From e5aca17571e708b17d231777240a7aa81bfeae3b Mon Sep 17 00:00:00 2001 From: Rachel Lambda Samuelsson Date: Wed, 18 Sep 2024 16:58:14 +0200 Subject: [PATCH] transient system --- flake.nix | 10 ++++ nixos/shared/user-system.nix | 14 ++--- nixos/transient/configuration.nix | 43 ++++++++++++++ nixos/transient/hardware-configuration.nix | 41 ++++++++++++++ nixos/transient/lam.nix | 66 ++++++++++++++++++++++ 5 files changed, 167 insertions(+), 7 deletions(-) create mode 100644 nixos/transient/configuration.nix create mode 100644 nixos/transient/hardware-configuration.nix create mode 100644 nixos/transient/lam.nix diff --git a/flake.nix b/flake.nix index d246c1d..397ff48 100644 --- a/flake.nix +++ b/flake.nix @@ -93,6 +93,16 @@ ]; }; + nixosConfigurations.transient = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = base-modules ++ [ + ./nixos/transient/configuration.nix + ./nixos/shared/user-system.nix + ./nixos/shared/graphical.nix + (rachel-home-module system) + ]; + }; + nixosConfigurations.computational = nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; modules = base-modules ++ [ diff --git a/nixos/shared/user-system.nix b/nixos/shared/user-system.nix index 7d0813c..b55d784 100644 --- a/nixos/shared/user-system.nix +++ b/nixos/shared/user-system.nix @@ -38,13 +38,13 @@ options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=60" ]; }; - fileSystems."/mnt/eta" = - let secrets = import ../../secrets/eta.nix; - in { - device = "//192.168.30.33/users"; - fsType = "cifs"; - options = [ "username=${secrets.etaUser}" "password=${secrets.etaPass}" "uid=1000" "gid=1000" "x-systemd.automount" "noauto" "x-systemd.idle-timeout=60" ]; - }; + # fileSystems."/mnt/eta" = + # let secrets = import ../../secrets/eta.nix; + # in { + # device = "//192.168.30.33/users"; + # fsType = "cifs"; + # options = [ "username=${secrets.etaUser}" "password=${secrets.etaPass}" "uid=1000" "gid=1000" "x-systemd.automount" "noauto" "x-systemd.idle-timeout=60" ]; + # }; services.xserver = { xkb = { diff --git a/nixos/transient/configuration.nix b/nixos/transient/configuration.nix new file mode 100644 index 0000000..a4e4606 --- /dev/null +++ b/nixos/transient/configuration.nix @@ -0,0 +1,43 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # HW + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + extraPackages = with pkgs; [ + intel-ocl + intel-compute-runtime + intel-media-driver + vaapiIntel + vaapiVdpau + libvdpau-va-gl + ]; + }; + hardware.bluetooth.enable = true; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "transient"; + networking.networkmanager = { + enable = true; + wifi.powersave = true; + wifi.scanRandMacAddress = true; + wifi.macAddress = "random"; + }; + + system.stateVersion = "24.05"; # Did you read the comment? +} + diff --git a/nixos/transient/hardware-configuration.nix b/nixos/transient/hardware-configuration.nix new file mode 100644 index 0000000..15d414f --- /dev/null +++ b/nixos/transient/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/b8c4fa67-322b-46a7-9fe9-8dc5d020f891"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/A4F2-F615"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/dc2f5eb3-3447-4ae6-adc9-790adee78555"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/transient/lam.nix b/nixos/transient/lam.nix new file mode 100644 index 0000000..0fe994c --- /dev/null +++ b/nixos/transient/lam.nix @@ -0,0 +1,66 @@ +{ config, pkgs, ... }: +{ + # [HARDWARE] + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + extraPackages = with pkgs; [ + intel-ocl + intel-compute-runtime + intel-media-driver + vaapiIntel + vaapiVdpau + libvdpau-va-gl + ]; + }; + hardware.bluetooth.enable = true; + services.logind = { + lidSwitch = "hibernate"; + lidSwitchDocked = "ignore"; + lidSwitchExternalPower = "hibernate"; + }; + services.udev.extraRules = '' + KERNEL=="0000:00:14.0", SUBSYSTEM=="pci", ATTR{power/wakeup}="disabled" + ''; + + # [BOOT / DISK ENCRYPTION] + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.grub = { + enable = true; + device = "nodev"; + efiSupport = true; + enableCryptodisk = true; + theme = ../../resources/grub-theme; + }; + + boot.loader.efi.efiSysMountPoint = "/boot/efi"; + boot.initrd = { + availableKernelModules = [ "aesni_intel" "cryptd" ]; + secrets = { "/boot/key" = "/boot/key"; }; + luks.mitigateDMAAttacks = true; + luks.devices = { + root = { + device = "/dev/disk/by-uuid/91114176-b6cc-4454-89df-e2bf5c1fac0a"; + keyFile = "/boot/key"; + preLVM = true; + }; + }; + }; + + # [NETWORKING] + networking.hostName = "lambda"; + networking.networkmanager = { + enable = true; + wifi.powersave = true; + wifi.scanRandMacAddress = true; + wifi.macAddress = "random"; + }; + + system.stateVersion = "24.05"; +}