complete rework v3

2026-01-22 16:16:50 +01:00 · 2025-02-18 20:17:57 +01:00 · 2025-02-18 20:17:57 +01:00 · 366a0e221a
commit 366a0e221a
parent 7409e9ca10
131 changed files with 20171 additions and 585 deletions
--- a/parts/hosts/default.nix
+++ b/parts/hosts/default.nix
@ -5,89 +5,74 @@
  ...
 }:
 with lib; let
+  mkSystemImports = hostname: let
+    hostDirectory = ./. + ("/" + hostname);
+    nixFiles = filter (file: hasSuffix ".nix" file) (attrNames (builtins.readDir hostDirectory));
+    imports = map (file: ./. + ("/" + hostname + "/" + file)) nixFiles;
+  in {
+    inherit imports;
+  };
+
  mkSystem = {
    hostname,
    username,
    modules ? [],
+    system ? "x86_64-linux",
  }:
-    withSystem "x86_64-linux" (
-      {
-        pkgs,
-        system,
-        ...
-      }:
+    withSystem system (
+      {system, ...}: let
+        pkgs = import inputs.nixpkgs {
+          inherit system;
+          config.allowUnfree = true;
+        };
+
+        pkgsUnstable = import inputs.nixpkgs-unstable {
+          inherit system;
+          config.allowUnfree = true;
+        };
+      in
        inputs.nixpkgs.lib.nixosSystem {
          inherit system;
-          specialArgs = {inherit inputs pkgs hostname username;};
+          specialArgs = {inherit inputs hostname username pkgs pkgsUnstable;};
          modules =
            [
              inputs.disko.nixosModules.disko
+              inputs.nixos-generators.nixosModules.all-formats
              inputs.home-manager.nixosModules.home-manager
-            ]
-            ++ [
              inputs.agenix.nixosModules.default
              inputs.agenix-rekey.nixosModules.default
-              {
-                environment.variables = {
-                  AGENIX_REKEY_PRIMARY_IDENTITY = builtins.readFile ../../secrets/hosts/${hostname}/id_ed25519.pub;
-                  AGENIX_REKEY_PRIMARY_IDENTITY_ONLY = "true";
-                };
-                environment.etc."ssh/ssh_host_ed25519_key.pub".source = ../../secrets/hosts/${hostname}/id_ed25519.pub;
-                age = rec {
-                  rekey = {
-                    storageMode = "local";
-                    hostPubkey = builtins.readFile ../../secrets/hosts/${hostname}/id_ed25519.pub;
-                    masterIdentities = [
-                      { identity=secrets.id_ed25519.path; pubkey="builtins.readFile ../../secrets/hosts/${hostname}/id_ed25519.pub"; }
-                      { identity=../../secrets/yubikey-identity.age; pubkey="age1yubikey1q25a8ax2t0ujv7q5wvpmlpa52h599n6682jprxuftlw4zpxy2xu9s6lhrel"; }
-                    ];
-                    localStorageDir = lib.path.append ../../secrets/rekeyed hostname;
-                    generatedSecretsDir = lib.path.append ../../secrets hostname;
-                  };
-                  secrets.hashed-user-password.rekeyFile = ../../secrets/hashed-user-password.age;
-                  secrets.id_ed25519={
-                    rekeyFile = ../../secrets/hosts/${hostname}/id_ed25519.age;
-                    path = "/etc/ssh/ssh_host_ed25519_key";
-                  };
-                  secrets.luks-password.rekeyFile = ../../secrets/luks-password.age;
-                  secrets.luks-password.path = "/luks-password";
-                };
-              }
+              inputs.nixos-facter-modules.nixosModules.facter
+              ../modules/base/user.nix
+              (mkSystemImports hostname)
            ]
-            ++ modules;
+            ++ modules
+            ++ (
+              lib.optional (builtins.pathExists ./${hostname}/facter.json)
+              {config.facter.reportPath = ./${hostname}/facter.json;}
+            );
        }
    );
-  # TODO:
-  # mkHosts = root: let
-  #   hosts = attrNames (filterAttrs (_: type: type == "directory") (builtins.readDir root));
-  #   hostDirs = builtins.listToAttrs (
-  #     lib.map (hostName: lib.nameValuePair hostName (lib.path.append root hostName)) hosts
-  #   );
-  #   hostResolved =
-  #     lib.mapAttrs (
-  #       _: hostDir: (lib.map (fileName: lib.path.append hostDir fileName) (attrNames (builtins.readDir hostDir)))
-  #     )
-  #     hostDirs;
-  #   hostsConfig = mapAttrs (host: modules: mkSystem host modules ) hostResolved;
-  # in
-  #   hostsConfig;
 in {
-  flake.nixosConfigurations = {
+  config.flake.nixosConfigurations = {
    laptop = mkSystem {
      hostname = "laptop";
-      modules = [
-        ./laptop/configuration.nix
-        ./laptop/disk-configuration.nix
-        ./laptop/hardware-configuration.nix
-      ];
      username = "nickolaj";
+      modules = [
+        ../modules/required.nix
+        ../modules/shell.nix
+        ../modules/graphical.nix
+        ../modules/devenv.nix
+      ];
    };
    desktop = mkSystem {
      hostname = "desktop";
-      modules = [
-        ./desktop/configuration.nix
-      ];
      username = "nickolaj";
+      modules = [
+        ../modules/required.nix
+        ../modules/shell.nix
+        ../modules/graphical.nix
+        ../modules/devenv.nix
+      ];
    };
  };
 }
--- a/parts/hosts/desktop/configuration.nix
+++ b/parts/hosts/desktop/configuration.nix
@ -1,12 +0,0 @@
-{hostname, ...}: {
-  imports = [
-    ../../modules/base.nix
-    ../../modules/shell.nix
-    ../../modules/graphical.nix
-  ];
-
-  config = {
-    user.username = "nickolaj";
-    system.stateVersion = "24.11";
-  };
-}
--- a/parts/hosts/desktop/disk-configuration.disabled
+++ b/parts/hosts/desktop/disk-configuration.disabled
@ -0,0 +1,62 @@
+_: {
+  disko.devices = {
+    disk = {
+      main = {
+        device = "/dev/disk/by-id/ata-SanDisk_SDSSDXPS240G_153251401377";
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              name = "boot";
+              size = "1M";
+              type = "EF02";
+            };
+
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = ["defaults"];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "crypted";
+                # Copied by deploy script, otherwise it will prompt for password
+                passwordFile = "/luks-password";
+                settings = {
+                  allowDiscards = true;
+                  bypassWorkqueues = true;
+                };
+                content = {
+                  type = "btrfs";
+                  extraArgs = ["-f"];
+                  subvolumes = {
+                    "@" = {
+                      mountpoint = "/";
+                      mountOptions = ["compress=zstd" "noatime"];
+                    };
+                    "@nix" = {
+                      mountpoint = "/nix";
+                      mountOptions = ["compress=zstd" "noatime"];
+                    };
+                    "@home" = {
+                      mountpoint = "/home";
+                      mountOptions = ["compress=zstd" "noatime"];
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/parts/hosts/desktop/facter.json
+++ b/parts/hosts/desktop/facter.json
--- a/parts/hosts/desktop/monitors.nix
+++ b/parts/hosts/desktop/monitors.nix
@ -0,0 +1,29 @@
+_: {
+  # monitor=DP-1,1920x1080@60,2880x0,auto
+  monitors = [
+    {
+      name = "DP-2";
+      resolution = "2560x1440";
+      refreshRate = 144;
+      position = "2560x1080";
+    }
+    {
+      name = "HDMI-A-1";
+      resolution = "2560x1440";
+      refreshRate = 60;
+      position = "0x1080";
+    }
+    {
+      name = "DP-3";
+      resolution = "2560x1440";
+      refreshRate = 144;
+      position = "5120x1080";
+    }
+    {
+      name = "DP-1";
+      resolution = "1920x1080";
+      refreshRate = 60;
+      position = "2880x0";
+    }
+  ];
+}
--- a/parts/hosts/desktop/nvidia.nix
+++ b/parts/hosts/desktop/nvidia.nix
@ -0,0 +1,12 @@
+_: {
+  hardware.graphics = {
+    enable = true;
+  };
+  services.xserver.videoDrivers = ["nvidia"];
+  hardware.nvidia = {
+    open = true;
+    modesetting.enable = true;
+    powerManagement.enable = true;
+    nvidiaSettings = true;
+  };
+}
--- a/parts/hosts/laptop/configuration.nix
+++ b/parts/hosts/laptop/configuration.nix
@ -1,13 +1,32 @@
-{...}: {
-  imports = [
-    ../../modules/base.nix
-    ../../modules/shell.nix
-    ../../modules/graphical.nix
+{
+  pkgs,
+  ...
+}: {
+  # Enable OpenGL
+  hardware.graphics = {
+    enable = true;
+  };
+
+  # Load nvidia driver for Xorg and Wayland
+  services.xserver.videoDrivers = ["nvidia"];
+
+  environment.systemPackages = [
+    pkgs.glxinfo
  ];

-  config = {
-    user.username = "nickolaj";
-    networking.hostName = "laptop";
-    system.stateVersion = "24.11";
+  hardware.nvidia = {
+    open = true;
+    modesetting.enable = true;
+    powerManagement.enable = true;
+    powerManagement.finegrained = true;
+    nvidiaSettings = true;
+    prime = {
+      offload = {
+        enable = true;
+        enableOffloadCmd = true;
+      };
+      intelBusId = "PCI:0:2:0";
+      nvidiaBusId = "PCI:1:0:0";
+    };
  };
 }
--- a/parts/hosts/laptop/disk-configuration.nix
+++ b/parts/hosts/laptop/disk-configuration.nix
@ -1,8 +1,8 @@
-{config, ...}: {
+_: {
  disko.devices = {
    disk = {
-      vdb = {
-        device = "/dev/nvme0n1";
+      main = {
+        device = "/dev/disk/by-id/nvme-SAMSUNG_MZVLB512HBJQ-000L2_S4DYNF0M893481";
        type = "disk";
        content = {
          type = "gpt";
@ -28,8 +28,8 @@
              content = {
                type = "luks";
                name = "crypted";
-                # passwordFile = "/luks-password";
-                passwordFile = config.age.secrets.luks-password.path;
+                # Copied by deploy script, otherwise it will prompt for password
+                passwordFile = "/luks-password";
                settings = {
                  allowDiscards = true;
                  bypassWorkqueues = true;
--- a/parts/hosts/laptop/facter.json
+++ b/parts/hosts/laptop/facter.json
--- a/parts/hosts/laptop/hardware-configuration.nix
+++ b/parts/hosts/laptop/hardware-configuration.nix
@ -1,33 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  boot.initrd.availableKernelModules = [
-    "xhci_pci"
-    "ahci"
-    "nvme"
-    "usbhid"
-  ];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}