From f4ca233d0ca6a87b86503e175705223e2b67509b Mon Sep 17 00:00:00 2001 From: Jimbo Date: Wed, 18 Dec 2024 23:06:57 -0500 Subject: [PATCH] Add secureboot and extra drive to Envy --- flake.nix | 1 - hosts/envy/default.nix | 9 +- hosts/envy/filesystems/default.nix | 7 ++ hosts/envy/id_ed25519.pub | 2 +- hosts/extern/id_ed25519.pub | 1 - hosts/tower/default.nix | 14 +-- hosts/tower/filesystems/default.nix | 7 ++ hosts/xenia/boot/default.nix | 7 -- hosts/xenia/default.nix | 14 --- hosts/xenia/disko/default.nix | 96 ------------------- hosts/xenia/hardware/default.nix | 30 ------ hosts/xenia/id_ed25519.pub | 1 - .../system/accounts/users/jimbo/default.nix | 2 +- 13 files changed, 30 insertions(+), 161 deletions(-) delete mode 100644 hosts/extern/id_ed25519.pub delete mode 100644 hosts/xenia/boot/default.nix delete mode 100644 hosts/xenia/default.nix delete mode 100644 hosts/xenia/disko/default.nix delete mode 100644 hosts/xenia/hardware/default.nix delete mode 100644 hosts/xenia/id_ed25519.pub diff --git a/flake.nix b/flake.nix index 95ce4be..768d453 100644 --- a/flake.nix +++ b/flake.nix @@ -82,7 +82,6 @@ extern = mkNix [ ./hosts/extern ]; # External Drive/USB kitty = mkNix [ ./hosts/kitty ]; # Dell Optiplex 7010 - xenia = mkNix [ ./hosts/xenia ]; # Acer Veriton X2611G prophet = mkNix [ ./hosts/prophet ]; # Oracle Neoverse-N1 }; diff --git a/hosts/envy/default.nix b/hosts/envy/default.nix index 7d82407..c1e4af6 100644 --- a/hosts/envy/default.nix +++ b/hosts/envy/default.nix @@ -9,9 +9,12 @@ ../../modules/system ]; - system.wireguard.client.enable = true; + networking.hostName = "envy"; networking.wireguard.interfaces.wgc.ips = [ "10.100.0.25/24" ]; - system.stateVersion = "24.11"; - networking.hostName = "envy"; + system = { + lanzaboote.enable = true; + wireguard.client.enable = true; + stateVersion = "24.11"; + }; } diff --git a/hosts/envy/filesystems/default.nix b/hosts/envy/filesystems/default.nix index 3596409..ecdc463 100644 --- a/hosts/envy/filesystems/default.nix +++ b/hosts/envy/filesystems/default.nix @@ -1,6 +1,13 @@ { config, ... }: { fileSystems = { + # Secondary drive + "/mnt/Games" = { + device = "/dev/disk/by-uuid/135281e2-72ec-4c00-91e8-9897a32c02ce"; + fsType = "btrfs"; + options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; + }; + # Network mounts "/home/jimbo/JimboNFS" = { device = "10.100.0.1:/export/JimboNFS"; diff --git a/hosts/envy/id_ed25519.pub b/hosts/envy/id_ed25519.pub index e36a85d..ae651e2 100644 --- a/hosts/envy/id_ed25519.pub +++ b/hosts/envy/id_ed25519.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAb+aqIyTDcXDH8vMK697zQnYYUjgbUD2tJyknlztE3j diff --git a/hosts/extern/id_ed25519.pub b/hosts/extern/id_ed25519.pub deleted file mode 100644 index e36a85d..0000000 --- a/hosts/extern/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl diff --git a/hosts/tower/default.nix b/hosts/tower/default.nix index 46965f7..4be0ad2 100644 --- a/hosts/tower/default.nix +++ b/hosts/tower/default.nix @@ -10,11 +10,13 @@ ../../modules/system ]; - system.lanzaboote.enable = true; - system.wireless.enable = false; - system.video.nvidia.enable = true; - system.libvirtd.enable = true; - networking.hostName = "tower"; - system.stateVersion = "24.05"; + + system = { + lanzaboote.enable = true; + wireless.enable = false; + video.nvidia.enable = true; + libvirtd.enable = true; + stateVersion = "24.05"; + }; } diff --git a/hosts/tower/filesystems/default.nix b/hosts/tower/filesystems/default.nix index bfe5580..7870381 100644 --- a/hosts/tower/filesystems/default.nix +++ b/hosts/tower/filesystems/default.nix @@ -4,32 +4,39 @@ # Games and such "/mnt/Linux1" = { device = "/dev/disk/by-uuid/b2901f8c-ffda-4b88-bb63-a9ea0c96ccb4"; + fsType = "ext4"; options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; }; "/mnt/Linux2" = { device = "/dev/disk/by-uuid/f08e4f38-162c-402f-ba2a-5925151b78bf"; + fsType = "ext4"; options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; }; "/mnt/Linux3" = { device = "/dev/disk/by-uuid/e7bc75bd-c371-4b28-b212-7be9b1fad339"; + fsType = "ext4"; options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; }; "/mnt/Windows1" = { device = "/dev/disk/by-uuid/48F5C6E06416229C"; + fsType = "ntfs"; options = [ "nosuid" "nodev" "noauto" ]; }; "/mnt/Windows2" = { device = "/dev/disk/by-uuid/0A5A3420237C863A"; + fsType = "ntfs"; options = [ "nosuid" "nodev" "noauto" ]; }; # Bulk storage mounts "/persist/var/lib/libvirt" = { device = "/dev/disk/by-uuid/abf78669-de2a-4afa-8e62-604f4e4cb355"; + fsType = "btrfs"; options = [ "subvol=libvirt" "nosuid" "nodev" "nofail" ]; }; "/persist/home/jimbo/VMs" = { device = "/dev/disk/by-uuid/abf78669-de2a-4afa-8e62-604f4e4cb355"; + fsType = "btrfs"; options = [ "subvol=images" "nosuid" "nodev" "nofail" ]; }; diff --git a/hosts/xenia/boot/default.nix b/hosts/xenia/boot/default.nix deleted file mode 100644 index cc98a84..0000000 --- a/hosts/xenia/boot/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs, ... }: -{ - boot = { - kernelPackages = pkgs.linuxPackages_latest; - kernel.sysctl."vm.max_map_count" = 2147483642; - }; -} diff --git a/hosts/xenia/default.nix b/hosts/xenia/default.nix deleted file mode 100644 index 97e2881..0000000 --- a/hosts/xenia/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ ... }: -{ - imports = [ - ./boot - ./disko - ./hardware - ../../modules/system - ]; - - system.lanzaboote.enable = true; - system.wireguard.client.enable = false; - - networking.hostName = "detritus"; -} diff --git a/hosts/xenia/disko/default.nix b/hosts/xenia/disko/default.nix deleted file mode 100644 index b88d6d6..0000000 --- a/hosts/xenia/disko/default.nix +++ /dev/null @@ -1,96 +0,0 @@ -{ disko, config, ... }: -{ - imports = [ disko.nixosModules.disko ]; - - disko.devices = { - disk = { - "${config.networking.hostName}" = { - type = "disk"; - device = "/dev/sda"; - content = { - type = "gpt"; - partitions = { - ESP = { - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - luks = { - size = "100%"; - content = { - type = "luks"; - name = "${config.networking.hostName}-disk"; - settings.allowDiscards = true; - passwordFile = "/tmp/secret.key"; - content = { - type = "lvm_pv"; - vg = "${config.networking.hostName}"; - }; - }; - }; - }; - }; - }; - }; - - lvm_vg = { - "${config.networking.hostName}" = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/prev" = { - mountpoint = "/prev"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - - # Impermanence - "/persist" = { - mountpoint = "/persist"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/persist/.snapshots" = { }; - - "/jimbo" = { - mountpoint = "/persist/home/jimbo"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/jimbo/.snapshots" = { }; - }; - }; - }; - swap = { - size = "8G"; - content = { - type = "swap"; - discardPolicy = "both"; - }; - }; - }; - }; - }; - }; - - # Needed for impermanence - fileSystems = { - "/persist".neededForBoot = true; - "/persist/home/jimbo".neededForBoot = true; - }; -} diff --git a/hosts/xenia/hardware/default.nix b/hosts/xenia/hardware/default.nix deleted file mode 100644 index 67b3028..0000000 --- a/hosts/xenia/hardware/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - boot = { - kernelModules = [ "kvm-intel" ]; - initrd = { - availableKernelModules = [ - "ehci_pci" - "ata_piix" - "usbhid" - "usb_storage" - "sd_mod" - "sr_mod" - ]; - kernelModules = [ "dm-snapshot" ]; - }; - }; - - fileSystems = { - # Network mounts - "/home/jimbo/JimboNFS" = { - device = "${config.ips.server}:/export/JimboNFS"; - fsType = "nfs4"; - options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; - }; - }; - - networking.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/xenia/id_ed25519.pub b/hosts/xenia/id_ed25519.pub deleted file mode 100644 index 4cccc96..0000000 --- a/hosts/xenia/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpUrqdoWah4q4CC4yyhwhznjzKHY8w2a0GYfla9nY9n diff --git a/modules/system/accounts/users/jimbo/default.nix b/modules/system/accounts/users/jimbo/default.nix index a9d610a..02d9d57 100644 --- a/modules/system/accounts/users/jimbo/default.nix +++ b/modules/system/accounts/users/jimbo/default.nix @@ -7,12 +7,12 @@ openssh.authorizedKeys.keys = [ (builtins.readFile ../../../../../hosts/tower/id_ed25519.pub) + (builtins.readFile ../../../../../hosts/envy/id_ed25519.pub) (builtins.readFile ../../../../../hosts/axolotl/id_ed25519.pub) (builtins.readFile ../../../../../hosts/lacros/id_ed25519.pub) (builtins.readFile ../../../../../hosts/redmond/id_ed25519.pub) (builtins.readFile ../../../../../hosts/kitty/id_ed25519.pub) - (builtins.readFile ../../../../../hosts/xenia/id_ed25519.pub) (builtins.readFile ../../../../../hosts/prophet/id_ed25519.pub) "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"