steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

init pa600

Browse source
This commit is contained in:
steveej 2022-01-07 20:44:10 +01:00
parent 1bba975a9d
commit 02bb843015
8 changed files with 187 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
nix/os/devices/steveej-pa600/boot.nix Normal file
View file

@ -0,0 +1,8 @@
{ lib
, ...
}:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

14
nix/os/devices/steveej-pa600/configuration.nix Normal file
View file

@ -0,0 +1,14 @@
{ ... }:
{
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix
../../modules/opinionatedDisk.nix
./system.nix
./hw.nix
./pkg.nix
./user.nix
];
}

26
nix/os/devices/steveej-pa600/hw.nix Normal file
View file

@ -0,0 +1,26 @@
{ ... }:
let
stage1Modules = [
"aesni_intel"
"kvm-intel"
"aes_x86_64"
"xhci_pci"
"hxci_hcd"
];
in
{
# TASK: new device
hardware.opinionatedDisk = {
enable = true;
encrypted = true;
diskId = "ata-TOSHIBA_MK1652GSX_Y8B9CL6XT";
};
# boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;
boot.extraModprobeConfig = ''
'';
}

12
nix/os/devices/steveej-pa600/pkg.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs
, ...
}:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix { inherit pkgs; };
services.teamviewer.enable = true;
system.stateVersion = "20.09";
}

52
nix/os/devices/steveej-pa600/system.nix Normal file
View file

@ -0,0 +1,52 @@
{ pkgs
, lib
, config
, ... }:
let
keys = import ../../../variables/keys.nix;
in {
# TASK: new device
networking.hostName = "steveej-pa600"; # Define your hostname.
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
# iperf3
5201
];
networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false;
services.printing = {
enable = true;
drivers = with pkgs; [
hplip
mfcl3770cdw.driver
mfcl3770cdw.cupswrapper
];
};
services.fprintd.enable = true;
security.pam.services = {
login.fprintAuth = true;
sudo.fprintAuth = true;
};
security.pki.certificateFiles = [
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
services.xserver.videoDrivers = [ "modesetting" ];
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"
Option "SuspendTime" "0"
Option "OffTime" "0"
'';
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
hardware.ledger.enable = true;
}

15
nix/os/devices/steveej-pa600/user.nix Normal file
View file

@ -0,0 +1,15 @@
{ config
, pkgs
, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
in {
users.extraUsers.steveej2 = mkUser {
uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
};
}

30
nix/os/devices/steveej-pa600/versions.nix Normal file
View file

@ -0,0 +1,30 @@
let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.09";
rev = "e065200fc90175a8f6e50e76ef10a48786126e1c";
};
in
{
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "2f47650c2f28d87f86ab807b8a339c684d91ec56";
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "cb7c39605051c7b268f8e0c5c47818a06b5d88c5";
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-20.09";
rev = "22f6736e628958f05222ddaadd7df7818fe8f59d";
};
}

30
nix/os/devices/steveej-pa600/versions.tmpl.nix Normal file
View file

@ -0,0 +1,30 @@
let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.09";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
};
in
{
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-20.09";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
};
}