added configuration.nix hardware.nix and programs.nix (#120)

* added configuration.nix hardware.nix and programs.nix

* updated boot setings

* added docker

* added default.nix

* updated .sops.yaml

* nix format

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix breaking issues

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* WIP

* rhapsody_in_green

---------

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
Co-authored-by: ahuston-0 <aliceghuston@gmail.com>
Co-authored-by: Your Name <you@example.com>

.sops.yaml

@@ -10,6 +10,7 @@ keys:
   - &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
   - &jeeves age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
   - &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
+  - &rhapsody_in_green age1c7adjulcrma0m7l5ur8efxdjzyskrqcwssfkt77a9rmma7gzss5q02pgmy
 
 admins: &admins
   - *admin_alice
@@ -65,4 +66,8 @@ creation_rules:
     key_groups:
       - pgp:
           - *admin_richie
-        age: *servers 
+        age:
+          - *palatine-hill
+          - *jeeves
+          - *jeeves-jr
+          - *rhapsody_in_green

users/richie/secrets.yaml

@@ -6,54 +6,63 @@ sops:
     azure_kv: []
     hc_vault: []
     age:
+        - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NjRCZ3RYS3g1amQxRUJt
+            bGxFdHRuU3d2eHlnRlZPQjg5dUN0cGhWelNzCjhWTXNNcmhFNFgwVmRISUZVa0JM
+            SHRQN2UxRllhZXBlNGJWZEhteDFYM2cKLS0tIFJ3T0V2RWNkTjJNTTJEYTZZb1pa
+            a1NNazgzWDQ5QUVHU285dkRIY0s0YVkKxhqUovG8RPsn48RCy6ibbLIFeh9rZC1t
+            idys8aiy3Tk1sMAb7miHjDkilfqwcUwAS+OSsXXiwCfY1V/+SrrQaQ==
+            -----END AGE ENCRYPTED FILE-----
         - recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrd3BFYmVUSStCQWYrRkNq
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZnF1RnI2MXZtdVVpZjFo
-            T3ZsdE5oWHg3S2pEVkhMSWxZaDI5TjlwNDFrCllXNUUwRDRDTmhXR28xRCtLNFpC
+            OUlFMFF5ZDZtYmxRUXVOSTNEVE1hTVlsU1FNCmo5WFYwL2Iyb3RhOXJ4WGlRMk1C
-            bkIxRHAzaGZ6S1phYVhzd29yM2ttYXMKLS0tIGpJT2VRWFpWZTdQYnc3ZEp4ODBC
+            bWR1TGp0V1BNV3o4N3FHekNHM1BYTnMKLS0tIFh0R3N1cklQZ29vdkNIY2ZzUGpR
-            UDYzeWFrQVVhVmJ0WlRVTThLNitWdlUKwq/H1oVv2WfI9/7ACQuC6f6PJIjKlYMs
+            T2Z6NGRFaDlYUWM2TlVZc1Z5UjJvSjgKwmFszve3db2sAxg76SxoGgQ/x0ZYixev
-            dFF56FwrFIB0wNlCCI0yBqtdd4uEQLypzgEUfo4Aex/+en7E0FJQ5w==
+            OHx/DdCUfjQHhI0gNXC9XhySPGhYM4xbCZDEe2gp4QFFtToA+feP7Q==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqYkFYT2lDamZoME4zenpy
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpK1hCeVVZQWtMMHZDalo2
-            VTJISkxyYTlpaExPYUpLSm5DYlFtdzlXYmxvClY4SERRTU9JNFV1cUpITnJyOWJt
+            L1FFcVhseFpNMEhOREQ0Tnk1TWlrSzMvRTBBCjh4bkovWlpFNFY5c2dMM2pZV2lT
-            MEhFcTlVMjROQ0c5SXhEM3VXVVBIdkEKLS0tIC96NnlRUkVDeTRRR0dTdkZaYlAz
+            a200dFVtUWp2ZmxBU01pajRZN1NRMmcKLS0tIHd5K25MTVVKc1Z0aTNoeTlacVhT
-            YWRvZnNtRkZFQXd4b0p6dWxNNG1Va2MKoqxCy+O92qiLWxAEIMZ7SCxneBaskPic
+            ZS9MNGxLa0gwdmdmYVovb1NWMFBpMTAKssTiKdnnfWo5B8WAF64FM8hDLi/nU0Ay
-            8cBNBEErxhT7ZDrsmkafKIWqRcehnx/V81Dg6sjpBiyC0dlOsrrxBw==
+            5NY3gTYsKyq/pnVFOp1NKU4I6SuV8jWabwVqpsRXYvC5X7Ec1ZQv5Q==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
+        - recipient: age1c7adjulcrma0m7l5ur8efxdjzyskrqcwssfkt77a9rmma7gzss5q02pgmy
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJd3R1V3p5TlgxK3hUUklo
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4dTJiV3VHVEh5SENKbFdw
-            aVUyUElobDZzTms1ZkYvck1WQVBtOXVsN0hZCklVSFpNNzA4Y2RWMi9zaWR5eXY5
+            TjN5ZlZTZlZBQVVHbktHNUNDQmRnVXMvV0dnCjYwRXFnK2pzcmxDSzZQV1FhR2pL
-            ZndOQkxsZUc2aWV6b2dQc2lGeXJyYzgKLS0tIFdod2hCcmFUUm9TUkFNMkNwcGlw
+            MTdZYzFUYjFUZ0Y4ODBrWTVDaWJxRUkKLS0tIEh5RXE5NktUOTdxamR4S3RCdm0z
-            U3NhQXJFVGNjSUVRUTNHd0ZnbEhVNFUKGMV1GYP89MKoXScKONQK7oSftaUixB82
+            ZjFHcmtnd3lPbVdjSDVBenlBR0FOV28KwcBVT9q/OKnMvAkrWe9/+HB2qknSOurA
-            c2PjqP79M1BNAE+wKqAVFaVk5jvC4BnCQQOr3yMPIx1zXSl/NiO5Tw==
+            nKDYMNExyE6K/uOKKbkH0ucaYBN+7+/b50nfUl5i/tfJvIUaWkwQUg==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2024-02-03T22:08:10Z"
     mac: ENC[AES256_GCM,data:KUhn+0srLHqmHVPYuJV8L5CClgSABxvknaZ7DZQU8goQ9CpM6LIdys+VdsbOYPAcO/lVSzgtjX3/umuDDsJbAEwTXoJZWITCVNYXJDNvYSDke5ZSrl/xq9UugJHyvzX9HOnKXkLsxNU+VrA9EBUfrTWoYnaz+NPes9com1efvqY=,iv:GV5eIFNJuQPJliSOOb2ebkjX99WHbOtSjl1kHrAnTyc=,tag:iuFqrBbQk4ruk733pxDgoA==,type:str]
     pgp:
-        - created_at: "2024-03-02T20:56:31Z"
+        - created_at: "2024-04-03T21:19:44Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQIMA29thaGx06tOARAAgGlssc+0daeG/iX1ijzvqNRDAGYm9v3tY0h05ML1tPIb
+            hQIMA29thaGx06tOAQ/+I3rMi9xjj2DtbhPnMAt7QMBdgu+sK/UU6kLlhnhgTu8m
-            XbhUanxAdNjtM5G9oFr+fULmqjg+nRkL+/OWj8gdTNGSgcsq4uFQhs4dB+O7PV3y
+            PChhtOagtqjUGKL1PQZTm3bUfauhSVum2RVAef5BKC8+QNTo9FN02cDksRyvEWqZ
-            NsdFgVkKIqI21OIm73/6UOzNiNFofEPGNqXAx5JEw5CaHSjjJ8Dcn3JWgiuOLNKy
+            BnXS6CCKC3skRoabArPTu1Geivw/7cuMrVXatZF+ol39wzOYUL0fVbBwWJ+BkzZ2
-            GlXsxJh9VZGqlOCwo7LJnrzRvsiQ5lOe4n8W5VvkzkwN+MYHujftmoSbhJFK1ctm
+            K/ZGVvLzO5HGxJzAcVDkxXo5QJOBGwVZEtcKnANLbX1CbUGkEUhU3IzBQ8sb7iYk
-            DIvRy3JCYdT7ZXGRHUIONuXKh18G4DiWiRuSGnsDhYfdR2qEWiRtIorNafASgQVd
+            JCDMnapEehjDIaIDQfCP2YFT3tY9Ab9iPM+2SSwf8JDPC2EAQqWl4Kw50xtqS/l1
-            P2FslPOiETKxg9awgREf2zviw+Uu6an+enrQ08rgKhxGriSZWQBluy9bw3Ms5okG
+            FAZ6B3zcN6II79mMjh1gV+md6D9KZEccR1xgGztFFPYzO6ncfuVa3UHe66mNCL/u
-            MF2VojCOFloXURP8qOYRH1msml3v6wI80EC2n3CzB+fw5k/9kocohCi7OyysFY97
+            y6ag+1Ct+1BMGLFp3T8EPIWZcG533zTfMxv/TG1BQVx+ZWROloyZzoIoLwduU7cw
-            3aZJVfAtmV/gijZPoQqQMo7ggczE65oNgCO6B1Ocr7syL/WRsFCMG1wA+OGwjegk
+            4yV+ta+BaiJf+5M+H0WHaS+v2OdBhtgvxQieI0IQJtIThIi4yBgrRkF6nnsWaMKh
-            5Wyui6w+SysJnroVldNMdeq2i5GR4h4vLMNAEXq1vUkZ/A//FLGmBZRxr/YClRTR
+            qLB/yyIPUIRjqJhVPAqCuA6sYxmHqVeM07hienxzmaqQaopaHx7C0x3Jhr90hdjR
-            2MPmAwhs2Z3nnKxKWu+wHJBNgxchg9hjQybT61QGk3h5Z6vUTcUnMNtmnIxG8E/0
+            F2LDUyKfj2T67wYvpI2m/ioYvS7okUANsvgJsRzxiZrj+MxEy7AcXeDK6/sI1Xgu
-            FxNEe94ZS1Z4Tg4cfaWkoyfVQ22L237ZXJ9aIBlxS1sa9Zu3x8jCRt+4PIKq4MHS
+            eN9A3rJxj5ZyslTwDsUvSEDmrS8utQ7qtWJwfpPKe763GGNM6cC/UeDDlrgsw8LS
-            XgGIZLXnGYzS1BCqT+qCjCiYOJSDbUYd5B9X+XoJOr67Ma0e7QpK7QJgdc3dwJdS
+            XgFjqFSBAGiXkp90FDm0sMdvD1twvwG9s7PF2qv15VYwPiVfLTPWvfInRfWVCbIN
-            EWcEa0ZEGwNgiokddk3WRZhKwplhqZ5H4QFAXAskCKGMKMAgnrm8iEzLKH3bsaQ=
+            9IqVbtk/NviuyEGz6yGiNKulbRjKeq+oAwgXddaXY4uHruLEr/SYKbfOAJuHBRo=
-            =0c1K
+            =pXkD
             -----END PGP MESSAGE-----
           fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
     unencrypted_suffix: _unencrypted

users/richie/systems/programs.nix

@@ -0,0 +1,17 @@
+{
+  pkgs,
+  config,
+  inputs,
+  ...
+}:
+{
+  environment.systemPackages = with pkgs; [
+    candy-icons
+    discord-canary
+    sweet-nova
+    vscode
+    yubioath-flutter
+    beeper
+    git
+  ];
+}

users/richie/systems/rhapsody_in_green/configuration.nix

@@ -0,0 +1,93 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ../programs.nix
+    ./hardware.nix
+  ];
+  nixpkgs.config.allowUnfree = true;
+
+  boot = {
+    useSystemdBoot = true;
+    default = true;
+  };
+
+  networking = {
+    networkmanager.enable = true;
+  };
+
+  time.timeZone = "America/New_York";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_US.UTF-8";
+    LC_IDENTIFICATION = "en_US.UTF-8";
+    LC_MEASUREMENT = "en_US.UTF-8";
+    LC_MONETARY = "en_US.UTF-8";
+    LC_NAME = "en_US.UTF-8";
+    LC_NUMERIC = "en_US.UTF-8";
+    LC_PAPER = "en_US.UTF-8";
+    LC_TELEPHONE = "en_US.UTF-8";
+    LC_TIME = "en_US.UTF-8";
+  };
+
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  sound.enable = true;
+
+  services = {
+    xserver.enable = true;
+
+    xserver.displayManager.sddm.enable = true;
+    xserver.desktopManager.plasma5.enable = true;
+
+    xserver.xkb = {
+      layout = "us";
+      variant = "";
+    };
+
+    openssh.enable = true;
+
+    printing.enable = true;
+
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+    };
+  };
+
+  users.users.richie = {
+    isNormalUser = true;
+    description = "richie";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+    ];
+    packages = with pkgs; [
+      firefox
+      kate
+    ];
+  };
+
+  virtualisation = {
+    docker = {
+      enable = true;
+      recommendedDefaults = true;
+      logDriver = "local";
+      storageDriver = "overlay2";
+      daemon."settings" = {
+        experimental = true;
+        exec-opts = [ "native.cgroupdriver=systemd" ];
+        log-opts = {
+          max-size = "10m";
+          max-file = "5";
+        };
+      };
+    };
+  };
+
+  system.stateVersion = "23.11";
+}

users/richie/systems/rhapsody_in_green/default.nix

@@ -0,0 +1,7 @@
+{ inputs, ... }:
+{
+  system = "x86_64-linux";
+  home = true;
+  sops = true;
+  modules = [ inputs.nixos-hardware.nixosModules.framework-13-7040-amd ];
+}

users/richie/systems/rhapsody_in_green/hardware.nix

@@ -0,0 +1,48 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "xhci_pci"
+    "thunderbolt"
+    "usbhid"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/c5cc486b-0076-40b0-9402-7ddb2b4a7fdf";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/D571-3949";
+    fsType = "vfat";
+  };
+
+  swapDevices = [ { device = "/dev/disk/by-uuid/57a25825-69a9-41ac-999e-5137a01edc9e"; } ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp195s0f3u1u3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}