Dragon

2023-10-02 14:40:35 -05:00 · 2023-10-02 14:40:35 -05:00 · d5884035b8
commit d5884035b8
parent b19d8456e0
6 changed files with 158 additions and 57 deletions
--- a/disko.nix
+++ b/disko.nix
@ -1,10 +1,73 @@
 {
-  standard = { disks ? [ "/dev/vda" ], name ? "primary", ... }: {
+  standard = { disks ? [ "/dev/vda" ], ... }: {
    # this is my standard partitioning scheme for my machines: an LUKS-encrypted
    # btrfs volume
    disko.devices = {
      disk = {
-        ${builtins.trace name name} = {
+        primary = {
+          type = "disk";
+          device = builtins.elemAt disks 0;
+          content = {
+            type = "gpt";
+            partitions = {
+              ESP = {
+                label = "EFI";
+                name = "ESP";
+                size = "512M";
+                type = "EF00";
+                content = {
+                  type = "filesystem";
+                  format = "vfat";
+                  mountpoint = "/boot";
+                  mountOptions = [
+                    "defaults"
+                  ];
+                };
+              };
+              luks = {
+                size = "100%";
+                content = {
+                  type = "luks";
+                  name = "crypted";
+                  extraOpenArgs = [ "--allow-discards" ];
+                  # if you want to use the key for interactive login be sure there is no trailing newline
+                  # for example use `echo -n "password" > /tmp/secret.key`
+                  keyFile = "/tmp/secret.key"; # Interactive
+                  # settings.keyFile = "/tmp/password.key";
+                  # additionalKeyFiles = ["/tmp/additionalSecret.key"];
+                  content = {
+                    type = "btrfs";
+                    extraArgs = [ "-f" ];
+                    subvolumes = {
+                      "/root" = {
+                        mountpoint = "/";
+                        mountOptions = [ "compress=zstd" "noatime" ];
+                      };
+                      "/home" = {
+                        mountpoint = "/home";
+                        mountOptions = [ "compress=zstd" "noatime" ];
+                      };
+                      "/nix" = {
+                        mountpoint = "/nix";
+                        mountOptions = [ "compress=zstd" "noatime" ];
+                      };
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+  # TODO: figure out what I can't have an optiona/default 'name' attribute here so I can DRY with "standard"
+  thinker = { disks ? [ "/dev/vda" ], ... }: {
+    # this is my standard partitioning scheme for my machines: an LUKS-encrypted
+    # btrfs volume
+    disko.devices = {
+      disk = {
+        vda = {
          type = "disk";
          device = builtins.elemAt disks 0;
          content = {
@ -112,4 +175,3 @@
    };
  };
 }
-
--- a/flake.lock
+++ b/flake.lock
@ -54,11 +54,11 @@
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1692199161,
-        "narHash": "sha256-GqKApvQ1JCf5DzH/Q+P4nwuHb6MaQGaWTu41lYzveF4=",
+        "lastModified": 1696266752,
+        "narHash": "sha256-wJnMDFM21+xXdsXSs6pXMElbv4YfqmQslcPApRuaYKs=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "4eed2457b053c4bbad7d90d2b3a1d539c2c9009c",
+        "rev": "646ee25c25fffee122a66282861f5f56ad3e0fd9",
        "type": "github"
      },
      "original": {
@ -158,11 +158,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1693976516,
-        "narHash": "sha256-5D49OMiDgkUczk5je/DHIC+OutelH6WKQkiKwvRwrm0=",
+        "lastModified": 1696255829,
+        "narHash": "sha256-5XId/8r09qEAyBI8lFq0qpVsEvtdDl6gHkBHmhp/sMA=",
        "owner": "helix-editor",
        "repo": "helix",
-        "rev": "0cfd46c14f67351db1e739834f58d8ed15d2bb4d",
+        "rev": "7fbfec766c2ce2570ca4160744723813dbdc3019",
        "type": "github"
      },
      "original": {
@ -178,11 +178,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1695984718,
-        "narHash": "sha256-LQwKgaaaFOkIcxarf0xQXeDJFwZ5BZWcgmPeo3xp2CM=",
+        "lastModified": 1696145345,
+        "narHash": "sha256-3dM7I/d4751SLPJah0to1WBlWiyzIiuCEUwJqwBdmr4=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "4f02e35f9d150573e1a710afa338846c2f6d850c",
+        "rev": "6f9b5b83ad1f470b3d11b8a9fe1d5ef68c7d0e30",
        "type": "github"
      },
      "original": {
@ -209,11 +209,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1692492726,
-        "narHash": "sha256-rld5qm2B4oRkDwcPD+yOSyTrZQdfCR6mzJGGkecjvTs=",
+        "lastModified": 1694908564,
+        "narHash": "sha256-ducA98AuWWJu5oUElIzN24Q22WlO8bOfixGzBgzYdVc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "5e63e8bbc46bc4fc22254da1edaf42fc7549c18a",
+        "rev": "596611941a74be176b98aeba9328aa9d01b8b322",
        "type": "github"
      },
      "original": {
@ -225,11 +225,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1693844670,
-        "narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=",
+        "lastModified": 1696125185,
+        "narHash": "sha256-zJTpVLKg5YhbNJdILfBzYGz9zhM4Cjs5ySaD3eVWcTA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "3c15feef7770eb5500a4b8792623e2d6f598c9c1",
+        "rev": "0396d3b0fb7f62ddc79a506ad3e6124f01d2ed0a",
        "type": "github"
      },
      "original": {
@ -257,11 +257,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1696018110,
-        "narHash": "sha256-eLB8ruJGmDiSO4ysDZOkDq3tkzuRT77tXKmfHN5nBa4=",
+        "lastModified": 1696275311,
+        "narHash": "sha256-Z8aJvoUyMv/+0G7iqYIqecxRDFbz05RK2e3/irbWq9M=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "ae95a37b32e51fe3b5d89ce6bf037ec188c5560a",
+        "rev": "828ba8482b64704adad28786355ed8a45d59eb0a",
        "type": "github"
      },
      "original": {
@ -272,11 +272,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1693844670,
-        "narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=",
+        "lastModified": 1679410443,
+        "narHash": "sha256-xDHO/jixWD+y5pmW5+2q4Z4O/I/nA4MAa30svnZKK+M=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "3c15feef7770eb5500a4b8792623e2d6f598c9c1",
+        "rev": "c9ece0059f42e0ab53ac870104ca4049df41b133",
        "type": "github"
      },
      "original": {
@ -288,11 +288,11 @@
    },
    "nixpkgs_6": {
      "locked": {
-        "lastModified": 1693844670,
-        "narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=",
+        "lastModified": 1694760568,
+        "narHash": "sha256-3G07BiXrp2YQKxdcdms22MUx6spc6A++MSePtatCYuI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "3c15feef7770eb5500a4b8792623e2d6f598c9c1",
+        "rev": "46688f8eb5cd6f1298d873d4d2b9cf245e09e88e",
        "type": "github"
      },
      "original": {
@ -320,11 +320,11 @@
        "nixpkgs": "nixpkgs_5"
      },
      "locked": {
-        "lastModified": 1693923183,
-        "narHash": "sha256-TH2JC+Cjw+ed1O33QKGq+lonIKlu6pHuY1jtrZh/FMM=",
+        "lastModified": 1696266788,
+        "narHash": "sha256-uafhEse84DXOyeN8j9igyhqVTWatnSznJ490PVg+H7k=",
        "owner": "jdx",
        "repo": "rtx",
-        "rev": "f333ac5f8e8de399fcb3ce40576baeef0271081b",
+        "rev": "b8f142fcf1e711de2684cdce2ddebde108f0427b",
        "type": "github"
      },
      "original": {
@ -364,11 +364,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1692728678,
-        "narHash": "sha256-02MjG7Sb9k7eOi86CcC4GNWVOjT6gjmXFSqkRjZ8Xyk=",
+        "lastModified": 1695284550,
+        "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "1b7b3a32d65dbcd69c217d7735fdf0a6b2184f45",
+        "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78",
        "type": "github"
      },
      "original": {
@ -412,11 +412,11 @@
        "flake-utils": "flake-utils_4"
      },
      "locked": {
-        "lastModified": 1657226504,
-        "narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=",
+        "lastModified": 1696272629,
+        "narHash": "sha256-KprLE/cqg5PFNT1PKQRjE/bJpr4AlgedoUPO/4jee+8=",
        "owner": "gytis-ivaskevicius",
        "repo": "flake-utils-plus",
-        "rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a",
+        "rev": "2893fcad90dcc2ac2265c227b5444a7cd7ef21f0",
        "type": "github"
      },
      "original": {
--- a/modules/desktop-usage.nix
+++ b/modules/desktop-usage.nix
@ -4,5 +4,13 @@
    ./sway.nix
    ./user-installed-applications.nix
  ];
+
+  hardware = {
+    opengl = {
+      enable = true;
+      driSupport32Bit = true;
+      driSupport = true;
+    };
+  };
 }

--- a/modules/intel.nix
+++ b/modules/intel.nix
@ -10,10 +10,6 @@
    cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

    opengl = {
-      enable = true;
-      driSupport32Bit = true;
-      driSupport = true;
-
      extraPackages = with pkgs; [
        intel-media-driver # LIBVA_DRIVER_NAME=iHD
        vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
--- a/nixos.nix
+++ b/nixos.nix
@ -31,29 +31,28 @@ in
 {
  # TODO: disko-fy rascal and beefcake?

-  beefcake = nixosSystem "x86_64-linux" [
-    ./nixos/beefcake.nix
-    inputs.api-lyte-dev.nixosModules.x86_64-linux.api-lyte-dev
-  ];
+  # beefcake = nixosSystem "x86_64-linux" [
+  #   ./nixos/beefcake.nix
+  #   inputs.api-lyte-dev.nixosModules.x86_64-linux.api-lyte-dev
+  # ];

-  rascal = nixosSystem "x86_64-linux" [ ./nixos/rascal.nix ];
+  # rascal = nixosSystem "x86_64-linux" [ ./nixos/rascal.nix ];

-  musicbox = nixosSystem "x86_64-linux" (disko
-    {
-      scheme = "unencrypted";
-      disks = [ "/dev/sda" ];
-    } ++ [ ./nixos/musicbox.nix ]);
+  # musicbox = nixosSystem "x86_64-linux" (disko
+  #   {
+  #     scheme = "unencrypted";
+  #     disks = [ "/dev/sda" ];
+  #   } ++ [ ./nixos/musicbox.nix ]);

  thinker = nixosSystem "x86_64-linux" (disko
    {
-      scheme = "standard";
+      scheme = "thinker";
      disks = [ "/dev/nvme0n1" ];
-      name = "vdb";
    } ++ [ ./nixos/thinker.nix ]);

-  # dragon = nixosSystem "x86_64-linux" (disko
-  #   {
-  #     scheme = "standard";
-  #     disks = [ "/dev/disk/by-uuid/asdf" ];
-  #   } ++ [ ./nixos/dragon.nix ]);
+  dragon = nixosSystem "x86_64-linux" (disko
+    {
+      scheme = "standard";
+      disks = [ "/dev/nvme0n1" ];
+    } ++ [ ./nixos/dragon.nix ]);
 }
--- a/nixos/dragon.nix
+++ b/nixos/dragon.nix
@ -0,0 +1,36 @@
+{ modulesPath, lib, ... }: {
+  imports =
+    [
+      ../modules/amd.nix
+      ../modules/desktop-usage.nix
+      ../modules/podman.nix
+      ../modules/wifi.nix
+
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  # TODO: fonts? right now, I'm just installing to ~/.local/share/fonts
+
+  # hardware
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.systemd-boot.enable = true;
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
+
+  networking.hostName = "dragon";
+
+  hardware.bluetooth.enable = true;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  services.printing.enable = true;
+
+  networking = {
+    firewall = {
+      enable = true;
+      allowPing = true;
+      allowedTCPPorts = [ 22 ];
+      allowedUDPPorts = [ ];
+    };
+  };
+
+  system.stateVersion = "23.11";
+}
+