From e5daa66460e86ff2ad9d3288fcbb83ac9fc445e2 Mon Sep 17 00:00:00 2001 From: Richie Cahill Date: Wed, 3 Apr 2024 19:08:36 -0400 Subject: [PATCH] added configuration.nix hardware.nix and programs.nix (#120) * added configuration.nix hardware.nix and programs.nix * updated boot setings * added docker * added default.nix * updated .sops.yaml * nix format Signed-off-by: ahuston-0 * fix breaking issues Signed-off-by: ahuston-0 * WIP * rhapsody_in_green --------- Signed-off-by: ahuston-0 Co-authored-by: ahuston-0 Co-authored-by: Your Name --- .sops.yaml | 7 +- users/richie/secrets.yaml | 71 +++++++------- users/richie/systems/programs.nix | 17 ++++ .../rhapsody_in_green/configuration.nix | 93 +++++++++++++++++++ .../systems/rhapsody_in_green/default.nix | 7 ++ .../systems/rhapsody_in_green/hardware.nix | 48 ++++++++++ 6 files changed, 211 insertions(+), 32 deletions(-) create mode 100644 users/richie/systems/programs.nix create mode 100644 users/richie/systems/rhapsody_in_green/configuration.nix create mode 100644 users/richie/systems/rhapsody_in_green/default.nix create mode 100644 users/richie/systems/rhapsody_in_green/hardware.nix diff --git a/.sops.yaml b/.sops.yaml index c31ac31..b808887 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -10,6 +10,7 @@ keys: - &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej - &jeeves age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w - &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh + - &rhapsody_in_green age1c7adjulcrma0m7l5ur8efxdjzyskrqcwssfkt77a9rmma7gzss5q02pgmy admins: &admins - *admin_alice @@ -65,4 +66,8 @@ creation_rules: key_groups: - pgp: - *admin_richie - age: *servers + age: + - *palatine-hill + - *jeeves + - *jeeves-jr + - *rhapsody_in_green diff --git a/users/richie/secrets.yaml b/users/richie/secrets.yaml index da48359..644d029 100644 --- a/users/richie/secrets.yaml +++ b/users/richie/secrets.yaml @@ -6,54 +6,63 @@ sops: azure_kv: [] hc_vault: [] age: + - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NjRCZ3RYS3g1amQxRUJt + bGxFdHRuU3d2eHlnRlZPQjg5dUN0cGhWelNzCjhWTXNNcmhFNFgwVmRISUZVa0JM + SHRQN2UxRllhZXBlNGJWZEhteDFYM2cKLS0tIFJ3T0V2RWNkTjJNTTJEYTZZb1pa + a1NNazgzWDQ5QUVHU285dkRIY0s0YVkKxhqUovG8RPsn48RCy6ibbLIFeh9rZC1t + idys8aiy3Tk1sMAb7miHjDkilfqwcUwAS+OSsXXiwCfY1V/+SrrQaQ== + -----END AGE ENCRYPTED FILE----- - recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrd3BFYmVUSStCQWYrRkNq - T3ZsdE5oWHg3S2pEVkhMSWxZaDI5TjlwNDFrCllXNUUwRDRDTmhXR28xRCtLNFpC - bkIxRHAzaGZ6S1phYVhzd29yM2ttYXMKLS0tIGpJT2VRWFpWZTdQYnc3ZEp4ODBC - UDYzeWFrQVVhVmJ0WlRVTThLNitWdlUKwq/H1oVv2WfI9/7ACQuC6f6PJIjKlYMs - dFF56FwrFIB0wNlCCI0yBqtdd4uEQLypzgEUfo4Aex/+en7E0FJQ5w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZnF1RnI2MXZtdVVpZjFo + OUlFMFF5ZDZtYmxRUXVOSTNEVE1hTVlsU1FNCmo5WFYwL2Iyb3RhOXJ4WGlRMk1C + bWR1TGp0V1BNV3o4N3FHekNHM1BYTnMKLS0tIFh0R3N1cklQZ29vdkNIY2ZzUGpR + T2Z6NGRFaDlYUWM2TlVZc1Z5UjJvSjgKwmFszve3db2sAxg76SxoGgQ/x0ZYixev + OHx/DdCUfjQHhI0gNXC9XhySPGhYM4xbCZDEe2gp4QFFtToA+feP7Q== -----END AGE ENCRYPTED FILE----- - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqYkFYT2lDamZoME4zenpy - VTJISkxyYTlpaExPYUpLSm5DYlFtdzlXYmxvClY4SERRTU9JNFV1cUpITnJyOWJt - MEhFcTlVMjROQ0c5SXhEM3VXVVBIdkEKLS0tIC96NnlRUkVDeTRRR0dTdkZaYlAz - YWRvZnNtRkZFQXd4b0p6dWxNNG1Va2MKoqxCy+O92qiLWxAEIMZ7SCxneBaskPic - 8cBNBEErxhT7ZDrsmkafKIWqRcehnx/V81Dg6sjpBiyC0dlOsrrxBw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpK1hCeVVZQWtMMHZDalo2 + L1FFcVhseFpNMEhOREQ0Tnk1TWlrSzMvRTBBCjh4bkovWlpFNFY5c2dMM2pZV2lT + a200dFVtUWp2ZmxBU01pajRZN1NRMmcKLS0tIHd5K25MTVVKc1Z0aTNoeTlacVhT + ZS9MNGxLa0gwdmdmYVovb1NWMFBpMTAKssTiKdnnfWo5B8WAF64FM8hDLi/nU0Ay + 5NY3gTYsKyq/pnVFOp1NKU4I6SuV8jWabwVqpsRXYvC5X7Ec1ZQv5Q== -----END AGE ENCRYPTED FILE----- - - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej + - recipient: age1c7adjulcrma0m7l5ur8efxdjzyskrqcwssfkt77a9rmma7gzss5q02pgmy enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJd3R1V3p5TlgxK3hUUklo - aVUyUElobDZzTms1ZkYvck1WQVBtOXVsN0hZCklVSFpNNzA4Y2RWMi9zaWR5eXY5 - ZndOQkxsZUc2aWV6b2dQc2lGeXJyYzgKLS0tIFdod2hCcmFUUm9TUkFNMkNwcGlw - U3NhQXJFVGNjSUVRUTNHd0ZnbEhVNFUKGMV1GYP89MKoXScKONQK7oSftaUixB82 - c2PjqP79M1BNAE+wKqAVFaVk5jvC4BnCQQOr3yMPIx1zXSl/NiO5Tw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4dTJiV3VHVEh5SENKbFdw + TjN5ZlZTZlZBQVVHbktHNUNDQmRnVXMvV0dnCjYwRXFnK2pzcmxDSzZQV1FhR2pL + MTdZYzFUYjFUZ0Y4ODBrWTVDaWJxRUkKLS0tIEh5RXE5NktUOTdxamR4S3RCdm0z + ZjFHcmtnd3lPbVdjSDVBenlBR0FOV28KwcBVT9q/OKnMvAkrWe9/+HB2qknSOurA + nKDYMNExyE6K/uOKKbkH0ucaYBN+7+/b50nfUl5i/tfJvIUaWkwQUg== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-02-03T22:08:10Z" mac: ENC[AES256_GCM,data:KUhn+0srLHqmHVPYuJV8L5CClgSABxvknaZ7DZQU8goQ9CpM6LIdys+VdsbOYPAcO/lVSzgtjX3/umuDDsJbAEwTXoJZWITCVNYXJDNvYSDke5ZSrl/xq9UugJHyvzX9HOnKXkLsxNU+VrA9EBUfrTWoYnaz+NPes9com1efvqY=,iv:GV5eIFNJuQPJliSOOb2ebkjX99WHbOtSjl1kHrAnTyc=,tag:iuFqrBbQk4ruk733pxDgoA==,type:str] pgp: - - created_at: "2024-03-02T20:56:31Z" + - created_at: "2024-04-03T21:19:44Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA29thaGx06tOARAAgGlssc+0daeG/iX1ijzvqNRDAGYm9v3tY0h05ML1tPIb - XbhUanxAdNjtM5G9oFr+fULmqjg+nRkL+/OWj8gdTNGSgcsq4uFQhs4dB+O7PV3y - NsdFgVkKIqI21OIm73/6UOzNiNFofEPGNqXAx5JEw5CaHSjjJ8Dcn3JWgiuOLNKy - GlXsxJh9VZGqlOCwo7LJnrzRvsiQ5lOe4n8W5VvkzkwN+MYHujftmoSbhJFK1ctm - DIvRy3JCYdT7ZXGRHUIONuXKh18G4DiWiRuSGnsDhYfdR2qEWiRtIorNafASgQVd - P2FslPOiETKxg9awgREf2zviw+Uu6an+enrQ08rgKhxGriSZWQBluy9bw3Ms5okG - MF2VojCOFloXURP8qOYRH1msml3v6wI80EC2n3CzB+fw5k/9kocohCi7OyysFY97 - 3aZJVfAtmV/gijZPoQqQMo7ggczE65oNgCO6B1Ocr7syL/WRsFCMG1wA+OGwjegk - 5Wyui6w+SysJnroVldNMdeq2i5GR4h4vLMNAEXq1vUkZ/A//FLGmBZRxr/YClRTR - 2MPmAwhs2Z3nnKxKWu+wHJBNgxchg9hjQybT61QGk3h5Z6vUTcUnMNtmnIxG8E/0 - FxNEe94ZS1Z4Tg4cfaWkoyfVQ22L237ZXJ9aIBlxS1sa9Zu3x8jCRt+4PIKq4MHS - XgGIZLXnGYzS1BCqT+qCjCiYOJSDbUYd5B9X+XoJOr67Ma0e7QpK7QJgdc3dwJdS - EWcEa0ZEGwNgiokddk3WRZhKwplhqZ5H4QFAXAskCKGMKMAgnrm8iEzLKH3bsaQ= - =0c1K + hQIMA29thaGx06tOAQ/+I3rMi9xjj2DtbhPnMAt7QMBdgu+sK/UU6kLlhnhgTu8m + PChhtOagtqjUGKL1PQZTm3bUfauhSVum2RVAef5BKC8+QNTo9FN02cDksRyvEWqZ + BnXS6CCKC3skRoabArPTu1Geivw/7cuMrVXatZF+ol39wzOYUL0fVbBwWJ+BkzZ2 + K/ZGVvLzO5HGxJzAcVDkxXo5QJOBGwVZEtcKnANLbX1CbUGkEUhU3IzBQ8sb7iYk + JCDMnapEehjDIaIDQfCP2YFT3tY9Ab9iPM+2SSwf8JDPC2EAQqWl4Kw50xtqS/l1 + FAZ6B3zcN6II79mMjh1gV+md6D9KZEccR1xgGztFFPYzO6ncfuVa3UHe66mNCL/u + y6ag+1Ct+1BMGLFp3T8EPIWZcG533zTfMxv/TG1BQVx+ZWROloyZzoIoLwduU7cw + 4yV+ta+BaiJf+5M+H0WHaS+v2OdBhtgvxQieI0IQJtIThIi4yBgrRkF6nnsWaMKh + qLB/yyIPUIRjqJhVPAqCuA6sYxmHqVeM07hienxzmaqQaopaHx7C0x3Jhr90hdjR + F2LDUyKfj2T67wYvpI2m/ioYvS7okUANsvgJsRzxiZrj+MxEy7AcXeDK6/sI1Xgu + eN9A3rJxj5ZyslTwDsUvSEDmrS8utQ7qtWJwfpPKe763GGNM6cC/UeDDlrgsw8LS + XgFjqFSBAGiXkp90FDm0sMdvD1twvwG9s7PF2qv15VYwPiVfLTPWvfInRfWVCbIN + 9IqVbtk/NviuyEGz6yGiNKulbRjKeq+oAwgXddaXY4uHruLEr/SYKbfOAJuHBRo= + =pXkD -----END PGP MESSAGE----- fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3 unencrypted_suffix: _unencrypted diff --git a/users/richie/systems/programs.nix b/users/richie/systems/programs.nix new file mode 100644 index 0000000..380a52f --- /dev/null +++ b/users/richie/systems/programs.nix @@ -0,0 +1,17 @@ +{ + pkgs, + config, + inputs, + ... +}: +{ + environment.systemPackages = with pkgs; [ + candy-icons + discord-canary + sweet-nova + vscode + yubioath-flutter + beeper + git + ]; +} diff --git a/users/richie/systems/rhapsody_in_green/configuration.nix b/users/richie/systems/rhapsody_in_green/configuration.nix new file mode 100644 index 0000000..64ee498 --- /dev/null +++ b/users/richie/systems/rhapsody_in_green/configuration.nix @@ -0,0 +1,93 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../programs.nix + ./hardware.nix + ]; + nixpkgs.config.allowUnfree = true; + + boot = { + useSystemdBoot = true; + default = true; + }; + + networking = { + networkmanager.enable = true; + }; + + time.timeZone = "America/New_York"; + + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + sound.enable = true; + + services = { + xserver.enable = true; + + xserver.displayManager.sddm.enable = true; + xserver.desktopManager.plasma5.enable = true; + + xserver.xkb = { + layout = "us"; + variant = ""; + }; + + openssh.enable = true; + + printing.enable = true; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + }; + + users.users.richie = { + isNormalUser = true; + description = "richie"; + extraGroups = [ + "networkmanager" + "wheel" + ]; + packages = with pkgs; [ + firefox + kate + ]; + }; + + virtualisation = { + docker = { + enable = true; + recommendedDefaults = true; + logDriver = "local"; + storageDriver = "overlay2"; + daemon."settings" = { + experimental = true; + exec-opts = [ "native.cgroupdriver=systemd" ]; + log-opts = { + max-size = "10m"; + max-file = "5"; + }; + }; + }; + }; + + system.stateVersion = "23.11"; +} diff --git a/users/richie/systems/rhapsody_in_green/default.nix b/users/richie/systems/rhapsody_in_green/default.nix new file mode 100644 index 0000000..5206a0b --- /dev/null +++ b/users/richie/systems/rhapsody_in_green/default.nix @@ -0,0 +1,7 @@ +{ inputs, ... }: +{ + system = "x86_64-linux"; + home = true; + sops = true; + modules = [ inputs.nixos-hardware.nixosModules.framework-13-7040-amd ]; +} diff --git a/users/richie/systems/rhapsody_in_green/hardware.nix b/users/richie/systems/rhapsody_in_green/hardware.nix new file mode 100644 index 0000000..8975723 --- /dev/null +++ b/users/richie/systems/rhapsody_in_green/hardware.nix @@ -0,0 +1,48 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "thunderbolt" + "usbhid" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/c5cc486b-0076-40b0-9402-7ddb2b4a7fdf"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/D571-3949"; + fsType = "vfat"; + }; + + swapDevices = [ { device = "/dev/disk/by-uuid/57a25825-69a9-41ac-999e-5137a01edc9e"; } ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.docker0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp195s0f3u1u3.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}