diff --git a/hosts/nixos/mew/configuration.nix b/hosts/nixos/mew/configuration.nix new file mode 100644 index 0000000..1815108 --- /dev/null +++ b/hosts/nixos/mew/configuration.nix @@ -0,0 +1,111 @@ +{ + pkgs, + config, + lib, + modulesPath, + inputs, + stable_pkgs, + unstable_pkgs, + ... +}: { + imports = [ + # Include the results of the hardware scan. + (modulesPath + "/installer/scan/not-detected.nix") + #./hardware-configuration.nix + ../../nixos + ../../../users/blake + ../../../modules/desktop + ../../../modules/system + ]; + + # home grown nixos modules + system = { + secure_boot.enable = false; + cifs_mounts.enable = true; + udiskie.enable = true; + ssh.enable = true; + sops.enable = true; + yubikey.enable = true; + yubikey.lock_on_remove = true; + tailscale.enable = true; + syncthing.enable = true; + flatpak.enable = true; + graphics = { + enable = true; + vendor = "amd"; + }; + }; + desktop = { + pipewire.enable = true; + hypr.enable = true; + greetd.enable = true; + }; + gaming = { + steam.enable = true; + lutris.enable = true; + proton_ge.enable = true; + gamemode.enable = true; + mangohud.enable = true; + }; + + # import home grown host specific home-manager modules + home-manager.users.blake.imports = [ + ../../../users/blake/hosts/yveltal.nix + ]; + + # fix power buttons + # move this to a laptops file at some point + services.logind.settings.Login = { + HandlePowerKey = "suspend-then-hibernate"; + HandleLidSwitch = "suspend-then-hibernate"; + }; + # sets the delay before hibernation for ^ + systemd.sleep.extraConfig = '' + HibernateDelaySec=1800 + ''; + + # boot (systemd is growing on me) + boot = { + kernelModules = ["kvm-intel"]; + extraModulePackages = []; + loader = { + systemd-boot.enable = true; # systemd your pretty cool ya know + efi.canTouchEfiVariables = true; + }; + initrd = { + systemd.enable = true; # better logging + availableKernelModules = ["xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod"]; + kernelModules = []; + }; + }; + + # setup hostname and networking stack + networking = { + hostName = "mew"; # hostname + useDHCP = lib.mkDefault true; + interfaces = { + wlp0s20f3.useDHCP = lib.mkDefault true; + }; + firewall = { + enable = true; + allowedTCPPorts = [22]; + allowedUDPPorts = [51820]; # wireguard + }; + networkmanager = { + enable = true; # the goat + dns = "systemd-resolved"; # the backup dancer! + }; + }; + services.resolved = { + enable = true; + fallbackDns = ["1.1.1.1" "9.9.9.9"]; + dnsovertls = "opportunistic"; + }; + + hardware.bluetooth.enable = true; + + system.stateVersion = "25.05"; # stays here : ) + + # hardware shit + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/nixos/mew/disko.nix b/hosts/nixos/mew/disko.nix new file mode 100644 index 0000000..0409697 --- /dev/null +++ b/hosts/nixos/mew/disko.nix @@ -0,0 +1,70 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/disk/by-id/nvme-PC_SN530_NVMe_WDC_512GB_210513807733"; # disk id here + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + # disable settings.keyFile if you want to use interactive password entry + #passwordFile = "/tmp/secret.key"; # Interactive + settings = { + allowDiscards = true; + #keyFile = "/tmp/secret.key"; + }; + #additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "@swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "32G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +}