init pa600

2022-01-07 20:44:10 +01:00 · 2022-01-07 20:44:10 +01:00 · 02bb843015
commit 02bb843015
parent 1bba975a9d
8 changed files with 187 additions and 0 deletions
--- a/nix/os/devices/steveej-pa600/boot.nix
+++ b/nix/os/devices/steveej-pa600/boot.nix
@ -0,0 +1,8 @@
+{ lib
+, ...
+}:
+
+{
+  boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
+  boot.loader.efi.canTouchEfiVariables = lib.mkForce false; 
+}
--- a/nix/os/devices/steveej-pa600/configuration.nix
+++ b/nix/os/devices/steveej-pa600/configuration.nix
@ -0,0 +1,14 @@
+{ ... }:
+
+{
+  imports = [
+    ../../profiles/common/configuration.nix
+    ../../profiles/graphical/configuration.nix
+    ../../modules/opinionatedDisk.nix
+
+    ./system.nix
+    ./hw.nix
+    ./pkg.nix
+    ./user.nix
+  ];
+}
--- a/nix/os/devices/steveej-pa600/hw.nix
+++ b/nix/os/devices/steveej-pa600/hw.nix
@ -0,0 +1,26 @@
+{ ... }:
+
+let
+  stage1Modules =  [
+    "aesni_intel"
+    "kvm-intel"
+    "aes_x86_64"
+
+    "xhci_pci"
+    "hxci_hcd"
+  ];
+
+in
+{
+  # TASK: new device
+  hardware.opinionatedDisk = {
+    enable = true;
+    encrypted = true;
+    diskId = "ata-TOSHIBA_MK1652GSX_Y8B9CL6XT";
+  };
+
+  # boot.initrd.availableKernelModules = stage1Modules;
+  boot.initrd.kernelModules = stage1Modules;
+  boot.extraModprobeConfig = ''
+  '';
+}
--- a/nix/os/devices/steveej-pa600/pkg.nix
+++ b/nix/os/devices/steveej-pa600/pkg.nix
@ -0,0 +1,12 @@
+{ pkgs
+, ...
+}:
+
+{
+  nixpkgs.config.packageOverrides = pkgs: with pkgs; {
+    nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
+  };
+  home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix { inherit pkgs; };
+  services.teamviewer.enable = true;
+  system.stateVersion = "20.09";
+}
--- a/nix/os/devices/steveej-pa600/system.nix
+++ b/nix/os/devices/steveej-pa600/system.nix
@ -0,0 +1,52 @@
+{ pkgs
+, lib
+, config
+, ... }:
+
+let
+  keys = import ../../../variables/keys.nix;
+in {
+
+  # TASK: new device
+  networking.hostName = "steveej-pa600"; # Define your hostname.
+
+  networking.firewall.enable = true;
+  networking.firewall.allowedTCPPorts = [
+    # iperf3
+    5201
+  ];
+
+  networking.firewall.logRefusedConnections = false;
+  networking.usePredictableInterfaceNames = false;
+
+  services.printing = {
+    enable = true;
+    drivers = with pkgs; [
+      hplip
+      mfcl3770cdw.driver
+      mfcl3770cdw.cupswrapper
+    ];
+  };
+
+  services.fprintd.enable = true;
+  security.pam.services = {
+    login.fprintAuth = true;
+    sudo.fprintAuth = true;
+  };
+
+  security.pki.certificateFiles = [
+    "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+  ];
+
+  services.xserver.videoDrivers = [ "modesetting" ];
+  services.xserver.serverFlagsSection = ''
+    Option "BlankTime" "0"
+    Option "StandbyTime" "0"
+    Option "SuspendTime" "0"
+    Option "OffTime" "0"
+  '';
+
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+
+  hardware.ledger.enable = true;
+}
--- a/nix/os/devices/steveej-pa600/user.nix
+++ b/nix/os/devices/steveej-pa600/user.nix
@ -0,0 +1,15 @@
+{ config
+, pkgs
+, ... }:
+
+let
+  passwords = import ../../../variables/passwords.crypt.nix;
+  keys = import ../../../variables/keys.nix;
+  inherit (import ../../lib/default.nix { }) mkUser;
+
+in {
+  users.extraUsers.steveej2 = mkUser {
+    uid = 1001;
+    openssh.authorizedKeys.keys = keys.users.steveej.openssh;
+  };
+}
--- a/nix/os/devices/steveej-pa600/versions.nix
+++ b/nix/os/devices/steveej-pa600/versions.nix
@ -0,0 +1,30 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "e065200fc90175a8f6e50e76ef10a48786126e1c";
+  };
+in
+
+{
+  inherit nixpkgs;
+  nixos = nixpkgs // {
+    suffix = "/nixos";
+  };
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-unstable";
+    rev = "2f47650c2f28d87f86ab807b8a339c684d91ec56";
+  };
+  "nixpkgs-master" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "master";
+    rev = "cb7c39605051c7b268f8e0c5c47818a06b5d88c5";
+  };
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "22f6736e628958f05222ddaadd7df7818fe8f59d";
+  };
+}
--- a/nix/os/devices/steveej-pa600/versions.tmpl.nix
+++ b/nix/os/devices/steveej-pa600/versions.tmpl.nix
@ -0,0 +1,30 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+in
+
+{
+  inherit nixpkgs;
+  nixos = nixpkgs // {
+    suffix = "/nixos";
+  };
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-unstable";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "nixpkgs-master" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "master";
+    rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+}