diff --git a/hosts/dishwasher/default.nix b/hosts/dishwasher/default.nix index f6e7a79..62d16f2 100644 --- a/hosts/dishwasher/default.nix +++ b/hosts/dishwasher/default.nix @@ -5,6 +5,6 @@ ./secrets.nix ./oxalab.nix ./mcvm-network.nix - ./microvms.nix + # ./microvms.nix ]; } diff --git a/hosts/dishwasher/hardware-configuration.nix b/hosts/dishwasher/hardware-configuration.nix index 1a340f3..1652b60 100644 --- a/hosts/dishwasher/hardware-configuration.nix +++ b/hosts/dishwasher/hardware-configuration.nix @@ -9,57 +9,54 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; fileSystems."/" = { - device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1"; - fsType = "btrfs"; - options = [ "subvol=nixos" "compress=zstd" "noatime" ]; - }; - - fileSystems."/var/lib" = - { - device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1"; - fsType = "btrfs"; - options = [ "subvol=var-lib" "compress=zstd" "noatime" ]; - }; - - fileSystems."/var/log" = - { - device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1"; - fsType = "btrfs"; - options = [ "subvol=var-log" "compress=zstd" "noatime" ]; - }; - - fileSystems."/var/microvms" = - { - device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1"; - fsType = "btrfs"; - options = [ "subvol=microvms" "compress=zstd" "noatime" ]; + device = "rpool/nixos"; + fsType = "zfs"; + options = [ "zfsutil" ]; }; fileSystems."/nix" = { - device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1"; - fsType = "btrfs"; - options = [ "subvol=nix" "compress=zstd" "noatime" ]; + device = "rpool/nixos/nix"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + fileSystems."/home" = + { + device = "rpool/userdata/home"; + fsType = "zfs"; + options = [ "zfsutil" ]; }; fileSystems."/boot" = { - device = "/dev/disk/by-uuid/2A04-BFAE"; + device = "/dev/disk/by-uuid/A8AA-1CC4"; fsType = "vfat"; + options = [ "X-mount.mkdir" ]; }; - swapDevices = [ ]; + swapDevices = + [{ + device = "/dev/disk/by-partuuid/f9712640-96a5-46e1-b07d-53b0cba19057"; + randomEncryption = true; + }]; - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + networking.interfaces.enp53s0.useDHCP = lib.mkDefault true; + networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - networking.interfaces.wlan0.useDHCP = true; - networking.interfaces.enp1s0.useDHCP = true; - services.logind.lidSwitch = "ignore"; } diff --git a/hosts/microwave/configuration.nix b/hosts/microwave/configuration.nix deleted file mode 100644 index 79d280e..0000000 --- a/hosts/microwave/configuration.nix +++ /dev/null @@ -1,115 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - # SWAP - zramSwap = { - enable = true; - algorithm = "zstd"; - }; - - environment.systemPackages = with pkgs; [ - tdesktop - signal-desktop - cubicsdr - kicad - gimp - inkscape - fractal-next - ]; - - - nixpkgs.config.allowUnfree = true; - - services.fstrim.enable = true; - - boot = { - loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = true; - }; - supportedFilesystems = [ "zfs" ]; - kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages; - kernelParams = [ "nohibernate" ]; - zfs.devNodes = "/dev/"; - plymouth.enable = false; - tmp.useTmpfs = true; - }; - - services.zfs = { - trim.enable = true; - autoScrub = { - enable = true; - pools = [ "rpool" ]; - }; - autoSnapshot.enable = true; - }; - - # update the microcode - hardware.cpu.intel.updateMicrocode = true; - hardware.enableAllFirmware = true; - - # Shell config (bash) - programs.bash = { - enableCompletion = true; - }; - - security.sudo = { - enable = true; - wheelNeedsPassword = true; - }; - - # Users - users.users.grue = { - createHome = true; - extraGroups = [ - "wheel" - "video" - "libvirtd" - "plugdev" - "dialout" - "bluetooth" - ]; - group = "users"; - home = "/home/grue"; - isNormalUser = true; - uid = 1000; - }; - - time.timeZone = "Europe/Amsterdam"; - - i18n = { - defaultLocale = "en_US.UTF-8"; - supportedLocales = [ "all" ]; - #supportedLocales = [ "en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "ru_RU.UTF-8/UTF-8" ]; - }; - - - programs.steam.enable = true; - - services.udev.extraRules = '' - # MCH2022 Badge - SUBSYSTEM=="usb", ATTR{idVendor}=="16d0", ATTR{idProduct}=="0f9a", MODE="0666" - - #Flipper Zero serial port - SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="5740", ATTRS{manufacturer}=="Flipper Devices Inc.", TAG+="uaccess" - #Flipper Zero DFU - SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", ATTRS{manufacturer}=="STMicroelectronics", TAG+="uaccess" - #Flipper ESP32s2 BlackMagic - SUBSYSTEMS=="usb", ATTRS{idVendor}=="303a", ATTRS{idProduct}=="40??", ATTRS{manufacturer}=="Flipper Devices Inc.", TAG+="uaccess" - ''; - - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.11"; # Did you read the comment? - -} - diff --git a/hosts/microwave/default.nix b/hosts/microwave/default.nix deleted file mode 100644 index b442ac2..0000000 --- a/hosts/microwave/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ./network.nix - ./secrets.nix - ]; -} diff --git a/hosts/microwave/hardware-configuration.nix b/hosts/microwave/hardware-configuration.nix deleted file mode 100644 index 1652b60..0000000 --- a/hosts/microwave/hardware-configuration.nix +++ /dev/null @@ -1,62 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "rpool/nixos"; - fsType = "zfs"; - options = [ "zfsutil" ]; - }; - - fileSystems."/nix" = - { - device = "rpool/nixos/nix"; - fsType = "zfs"; - options = [ "zfsutil" ]; - }; - - fileSystems."/home" = - { - device = "rpool/userdata/home"; - fsType = "zfs"; - options = [ "zfsutil" ]; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/A8AA-1CC4"; - fsType = "vfat"; - options = [ "X-mount.mkdir" ]; - }; - - swapDevices = - [{ - device = "/dev/disk/by-partuuid/f9712640-96a5-46e1-b07d-53b0cba19057"; - randomEncryption = true; - }]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - networking.interfaces.enp53s0.useDHCP = lib.mkDefault true; - networking.interfaces.wlan0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/microwave/network.nix b/hosts/microwave/network.nix deleted file mode 100644 index 4022a0c..0000000 --- a/hosts/microwave/network.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ pkgs, config, ... }: { - environment.systemPackages = with pkgs; [ - iwgtk - ]; - networking = { - hostName = "microwave"; # Define your hostname. - hostId = "7da4f1e6"; - firewall.enable = true; - networkmanager.enable = false; - useNetworkd = true; - wireguard.enable = true; - wireless.iwd = { - enable = true; - }; - }; - - services.resolved = { - enable = true; - dnssec = "allow-downgrade"; - }; - - # workaround for networkd waiting for shit - systemd.services.systemd-networkd-wait-online.serviceConfig.ExecStart = [ - "" # clear old command - "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online --any" - ]; - - systemd.network = { - enable = true; - - # wait-online.ignoredInterfaces = [ "wlan0" "enp53s0" ]; - - # Interfaces on the machine - netdevs."10-james" = { - netdevConfig = { - Name = "james"; - Kind = "bond"; - }; - bondConfig = { - Mode = "active-backup"; - PrimaryReselectPolicy = "always"; - MIIMonitorSec = "1s"; - }; - }; - networks."10-ether-bond" = { - matchConfig.Name = "enp53s0"; - networkConfig = { - Bond = "james"; - PrimarySlave = true; - }; - }; - networks."10-wlan-bond" = { - matchConfig.Name = "wlan0"; - networkConfig = { - Bond = "james"; - }; - }; - networks."10-james-bond" = { - matchConfig.Name = "james"; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - }; - }; - }; -} diff --git a/hosts/microwave/secrets.nix b/hosts/microwave/secrets.nix deleted file mode 100644 index 013e972..0000000 --- a/hosts/microwave/secrets.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ config, ... }: -{ - sops.defaultSopsFile = ../../secrets/microwave/secrets.yaml; - sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; -} diff --git a/hosts/microwave/stateful-networking.nix b/hosts/microwave/stateful-networking.nix deleted file mode 100644 index 860c926..0000000 --- a/hosts/microwave/stateful-networking.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, config, ... }: { - networking = { - hostName = "microwave"; # Define your hostname. - hostId = "7da4f1e6"; - firewall.enable = true; - wireguard.enable = true; - # wireless.iwd.enable = true; - # networkmanager.wifi.backend = "iwd"; - }; - - # fix networkmanager wireguard - networking.firewall = { - # if packets are still dropped, they will show up in dmesg - logReversePathDrops = true; - # wireguard trips rpfilter up - extraCommands = '' - ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN - ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN - ''; - extraStopCommands = '' - ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true - ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true - ''; - }; - - services.resolved = { - enable = true; - dnssec = "allow-downgrade"; - }; -}