388,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730368399, - "narHash": "sha256-F8vJtG389i9fp3k2/UDYHMed3PLCJYfxCqwiVP7b9ig=", + "lastModified": 1730797322, + "narHash": "sha256-cH9emjYIbDYTde/CKOmU97rh7sKuyfedzPcTz4OTJkE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "da14839ac5f38ee6adbdb4e6db09b5eef6d6ccdc", + "rev": "1b0b927860d7eb367ee6a3123ddeb7a8e24bd836", "type": "github" }, "original": { @@ -404,11 +404,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730200266, - "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", "type": "github" }, "original": { @@ -420,11 +420,11 @@ }, "nur": { "locked": { - "lastModified": 1730364288, - "narHash": "sha256-q8iZMOxu5OjWDiNbE+LI83tXvxHUl2zrPKefojnksFE=", + "lastModified": 1730799901, + "narHash": "sha256-IXijJOaruWRtIt5ySERCd8rI5jKjVXg1q/oDvHPsXdw=", "owner": "nix-community", "repo": "NUR", - "rev": "63bded559a2f06eb05835b8331be4de5a3b0ec5a", + "rev": "ca7969ff2ec6ffc542dcf37c9fff09068938be1a", "type": "github" }, "original": { From 1606f76814941bd364a22456663facd89b548b5b Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Tue, 5 Nov 2024 12:13:38 +0100 Subject: [PATCH 3/9] flake.lock: Add MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Added input 'alertmanager-ntfy': 'github:pinpox/alertmanager-ntfy/c669b8701235d779fa7277008ccb617fc3d94538?narHash=sha256-O4yrTNgnlx%2BWNS9Ha%2B%2BveExncRmkX83mkywumjtPw3U%3D' (2024-04-02) • Added input 'alertmanager-ntfy/flake-compat': follows 'flake-compat' • Added input 'alertmanager-ntfy/flake-utils': 'github:numtide/flake-utils/1ef2e671c3b0c19053962c07dbda38332dcebf26?narHash=sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA%3D' (2024-01-15) • Added input 'alertmanager-ntfy/flake-utils/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e?narHash=sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768%3D' (2023-04-09) • Added input 'alertmanager-ntfy/nixpkgs': follows 'nixpkgs' • Added input 'aoe-taunt-discord-bot': 'github:pinpox/aoe-taunt-discord-bot/6a01de35813d44a1d8f69d484533934312e81544?narHash=sha256-26PP5a9Ri5qmlJoZ6QP8RZ/tsy4Qs/IXmNO8ET4m/qE%3D' (2024-02-28) • Added input 'aoe-taunt-discord-bot/nixpkgs': follows 'nixpkgs' • Added input 'caddy-patched': 'github:pinpox/nixos-caddy-patched/d72f4cf8f8756f3062ea785a6e27a132ec05489e?narHash=sha256-134yvH/Ow4j9hH6375TJABkxrx8aHbembA%2B7R5wDCvI%3D' (2024-03-25) • Added input 'caddy-patched/nixpkgs': follows 'nixpkgs' • Added input 'disko': 'github:nix-community/disko/ab58501b2341bc5e0fc88f2f5983a679b075ddf5?narHash=sha256-CI27qHAbc3/tIe8sb37kiHNaeCqGxNimckCMj0lW5kg%3D' (2024-10-28) • Added input 'disko/nixpkgs': follows 'nixpkgs' • Added input 'flake-compat': 'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33?narHash=sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U%3D' (2023-10-04) • Added input 'forgit': 'github:wfxr/forgit/2d5f8f48f510146c59fe5531f2eb61d2f1344367?narHash=sha256-oYToU9mdP0Wb/j%2Bk8/SO%2Bnjjk92CApAlxU2iDe7QJqQ%3D' (2024-11-04) • Added input 'go-karma-bot': 'github:pinpox/go-karma-bot/86dd17da11e53a276e014bb7891e5aa0bfe6ab39?narHash=sha256-wW6YrL%2BdMCXJwW2PMlJIEBbZ3yUsN4VPHklh0A3UKXo%3D' (2024-02-28) • Added input 'go-karma-bot/nixpkgs': follows 'nixpkgs' • Added input 'home-manager': 'github:nix-community/home-manager/8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661?narHash=sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo%2BGYdmEPaYi1bZB6uf0%3D' (2024-11-03) • Added input 'home-manager/nixpkgs': follows 'nixpkgs' • Added input 'indent-blankline-nvim-lua': 'github:lukas-reineke/indent-blankline.nvim/04e44b09ee3ff189c69ab082edac1ef7ae2e256c?narHash=sha256-odv43EyZ3gMg410eBFAkye/SdAj%2BLcVVZPaZm8w0biM%3D' (2024-10-29) • Added input 'inovex-mdm': 'gitlab:ffranzmann/mdm-linux-inventory-nix/d3f405a712d3f250a46c51c7c31fe855289511b7?narHash=sha256-ovSOX6ZpnJj2RRu94hgf9EGLcPs/XfjXqDHc5iZKK4A%3D' (2024-10-29) • Added input 'inovex-mdm/mdm-linux-inventory': 'git+ssh://git@gitlab.inovex.de:2424/inovex-it-mdm/mdm-linux-inventory.git?ref=refs/heads/main&rev=3773229472a54623f179c85cb5fcb62124f35b20' (2024-10-18) • Added input 'inovex-mdm/nixpkgs': follows 'nixpkgs' • Added input 'krops': 'git+https://cgit.krebsco.de/krops?ref=refs/heads/master&rev=a6c7ecd8ba90c1eb2515cb235d85649295848e68' (2024-01-11) • Added input 'lollypops': 'github:pinpox/lollypops/c52f704a4bf44bd793558c9080982a38e77af01b?narHash=sha256-BjbIcwtNCeRzZ/UgCIkFG7Trk6dagGxOEqNv9wOzER8%3D' (2024-06-01) • Added input 'lollypops/flake-utils': 'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a?narHash=sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ%3D' (2024-03-11) • Added input 'lollypops/flake-utils/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e?narHash=sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768%3D' (2023-04-09) • Added input 'lollypops/nixpkgs': follows 'nixpkgs' • Added input 'matrix-hook': 'github:pinpox/matrix-hook/3f70742c302c592579ad399d19050f7a1427adc8?narHash=sha256-vd5OC8tfN%2BUnjvMknUmKSGFTHsaxZhrTnriF/aycbOg%3D' (2023-10-05) • Added input 'matrix-hook/flake-compat': follows 'flake-compat' • Added input 'matrix-hook/flake-utils': 'github:numtide/flake-utils/f9e7cf818399d17d347f847525c5a5a8032e4e44?narHash=sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk%3D' (2023-08-23) • Added input 'matrix-hook/flake-utils/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e?narHash=sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768%3D' (2023-04-09) • Added input 'matrix-hook/nixpkgs': follows 'nixpkgs' • Added input 'mc3000': 'github:pinpox/mc3000/43a093027bb069c1b7dedd3a684dace26d62fb25?narHash=sha256-GDwoVezNJ99VrHTa5uetRJilNNzW5VZKfZChP5EXrCU%3D' (2022-10-10) • Added input 'mc3000/nixpkgs': follows 'nixpkgs' • Added input 'naersk': 'github:nix-community/naersk/3fb418eaf352498f6b6c30592e3beb63df42ef11?narHash=sha256-r/xppY958gmZ4oTfLiHN0ZGuQ%2BRSTijDblVgVLFi1mw%3D' (2024-07-23) • Added input 'naersk/nixpkgs': follows 'nixpkgs' • Added input 'nix-apple-fonts': 'github:pinpox/nix-apple-fonts/da5f8facd04a39981c07fc1504649ec03de7b6e6?narHash=sha256-QTZZjFvLesYO2DT7JcnuHGDTQw6/MzJcp%2BymfKDz1BM%3D' (2021-11-16) • Added input 'nix-apple-fonts/flake-compat': follows 'flake-compat' • Added input 'nix-apple-fonts/flake-utils': 'github:numtide/flake-utils/bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4?narHash=sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka%2BFJk5guaX4x4%3D' (2021-11-15) • Added input 'nix-apple-fonts/nixpkgs': follows 'nixpkgs' • Added input 'nixos-hardware': 'github:NixOS/nixos-hardware/1b0b927860d7eb367ee6a3123ddeb7a8e24bd836?narHash=sha256-cH9emjYIbDYTde/CKOmU97rh7sKuyfedzPcTz4OTJkE%3D' (2024-11-05) • Added input 'nixpkgs': 'github:nixos/nixpkgs/7ffd9ae656aec493492b44d0ddfb28e79a1ea25d?narHash=sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY%3D' (2024-11-02) • Added input 'nur': 'github:nix-community/NUR/ca7969ff2ec6ffc542dcf37c9fff09068938be1a?narHash=sha256-IXijJOaruWRtIt5ySERCd8rI5jKjVXg1q/oDvHPsXdw%3D' (2024-11-05) • Added input 'nvim-cokeline': 'github:noib3/nvim-cokeline/adfd1eb87e0804b6b86126e03611db6f62bb2909?narHash=sha256-X%2B%2BIJsKz0qE8We2/sruRiTexanJvcUFbRKoCO%2BC7TKU%3D' (2024-07-12) • Added input 'nvim-fzf': 'github:vijaymarupudi/nvim-fzf/305aa90aeb8409b4bd2af1812a4b6e157ee93953?narHash=sha256-clcZm8yGqE%2BerN1zBT38ai4keVTWieIjB14%2BgRwpM%2BU%3D' (2024-10-21) • Added input 'pinpox-keys': 'https://github.com/pinpox.keys?narHash=sha256-PVfExrFgaauIxhIXs1MLbTYEGbF9z6XGfbSLmvoNz44%3D' • Added input 'pinpox-neovim': 'github:pinpox/pinpox-neovim/6144a66989973b261c546667798369205c6aafe3?narHash=sha256-xTTRRsCZmTSLfJTRmigbRQd8LxFgep3SBj69NaiDH7w%3D' (2024-10-27) • Added input 'pinpox-neovim/nixpkgs': follows 'nixpkgs' • Added input 'promterm': 'github:pinpox/promterm/4b26c03a11b7996db1b4be34c3cc9f206e1b2ca0?narHash=sha256-dHim4OLbkdWWqiaAytKnivxAHyFD9dp55vUXRhEIPxM%3D' (2024-02-13) • Added input 'promterm/naersk': follows 'naersk' • Added input 'promterm/nixpkgs': follows 'nixpkgs' • Added input 'promterm/utils': 'github:numtide/flake-utils/1ef2e671c3b0c19053962c07dbda38332dcebf26?narHash=sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA%3D' (2024-01-15) • Added input 'promterm/utils/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e?narHash=sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768%3D' (2023-04-09) • Added input 'radio': 'github:pinpox/radio/f499348715fcefc533abd1ee2c9e3bc3a750267a?narHash=sha256-IblrNksKJIu0Eh//hHfK%2Bq1lqEw2hbS0%2B7aQTgWYbag%3D' (2024-09-06) • Added input 'radio/nixpkgs': follows 'nixpkgs' • Added input 'restic-exporter': 'github:pinpox/restic-exporter/5b21a7625f768966e0c4b71031ef7557f4b1ad3b?narHash=sha256-S2/Qneg67CJB8MWd9bzqg50AeIBlW19NM36c7NFRE2E%3D' (2024-02-28) • Added input 'restic-exporter/flake-utils': 'github:numtide/flake-utils/1ef2e671c3b0c19053962c07dbda38332dcebf26?narHash=sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA%3D' (2024-01-15) • Added input 'restic-exporter/flake-utils/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e?narHash=sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768%3D' (2023-04-09) • Added input 'restic-exporter/nixpkgs': follows 'nixpkgs' • Added input 'retiolum': 'git+https://git.thalheim.io/Mic92/retiolum?ref=refs/heads/master&rev=a3e297ab98f0ffa58ecd1e61634551f632e5ec34' (2024-10-31) • Added input 'tfenv': 'github:tfutils/tfenv/39d8c27ad9862ffdec57989b66fd2720cb72e76c?narHash=sha256-h5ZHT4u7oAdwuWpUrL35G8bIAMasx6E81h15lTJSHhQ%3D' (2023-12-19) • Added input 'wallpaper-generator': 'github:pinpox/wallpaper-generator/a14109e25e673ea5966a19b8f56e0d65e45b7317?narHash=sha256-jYBIwWgKo8rdfJaOOUcRflx6%2BWin%2B12qrroLJmCGo/Q%3D' (2024-05-27) • Added input 'zsh-abbrev-alias': 'github:momo-lab/zsh-abbrev-alias/33fe094da0a70e279e1cc5376a3d7cb7a5343df5?narHash=sha256-jq5YEpIpvmBa/M7F4NeC77mE9WHSnza3tZwvgMPab7M%3D' (2021-07-22) • Added input 'zsh-colored-man-pages': 'github:ael-code/zsh-colored-man-pages/57bdda68e52a09075352b18fa3ca21abd31df4cb?narHash=sha256-087bNmB5gDUKoSriHIjXOVZiUG5%2BDy9qv3D69E8GBhs%3D' (2019-04-02) --- flake.lock | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/flake.lock b/flake.lock index 9b28eab3..cdec94c3 100644 --- a/flake.lock +++ b/flake.lock @@ -260,6 +260,30 @@ "type": "github" } }, + "inovex-mdm": { + "inputs": { + "mdm-linux-inventory": "mdm-linux-inventory", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "host": "gitlab.inovex.de", + "lastModified": 1730186269, + "narHash": "sha256-ovSOX6ZpnJj2RRu94hgf9EGLcPs/XfjXqDHc5iZKK4A=", + "owner": "ffranzmann", + "repo": "mdm-linux-inventory-nix", + "rev": "d3f405a712d3f250a46c51c7c31fe855289511b7", + "type": "gitlab" + }, + "original": { + "host": "gitlab.inovex.de", + "owner": "ffranzmann", + "ref": "master", + "repo": "mdm-linux-inventory-nix", + "type": "gitlab" + } + }, "krops": { "flake": false, "locked": { @@ -341,6 +365,22 @@ "type": "github" } }, + "mdm-linux-inventory": { + "flake": false, + "locked": { + "lastModified": 1729248637, + "narHash": "sha256-2VhU4ozf5IrtadOoHe7vqUzwvJlCPZpNcl9o+h1lyac=", + "ref": "refs/heads/main", + "rev": "3773229472a54623f179c85cb5fcb62124f35b20", + "revCount": 51, + "type": "git", + "url": "ssh://git@gitlab.inovex.de:2424/inovex-it-mdm/mdm-linux-inventory.git" + }, + "original": { + "type": "git", + "url": "ssh://git@gitlab.inovex.de:2424/inovex-it-mdm/mdm-linux-inventory.git" + } + }, "naersk": { "inputs": { "nixpkgs": [ @@ -588,6 +628,7 @@ "go-karma-bot": "go-karma-bot", "home-manager": "home-manager", "indent-blankline-nvim-lua": "indent-blankline-nvim-lua", + "inovex-mdm": "inovex-mdm", "krops": "krops", "lollypops": "lollypops", "matrix-hook": "matrix-hook", From 23d20c7624512cd00f6b0f407bd8eb23c9c50f6f Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Tue, 5 Nov 2024 12:22:14 +0100 Subject: [PATCH 4/9] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'inovex-mdm/mdm-linux-inventory': 'git+ssh://git@gitlab.inovex.de:2424/inovex-it-mdm/mdm-linux-inventory.git?ref=refs/heads/main&rev=3773229472a54623f179c85cb5fcb62124f35b20' (2024-10-18) → follows 'mdm-linux-inventory' • Added input 'mdm-linux-inventory': 'gitlab:inovex-it-mdm/mdm-linux-inventory/3773229472a54623f179c85cb5fcb62124f35b20?narHash=sha256-2VhU4ozf5IrtadOoHe7vqUzwvJlCPZpNcl9o%2Bh1lyac%3D' (2024-10-18) --- flake.lock | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index cdec94c3..c83e5692 100644 --- a/flake.lock +++ b/flake.lock @@ -262,7 +262,9 @@ }, "inovex-mdm": { "inputs": { - "mdm-linux-inventory": "mdm-linux-inventory", + "mdm-linux-inventory": [ + "mdm-linux-inventory" + ], "nixpkgs": [ "nixpkgs" ] @@ -368,17 +370,20 @@ "mdm-linux-inventory": { "flake": false, "locked": { + "host": "gitlab.inovex.de", "lastModified": 1729248637, "narHash": "sha256-2VhU4ozf5IrtadOoHe7vqUzwvJlCPZpNcl9o+h1lyac=", - "ref": "refs/heads/main", + "owner": "inovex-it-mdm", + "repo": "mdm-linux-inventory", "rev": "3773229472a54623f179c85cb5fcb62124f35b20", - "revCount": 51, - "type": "git", - "url": "ssh://git@gitlab.inovex.de:2424/inovex-it-mdm/mdm-linux-inventory.git" + "type": "gitlab" }, "original": { - "type": "git", - "url": "ssh://git@gitlab.inovex.de:2424/inovex-it-mdm/mdm-linux-inventory.git" + "host": "gitlab.inovex.de", + "owner": "inovex-it-mdm", + "ref": "main", + "repo": "mdm-linux-inventory", + "type": "gitlab" } }, "naersk": { @@ -633,6 +638,7 @@ "lollypops": "lollypops", "matrix-hook": "matrix-hook", "mc3000": "mc3000", + "mdm-linux-inventory": "mdm-linux-inventory", "naersk": "naersk", "nix-apple-fonts": "nix-apple-fonts", "nixos-hardware": "nixos-hardware", From 8b7da942f84595e1e82d9e3af9abe3b1aa35cedc Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Tue, 5 Nov 2024 12:38:26 +0100 Subject: [PATCH 5/9] Add inovex-mdm --- flake.nix | 19 +++++++++++++++++++ machines/ahorn/configuration.nix | 11 +++++++++++ modules/nix-common/default.nix | 2 +- 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index e2b8e759..890ac92e 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,25 @@ inputs = { + inovex-mdm = { + type = "gitlab"; + host = "gitlab.inovex.de"; + owner = "ffranzmann"; + ref = "master"; + repo = "mdm-linux-inventory-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.mdm-linux-inventory.follows = "mdm-linux-inventory"; + }; + + mdm-linux-inventory = { + type = "gitlab"; + host = "gitlab.inovex.de"; + owner = "inovex-it-mdm"; + ref = "main"; + repo = "mdm-linux-inventory"; + flake = false; + }; + disko.url = "github:nix-community/disko/latest"; disko.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/machines/ahorn/configuration.nix b/machines/ahorn/configuration.nix index 77a00ff1..6b8c43cb 100644 --- a/machines/ahorn/configuration.nix +++ b/machines/ahorn/configuration.nix @@ -5,6 +5,7 @@ pkgs, lib, nixos-hardware, + inovex-mdm, ... }: { @@ -65,10 +66,20 @@ nixos-hardware.nixosModules.lenovo-thinkpad-t480s ./hardware-configuration.nix retiolum.nixosModules.retiolum + inovex-mdm.nixosModules.default #retiolum.nixosModules.ca ]; + lollypops.secrets.files."inovex-mdm/mdm-create-token" = { }; + + services.inovex-mdm = { + enable = true; + userhome = "/home/pinpox"; + tokenFile = "${config.lollypops.secrets.files."inovex-mdm/mdm-create-token".path}"; + screenLockTimeout = "300"; + }; + programs.sway.enable = true; hardware.graphics = { diff --git a/modules/nix-common/default.nix b/modules/nix-common/default.nix index 61614d64..f4895d09 100644 --- a/modules/nix-common/default.nix +++ b/modules/nix-common/default.nix @@ -67,13 +67,13 @@ in # Enable flakes package = pkgs.nixVersions.stable; - # !include ${config.lollypops.secrets.files."nix/nix-access-tokens".path} extraOptions = '' fallback = true connect-timeout = 100 stalled-download-timeout = 100 ''; + # !include ${config.lollypops.secrets.files."nix/nix-access-tokens".path} settings = { From ca23de19012e90cff8a715b0ae45bf320e49d9d7 Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Tue, 5 Nov 2024 12:38:54 +0100 Subject: [PATCH 6/9] disable yotp until fixed --- home-manager/modules/shell/zsh.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home-manager/modules/shell/zsh.nix b/home-manager/modules/shell/zsh.nix index 7e0cb168..2811b80c 100644 --- a/home-manager/modules/shell/zsh.nix +++ b/home-manager/modules/shell/zsh.nix @@ -82,9 +82,9 @@ weather = "${pkgs.curl}/bin/curl -4 http://wttr.in/Koeln"; radio = "${pkgs.mpv}/bin/mpv http://lassul.us:8000/radio.ogg"; + # ${pkgs.yubikey-manager}/bin/ykman oath accounts code | \ yotp = '' - ${pkgs.yubikey-manager}/bin/ykman oath accounts code | \ - ${pkgs.fzf}/bin/fzf | awk '{print $2}' | ${pkgs.xclip}/bin/xclip -sel clip + ${pkgs.fzf}/bin/fzf | awk '{print $2}' | ${pkgs.xclip}/bin/xclip -sel clip ''; zzz = "systemctl suspend"; From b5fcf08aed1134310d855edb253a4592b18837ba Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Tue, 5 Nov 2024 20:54:40 +0100 Subject: [PATCH 7/9] Add labels to disko for limette --- machines/limette/disko-config.nix | 54 ++++++++++++++++++++++++------- 1 file changed, 42 insertions(+), 12 deletions(-) diff --git a/machines/limette/disko-config.nix b/machines/limette/disko-config.nix index ea567fa9..cbe92c09 100644 --- a/machines/limette/disko-config.nix +++ b/machines/limette/disko-config.nix @@ -1,21 +1,15 @@ -# # USAGE in your configuration.nix. -# # Update devices to match your hardware. -# # { -# # imports = [ ./disko-config.nix ]; -# # disko.devices.disk.root.device = "/dev/sda"; -# # disko.devices.disk.data1.device = "/dev/sdb"; -# # disko.devices.disk.data2.device = "/dev/sdc"; -# # } { disko.devices = { disk = { main = { type = "disk"; device = "/dev/vdb"; + # device = builtins.elemAt disks 0; content = { type = "gpt"; partitions = { ESP = { + name = "BOOT"; size = "500M"; type = "EF00"; content = { @@ -23,17 +17,21 @@ format = "vfat"; mountpoint = "/boot"; mountOptions = [ "umask=0077" ]; + extraArgs = [ + "-n" + "BOOT" + ]; }; }; luks = { size = "100%"; + name = "SYSTEM"; content = { type = "luks"; name = "crypted"; extraOpenArgs = [ ]; - settings = { - allowDiscards = true; - }; + passwordFile = "/tmp/secret.key"; + settings.allowDiscards = true; content = { type = "lvm_pv"; vg = "pool"; @@ -48,8 +46,22 @@ pool = { type = "lvm_vg"; lvs = { + + swap = { + name = "swap"; + size = "8G"; + content = { + type = "swap"; + resumeDevice = true; + extraArgs = [ + "-L" + "swap" + ]; + }; + }; root = { - size = "100%"; + name = "root"; + size = "100%FREE"; content = { type = "filesystem"; format = "ext4"; @@ -57,8 +69,26 @@ mountOptions = [ "defaults" ]; + extraArgs = [ + "-L" + "root" + ]; }; }; + + # root = { + # size = "100%"; + # name = "root"; + # content = { + # type = "filesystem"; + # format = "ext4"; + # mountpoint = "/"; + # mountOptions = [ + # "defaults" + # ]; + # extraArgs = [ "-L root" ]; + # }; + # }; }; }; }; From 5e2cda83d37d7868713cc31dff29e7cfd42c6125 Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Wed, 6 Nov 2024 18:04:29 +0100 Subject: [PATCH 8/9] Push current limette disco config --- machines/ahorn/configuration.nix | 13 ++++++++++- machines/kartoffel/configuration.nix | 12 +++++++++- machines/kfbox/configuration.nix | 2 ++ machines/limette/configuration.nix | 26 +++++++++++++++++++-- machines/limette/disko-config.nix | 30 +++++------------------- modules/default-desktop/default.nix | 34 ++++++++++++++-------------- modules/nix-common/default.nix | 4 ++-- 7 files changed, 74 insertions(+), 47 deletions(-) diff --git a/machines/ahorn/configuration.nix b/machines/ahorn/configuration.nix index 6b8c43cb..75861901 100644 --- a/machines/ahorn/configuration.nix +++ b/machines/ahorn/configuration.nix @@ -194,6 +194,17 @@ enable = true; wireguardIp = "192.168.7.2"; hostname = "ahorn"; - bootDevice = "/dev/disk/by-uuid/d4b70087-c965-40e8-9fca-fc3b2606a590"; }; + + # Encrypted drive to be mounted by the bootloader. Path of the device will + # have to be changed for each install. + boot.initrd.luks.devices = { + root = { + # Get UUID from blkid /dev/sda2 + device = "/dev/disk/by-uuid/d4b70087-c965-40e8-9fca-fc3b2606a590"; + preLVM = true; + allowDiscards = true; + }; + }; + } diff --git a/machines/kartoffel/configuration.nix b/machines/kartoffel/configuration.nix index 04df241f..e6c46fc9 100644 --- a/machines/kartoffel/configuration.nix +++ b/machines/kartoffel/configuration.nix @@ -13,7 +13,17 @@ enable = true; wireguardIp = "192.168.7.3"; hostname = "kartoffel"; - bootDevice = "/dev/disk/by-uuid/608e0e77-eea4-4dc4-b88d-76cc63e4488b"; + }; + + # Encrypted drive to be mounted by the bootloader. Path of the device will + # have to be changed for each install. + boot.initrd.luks.devices = { + root = { + # Get UUID from blkid /dev/sda2 + device = "/dev/disk/by-uuid/608e0e77-eea4-4dc4-b88d-76cc63e4488b"; + preLVM = true; + allowDiscards = true; + }; }; pinpox.defaults.CISkip = true; diff --git a/machines/kfbox/configuration.nix b/machines/kfbox/configuration.nix index 1c43f8da..6eaeab31 100644 --- a/machines/kfbox/configuration.nix +++ b/machines/kfbox/configuration.nix @@ -10,6 +10,8 @@ }: { + lollypops.deployment.deploy-method = "archive"; + lollypops.secrets.files."ente/credentials.yaml" = { owner = "ente"; group-name = "ente"; diff --git a/machines/limette/configuration.nix b/machines/limette/configuration.nix index 524291d7..32556c27 100644 --- a/machines/limette/configuration.nix +++ b/machines/limette/configuration.nix @@ -18,7 +18,8 @@ ]; - disko.devices.disk.main.imageSize = "10G"; + disko.devices.disk.main.imageSize = "40G"; + disko.imageBuilder.extraDependencies = [ pkgs.kmod ]; # disko.devices.disk.root.device = "/dev/sda"; programs.sway.enable = true; @@ -88,6 +89,27 @@ enable = true; wireguardIp = "192.168.7.8"; hostname = "limette"; - bootDevice = "/dev/disk/by-label/root"; }; + + # efiSupport = lib.mkForce false; + # efiInstallAsRemovable = lib.mkForce false; + # gfxmodeBios = "1600x900"; + # gfxpayloadBios = "text"; + + users.users.pinpox.initialPassword = "changeme"; + + boot.loader.efi.canTouchEfiVariables = false; + # boot.loader.grub.device = "/dev/disk/by-label/BOOT"; + + # Encrypted drive to be mounted by the bootloader. Path of the device will + # have to be changed for each install. + # Get UUID from blkid /dev/sda2 + boot.initrd.luks.devices = { + "root" = { + preLVM = true; + device = lib.mkForce "/dev/disk/by-label/LUKS"; + allowDiscards = true; + }; + }; + } diff --git a/machines/limette/disko-config.nix b/machines/limette/disko-config.nix index cbe92c09..592db502 100644 --- a/machines/limette/disko-config.nix +++ b/machines/limette/disko-config.nix @@ -28,7 +28,7 @@ name = "SYSTEM"; content = { type = "luks"; - name = "crypted"; + name = "root"; extraOpenArgs = [ ]; passwordFile = "/tmp/secret.key"; settings.allowDiscards = true; @@ -36,6 +36,9 @@ type = "lvm_pv"; vg = "pool"; }; + extraFormatArgs = [ + "--label LUKS" + ]; }; }; }; @@ -46,17 +49,13 @@ pool = { type = "lvm_vg"; lvs = { - swap = { name = "swap"; size = "8G"; content = { type = "swap"; resumeDevice = true; - extraArgs = [ - "-L" - "swap" - ]; + extraArgs = [ "-L swap" ]; }; }; root = { @@ -69,26 +68,9 @@ mountOptions = [ "defaults" ]; - extraArgs = [ - "-L" - "root" - ]; + extraArgs = [ "-L root" ]; }; }; - - # root = { - # size = "100%"; - # name = "root"; - # content = { - # type = "filesystem"; - # format = "ext4"; - # mountpoint = "/"; - # mountOptions = [ - # "defaults" - # ]; - # extraArgs = [ "-L root" ]; - # }; - # }; }; }; }; diff --git a/modules/default-desktop/default.nix b/modules/default-desktop/default.nix index 9553884a..3d425035 100644 --- a/modules/default-desktop/default.nix +++ b/modules/default-desktop/default.nix @@ -45,15 +45,15 @@ in description = "hostname to identify the instance"; }; - bootDevice = mkOption { - type = types.str; - default = null; - description = '' - Path of the underlying luks-encrypted root. - Get UUID from e.g. - blkid /dev/sda2''; - example = "/dev/disk/by-uuid/608e0e77-eea4-4dc4-b88d-76cc63e4488b"; - }; + # bootDevice = mkOption { + # type = types.str; + # default = null; + # description = '' + # Path of the underlying luks-encrypted root. + # Get UUID from e.g. + # blkid /dev/sda2''; + # example = "/dev/disk/by-uuid/608e0e77-eea4-4dc4-b88d-76cc63e4488b"; + # }; }; config = mkIf cfg.enable { @@ -256,14 +256,14 @@ in # Encrypted drive to be mounted by the bootloader. Path of the device will # have to be changed for each install. - initrd.luks.devices = { - root = { - # Get UUID from blkid /dev/sda2 - device = cfg.bootDevice; - preLVM = true; - allowDiscards = true; - }; - }; + # initrd.luks.devices = { + # root = { + # # Get UUID from blkid /dev/sda2 + # device = cfg.bootDevice; + # preLVM = true; + # allowDiscards = true; + # }; + # }; }; # Define the hostname diff --git a/modules/nix-common/default.nix b/modules/nix-common/default.nix index f4895d09..58793ad3 100644 --- a/modules/nix-common/default.nix +++ b/modules/nix-common/default.nix @@ -60,8 +60,6 @@ in lollypops.secrets.files."nix/nix-access-tokens" = { }; - nix.trustedUsers = [ "@wheel" ]; - # Enable flakes nix = { @@ -82,6 +80,8 @@ in "flakes" ]; + trusted-users = [ "@wheel" ]; + trusted-public-keys = [ "nix-cache:4FILs79Adxn/798F8qk2PC1U8HaTlaPqptwNJrXNA1g=" ]; substituters = [ From 1b5a679461d2ed13713c50b7c83824b93937951c Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Wed, 6 Nov 2024 21:00:45 +0100 Subject: [PATCH 9/9] add unfree wifi driver for limette --- machines/limette/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/limette/configuration.nix b/machines/limette/configuration.nix index 32556c27..6bad1450 100644 --- a/machines/limette/configuration.nix +++ b/machines/limette/configuration.nix @@ -10,6 +10,7 @@ services.gnome.gnome-keyring.enable = true; hardware.keyboard.qmk.enable = true; + hardware.enableRedistributableFirmware = true; imports = [ nixos-hardware.nixosModules.lenovo-thinkpad-x230 # ./hardware-configuration.nix