noe/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

cider init

Browse source
This commit is contained in:
41666 2023-12-15 03:23:14 +00:00
parent 68bd6cdf93
commit 802681a2be
10 changed files with 146 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml
View file

@ -4,6 +4,7 @@ keys: &all
- &m_thonkpad age1f5cqspxexkl8f42v5ne47mx6xmm4v00lafdlslq9g79a508e4p9qrku72s - &m_thonkpad age1f5cqspxexkl8f42v5ne47mx6xmm4v00lafdlslq9g79a508e4p9qrku72s
- &m_blueberry age1ts3t7q08cthuwj39juajve2jjk0rw28ljzesnrmnkwd0n7zs49kq7dgxnm - &m_blueberry age1ts3t7q08cthuwj39juajve2jjk0rw28ljzesnrmnkwd0n7zs49kq7dgxnm
- &m_work-mac age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8 - &m_work-mac age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8
- &m_cider age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
@ -27,3 +28,9 @@ creation_rules:
- *op_noe - *op_noe
- *op_noe_2 - *op_noe_2
- *m_work-mac - *m_work-mac
- path_regex: secrets/cider/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *op_noe
- *op_noe_2
- *m_cider

5
flake.nix
View file

@ -99,6 +99,9 @@
# Blueberry Lab # Blueberry Lab
blueberry = mkNixos [ ./nixos/hosts/blueberry ]; blueberry = mkNixos [ ./nixos/hosts/blueberry ];
# Asahi MacBook Air M2
cider = mkNixos [ ./nixos/hosts/cider ];
# 2015 MBP # 2015 MBP
#echo = mkNixos [ ./nixos/hosts/echo ]; #echo = mkNixos [ ./nixos/hosts/echo ];
@ -131,7 +134,7 @@
}; };
darwinConfigurations = { darwinConfigurations = {
noe-air = mkDarwin "aarch64-darwin" [ ./darwin/hosts/noe-air ]; # in asahi => noe-air = mkDarwin "aarch64-darwin" [ ./darwin/hosts/noe-air ];
AMERMACC02G65A8MD6T = mkDarwin "x86_64-darwin" [ ./darwin/hosts/work-mac ]; AMERMACC02G65A8MD6T = mkDarwin "x86_64-darwin" [ ./darwin/hosts/work-mac ];
}; };

6
home-manager/noe/hosts/cider.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }: {
imports = [
../common
../common/home-user.nix
];
}

8
nixos/client.nix
View file

@ -1,13 +1,13 @@
{ pkgs, ... }: { { pkgs, lib, ... }: {
imports = [ imports = [
./base.nix ./base.nix
./features/fonts.nix ./features/fonts.nix
]; ];
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = lib.mkDefault true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = lib.mkDefault true;
boot.kernelPackages = pkgs.linuxPackages_zen; boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
firefox firefox

6
nixos/features/systemd-boot.nix
View file

@ -1,4 +1,6 @@
{ pkgs, config, ... }: { { pkgs, config, system, ... }: let
canTouchEfiVariables = system.hostPlatform != "aarch64-linux"
in {
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi = { inherit canTouchEfiVariables };
} }

11
nixos/features/wifi.nix
View file

@ -2,6 +2,17 @@
networking.networkmanager = { networking.networkmanager = {
enable = true; enable = true;
wifi.backend = "iwd";
};
systemd.services.NetworkManager-wait-online.enable = false;
networking.wireless.iwd = {
enable = true;
settings = {
General.EnableNetworkConfiguration = true;
General.AutoConnect = true;
};
}; };
# TODO: WiFi password automation # TODO: WiFi password automation

2
nixos/features/xfce.nix
View file

@ -1,6 +1,6 @@
{ pkgs, ... }: { { pkgs, ... }: {
imports = [ imports = [
./sound.nix #./sound.nix
]; ];
services.xserver = { services.xserver = {

30
nixos/hosts/cider/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, lib, pkgs, inputs, ... }: {
imports = [
inputs.apple-silicon.nixosModules.apple-silicon-support
./hardware-configuration.nix
../../client.nix
../../features/xfce.nix #TODO: sound may be wrong
../../features/wifi.nix
];
home-manager.users.noe = import ../../../home-manager/noe/hosts/cider.nix;
networking.hostName = "cider";
system.stateVersion = "24.05";
# aarch64 / asahi stuff
hardware.asahi = {
withRust = true;
#withEdgeKernelConfig = true;
#useExperimentalGPUDriver = true;
#experimentalGPUInstallMode = "replace";
#useAlsaUcm = true;
};
networking.wireless.iwd.package = pkgs.stable.iwd; # unstable issue on aarch64: https://github.com/NixOS/nixpkgs/issues/273958
}

36
nixos/hosts/cider/hardware-configuration.nix Normal file
View file

@ -0,0 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9d66d26a-b441-4337-86a1-c56a09667043";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/AA30-1E15";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

57
secrets/default.yaml
View file

@ -11,29 +11,56 @@ sops:
- recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd - recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRkJDOUZDaUVHTnNsNW9y YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeDFET1lCZTJZbG9TOERL
eE1DVXVXNUpEOGpsVnZQVkFTUFdvTjlUWUZnCndvVTlId3hGNnZzbXc2YW5MTFY3 dWd3TG9YdkdUblN6Y1lLdW5YeEJ5TEpZL0FjCkpWSy9CNTdSSmIvblJFNmlsM1VR
TXZabTdoU3p0UVgybUZBdWFJbmUva2MKLS0tIGlNaGJWczlUVGgzYkUyb043WVRT L1lNeXdrbWtpVGhIaEJDVVY0MUR2bXMKLS0tIEd5ZnVrRGpqQSs1VDFZSERDbUNv
a3V2d2FjT0JCN0Q0RTZEcnpZZXdlaGsKO7LKi/0hup/vBootyE56eP08flFoILYo aWtKUXAvK0t0VFc2b3M1UlQyU3RQMmcK8thzaS1hLNfVqOZr/puDmY8Pr1PZaWAD
Dp0RU5GaSlTRv5ZbLanML1ocrUJp2TBy8NcGqCywCMChN9PzeGVGGQ== FKqkMx05rMGMPPtBGM63hmZyltlbafaDlX7iiNebZSHCwn81bv0nVA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvNFZLNkg2Vm5lbFRLb1lV
MUdUZWduVU9HNEN0dWt5ZUY1M2g4UkJCREdZClFFSytidFA2Y1ppNWI2cGhtOWxE
Qjg1NHh6SDNwVStEV0FLTE5iNTZXQUUKLS0tIHBTRVN0Y3NNelBEM0l5RThjVkFn
RHdadFJZVmxROXA1K2ZNYUxMUlJxKzQKnOmzREhFGeyEA//E6HCfSYD9C81JjugB
crYdpK0DCWMKepgIpJmYUnQQTzdyPqUJiqtZ81TCbyOU6xlkU8uA3Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1f5cqspxexkl8f42v5ne47mx6xmm4v00lafdlslq9g79a508e4p9qrku72s - recipient: age1f5cqspxexkl8f42v5ne47mx6xmm4v00lafdlslq9g79a508e4p9qrku72s
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZRW9IZEJ5SUthM3FsSFZy YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkN1NJV2RENExlcGxvcVRI
ZVc2TGk4SjhKanlkN2owMUN3L2ZST0FmQ0djCitIQ0RaOFhoSGdWZnp4cWZPR0pj K0haNDlJb3lmT3VJOWZ5eTBjaWFYRm85elI4CnNkeUFVMThSck9mdzFlcG5IeGZJ
TjdidlBaOUFLYndONExzWTJvUVgydUkKLS0tIEw5eDJTMXVnc2VlcHRvdmR4Y0Vz K2RyRHFhMlI2OHlLcVp6QlNQQ01rVjQKLS0tIFZMNG1Gc0tIMVdGWk1MNVUxbEVu
Y1ZpMGFXZVl3UE5yU1VlcjdsWEtETmcKo6RNsXqER4K+M9BpRiL+13Lj67iY6Kxk Vk1zZHNxaHRHOEE3TDdoeGxlMlVwQnMKdQT/ctoXHgPLsDQfW4jSAsIhk9nLfdaN
7xTcxNzzk5aXaVT8iUfKuh6fITr23CDfBVRgIw59AKINtQfCeofxdg== XuocOsjteIXdwNK120ANjrqbyyWoJ2WFnYvVXsy4uu9731WsANs44g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ts3t7q08cthuwj39juajve2jjk0rw28ljzesnrmnkwd0n7zs49kq7dgxnm - recipient: age1ts3t7q08cthuwj39juajve2jjk0rw28ljzesnrmnkwd0n7zs49kq7dgxnm
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZRUNtbnA5ZjBxNkpQdFVs YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvRm1XMmgvUGlId3FaYmNC
ejc0Z1huVkNNWVA3amczMzNqMVQ2NThwNDM4Cjc5a2lXckM5NWdva1BqbFFXdnhD WkR4NlJWcDU5QVJCcGMxUVU2QWdrS3Y1SERZCmcyZWJkWGUrTmZQZ2syemt4SGZ4
dTYxZlp1VEFaK1hGSVc5QmUrMzl6VTQKLS0tIHhQYUlYSkRSVTNxa3hWS0plWG50 YVVJRjdSWUZaTEx3ZEFRZW9TSEN5LzQKLS0tIFU0NjlvNWVkTWY1bDhreG91RWN5
WG92WDdZYXZjZEhGWFZpVmpTTTVUc00KLYBVIJj3hm75/qtApgUCDRHxT8m+qy3x WCtYQnFzMVo1ZmlRMW9DU1ZWM1EzR28KbP5JXNNTiFO/7XrnwAIzXgGHlApMS2u6
ymdV0aKTMmam9/POlDeKTvj+GNx/gZ0cWH8cmRCjSMstp3DgG0/Hzw== P+dUOFl3r7htybg7XK+Bf3vEwzozHzX7fthQH4oi90eopsYU3UNBsA==
-----END AGE ENCRYPTED FILE-----
- recipient: age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZmFJb2RDMUU2dU45d2hu
OGFWbTJCbnh6RW9VdVlLS0xDWnphUWtvSFVnClBTUm9VK0k2ZHhOTXhwZ29hck9u
QU81RXVsc0tLc1VHTWNrYU9oem1jZ2cKLS0tIERxeHNFTDNPb0xMYnk3MEdkNzdu
YW9WZkp5bHh4NzRhSU1xU0txWFF4M0UK3m3fIdnqaooRYHRA7GMwpCGDOR2YJv3F
4CogoEtSJe+SLJdEnMDOxxiaMDcw+aRJ8wSEchgAt/6gFzpAbGZhRA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGSkdvZEdXU0dxVmRTbXly
V0d2a1c3MFRTcVdZWk1WT2JTaEtrTzRRQ1ZVCmUyQkdZTWlXWGRraVJueGZWTkpp
OHZiMjVzZDZwRThmNVlWQVNNbWVpRTQKLS0tIHFqODVYbC9Oc3ZKNmxGbkIraFdM
T0RXVHRzaWNjLzFXQTFMeS9YcXY3dUkKOBQCTIUOB7MHjJS3xMeUHaZ3NrgH37Gg
FaSKiVTaJgnjxhZgUIVg9Wq5HU77hx4dm/FS/aWMT8E8OZNL3YT1bQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-10T04:05:10Z" lastmodified: "2023-12-10T04:05:10Z"
mac: ENC[AES256_GCM,data:73XfD7acH2PkT3DCO33tOkrdpdur8g7NkkXJp9OvRvqwdregVos++TmabA6/akrrRFPJkWwI2/Y5WZQjWzIkFWsFnzj0cl0Dv0sT69YrhpsidiaNMUbyIt+D29T0s4AIvccCjh64HSXJjWRPzLawIypJSQkkTzbQkIDsC2n6T98=,iv:s9Fn3CSllkRXM4qD70kHdveCnoRzOh70YNXjMTxcBqM=,tag:SKm6CwT1517DH6ldWpgVpg==,type:str] mac: ENC[AES256_GCM,data:73XfD7acH2PkT3DCO33tOkrdpdur8g7NkkXJp9OvRvqwdregVos++TmabA6/akrrRFPJkWwI2/Y5WZQjWzIkFWsFnzj0cl0Dv0sT69YrhpsidiaNMUbyIt+D29T0s4AIvccCjh64HSXJjWRPzLawIypJSQkkTzbQkIDsC2n6T98=,iv:s9Fn3CSllkRXM4qD70kHdveCnoRzOh70YNXjMTxcBqM=,tag:SKm6CwT1517DH6ldWpgVpg==,type:str]