titaniumtown/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tmp

Browse Source
This commit is contained in:
Simon Gardling
2025-02-10 20:33:33 -05:00
parent 508a3ccc9b
commit 2b66f1a774
17 changed files with 191 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
etcnixos/common.nix
View File

@@ -17,6 +17,7 @@
inputs.agenix.nixosModules.default
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.chaotic.nixosModules.default
inputs.disko.nixosModules.disko
];
nixpkgs.config.allowUnfreePredicate =
@@ -48,8 +49,8 @@
# kernel options
boot = {
kernelPackages = pkgs.linuxPackages_cachyos-lto;
# kernelPackages = pkgs.linuxPackages_latest;
# kernelPackages = pkgs.linuxPackages_cachyos-lto;
kernelPackages = pkgs.linuxPackages_latest;
kernel.sysctl = {
# dmesg shushhhhh
@@ -167,9 +168,9 @@
pulse.enable = true;
};
age.secrets.primary-password = {
file = ./secrets/primary-password.age;
path = "/etc/secrets/primary-password";
age.secrets.password-hash = {
file = ./secrets/password-hash.age;
path = "/tmp/password-hash-secret";
};
# Define my user account (the rest of the configuration if found in `~/.config/home-manager/...`)
@@ -182,7 +183,7 @@
"camera"
"adbusers"
];
hashedPasswordFile = config.age.secrets.primary-password.path;
hashedPasswordFile = config.age.secrets.password-hash.path;
};
services.gvfs.enable = true;
@@ -224,6 +225,9 @@
libmtp
man-pages
man-pages-posix
# https://github.com/chaotic-cx/nyx/issues/972
# config.boot.kernelPackages.perf
];
# wayland with electron/chromium applications
@@ -246,5 +250,4 @@
documentation.enable = true;
documentation.man.enable = true;
documentation.dev.enable = true;
}

42
etcnixos/flake.lock generated
View File

@@ -34,11 +34,11 @@
]
},
"locked": {
"lastModified": 1738869872,
"narHash": "sha256-lN1HkC+NXxlO5eGFjVWVkedObBoBCWPhAMucHH0/ck8=",
"lastModified": 1739212779,
"narHash": "sha256-7U7fOAOVy/AaOtw3HflnwEeXZJ9+ldxVU/Mx5tGN9A4=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "eeb2fd1d5c96ec9755dba4ccd3d22802444cb55f",
"rev": "175a7f545d07bd08c14709f0d0849a8cddaaf460",
"type": "github"
},
"original": {
@@ -94,11 +94,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1738823732,
"narHash": "sha256-1NnSYno8qRN5zBF7xhaOn1WmC52qKBh7tEuRaDRFuMs=",
"lastModified": 1739082714,
"narHash": "sha256-cylMa750pId3Hqvzyurd86qJIYyyMWB0M7Gbh7ZB2tY=",
"owner": "nix-community",
"repo": "fenix",
"rev": "17bbc481e3d0cb52a605dd9316043c66ceaa17d7",
"rev": "e84058a7fe56aa01f2db19373cce190098494698",
"type": "github"
},
"original": {
@@ -209,11 +209,11 @@
]
},
"locked": {
"lastModified": 1738841109,
"narHash": "sha256-sEgE3nifaRU5gfAx33ds0tx/j+qM0/5/bHopv/w6c0c=",
"lastModified": 1739051380,
"narHash": "sha256-p1QSLO8DJnANY+ppK7fjD8GqfCrEIDjso1CSRHsXL7Y=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f99c704fe3a4cf8d72b2d568ec80bc38be1a9407",
"rev": "5af1b9a0f193ab6138b89a8e0af8763c21bbf491",
"type": "github"
},
"original": {
@@ -231,11 +231,11 @@
]
},
"locked": {
"lastModified": 1738656811,
"narHash": "sha256-z7Dzz713ueSQJYSdsWcH+D7o2pbq/sAl7/nBxru5oNA=",
"lastModified": 1738875499,
"narHash": "sha256-P3VbO2IkEW+0d0pJU7CuX8e+obSoiDw/YCVL1mnA26w=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "cd9caf9afb1c8fe848f140a7831fe462b73df91a",
"rev": "4642ec1073a7417e6303484d8f2e7d29dc24a50f",
"type": "github"
},
"original": {
@@ -256,11 +256,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1737639419,
"narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
"lastModified": 1739186342,
"narHash": "sha256-2j+sln9RwQn+g7J4GmdFFgvqXnLkvWBNMaUzONlkzUE=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
"rev": "3bdeebbc484a09391c4f0ec8a37bb77809426660",
"type": "github"
},
"original": {
@@ -310,11 +310,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1738824222,
"narHash": "sha256-U3SNq+waitGIotmgg/Et3J7o4NvUtP2gb2VhME5QXiw=",
"lastModified": 1739020877,
"narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "550e11f27ba790351d390d9eca3b80ad0f0254e7",
"rev": "a79cfe0ebd24952b580b1cf08cd906354996d547",
"type": "github"
},
"original": {
@@ -379,11 +379,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1738754241,
"narHash": "sha256-hiw8wVE2tTrLPtIz1xSbJ3eEXCOx729kRq7UpMRTaU0=",
"lastModified": 1738997488,
"narHash": "sha256-jeNdFVtEDLypGIbNqBjURovfw9hMkVtlLR7j/5fRh54=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "ca47cddc31ae76a05e8709ed4aec805c5ef741d3",
"rev": "208bc52b5dc177badc081c64eb0584a313c73242",
"type": "github"
},
"original": {

5
etcnixos/flake.nix
View File

@@ -20,6 +20,11 @@
url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =

79
etcnixos/hardware_laptop.nix
View File

@@ -15,25 +15,70 @@
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/acbd96e3-e7c7-442d-82cc-ce2913a9e90c";
fsType = "btrfs";
options = [
"subvol=@"
"compress=zstd"
"autodefrag"
"noatime"
"space_cache=v2"
"discard"
];
};
# fileSystems."/" = {
# device = "/dev/disk/by-uuid/acbd96e3-e7c7-442d-82cc-ce2913a9e90c";
# fsType = "btrfs";
# options = [
# "subvol=@"
# "compress=zstd"
# "autodefrag"
# "noatime"
# "space_cache=v2"
# "discard"
# ];
# };
boot.initrd.luks.devices."luks-0f481d5f-528c-4838-bd8a-d2780b4ba234".device =
"/dev/disk/by-uuid/0f481d5f-528c-4838-bd8a-d2780b4ba234";
# boot.initrd.luks.devices."luks-0f481d5f-528c-4838-bd8a-d2780b4ba234".device =
# "/dev/disk/by-uuid/0f481d5f-528c-4838-bd8a-d2780b4ba234";
# fileSystems."/boot" = {
# device = "/dev/disk/by-uuid/4D19-520E";
# fsType = "vfat";
# };
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-nvme-1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
passwordFile = "${./secrets/disk-password}";
content = {
type = "filesystem";
format = "f2fs";
mountpoint = "/";
extraArgs = [
"-O"
"extra_attr,inode_checksum,sb_checksum,compression"
];
mountOptions = [
"compress_algorithm=zstd:6,compress_chksum,atgc,gc_merge,lazytime,nodiscard"
];
};
};
};
};
};
};
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4D19-520E";
fsType = "vfat";
};
swapDevices = [ ];

BIN
etcnixos/secrets/disk-password Normal file
View File

Binary file not shown.

0
etcnixos/secrets/primary-password.age → etcnixos/secrets/password-hash.age
View File

2
etcnixos/secrets/secrets.nix
View File

@@ -11,6 +11,6 @@ in
];
})
[
"primary-password.age"
"password-hash.age"
]
))

28
etcnixos/system-mreow.nix
View File

@@ -58,10 +58,10 @@
};
boot = {
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
# lanzaboote = {
# enable = true;
# pkiBundle = "/etc/secureboot";
# };
# Bootloader.
loader = {
@@ -71,7 +71,7 @@
generated at installation time. So we force it to false
for now.
*/
systemd-boot.enable = lib.mkForce false;
# systemd-boot.enable = lib.mkForce false;
};
kernelParams = [
@@ -110,15 +110,15 @@
# if I move to another lock screen program, i will have to replace `swaylock`
security.pam.services.swaylock = { };
system.activationScripts = {
# extract all my secureboot keys
"secureboot-keys".text = ''
#!/bin/sh
rm -fr ${config.boot.lanzaboote.pkiBundle} || true
mkdir -p ${config.boot.lanzaboote.pkiBundle}
${pkgs.gnutar}/bin/tar xf ${./secrets/secureboot.tar} -C ${config.boot.lanzaboote.pkiBundle}
'';
};
# system.activationScripts = {
# # extract all my secureboot keys
# "secureboot-keys".text = ''
# #!/bin/sh
# rm -fr ${config.boot.lanzaboote.pkiBundle} || true
# mkdir -p ${config.boot.lanzaboote.pkiBundle}
# ${pkgs.gnutar}/bin/tar xf ${./secrets/secureboot.tar} -C ${config.boot.lanzaboote.pkiBundle}
# '';
# };
# disable framework kernel module
# https://github.com/NixOS/nixos-hardware/issues/1330

18
etcnixos/vm.nix
View File

@@ -61,13 +61,13 @@
users.users."${username}".extraGroups = [ "libvirtd" ];
boot.kernelPatches = [
{
name = "undetected-kvm";
patch = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/Scrut1ny/Hypervisor-Phantom/d09d66813570704e2b05440f290d6f9bdf2d26c7/Hypervisor-Phantom/patches/Kernel/linux-6.13-svm.patch";
sha256 = "zz18xerutulLGzlHhnu26WCY8rVQXApyeoDtCjbejIk=";
};
}
];
# boot.kernelPatches = [
# {
# name = "undetected-kvm";
# patch = pkgs.fetchurl {
# url = "https://raw.githubusercontent.com/Scrut1ny/Hypervisor-Phantom/d09d66813570704e2b05440f290d6f9bdf2d26c7/Hypervisor-Phantom/patches/Kernel/linux-6.13-svm.patch";
# sha256 = "zz18xerutulLGzlHhnu26WCY8rVQXApyeoDtCjbejIk=";
# };
# }
# ];
}