diff --git a/flake.lock b/flake.lock index 4ccd88b..f7e358b 100644 --- a/flake.lock +++ b/flake.lock @@ -201,22 +201,6 @@ "type": "github" } }, - "hardware": { - "locked": { - "lastModified": 1731797098, - "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=", - "owner": "nixos", - "repo": "nixos-hardware", - "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "master", - "repo": "nixos-hardware", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -517,7 +501,6 @@ "inputs": { "blender-bin": "blender-bin", "disko": "disko", - "hardware": "hardware", "home-manager": "home-manager", "impermanence": "impermanence", "jovian": "jovian", diff --git a/flake.nix b/flake.nix index e336539..dabd782 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,6 @@ # System inputs nixpkgs.url = "nixpkgs/nixos-24.11"; unstable.url = "nixpkgs/nixos-unstable"; - hardware.url = "github:nixos/nixos-hardware/master"; lanzaboote = { url = "github:nix-community/lanzaboote/v0.4.1"; @@ -33,7 +32,6 @@ outputs = { nixpkgs, unstable, - hardware, lanzaboote, disko, impermanence, @@ -51,7 +49,6 @@ specialArgs = { inherit unstable - hardware lanzaboote disko impermanence diff --git a/hosts/extern/boot/default.nix b/hosts/extern/boot/default.nix index f7b6c70..ece0152 100644 --- a/hosts/extern/boot/default.nix +++ b/hosts/extern/boot/default.nix @@ -1,38 +1,7 @@ { config, pkgs, ... }: { boot = { - kernelPackages = pkgs.linuxPackages_5_10; + kernelPackages = pkgs.linuxPackages_latest; kernel.sysctl."vm.max_map_count" = 2147483642; - - initrd.systemd = { - enable = true; - services.root-reset = { - description = "Reset root and snapshot last boot"; - wantedBy = [ "initrd.target" ]; - before = [ "sysroot.mount" ]; - after = [ "dev-${config.networking.hostName}-root.device" ]; - unitConfig.DefaultDependencies = "no"; - serviceConfig.Type = "oneshot"; - script = '' - mkdir -p /mnt - mount /dev/${config.networking.hostName}/root /mnt - - if [[ -e /mnt/prev ]]; then - btrfs subvolume delete /mnt/prev - fi - - btrfs subvolume snapshot /mnt/root /mnt/prev - - btrfs subvolume list -o /mnt/root | cut -f9 -d' ' | while read subvolume; do - btrfs subvolume delete "/mnt/$subvolume" - done - - btrfs subvolume delete /mnt/root - btrfs subvolume create /mnt/root - - umount /mnt - ''; - }; - }; }; } diff --git a/hosts/extern/default.nix b/hosts/extern/default.nix index 9874584..c4a1b51 100644 --- a/hosts/extern/default.nix +++ b/hosts/extern/default.nix @@ -1,14 +1,16 @@ -{ ... }: +{ lib, ... }: { imports = [ ./boot - ./disko ./hardware + ./nixmodules ./wireguard ../../modules/system ]; - system.lanzaboote.enable = true; + boot.loader.systemd-boot.enable = lib.mkForce false; + services.btrfs.autoScrub.enable = lib.mkForce false; + system.video.nvidia.enable = true; networking.hostName = "extern"; diff --git a/hosts/extern/disko/default.nix b/hosts/extern/disko/default.nix deleted file mode 100644 index 571c8cc..0000000 --- a/hosts/extern/disko/default.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ disko, config, ... }: -{ - imports = [ disko.nixosModules.disko ]; - - disko.devices = { - disk = { - "${config.networking.hostName}" = { - type = "disk"; - device = "/dev/sdh"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - luks = { - size = "100%"; - content = { - type = "luks"; - name = "${config.networking.hostName}-disk"; - settings.allowDiscards = true; - passwordFile = "/tmp/secret.key"; - content = { - type = "lvm_pv"; - vg = "${config.networking.hostName}"; - }; - }; - }; - }; - }; - }; - }; - - lvm_vg = { - "${config.networking.hostName}" = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/prev" = { - mountpoint = "/prev"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - - # Impermanence - "/persist" = { - mountpoint = "/persist"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/persist/.snapshots" = { }; - - "/jimbo" = { - mountpoint = "/persist/home/jimbo"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/jimbo/.snapshots" = { }; - }; - }; - }; - swap = { - size = "2G"; - content = { - type = "swap"; - discardPolicy = "both"; - }; - }; - }; - }; - }; - }; - - # Needed for impermanence - fileSystems = { - "/persist".neededForBoot = true; - "/persist/home/jimbo".neededForBoot = true; - }; -} diff --git a/hosts/extern/nixmodules/default.nix b/hosts/extern/nixmodules/default.nix new file mode 100644 index 0000000..c1b57a5 --- /dev/null +++ b/hosts/extern/nixmodules/default.nix @@ -0,0 +1,7 @@ +{ modulesPath, ... }: +{ + imports = [ + "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" + "${modulesPath}/installer/cd-dvd/channel.nix" + ]; +} diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix index 594042a..a158e15 100644 --- a/hosts/jupiter/default.nix +++ b/hosts/jupiter/default.nix @@ -3,6 +3,7 @@ imports = [ ./boot ./disko + ./filesystems ./hardware ./wireguard ../../modules/system diff --git a/hosts/jupiter/filesystems/default.nix b/hosts/jupiter/filesystems/default.nix new file mode 100644 index 0000000..2ac554d --- /dev/null +++ b/hosts/jupiter/filesystems/default.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + fileSystems = { + # Remote + "/home/jimbo/JimboNFS" = { + device = "10.100.0.1:/export/JimboNFS"; + fsType = "nfs4"; + options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; + }; + }; +} diff --git a/hosts/jupiter/hardware/default.nix b/hosts/jupiter/hardware/default.nix index ba1f400..6d0e066 100644 --- a/hosts/jupiter/hardware/default.nix +++ b/hosts/jupiter/hardware/default.nix @@ -1,35 +1,17 @@ -{ config, lib, modulesPath, ... }: -{ - boot = { - initrd = { - availableKernelModules = [ - "nvme" - "xhci_pci" - "ahci" - "usbhid" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ - "dm-snapshot" - "vfio" - "vfio_pci" - "vfio_iommu_type1" - "kvm-amd" - ]; - }; - }; - - fileSystems = { - # Remote - "/home/jimbo/JimboNFS" = { - device = "10.100.0.1:/export/JimboNFS"; - fsType = "nfs4"; - options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; - }; - }; - - networking.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} +{ config, lib, ... }: + +{ + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "usb_storage" + "usbhid" + "sd_mod" + "sdhci_pci" + ]; + boot.kernelModules = [ "kvm-amd" ]; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/tower/boot/default.nix b/hosts/tower/boot/default.nix index 03013bf..4453523 100644 --- a/hosts/tower/boot/default.nix +++ b/hosts/tower/boot/default.nix @@ -21,6 +21,13 @@ in { kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ]; blacklistedKernelModules = [ "pcspkr" ]; + # Needed for GPU passthrough + initrd.kernelModules = [ + "vfio" + "vfio_pci" + "vfio_iommu_type1" + ]; + initrd.systemd = { enable = true; services.root-reset = { diff --git a/hosts/tower/default.nix b/hosts/tower/default.nix index a720838..ae25af7 100644 --- a/hosts/tower/default.nix +++ b/hosts/tower/default.nix @@ -3,6 +3,7 @@ imports = [ ./boot ./disko + ./filesystems ./firewall ./hardware ../../modules/system diff --git a/hosts/tower/filesystems/default.nix b/hosts/tower/filesystems/default.nix new file mode 100644 index 0000000..26bb7fa --- /dev/null +++ b/hosts/tower/filesystems/default.nix @@ -0,0 +1,43 @@ +{ config, ... }: +{ + fileSystems = { + # Games and such + "/mnt/Linux1" = { + device = "/dev/disk/by-uuid/b2901f8c-ffda-4b88-bb63-a9ea0c96ccb4"; + options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; + }; + "/mnt/Linux2" = { + device = "/dev/disk/by-uuid/f08e4f38-162c-402f-ba2a-5925151b78bf"; + options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; + }; + "/mnt/Linux3" = { + device = "/dev/disk/by-uuid/e7bc75bd-c371-4b28-b212-7be9b1fad339"; + options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; + }; + "/mnt/Windows1" = { + device = "/dev/disk/by-uuid/48F5C6E06416229C"; + options = [ "nosuid" "nodev" "noauto" ]; + }; + "/mnt/Windows2" = { + device = "/dev/disk/by-uuid/0A5A3420237C863A"; + options = [ "nosuid" "nodev" "noauto" ]; + }; + + # Bulk storage mounts + "/persist/var/lib/libvirt" = { + device = "/dev/disk/by-uuid/abf78669-de2a-4afa-8e62-604f4e4cb355"; + options = [ "subvol=libvirt" "nosuid" "nodev" "nofail" ]; + }; + "/persist/home/jimbo/VMs" = { + device = "/dev/disk/by-uuid/abf78669-de2a-4afa-8e62-604f4e4cb355"; + options = [ "subvol=images" "nosuid" "nodev" "nofail" ]; + }; + + # Network mounts + "/home/jimbo/JimboNFS" = { + device = "${config.ips.server}:/export/JimboNFS"; + fsType = "nfs4"; + options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; + }; + }; +} diff --git a/hosts/tower/hardware/default.nix b/hosts/tower/hardware/default.nix index 91493ee..5a155aa 100644 --- a/hosts/tower/hardware/default.nix +++ b/hosts/tower/hardware/default.nix @@ -1,65 +1,9 @@ -{ config, lib, modulesPath, ... }: +# nixos-generate-config --root ./ --no-filesystems +{ config, lib, ... }: { - boot = { - initrd = { - availableKernelModules = [ - "nvme" - "xhci_pci" - "ahci" - "usbhid" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ - "dm-snapshot" - "vfio" - "vfio_pci" - "vfio_iommu_type1" - "kvm-amd" - ]; - }; - }; - - fileSystems = { - # Games and such - "/mnt/Linux1" = { - device = "/dev/disk/by-uuid/b2901f8c-ffda-4b88-bb63-a9ea0c96ccb4"; - options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; - }; - "/mnt/Linux2" = { - device = "/dev/disk/by-uuid/f08e4f38-162c-402f-ba2a-5925151b78bf"; - options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; - }; - "/mnt/Linux3" = { - device = "/dev/disk/by-uuid/e7bc75bd-c371-4b28-b212-7be9b1fad339"; - options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; - }; - "/mnt/Windows1" = { - device = "/dev/disk/by-uuid/48F5C6E06416229C"; - options = [ "nosuid" "nodev" "noauto" ]; - }; - "/mnt/Windows2" = { - device = "/dev/disk/by-uuid/0A5A3420237C863A"; - options = [ "nosuid" "nodev" "noauto" ]; - }; - - # Bulk storage mounts - "/persist/var/lib/libvirt" = { - device = "/dev/disk/by-uuid/abf78669-de2a-4afa-8e62-604f4e4cb355"; - options = [ "subvol=libvirt" "nosuid" "nodev" "nofail" ]; - }; - "/persist/home/jimbo/VMs" = { - device = "/dev/disk/by-uuid/abf78669-de2a-4afa-8e62-604f4e4cb355"; - options = [ "subvol=images" "nosuid" "nodev" "nofail" ]; - }; - - # Network mounts - "/home/jimbo/JimboNFS" = { - device = "${config.ips.server}:/export/JimboNFS"; - fsType = "nfs4"; - options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; - }; - }; + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-amd" ]; networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/modules/home/settings/xdg/default.nix b/modules/home/settings/xdg/default.nix index 19869b7..fa35327 100644 --- a/modules/home/settings/xdg/default.nix +++ b/modules/home/settings/xdg/default.nix @@ -1,11 +1,7 @@ { ... }: { - xdg.mimeApps.defaultApplications = { - "inode/directory" = [ "pcmanfm-qt.desktop" ]; - "text/plain" = [ "nvim.desktop" ]; - "image/png" = [ "imv.desktop" ]; - "image/jpeg" = [ "imv.desktop" ]; - "image/jp2" = [ "imv.desktop" ]; - "video/*" = [ "mpv.desktop" ]; - }; + imports = [ + ./defaults + ./folders + ]; } diff --git a/modules/home/settings/xdg/defaults/default.nix b/modules/home/settings/xdg/defaults/default.nix new file mode 100644 index 0000000..19869b7 --- /dev/null +++ b/modules/home/settings/xdg/defaults/default.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + xdg.mimeApps.defaultApplications = { + "inode/directory" = [ "pcmanfm-qt.desktop" ]; + "text/plain" = [ "nvim.desktop" ]; + "image/png" = [ "imv.desktop" ]; + "image/jpeg" = [ "imv.desktop" ]; + "image/jp2" = [ "imv.desktop" ]; + "video/*" = [ "mpv.desktop" ]; + }; +} diff --git a/modules/home/settings/xdg/folders/default.nix b/modules/home/settings/xdg/folders/default.nix new file mode 100644 index 0000000..0146c25 --- /dev/null +++ b/modules/home/settings/xdg/folders/default.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + xdg.userDirs = { + enable = true; + createDirectories = true; + desktop = null; + music = null; + publicShare = null; + templates = null; + }; +} diff --git a/modules/system/services/general/ssh/default.nix b/modules/system/services/general/ssh/default.nix index 2d3776b..bc3b44b 100644 --- a/modules/system/services/general/ssh/default.nix +++ b/modules/system/services/general/ssh/default.nix @@ -1,11 +1,11 @@ -{ ... }: +{ lib, ... }: { imports = [ ./fail2ban ]; services.openssh = { enable = true; settings = { - PermitRootLogin = "no"; + PermitRootLogin = lib.mkForce "no"; PrintLastLog = "no"; PasswordAuthentication = false; UsePAM = false;