initial artemision changes (#116)

* Add artemision

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* blank config.nix for alice

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* move alice config

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* move alice config

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix slack (artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix unipicker (artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix vscode (artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add wired-notify (not currently working, artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* change formatter to nixfmt-rfc-style

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* update lock

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* initial format

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* artemision settings

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add artemision files

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* artemision initial setup

* artemision initial setup

* sops generation

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* sops updates

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* sops updates

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix breaking changes, add framework module

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* formatting and friends

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add boot, mutable users is true

* fmt

* Add desktop/framework dependencies

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* enable sops

* sops/ethernet fixes

* update subs

* cache key fix & mutable users

* temp neovim

* zsh changes

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* dependency fixes, zsh.nix

* zsh fixes for home-manager

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* minor zsh fixes

* minor zsh/home fixes

* cleanup

* typo from merge

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* formatting

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* remove owner

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* non-server :)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add display manager

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* switch to gdm

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* wayland errors

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix formatting

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* remove ZFS unstable

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* zsh reorg

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* wayland enable

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add boot partition options

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* wayland agian

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* nix format

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

---------

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
Co-authored-by: ahuston-0 <alice.huston@gmail.com>

users/alice/systems/artemision/configuration.nix

@@ -0,0 +1,63 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ../configuration.nix
+    ../programs.nix
+    ./programs.nix
+    ./desktop.nix
+  ];
+
+  time.timeZone = "America/New_York";
+  console.keyMap = "us";
+
+  # temp workaround for building while in nixos-enter
+  services.logrotate.checkConfig = false;
+
+  networking = {
+    hostId = "58f50a15";
+    firewall.enable = true;
+  };
+
+  boot = {
+    useSystemdBoot = true;
+    default = true;
+  };
+
+  i18n = {
+    defaultLocale = "en_US.utf8";
+    supportedLocales = [ "en_US.UTF-8/UTF-8" ];
+  };
+
+  virtualisation = {
+    docker = {
+      enable = true;
+      recommendedDefaults = true;
+      logDriver = "local";
+      storageDriver = "overlay2";
+      daemon."settings" = {
+        experimental = true;
+        data-root = "/var/lib/docker";
+        exec-opts = [ "native.cgroupdriver=systemd" ];
+        log-opts = {
+          max-size = "10m";
+          max-file = "5";
+        };
+      };
+    };
+  };
+
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  services.fwupd.package =
+    (import
+      (builtins.fetchTarball {
+        url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
+        sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
+      })
+      { inherit (pkgs) system; }
+    ).fwupd;
+
+  services.fprintd.enable = false;
+
+  system.stateVersion = "24.05";
+}

users/alice/systems/artemision/default.nix

@@ -0,0 +1,10 @@
+{ inputs, ... }:
+{
+  system = "x86_64-linux";
+  home = true;
+  sops = true;
+  modules = [
+    inputs.nixos-hardware.nixosModules.framework-13-7040-amd
+    { environment.systemPackages = [ inputs.wired-notify.packages.x86_64-linux.default ]; }
+  ];
+}

users/alice/systems/artemision/desktop.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  programs.hyprland = {
+    enable = true;
+    xwayland.enable = true;
+  };
+  # Optional, hint electron apps to use wayland:
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+
+  services.xserver.displayManager.gdm = {
+    enable = true;
+  };
+}

users/alice/systems/artemision/hardware.nix

@@ -0,0 +1,90 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "xhci_pci"
+    "thunderbolt"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [
+    "dm-snapshot"
+    "r8152"
+  ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/f3c11d62-37f4-495e-b668-1ff49e0d3a47";
+    fsType = "ext4";
+    options = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/720af942-464c-4c1e-be41-0438936264f0";
+    fsType = "ext4";
+    options = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+  };
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/035f23f8-d895-4b0c-bcf5-45885a5dbbd9";
+    fsType = "ext4";
+    options = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/5AD7-6005";
+    fsType = "vfat";
+    options = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
+  };
+
+  swapDevices = [ { device = "/dev/disk/by-uuid/7f0dba0f-d04e-4c94-9fba-1d0811673df1"; } ];
+
+  boot.initrd.luks.devices = {
+    "nixos-pv" = {
+      device = "/dev/disk/by-uuid/12a7f660-bbcc-4066-81d0-e66005ee534a";
+      preLVM = true;
+      allowDiscards = true;
+    };
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp196s0f3u2u1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

users/alice/systems/artemision/non-server.nix

@@ -0,0 +1,101 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  # Adds some items from the server config without importing everything
+  security.auditd.enable = true;
+  nixpkgs.config.allowUnfree = true;
+
+  i18n = {
+    defaultLocale = "en_US.utf8";
+    supportedLocales = [ "en_US.UTF-8/UTF-8" ];
+  };
+
+  boot = {
+    default = true;
+  };
+
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+  };
+
+  users = {
+    defaultUserShell = pkgs.zsh;
+    mutableUsers = false;
+  };
+
+  networking = {
+    firewall = {
+      enable = lib.mkDefault true;
+      allowedTCPPorts = [ ];
+    };
+  };
+
+  services = {
+    autopull = {
+      enable = true;
+      ssh-key = "/root/.ssh/id_ed25519_ghdeploy";
+      path = /root/dotfiles;
+    };
+  };
+
+  # programs = {
+  #   zsh = {
+  #     enable = true;
+  #     syntaxHighlighting.enable = true;
+  #     zsh-autoenv.enable = true;
+  #     enableCompletion = true;
+  #     enableBashCompletion = true;
+  #     ohMyZsh.enable = true;
+  #     autosuggestions = {
+  #       enable = true;
+  #       strategy = [ "completion" ];
+  #       async = true;
+  #     };
+  #   };
+  # };
+
+  nix = {
+    diffSystem = true;
+    settings = {
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+      keep-outputs = true;
+      builders-use-substitutes = true;
+      connect-timeout = 20;
+    };
+
+    # free up to 10 gb when only 1 gb left
+    extraOptions = ''
+      min-free = ${toString (1 * 1024 * 1024 * 1024)}
+      max-free = ${toString (10 * 1024 * 1024 * 1024)}
+    '';
+
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+
+    optimise = {
+      automatic = true;
+      dates = [ "01:00" ];
+    };
+  };
+
+  system = {
+    autoUpgrade = {
+      enable = true;
+      randomizedDelaySec = "1h";
+      persistent = true;
+      flake = "github:RAD-Development/nix-dotfiles";
+    };
+  };
+}

users/alice/systems/artemision/programs.nix

@@ -0,0 +1,40 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    bat
+    btop
+    croc
+    deadnix
+    direnv
+    fd
+    file
+    htop
+    hwloc
+    iperf3
+    jp2a
+    jq
+    lsof
+    lynis
+    ncdu
+    neofetch
+    nix-init
+    nix-output-monitor
+    nix-prefetch
+    nix-tree
+    nixpkgs-fmt
+    nmap
+    pciutils
+    python3
+    qrencode
+    ripgrep
+    smartmontools
+    tig
+    tokei
+    tree
+    unzip
+    ventoy
+    wget
+    zoxide
+    zsh-nix-shell
+  ];
+}

users/alice/systems/artemision/secrets.yaml

@@ -0,0 +1,51 @@
+hello: ENC[AES256_GCM,data:UJlsd5kvnhEv7eJeYwg+NHm9sgUAxYM5DoR0gDPLi9J7P+8FI8WPMkN1wEAHJA==,iv:NFSdZQ1OK4BT+EAGZz122NB7WrVCEzv4wwMxFIE/OKI=,tag:6YT7Vw8tFrw9iEFKxeKRFQ==,type:str]
+example_key: ENC[AES256_GCM,data:KMXgMrqe7M101ZMJ2g==,iv:MJ3Iiu/0KIVhPFnqfovysqvPJAv1OsnxE4VIsuexFkE=,tag:X6KIKNGym8/9VglmG3SNRw==,type:str]
+#ENC[AES256_GCM,data:QR3WNE/a1hZIXnTjFjK3kA==,iv:eXoZJ5rQaYqN7LjEp2M13OCMwuQ+80M5AXjV0uNc4C8=,tag:sCvL6pr9zAyWZziffVFMzg==,type:comment]
+example_array:
+    - ENC[AES256_GCM,data:g8PulCLrXZYSEdZJELE=,iv:irGwciFn1zXBxFpGAJtD46EQLGUO5oqdCzRgv1204JE=,tag:2MuDdRYMjhtTY++lPuj1FQ==,type:str]
+    - ENC[AES256_GCM,data:qv7GvmoOX8VSdaiW/90=,iv:6NOWeWqHUV9ciKPmZF4C7ijuIPFr3YZi3Dh7xWnb07k=,tag:VHXdBhWmEpb7uavCPqGZ4w==,type:str]
+example_number: ENC[AES256_GCM,data:g8BIEIcwKRLSbw==,iv:Ay4aiukAvXeDhzlpMPn++zR0Tt2lMqCx362uN37S+ac=,tag:NTtNaIu5u8YsIm0M4OgL0A==,type:float]
+example_booleans:
+    - ENC[AES256_GCM,data:94T9mg==,iv:qKGJke4SGhgN09Yebh5MPrRBDNnguJQ+1dl5XQffGZQ=,tag:0Pa3eujmSxDCnAHKHsx6yQ==,type:bool]
+    - ENC[AES256_GCM,data:gEvfi+Q=,iv:0DrXoZk8OkdUShc7WAKOL8xG26RFZp3M3qYFAb1hDAs=,tag:uemBrdF87nrfLpfnQ8bD8g==,type:bool]
+#ENC[AES256_GCM,data:pC2Kdy7wNc0=,iv:J7Ggfv6K3dCzL42j5MGd+BjQGseoAoYs4k6+yc3FSiA=,tag:9MriduP9SEIi+c1q4tfzlQ==,type:comment]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZUNHeDdqaGt0QnFIejdM
+            MU5uaDNiN2xOeVlZNzQyZXZ0R2NYUU83ZWxrCmNDL3J6ZjNmejBuUXk3cldwZUEz
+            UWVqMTVPelN1MTJDNzc0UU9XNWkralUKLS0tIDU2b053Uk5VZGlWUk9XMXZ5Wllk
+            UlhhNzNjTHdVaXlPOFJhc0EyZGh3RDQK1c7nctmrorze4Kr0Grmcmx3N/UYXPwJc
+            FfClOoGxO+4ZDtxG61SDU1UdYae4loQ8roM8jDIPFMfoEum2bT8oXw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-03-23T05:46:44Z"
+    mac: ENC[AES256_GCM,data:/QpK5JuZgnKKHSOTKMRV291UJbPQaNFOx5hheBFx8aVKbS0TGPBMhFp65mw2dOjwT92iyjTxsox/wwev0wcNdNwlvLYTwFdwf4D6FHyLgX/DSkMfqcXbk8HHFlu0LEyd3W6wi2DBsB0KwiVcfsFKoUD4fKbpWnY2EXFOPD6L2Vg=,iv:hPlgFlPqTDXqfcCjRsJuznR+d3PlwT2kJ/TwFe1obfM=,tag:ZkpcEP0u95vvR37GkJGkuQ==,type:str]
+    pgp:
+        - created_at: "2024-03-23T05:46:35Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA84hNUGIgI/nAQ/+IwyPDjs/jDCBlnYFboHh6TXx8ulysESst4hz5crM4L0u
+            wylKyfEIBx0eLy0mLLA4DhcpYza0Nry5RLdwDNfimhATErfQxnwqlZ6RnYKnh3Hk
+            93L66+BEKPd3EZOH+RC/wb0qiTDmU0yna8jtVO0uU7s6//hm/g7bdmQAK0YIJLcb
+            sd83n99R4oHVrq7iFc74/AV5isW9GcfmvLI94eodFpaE1dpqm4KzNpLueDCOvA/1
+            vPo5Lgtp9WM4FhXUqMiplCNqMIt+Hyj3F+p+9jgQ2dLfHuVkI8pzd47gOHyMDYPy
+            fn6SVKZtOyfNDwhs7L5piiarSXISBGtx36ISDvtvtr/vgMydTdvILIOo9pkSGVtN
+            4W7+ywMaFjfAeShTVtUJNJqmp/8agt2WtaUX4kPPha4SxlNSOMpeTQ31bs89gBtc
+            g2325afL2WPK4NSAOmU8VMXqmFc2A10aFlx5nsfT4S1wkoNbitTWgoAcCa7kGRPW
+            xZca225cwLUzkggv74cfYT3YnQL40AMSOMqSRS8pbTFEENG1BtsB5A++Jji2i4tO
+            xoGIL8LRCEfiHpTC7eBwDDVmKb5StgKsXs6yYbQG5XW2W+/Jgum64Sb7+LviQ9Mq
+            WHNiu5MZPeKyHFu9jI9Ne1HpYJnb7/X9AxFw2e/vFwVn+kjaXcH/PhsYuPUyqkzS
+            XgG3tFbcgNtMWyoLU2EL1Qvwq1pHVrwmeNXHidESx23HeJtnIwoKkdopl4qqqNle
+            uQYP89bvb6zFWlqOSwLORZmj1W1wVTYV9eXplDbJob8agBKIcIuhtwri5e96gf4=
+            =XdJo
+            -----END PGP MESSAGE-----
+          fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1