diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5857177 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +result +result-man \ No newline at end of file diff --git a/flake.lock b/flake.lock index 6931e02..9c6b973 100644 --- a/flake.lock +++ b/flake.lock @@ -1,25 +1,5 @@ { "nodes": { - "nix-index-database": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703387252, - "narHash": "sha256-XKJqGj0BaEn/zyctEnkgVIh6Ba1rgTRc+UBi9EU8Y54=", - "owner": "Mic92", - "repo": "nix-index-database", - "rev": "f4340c1a42c38d79293ba69bfd839fbd6268a538", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "nix-index-database", - "type": "github" - } - }, "nixos-modules": { "inputs": { "nixpkgs-lib": [ @@ -27,11 +7,11 @@ ] }, "locked": { - "lastModified": 1703426109, - "narHash": "sha256-/ujCgLJUq+iMgrvMVj58uvXan/nKvG0SeNVVrsvzJHk=", + "lastModified": 1703443084, + "narHash": "sha256-POWXUw4gf8c9eZ1PJ2Har+PBsgdyULeHbqabdVSAQZE=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "caa008d22e663c6190ffe12286566b2e87f357e4", + "rev": "55e8b1d38fe4a5e0315f91dfc44bd1a6f32b06ef", "type": "github" }, "original": { @@ -58,7 +38,6 @@ }, "root": { "inputs": { - "nix-index-database": "nix-index-database", "nixos-modules": "nixos-modules", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" diff --git a/flake.nix b/flake.nix index 9a35f2b..81ded5b 100644 --- a/flake.nix +++ b/flake.nix @@ -16,16 +16,14 @@ nixpkgs-stable.follows = "nixpkgs"; }; }; - - nix-index-database = { - url = "github:Mic92/nix-index-database"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; - outputs = { nixpkgs, nixos-modules, nix-index-database, sops-nix, ... }: + outputs = { nixpkgs, nixos-modules, sops-nix, ... }: let inherit (nixpkgs) lib; + src = builtins.filterSource (path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path)) ./.; + ls = dir: lib.attrNames (builtins.readDir (src + "/${dir}")); + fileList = dir: map (file: ./. + "/${dir}/${file}") (ls dir); in { nixosConfigurations = let constructSystem = { @@ -39,11 +37,11 @@ modules = [ nixos-modules.nixosModule sops-nix.nixosModules.sops - nix-index-database.nixosModules.nix-index ./systems/programs.nix ./systems/configuration.nix + ./systems/${hostname}/hardware.nix ./systems/${hostname}/configuration.nix - ] ++ modules ++ map(user: ./users/${user}) users; + ] ++ modules ++ fileList "modules" ++ map(user: ./users/${user}) users; }; in { diff --git a/modules/boot.nix b/modules/boot.nix new file mode 100644 index 0000000..bdd56b4 --- /dev/null +++ b/modules/boot.nix @@ -0,0 +1,39 @@ +{ config, lib, libS, ... }: + +let + cfg = config.boot; +in +{ + options = { + boot = { + default = libS.mkOpinionatedOption "enable the boot builder"; + }; + }; + + config.boot = lib.mkIf cfg.default { + supportedFilesystems = [ "zfs" ]; + tmp.useTmpfs = true; + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + kernelParams = [ "kvm-amd" "nordrand" ]; + zfs = { + enableUnstable = true; + devNodes = "/dev/disk/by-id/"; + forceImportRoot = true; + }; + loader = { + efi = { + canTouchEfiVariables = false; + }; + generationsDir.copyKernels = true; + grub = { + enable = true; + copyKernels = true; + zfsSupport = true; + efiSupport = true; + efiInstallAsRemovable = true; + fsIdentifier = "uuid"; + device = "nodev"; + }; + }; + }; +} \ No newline at end of file diff --git a/systems/configuration.nix b/systems/configuration.nix index d1ce548..00e43fa 100644 --- a/systems/configuration.nix +++ b/systems/configuration.nix @@ -8,6 +8,10 @@ ]; }; + boot = { + default = true; + }; + networking.firewall.allowedTCPPorts = [ 22 ]; services = { @@ -150,9 +154,8 @@ }; systemd.watchdog = { - enable = true; device = "/dev/watchdog"; - runTime = "30s"; + runtimeTime = "30s"; rebootTime = "5m"; }; @@ -178,7 +181,7 @@ enable = true; randomizedDelaySec = "1h"; persistent = true; - system.autoUpgrade.flake = "github:RAD-Development/nix-dotfiles"; + flake = "github:RAD-Development/nix-dotfiles"; }; }; } \ No newline at end of file diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix index c6e4baf..120bf31 100644 --- a/systems/palatine-hill/configuration.nix +++ b/systems/palatine-hill/configuration.nix @@ -2,6 +2,7 @@ { time.timeZone = "America/New_York"; console.keyMap = "us"; + networking.hostId = "1139fa08"; virtualisation = { docker = { diff --git a/systems/palatine-hill/hardware.nix b/systems/palatine-hill/hardware.nix new file mode 100644 index 0000000..932f900 --- /dev/null +++ b/systems/palatine-hill/hardware.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + }; + + fileSystems."/" = + { + device = "proot/nixos/root"; + fsType = "zfs"; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} \ No newline at end of file