From c594ff128f3b8189ddd4fcc03650ae9a4920401d Mon Sep 17 00:00:00 2001 From: Yadunand Prem Date: Tue, 19 Aug 2025 00:34:18 +0800 Subject: [PATCH] Add penguin configuration --- .../x86_64-linux/yadunut@penguin/default.nix | 14 --- lib/default.nix | 18 ++++ modules/nixos/my_nix/default.nix | 42 +++++++++ modules/nixos/my_users/default.nix | 40 ++++++++ systems/x86_64-linux/penguin/default.nix | 76 ++++++++++++++++ systems/x86_64-linux/penguin/disko-config.nix | 91 +++++++++++++++++++ .../penguin/hardware-configuration.nix | 29 ++++++ 7 files changed, 296 insertions(+), 14 deletions(-) create mode 100644 lib/default.nix create mode 100644 modules/nixos/my_nix/default.nix create mode 100644 modules/nixos/my_users/default.nix create mode 100644 systems/x86_64-linux/penguin/default.nix create mode 100644 systems/x86_64-linux/penguin/disko-config.nix create mode 100644 systems/x86_64-linux/penguin/hardware-configuration.nix diff --git a/homes/x86_64-linux/yadunut@penguin/default.nix b/homes/x86_64-linux/yadunut@penguin/default.nix index 47eaa71..4f667bf 100644 --- a/homes/x86_64-linux/yadunut@penguin/default.nix +++ b/homes/x86_64-linux/yadunut@penguin/default.nix @@ -5,10 +5,6 @@ ... }: { - home.packages = with pkgs; [ - seahorse - wl-clipboard - ]; git = { enable = true; signingKey = "~/.ssh/id_ed25519.pub"; @@ -18,10 +14,6 @@ neovim.enable = true; services = { - darkman.enable = true; - hyprpolkitagent.enable = true; - cliphist.enable = true; - ollama = { enable = true; host = "0.0.0.0"; @@ -35,13 +27,7 @@ ]; programs = { - waybar = { - enable = true; - systemd.enable = true; - }; gh.enable = true; - zed-editor.enable = true; - firefox.enable = true; }; home.stateVersion = "25.11"; diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..7b080cd --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,18 @@ +{ + inputs, + lib, + ... +}: +{ + mkUser = + attrs: + let + sshKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG" + ]; + in + { + openssh.authorizedKeys.keys = sshKeys; + } + // attrs; +} diff --git a/modules/nixos/my_nix/default.nix b/modules/nixos/my_nix/default.nix new file mode 100644 index 0000000..816aaf5 --- /dev/null +++ b/modules/nixos/my_nix/default.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.my_nix; + inherit (lib) mkEnableOption mkIf mkOption; + types = lib.types; +in +{ + options.my_nix = { + enable = mkEnableOption "Custom nix options"; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.cachix ]; + nix = { + optimise = { + automatic = true; + }; + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + substituters = [ + "https://nix-community.cachix.org" + "https://cache.nixos.org" + ]; + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + ]; + }; + }; + nixpkgs.config = { + allowUnfree = true; + }; + }; +} diff --git a/modules/nixos/my_users/default.nix b/modules/nixos/my_users/default.nix new file mode 100644 index 0000000..06126e2 --- /dev/null +++ b/modules/nixos/my_users/default.nix @@ -0,0 +1,40 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.my_users; + inherit (lib) mkEnableOption mkIf mkOption; + types = lib.types; +in +{ + options.my_users = { + enable = mkEnableOption "Users"; + defaultShell = mkOption { + default = pkgs.zsh; + type = types.package; + }; + }; + + config = mkIf cfg.enable { + security.sudo.wheelNeedsPassword = false; + users.defaultUserShell = cfg.defaultShell; + programs.zsh.enable = true; # I feel like this should be behind a flag but fuckit + nix.settings.trusted-users = [ + "root" + "yadunut" + ]; + users.users = { + yadunut = lib.snowfall.mkUser { + extraGroups = [ "wheel" ]; + shell = pkgs.zsh; + hashedPassword = "$y$j9T$9ATrmrhedhb.mAZ4//PiN/$OStCOaJHt3kPA63imTG3zLMWCSLoWCUph5O6jl5mcZ."; + }; + root = lib.snowfall.mkUser { + hashedPassword = "$6$xa/mFg4OxIbb8XiQ$S2RVyCKcLaKHymFs48u8vj1dv.mQdxt.BQoucJsr8wfcHayXwKfD0C2NIOYY5AEPR9zgnMvFp8d8STKe6wMGR/"; + }; + }; + }; +} diff --git a/systems/x86_64-linux/penguin/default.nix b/systems/x86_64-linux/penguin/default.nix new file mode 100644 index 0000000..ba6e13c --- /dev/null +++ b/systems/x86_64-linux/penguin/default.nix @@ -0,0 +1,76 @@ +{ + pkgs, + inputs, + lib, + ... +}: +let + inherit (inputs) disko agenix home-manager; +in +{ + imports = [ + disko.nixosModules.disko + agenix.nixosModules.default + home-manager.nixosModules.home-manager + ./disko-config.nix + ./hardware-configuration.nix + ]; + config = { + + my_users.enable = true; + my_nix.enable = true; + + networking.hostName = "penguin"; + + boot = { + tmp.cleanOnBoot = true; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + time.timeZone = "Asia/Singapore"; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 22 + 3000 + 3001 + ]; + networkmanager.enable = true; + nftables.enable = true; + trustedInterfaces = [ "tailscale0" ]; + }; + + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; + + users.users.cs3223 = lib.snowfall.mkUser { + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + + services.tailscale.enable = true; + nixpkgs.config = { + rocmSupport = true; + }; + + programs._1password.enable = true; + + environment.systemPackages = with pkgs; [ + git + neovim + ]; + + virtualisation.podman = { + enable = true; + dockerCompat = true; + defaultNetwork.settings.dns_enabled = true; + }; + system.stateVersion = "25.11"; + }; +} diff --git a/systems/x86_64-linux/penguin/disko-config.nix b/systems/x86_64-linux/penguin/disko-config.nix new file mode 100644 index 0000000..cbb00ef --- /dev/null +++ b/systems/x86_64-linux/penguin/disko-config.nix @@ -0,0 +1,91 @@ +{ + disko.devices = { + disk = { + disk1 = { + type = "disk"; + device = "/dev/nvme1n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + crypt_p1 = { + size = "100%"; + content = { + type = "luks"; + name = "crypt_p1"; + passwordFile = "/tmp/disk.key"; + settings = { + allowDiscards = true; + }; + }; + }; + }; + }; + }; + disk2 = { + type = "disk"; + device = "/dev/nvme2n1"; + content = { + type = "gpt"; + partitions = { + crypt_p2 = { + size = "100%"; + content = { + type = "luks"; + name = "crypt_p2"; + settings = { + allowDiscards = true; + }; + content = { + type = "btrfs"; + extraArgs = [ + "-d raid1" + "/dev/mapper/crypt_p1" + ]; + subvolumes = { + "@" = { }; + "@/root" = { + mountpoint = "/"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "@/home" = { + mountpoint = "/home"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "@/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "@/swap" = { + # mountpoint = "/.swapvol"; + # swap.swapfile.size = "64G"; + mountOptions = [ "noatime" ]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/systems/x86_64-linux/penguin/hardware-configuration.nix b/systems/x86_64-linux/penguin/hardware-configuration.nix new file mode 100644 index 0000000..2dd9b37 --- /dev/null +++ b/systems/x86_64-linux/penguin/hardware-configuration.nix @@ -0,0 +1,29 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp5s0f0np0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp5s0f1np1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}