From d5884035b89263c0b7f926129c9672624ee2debc Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Mon, 2 Oct 2023 14:40:35 -0500 Subject: [PATCH] Dragon --- disko.nix | 68 +++++++++++++++++++++++++++++++++++++-- flake.lock | 66 ++++++++++++++++++------------------- modules/desktop-usage.nix | 8 +++++ modules/intel.nix | 4 --- nixos.nix | 33 +++++++++---------- nixos/dragon.nix | 36 +++++++++++++++++++++ 6 files changed, 158 insertions(+), 57 deletions(-) create mode 100644 nixos/dragon.nix diff --git a/disko.nix b/disko.nix index fa1899a..8e88f75 100644 --- a/disko.nix +++ b/disko.nix @@ -1,10 +1,73 @@ { - standard = { disks ? [ "/dev/vda" ], name ? "primary", ... }: { + standard = { disks ? [ "/dev/vda" ], ... }: { # this is my standard partitioning scheme for my machines: an LUKS-encrypted # btrfs volume disko.devices = { disk = { - ${builtins.trace name name} = { + primary = { + type = "disk"; + device = builtins.elemAt disks 0; + content = { + type = "gpt"; + partitions = { + ESP = { + label = "EFI"; + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + extraOpenArgs = [ "--allow-discards" ]; + # if you want to use the key for interactive login be sure there is no trailing newline + # for example use `echo -n "password" > /tmp/secret.key` + keyFile = "/tmp/secret.key"; # Interactive + # settings.keyFile = "/tmp/password.key"; + # additionalKeyFiles = ["/tmp/additionalSecret.key"]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; + # TODO: figure out what I can't have an optiona/default 'name' attribute here so I can DRY with "standard" + thinker = { disks ? [ "/dev/vda" ], ... }: { + # this is my standard partitioning scheme for my machines: an LUKS-encrypted + # btrfs volume + disko.devices = { + disk = { + vda = { type = "disk"; device = builtins.elemAt disks 0; content = { @@ -112,4 +175,3 @@ }; }; } - diff --git a/flake.lock b/flake.lock index 7279559..2a70efb 100644 --- a/flake.lock +++ b/flake.lock @@ -54,11 +54,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1692199161, - "narHash": "sha256-GqKApvQ1JCf5DzH/Q+P4nwuHb6MaQGaWTu41lYzveF4=", + "lastModified": 1696266752, + "narHash": "sha256-wJnMDFM21+xXdsXSs6pXMElbv4YfqmQslcPApRuaYKs=", "owner": "nix-community", "repo": "disko", - "rev": "4eed2457b053c4bbad7d90d2b3a1d539c2c9009c", + "rev": "646ee25c25fffee122a66282861f5f56ad3e0fd9", "type": "github" }, "original": { @@ -158,11 +158,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1693976516, - "narHash": "sha256-5D49OMiDgkUczk5je/DHIC+OutelH6WKQkiKwvRwrm0=", + "lastModified": 1696255829, + "narHash": "sha256-5XId/8r09qEAyBI8lFq0qpVsEvtdDl6gHkBHmhp/sMA=", "owner": "helix-editor", "repo": "helix", - "rev": "0cfd46c14f67351db1e739834f58d8ed15d2bb4d", + "rev": "7fbfec766c2ce2570ca4160744723813dbdc3019", "type": "github" }, "original": { @@ -178,11 +178,11 @@ ] }, "locked": { - "lastModified": 1695984718, - "narHash": "sha256-LQwKgaaaFOkIcxarf0xQXeDJFwZ5BZWcgmPeo3xp2CM=", + "lastModified": 1696145345, + "narHash": "sha256-3dM7I/d4751SLPJah0to1WBlWiyzIiuCEUwJqwBdmr4=", "owner": "nix-community", "repo": "home-manager", - "rev": "4f02e35f9d150573e1a710afa338846c2f6d850c", + "rev": "6f9b5b83ad1f470b3d11b8a9fe1d5ef68c7d0e30", "type": "github" }, "original": { @@ -209,11 +209,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1692492726, - "narHash": "sha256-rld5qm2B4oRkDwcPD+yOSyTrZQdfCR6mzJGGkecjvTs=", + "lastModified": 1694908564, + "narHash": "sha256-ducA98AuWWJu5oUElIzN24Q22WlO8bOfixGzBgzYdVc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e63e8bbc46bc4fc22254da1edaf42fc7549c18a", + "rev": "596611941a74be176b98aeba9328aa9d01b8b322", "type": "github" }, "original": { @@ -225,11 +225,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1693844670, - "narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=", + "lastModified": 1696125185, + "narHash": "sha256-zJTpVLKg5YhbNJdILfBzYGz9zhM4Cjs5ySaD3eVWcTA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3c15feef7770eb5500a4b8792623e2d6f598c9c1", + "rev": "0396d3b0fb7f62ddc79a506ad3e6124f01d2ed0a", "type": "github" }, "original": { @@ -257,11 +257,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1696018110, - "narHash": "sha256-eLB8ruJGmDiSO4ysDZOkDq3tkzuRT77tXKmfHN5nBa4=", + "lastModified": 1696275311, + "narHash": "sha256-Z8aJvoUyMv/+0G7iqYIqecxRDFbz05RK2e3/irbWq9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ae95a37b32e51fe3b5d89ce6bf037ec188c5560a", + "rev": "828ba8482b64704adad28786355ed8a45d59eb0a", "type": "github" }, "original": { @@ -272,11 +272,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1693844670, - "narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=", + "lastModified": 1679410443, + "narHash": "sha256-xDHO/jixWD+y5pmW5+2q4Z4O/I/nA4MAa30svnZKK+M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3c15feef7770eb5500a4b8792623e2d6f598c9c1", + "rev": "c9ece0059f42e0ab53ac870104ca4049df41b133", "type": "github" }, "original": { @@ -288,11 +288,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1693844670, - "narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=", + "lastModified": 1694760568, + "narHash": "sha256-3G07BiXrp2YQKxdcdms22MUx6spc6A++MSePtatCYuI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3c15feef7770eb5500a4b8792623e2d6f598c9c1", + "rev": "46688f8eb5cd6f1298d873d4d2b9cf245e09e88e", "type": "github" }, "original": { @@ -320,11 +320,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1693923183, - "narHash": "sha256-TH2JC+Cjw+ed1O33QKGq+lonIKlu6pHuY1jtrZh/FMM=", + "lastModified": 1696266788, + "narHash": "sha256-uafhEse84DXOyeN8j9igyhqVTWatnSznJ490PVg+H7k=", "owner": "jdx", "repo": "rtx", - "rev": "f333ac5f8e8de399fcb3ce40576baeef0271081b", + "rev": "b8f142fcf1e711de2684cdce2ddebde108f0427b", "type": "github" }, "original": { @@ -364,11 +364,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1692728678, - "narHash": "sha256-02MjG7Sb9k7eOi86CcC4GNWVOjT6gjmXFSqkRjZ8Xyk=", + "lastModified": 1695284550, + "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1b7b3a32d65dbcd69c217d7735fdf0a6b2184f45", + "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78", "type": "github" }, "original": { @@ -412,11 +412,11 @@ "flake-utils": "flake-utils_4" }, "locked": { - "lastModified": 1657226504, - "narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=", + "lastModified": 1696272629, + "narHash": "sha256-KprLE/cqg5PFNT1PKQRjE/bJpr4AlgedoUPO/4jee+8=", "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", - "rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a", + "rev": "2893fcad90dcc2ac2265c227b5444a7cd7ef21f0", "type": "github" }, "original": { diff --git a/modules/desktop-usage.nix b/modules/desktop-usage.nix index 8fa96aa..3cd49a9 100644 --- a/modules/desktop-usage.nix +++ b/modules/desktop-usage.nix @@ -4,5 +4,13 @@ ./sway.nix ./user-installed-applications.nix ]; + + hardware = { + opengl = { + enable = true; + driSupport32Bit = true; + driSupport = true; + }; + }; } diff --git a/modules/intel.nix b/modules/intel.nix index fe47093..cc76b40 100644 --- a/modules/intel.nix +++ b/modules/intel.nix @@ -10,10 +10,6 @@ cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; opengl = { - enable = true; - driSupport32Bit = true; - driSupport = true; - extraPackages = with pkgs; [ intel-media-driver # LIBVA_DRIVER_NAME=iHD vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) diff --git a/nixos.nix b/nixos.nix index 5df190b..90843ed 100644 --- a/nixos.nix +++ b/nixos.nix @@ -31,29 +31,28 @@ in { # TODO: disko-fy rascal and beefcake? - beefcake = nixosSystem "x86_64-linux" [ - ./nixos/beefcake.nix - inputs.api-lyte-dev.nixosModules.x86_64-linux.api-lyte-dev - ]; + # beefcake = nixosSystem "x86_64-linux" [ + # ./nixos/beefcake.nix + # inputs.api-lyte-dev.nixosModules.x86_64-linux.api-lyte-dev + # ]; - rascal = nixosSystem "x86_64-linux" [ ./nixos/rascal.nix ]; + # rascal = nixosSystem "x86_64-linux" [ ./nixos/rascal.nix ]; - musicbox = nixosSystem "x86_64-linux" (disko - { - scheme = "unencrypted"; - disks = [ "/dev/sda" ]; - } ++ [ ./nixos/musicbox.nix ]); + # musicbox = nixosSystem "x86_64-linux" (disko + # { + # scheme = "unencrypted"; + # disks = [ "/dev/sda" ]; + # } ++ [ ./nixos/musicbox.nix ]); thinker = nixosSystem "x86_64-linux" (disko { - scheme = "standard"; + scheme = "thinker"; disks = [ "/dev/nvme0n1" ]; - name = "vdb"; } ++ [ ./nixos/thinker.nix ]); - # dragon = nixosSystem "x86_64-linux" (disko - # { - # scheme = "standard"; - # disks = [ "/dev/disk/by-uuid/asdf" ]; - # } ++ [ ./nixos/dragon.nix ]); + dragon = nixosSystem "x86_64-linux" (disko + { + scheme = "standard"; + disks = [ "/dev/nvme0n1" ]; + } ++ [ ./nixos/dragon.nix ]); } diff --git a/nixos/dragon.nix b/nixos/dragon.nix new file mode 100644 index 0000000..195719f --- /dev/null +++ b/nixos/dragon.nix @@ -0,0 +1,36 @@ +{ modulesPath, lib, ... }: { + imports = + [ + ../modules/amd.nix + ../modules/desktop-usage.nix + ../modules/podman.nix + ../modules/wifi.nix + + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + # TODO: fonts? right now, I'm just installing to ~/.local/share/fonts + + # hardware + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; + + networking.hostName = "dragon"; + + hardware.bluetooth.enable = true; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + services.printing.enable = true; + + networking = { + firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ 22 ]; + allowedUDPPorts = [ ]; + }; + }; + + system.stateVersion = "23.11"; +} +