diff --git a/hosts/extern/boot/default.nix b/hosts/extern/boot/default.nix index ece0152..972bff6 100644 --- a/hosts/extern/boot/default.nix +++ b/hosts/extern/boot/default.nix @@ -1,7 +1,36 @@ { config, pkgs, ... }: -{ +let + commonKernelParams = [ + # VM/GPU passthrough + "amd_iommu=on" + "iommu=pt" + "nested=1" + + # Virtualization nonsense + "transparent_hugepage=never" + + # Isolate devices into IOMMU groups + "pcie_acs_override=downstream,multifunction" + "pci=routeirq" + ]; +in { boot = { - kernelPackages = pkgs.linuxPackages_latest; + # Must be Zen for IOMMU isolation + kernelPackages = pkgs.unstable.linuxPackages_zen; kernel.sysctl."vm.max_map_count" = 2147483642; + kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ]; + blacklistedKernelModules = [ "pcspkr" ]; + + # Needed for GPU passthrough + initrd.kernelModules = [ + "vfio" + "vfio_pci" + "vfio_iommu_type1" + ]; + }; + + # Use second GPU on boot + specialisation.gputwo.configuration = { + boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ]; }; } diff --git a/hosts/extern/default.nix b/hosts/extern/default.nix index c4a1b51..c1ddb3a 100644 --- a/hosts/extern/default.nix +++ b/hosts/extern/default.nix @@ -2,13 +2,13 @@ { imports = [ ./boot + ./disko + ./filesystems ./hardware - ./nixmodules ./wireguard ../../modules/system ]; - boot.loader.systemd-boot.enable = lib.mkForce false; services.btrfs.autoScrub.enable = lib.mkForce false; system.video.nvidia.enable = true; diff --git a/hosts/extern/disko/default.nix b/hosts/extern/disko/default.nix new file mode 100644 index 0000000..e8471a3 --- /dev/null +++ b/hosts/extern/disko/default.nix @@ -0,0 +1,96 @@ +{ disko, config, ... }: +{ + imports = [ disko.nixosModules.disko ]; + + disko.devices = { + disk = { + "${config.networking.hostName}" = { + type = "disk"; + device = "/dev/sdg"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "${config.networking.hostName}-disk"; + settings.allowDiscards = true; + passwordFile = "/tmp/secret.key"; + content = { + type = "lvm_pv"; + vg = "${config.networking.hostName}"; + }; + }; + }; + }; + }; + }; + }; + + nodev = { + "/" = { + fsType = "tmpfs"; + mountOptions = [ "size=4G" ]; + }; + }; + + lvm_vg = { + "${config.networking.hostName}" = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; + }; + + # Impermanence + "/persist" = { + mountpoint = "/persist"; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; + }; + "/persist/.snapshots" = { }; + + "/jimbo" = { + mountpoint = "/persist/home/jimbo"; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; + }; + "/jimbo/.snapshots" = { }; + }; + }; + }; + swap = { + size = "8G"; + content = { + type = "swap"; + discardPolicy = "both"; + }; + }; + }; + }; + }; + }; + + # Needed for impermanence + fileSystems = { + "/persist".neededForBoot = true; + "/persist/home/jimbo".neededForBoot = true; + }; +} diff --git a/hosts/extern/filesystems/default.nix b/hosts/extern/filesystems/default.nix new file mode 100644 index 0000000..60aeaf3 --- /dev/null +++ b/hosts/extern/filesystems/default.nix @@ -0,0 +1,11 @@ +{ config, ... }: +{ + fileSystems = { + # Remote + "/home/jimbo/JimboNFS" = { + device = "10.100.0.1:/export/JimboNFS"; + fsType = "nfs4"; + options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; + }; + }; +} diff --git a/hosts/extern/hardware/default.nix b/hosts/extern/hardware/default.nix index eb19a42..807c3d4 100644 --- a/hosts/extern/hardware/default.nix +++ b/hosts/extern/hardware/default.nix @@ -1,32 +1,7 @@ { config, lib, modulesPath, ... }: { - imports = [ (modulesPath + "/profiles/all-hardware.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "nvme" - "xhci_pci" - "ahci" - "usbhid" - "uas" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ - "dm-snapshot" - ]; - }; - }; - - fileSystems = { - # Remote - "/home/jimbo/JimboNFS" = { - device = "10.100.0.1:/export/JimboNFS"; - fsType = "nfs4"; - options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; - }; - }; + boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; + boot.kernelModules = [ "dm-snapshot" ]; networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/hosts/extern/nixmodules/default.nix b/hosts/extern/nixmodules/default.nix deleted file mode 100644 index c1b57a5..0000000 --- a/hosts/extern/nixmodules/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ - "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" - "${modulesPath}/installer/cd-dvd/channel.nix" - ]; -} diff --git a/modules/extras/default.nix b/modules/extras/default.nix new file mode 100644 index 0000000..82d0015 --- /dev/null +++ b/modules/extras/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./overlays + ./variables + ]; +} diff --git a/overlays/default.nix b/modules/extras/overlays/default.nix similarity index 100% rename from overlays/default.nix rename to modules/extras/overlays/default.nix diff --git a/overlays/packages/default.nix b/modules/extras/overlays/packages/default.nix similarity index 100% rename from overlays/packages/default.nix rename to modules/extras/overlays/packages/default.nix diff --git a/overlays/packages/hlsdk/default.nix b/modules/extras/overlays/packages/hlsdk/default.nix similarity index 100% rename from overlays/packages/hlsdk/default.nix rename to modules/extras/overlays/packages/hlsdk/default.nix diff --git a/overlays/packages/xash3d/change-zip-date.patch b/modules/extras/overlays/packages/xash3d/change-zip-date.patch similarity index 100% rename from overlays/packages/xash3d/change-zip-date.patch rename to modules/extras/overlays/packages/xash3d/change-zip-date.patch diff --git a/overlays/packages/xash3d/default.nix b/modules/extras/overlays/packages/xash3d/default.nix similarity index 100% rename from overlays/packages/xash3d/default.nix rename to modules/extras/overlays/packages/xash3d/default.nix diff --git a/overlays/unstable/default.nix b/modules/extras/overlays/unstable/default.nix similarity index 100% rename from overlays/unstable/default.nix rename to modules/extras/overlays/unstable/default.nix diff --git a/variables/default.nix b/modules/extras/variables/default.nix similarity index 100% rename from variables/default.nix rename to modules/extras/variables/default.nix diff --git a/variables/displays/default.nix b/modules/extras/variables/displays/default.nix similarity index 100% rename from variables/displays/default.nix rename to modules/extras/variables/displays/default.nix diff --git a/variables/domains/default.nix b/modules/extras/variables/domains/default.nix similarity index 100% rename from variables/domains/default.nix rename to modules/extras/variables/domains/default.nix diff --git a/variables/ips/default.nix b/modules/extras/variables/ips/default.nix similarity index 100% rename from variables/ips/default.nix rename to modules/extras/variables/ips/default.nix diff --git a/variables/look/border/default.nix b/modules/extras/variables/look/border/default.nix similarity index 100% rename from variables/look/border/default.nix rename to modules/extras/variables/look/border/default.nix diff --git a/variables/look/colors/default.nix b/modules/extras/variables/look/colors/default.nix similarity index 100% rename from variables/look/colors/default.nix rename to modules/extras/variables/look/colors/default.nix diff --git a/variables/look/default.nix b/modules/extras/variables/look/default.nix similarity index 100% rename from variables/look/default.nix rename to modules/extras/variables/look/default.nix diff --git a/variables/look/fonts/default.nix b/modules/extras/variables/look/fonts/default.nix similarity index 100% rename from variables/look/fonts/default.nix rename to modules/extras/variables/look/fonts/default.nix diff --git a/modules/extras/variables/secrets/default.nix b/modules/extras/variables/secrets/default.nix new file mode 100644 index 0000000..ad5fe43 --- /dev/null +++ b/modules/extras/variables/secrets/default.nix @@ -0,0 +1,56 @@ +{ lib, config, ... }: +{ + options.secrets = lib.mkOption { + type = lib.types.attrs; + default = {}; + }; + + config.secrets = { + # User passwords, generated with 'mkpasswd -m sha-512' + jimboAccPass = "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0"; + + # Cloudflare API key + flareApiKey = "ICUi1Zj0e_boCkeUJbXP9dJusv_qX_zhKWQGPcFe"; + + # Wireguard keys, generated with the wg command + wgServerPriv = "WHxxi53Yp8NRZhT+BQnvC62BckOeG1x2SOvkWlm0tGo="; + wgClientPriv = "MK9j0eYlgv+MZ9sSYO6C3lfqScpLPwcBqEckJ7o7tU4="; + + # Icecast, plaintext + castAdminPass = "Gw9P8tW$omeq#reZA$b^jDy9VN"; + castSourcePass = "KkFDeM0SHIL*s6!d4x*a4b#bcq"; + + # Photoprism, plaintext + prismAdminPass = "gr3SkIqSBjDmypyxU!Zj9*CJ4X"; + + # Matrix secrets + matrixSecret = "bea7db528a95d8225c5fe6bf92614816fe9d31496b510dff78b1608cfb36f82a"; + coturnSecret = "@OvhK7r4wu!71d9dcmQ$Z6PkqA#LP0niyJHLTiMVJFILo7@6ks3wwmjWJ*zDBV43"; + + # Pixelfed secret, must be 32 characters long + pixelfedKey = ''APP_KEY=W9qein6055k9GdvwGbdJ6WxQ71Lr51cQ''; + + # Transmission credentials, plaintext + transmissionCredFile = '' + { + "rpc-username": "jimbo", + "rpc-password": "w%QbIEZhoi4jh*j*PKaZLkKk96" + } + ''; + + # Email cleartext passwords + noreplyPassword = "5mpEp3P^n6A%r3fznJA5"; + + # Email account hashes, generated with 'mkpasswd -m bcrypt' + noreplyMailHash = "$2b$05$7VibcFKXy5Ff9sUMh3KWBeSXkInXNeaADa71Md/swt5RCk5s7UnM2"; + jimboMailHash = "$2a$12$vHeFInRpfp.lpfR/k8ptNecs3ztKjkRTr9hae0DP8yEN1ZHKM2sxe"; + lunaMailHash = "$2y$10$ksBfmuuojCWnzFqpBDoE/OoGZyqfP.Luo2il7wWcqHemHgqhpQdi6"; + cornMailHash = "$2b$05$qpG1aOA2tv3zLjzwh8/kyO3zZ8BZxvXcav0ioX7Y3Tps0tyhE/c7q"; + tinyMailHash = "$2a$12$beq/ZO3hRz5mmGe9Cvvx8u/sNJcjVHlQQ5axv8IBmdJav60n7fuK6"; + + # IPs + jimIP = "99.247.177.43"; + lunaIP = "71.87.124.226"; + cornIP = "24.66.98.13"; + }; +} diff --git a/variables/workspaces/default.nix b/modules/extras/variables/workspaces/default.nix similarity index 100% rename from variables/workspaces/default.nix rename to modules/extras/variables/workspaces/default.nix diff --git a/modules/home/default.nix b/modules/home/default.nix index c1f6d01..d060006 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -7,8 +7,7 @@ ./settings ./wms ./users - ../../overlays - ../../variables + ../extras # Imports nur.nixosModules.nur diff --git a/modules/home/programs/terminal/carapace/default.nix b/modules/home/programs/terminal/carapace/default.nix new file mode 100644 index 0000000..625d54b --- /dev/null +++ b/modules/home/programs/terminal/carapace/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + programs.carapace.enable = true; +} diff --git a/modules/home/programs/terminal/default.nix b/modules/home/programs/terminal/default.nix index 680d658..6cc9c7c 100644 --- a/modules/home/programs/terminal/default.nix +++ b/modules/home/programs/terminal/default.nix @@ -1,6 +1,7 @@ { ... }: { imports = [ + ./carapace ./fastfetch ./git ./ncmpcpp diff --git a/modules/home/programs/terminal/zsh/default.nix b/modules/home/programs/terminal/zsh/default.nix index 4289067..2acc44f 100644 --- a/modules/home/programs/terminal/zsh/default.nix +++ b/modules/home/programs/terminal/zsh/default.nix @@ -2,6 +2,7 @@ { programs.zsh = { enable = true; + enableCompletion = false; autosuggestion.enable = true; syntaxHighlighting.enable = true; oh-my-zsh = { @@ -34,9 +35,9 @@ seneca = "ssh jhampton1@matrix.senecapolytechnic.ca"; }; initExtra = '' + ${pkgs.any-nix-shell}/bin/any-nix-shell zsh --info-right | source /dev/stdin; pfetch source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh source ${pkgs.zsh-you-should-use}/share/zsh/plugins/you-should-use/you-should-use.plugin.zsh - ${pkgs.any-nix-shell}/bin/any-nix-shell zsh --info-right | source /dev/stdin; pfetch setopt HIST_IGNORE_SPACE setopt RM_STAR_WAIT ''; diff --git a/modules/system/default.nix b/modules/system/default.nix index 831a9c3..893b2d3 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -7,8 +7,7 @@ ./programs ./services ./settings - ../../overlays - ../../variables + ../extras ]; time.timeZone = "America/Toronto"; diff --git a/modules/system/settings/documentation/default.nix b/modules/system/settings/documentation/default.nix index 13fb7e1..84dc696 100644 --- a/modules/system/settings/documentation/default.nix +++ b/modules/system/settings/documentation/default.nix @@ -5,6 +5,4 @@ info.enable = false; nixos.enable = false; }; - - programs.command-not-found.enable = true; } diff --git a/modules/system/settings/minimal/default.nix b/modules/system/settings/minimal/default.nix index 0b9712e..00eade7 100644 --- a/modules/system/settings/minimal/default.nix +++ b/modules/system/settings/minimal/default.nix @@ -6,5 +6,6 @@ }; programs.less.lessopen = null; + services.logrotate.enable = false; } diff --git a/variables/secrets/default.nix b/variables/secrets/default.nix deleted file mode 100644 index 1cbcd89..0000000 Binary files a/variables/secrets/default.nix and /dev/null differ