diff --git a/flake.nix b/flake.nix index 598ee16..4c81665 100644 --- a/flake.nix +++ b/flake.nix @@ -85,6 +85,28 @@ } ]; }; + Rico0 = + let + hostname = "Rico0"; + system = "aarch64-linux"; + username = "adtya"; + in + nixpkgs.lib.nixosSystem { + inherit system; + pkgs = packages system; + specialArgs = { inherit inputs username; }; + modules = [ + { + system.configurationRevision = lib.mkIf (self ? rev) self.rev; + networking.hostName = lib.mkDefault hostname; + nixpkgs.hostPlatform = lib.mkDefault system; + } + lix-module.nixosModules.default + sops-nix.nixosModules.sops + ./common + ./hosts/rico0 + ]; + }; Rico1 = let hostname = "Rico1"; @@ -107,6 +129,28 @@ ./hosts/rico1 ]; }; + Rico2 = + let + hostname = "Rico2"; + system = "aarch64-linux"; + username = "adtya"; + in + nixpkgs.lib.nixosSystem { + inherit system; + pkgs = packages system; + specialArgs = { inherit inputs username; }; + modules = [ + { + system.configurationRevision = lib.mkIf (self ? rev) self.rev; + networking.hostName = lib.mkDefault hostname; + nixpkgs.hostPlatform = lib.mkDefault system; + } + lix-module.nixosModules.default + sops-nix.nixosModules.sops + ./common + ./hosts/rico2 + ]; + }; }; } // flake-utils.lib.eachDefaultSystem (system: diff --git a/hosts/rico0/containers/default.nix b/hosts/rico0/containers/default.nix new file mode 100644 index 0000000..b7f84ae --- /dev/null +++ b/hosts/rico0/containers/default.nix @@ -0,0 +1,5 @@ +_: { + virtualisation.oci-containers = { + backend = "podman"; + }; +} diff --git a/hosts/rico0/default.nix b/hosts/rico0/default.nix new file mode 100644 index 0000000..e0c3429 --- /dev/null +++ b/hosts/rico0/default.nix @@ -0,0 +1,43 @@ +{ ... }: { + imports = [ + ./hardware + ./programs + ./services + ./containers + ./network.nix + ./security.nix + ]; + +nixpkgs.overlays = [ + (final: super: { + makeModulesClosure = x: + super.makeModulesClosure (x // { allowMissing = true; }); + }) + ]; + + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + LC_ALL = "en_US.UTF-8"; + }; + supportedLocales = [ "en_US.UTF-8/UTF-8" ]; + }; + + time.timeZone = "Asia/Kolkata"; + system = { + switch = { + enable = false; + enableNg = true; + }; + stateVersion = "23.11"; + }; +} diff --git a/hosts/rico0/hardware/default.nix b/hosts/rico0/hardware/default.nix new file mode 100644 index 0000000..cdacf9a --- /dev/null +++ b/hosts/rico0/hardware/default.nix @@ -0,0 +1,13 @@ +_: { + imports = [ ./filesystem.nix ./kernel.nix ]; + + hardware.enableRedistributableFirmware = true; + + boot = { + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + supportedFilesystems = [ "vfat" "btrfs" "ext4" ]; + }; +} diff --git a/hosts/rico0/hardware/filesystem.nix b/hosts/rico0/hardware/filesystem.nix new file mode 100644 index 0000000..62259b9 --- /dev/null +++ b/hosts/rico0/hardware/filesystem.nix @@ -0,0 +1,36 @@ +_: { + fileSystems = { + "/" = { + device = "/dev/disk/by-partlabel/RICO0_ROOT"; + fsType = "btrfs"; + options = [ "subvol=@root" "compress-force=zstd" "noatime" ]; + neededForBoot = true; + }; + + "/nix" = { + device = "/dev/disk/by-partlabel/RICO0_ROOT"; + fsType = "btrfs"; + options = [ "subvol=@nix" "compress-force=zstd" "noatime" ]; + neededForBoot = true; + }; + + "/persist" = { + device = "/dev/disk/by-partlabel/RICO0_ROOT"; + fsType = "btrfs"; + options = [ "subvol=@persist" "compress-force=zstd" "noatime" ]; + neededForBoot = true; + }; + + "/mnt/system" = { + device = "/dev/disk/by-partlabel/RICO0_ROOT"; + fsType = "btrfs"; + options = [ "subvol=/" "compress-force=zstd" "noatime" ]; + }; + + "/boot" = { + device = "/dev/disk/by-partlabel/RICO0_BOOT"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + }; +} diff --git a/hosts/rico0/hardware/kernel.nix b/hosts/rico0/hardware/kernel.nix new file mode 100644 index 0000000..e8c6feb --- /dev/null +++ b/hosts/rico0/hardware/kernel.nix @@ -0,0 +1,18 @@ +{ lib +, pkgs +, ... +}: { + boot = { + consoleLogLevel = 3; + kernelPackages = lib.mkDefault pkgs.linuxPackages_rpi4; + kernel.sysctl = { + "vm.swappiness" = 10; + "vm.dirty_ratio" = 3; + }; + initrd = { + availableKernelModules = [ "xhci_pci" ]; + systemd.enable = true; + }; + }; + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; +} diff --git a/hosts/rico0/network.nix b/hosts/rico0/network.nix new file mode 100644 index 0000000..505589d --- /dev/null +++ b/hosts/rico0/network.nix @@ -0,0 +1,43 @@ +{ lib, ... }: { + networking = { + nameservers = [ + "2620:fe::fe#dns.quad9.net" + "9.9.9.9#dns.quad9.net" + "2620:fe::9#dns.quad9.net" + "149.112.112.112#dns.quad9.net" + ]; + + networkmanager = { + enable = true; + dhcp = "dhcpcd"; + dns = "systemd-resolved"; + wifi = { + backend = "iwd"; + powersave = false; + }; + }; + + useDHCP = lib.mkDefault false; + + wireless.iwd = { + enable = true; + settings = { + General = { + AddressRandomization = "network"; + EnableNetworkConfiguration = false; + }; + Settings = { + AutoConnect = "yes"; + }; + }; + }; + }; + + services.resolved = { + enable = true; + dnssec = "true"; + dnsovertls = "true"; + domains = [ "~." ]; + fallbackDns = [ ]; + }; +} diff --git a/hosts/rico0/programs/default.nix b/hosts/rico0/programs/default.nix new file mode 100644 index 0000000..00dca37 --- /dev/null +++ b/hosts/rico0/programs/default.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: { + imports = [ + ./neovim.nix + ./starship.nix + ./zsh.nix + ]; + + programs.git.enable = true; + + environment.systemPackages = with pkgs; [ + sops + age + libraspberrypi + raspberrypi-eeprom + ]; + +} diff --git a/hosts/rico0/programs/neovim.nix b/hosts/rico0/programs/neovim.nix new file mode 100644 index 0000000..a70af6e --- /dev/null +++ b/hosts/rico0/programs/neovim.nix @@ -0,0 +1,8 @@ +_: { + programs.neovim = { + enable = true; + defaultEditor = true; + viAlias = true; + vimAlias = true; + }; +} diff --git a/hosts/rico0/programs/starship.nix b/hosts/rico0/programs/starship.nix new file mode 100644 index 0000000..3de1b05 --- /dev/null +++ b/hosts/rico0/programs/starship.nix @@ -0,0 +1,8 @@ +_: { + programs.starship = { + enable = true; + settings = { + add_newline = false; + }; + }; +} diff --git a/hosts/rico0/programs/zsh.nix b/hosts/rico0/programs/zsh.nix new file mode 100644 index 0000000..53468ac --- /dev/null +++ b/hosts/rico0/programs/zsh.nix @@ -0,0 +1,10 @@ +_: { + programs = { + zsh = { + enable = true; + autosuggestions.enable = true; + syntaxHighlighting.enable = true; + }; + }; + environment.pathsToLink = [ "/share/zsh" ]; +} diff --git a/hosts/rico0/security.nix b/hosts/rico0/security.nix new file mode 100644 index 0000000..b2d7da4 --- /dev/null +++ b/hosts/rico0/security.nix @@ -0,0 +1,9 @@ +_: { + security = { + sudo = { + wheelNeedsPassword = false; + }; + polkit.enable = true; + rtkit.enable = true; + }; +} diff --git a/hosts/rico0/services/btrfs.nix b/hosts/rico0/services/btrfs.nix new file mode 100644 index 0000000..dc00c6b --- /dev/null +++ b/hosts/rico0/services/btrfs.nix @@ -0,0 +1,6 @@ +_: { + services.btrfs.autoScrub = { + enable = true; + fileSystems = [ "/mnt/system" ]; + }; +} diff --git a/hosts/rico0/services/default.nix b/hosts/rico0/services/default.nix new file mode 100644 index 0000000..fb02349 --- /dev/null +++ b/hosts/rico0/services/default.nix @@ -0,0 +1,7 @@ +_: { + imports = [ + ./btrfs.nix + ./ssh.nix + ]; + +} diff --git a/hosts/rico0/services/ssh.nix b/hosts/rico0/services/ssh.nix new file mode 100644 index 0000000..7cba6eb --- /dev/null +++ b/hosts/rico0/services/ssh.nix @@ -0,0 +1,21 @@ +_: { + services.openssh = { + enable = true; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + hostKeys = [ + { + path = "/persist/secrets/ssh/keys/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/persist/secrets/ssh/keys/ssh_host_rsa_key"; + type = "rsa"; + bits = "4096"; + } + ]; + }; +} diff --git a/hosts/rico1/default.nix b/hosts/rico1/default.nix index a84772c..4b107e0 100644 --- a/hosts/rico1/default.nix +++ b/hosts/rico1/default.nix @@ -8,6 +8,13 @@ ./security.nix ]; + nixpkgs.overlays = [ + (final: super: { + makeModulesClosure = x: + super.makeModulesClosure (x // { allowMissing = true; }); + }) + ]; + i18n = { defaultLocale = "en_US.UTF-8"; extraLocaleSettings = { diff --git a/hosts/rico1/hardware/kernel.nix b/hosts/rico1/hardware/kernel.nix index 7445cf6..e8c6feb 100644 --- a/hosts/rico1/hardware/kernel.nix +++ b/hosts/rico1/hardware/kernel.nix @@ -4,14 +4,14 @@ }: { boot = { consoleLogLevel = 3; - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + kernelPackages = lib.mkDefault pkgs.linuxPackages_rpi4; kernel.sysctl = { "vm.swappiness" = 10; "vm.dirty_ratio" = 3; }; initrd = { - availableKernelModules = ["xhci_pci"]; - systemd.enable = true; + availableKernelModules = [ "xhci_pci" ]; + systemd.enable = true; }; }; powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; diff --git a/hosts/rico2/containers/default.nix b/hosts/rico2/containers/default.nix new file mode 100644 index 0000000..b7f84ae --- /dev/null +++ b/hosts/rico2/containers/default.nix @@ -0,0 +1,5 @@ +_: { + virtualisation.oci-containers = { + backend = "podman"; + }; +} diff --git a/hosts/rico2/default.nix b/hosts/rico2/default.nix new file mode 100644 index 0000000..4b107e0 --- /dev/null +++ b/hosts/rico2/default.nix @@ -0,0 +1,43 @@ +{ ... }: { + imports = [ + ./hardware + ./programs + ./services + ./containers + ./network.nix + ./security.nix + ]; + + nixpkgs.overlays = [ + (final: super: { + makeModulesClosure = x: + super.makeModulesClosure (x // { allowMissing = true; }); + }) + ]; + + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + LC_ALL = "en_US.UTF-8"; + }; + supportedLocales = [ "en_US.UTF-8/UTF-8" ]; + }; + + time.timeZone = "Asia/Kolkata"; + system = { + switch = { + enable = false; + enableNg = true; + }; + stateVersion = "23.11"; + }; +} diff --git a/hosts/rico2/hardware/default.nix b/hosts/rico2/hardware/default.nix new file mode 100644 index 0000000..cdacf9a --- /dev/null +++ b/hosts/rico2/hardware/default.nix @@ -0,0 +1,13 @@ +_: { + imports = [ ./filesystem.nix ./kernel.nix ]; + + hardware.enableRedistributableFirmware = true; + + boot = { + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + supportedFilesystems = [ "vfat" "btrfs" "ext4" ]; + }; +} diff --git a/hosts/rico2/hardware/filesystem.nix b/hosts/rico2/hardware/filesystem.nix new file mode 100644 index 0000000..c5b41ab --- /dev/null +++ b/hosts/rico2/hardware/filesystem.nix @@ -0,0 +1,36 @@ +_: { + fileSystems = { + "/" = { + device = "/dev/disk/by-partlabel/RICO2_ROOT"; + fsType = "btrfs"; + options = [ "subvol=@root" "compress-force=zstd" "noatime" ]; + neededForBoot = true; + }; + + "/nix" = { + device = "/dev/disk/by-partlabel/RICO2_ROOT"; + fsType = "btrfs"; + options = [ "subvol=@nix" "compress-force=zstd" "noatime" ]; + neededForBoot = true; + }; + + "/persist" = { + device = "/dev/disk/by-partlabel/RICO2_ROOT"; + fsType = "btrfs"; + options = [ "subvol=@persist" "compress-force=zstd" "noatime" ]; + neededForBoot = true; + }; + + "/mnt/system" = { + device = "/dev/disk/by-partlabel/RICO2_ROOT"; + fsType = "btrfs"; + options = [ "subvol=/" "compress-force=zstd" "noatime" ]; + }; + + "/boot" = { + device = "/dev/disk/by-partlabel/RICO2_BOOT"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + }; +} diff --git a/hosts/rico2/hardware/kernel.nix b/hosts/rico2/hardware/kernel.nix new file mode 100644 index 0000000..e8c6feb --- /dev/null +++ b/hosts/rico2/hardware/kernel.nix @@ -0,0 +1,18 @@ +{ lib +, pkgs +, ... +}: { + boot = { + consoleLogLevel = 3; + kernelPackages = lib.mkDefault pkgs.linuxPackages_rpi4; + kernel.sysctl = { + "vm.swappiness" = 10; + "vm.dirty_ratio" = 3; + }; + initrd = { + availableKernelModules = [ "xhci_pci" ]; + systemd.enable = true; + }; + }; + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; +} diff --git a/hosts/rico2/network.nix b/hosts/rico2/network.nix new file mode 100644 index 0000000..505589d --- /dev/null +++ b/hosts/rico2/network.nix @@ -0,0 +1,43 @@ +{ lib, ... }: { + networking = { + nameservers = [ + "2620:fe::fe#dns.quad9.net" + "9.9.9.9#dns.quad9.net" + "2620:fe::9#dns.quad9.net" + "149.112.112.112#dns.quad9.net" + ]; + + networkmanager = { + enable = true; + dhcp = "dhcpcd"; + dns = "systemd-resolved"; + wifi = { + backend = "iwd"; + powersave = false; + }; + }; + + useDHCP = lib.mkDefault false; + + wireless.iwd = { + enable = true; + settings = { + General = { + AddressRandomization = "network"; + EnableNetworkConfiguration = false; + }; + Settings = { + AutoConnect = "yes"; + }; + }; + }; + }; + + services.resolved = { + enable = true; + dnssec = "true"; + dnsovertls = "true"; + domains = [ "~." ]; + fallbackDns = [ ]; + }; +} diff --git a/hosts/rico2/programs/default.nix b/hosts/rico2/programs/default.nix new file mode 100644 index 0000000..00dca37 --- /dev/null +++ b/hosts/rico2/programs/default.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: { + imports = [ + ./neovim.nix + ./starship.nix + ./zsh.nix + ]; + + programs.git.enable = true; + + environment.systemPackages = with pkgs; [ + sops + age + libraspberrypi + raspberrypi-eeprom + ]; + +} diff --git a/hosts/rico2/programs/neovim.nix b/hosts/rico2/programs/neovim.nix new file mode 100644 index 0000000..a70af6e --- /dev/null +++ b/hosts/rico2/programs/neovim.nix @@ -0,0 +1,8 @@ +_: { + programs.neovim = { + enable = true; + defaultEditor = true; + viAlias = true; + vimAlias = true; + }; +} diff --git a/hosts/rico2/programs/starship.nix b/hosts/rico2/programs/starship.nix new file mode 100644 index 0000000..3de1b05 --- /dev/null +++ b/hosts/rico2/programs/starship.nix @@ -0,0 +1,8 @@ +_: { + programs.starship = { + enable = true; + settings = { + add_newline = false; + }; + }; +} diff --git a/hosts/rico2/programs/zsh.nix b/hosts/rico2/programs/zsh.nix new file mode 100644 index 0000000..53468ac --- /dev/null +++ b/hosts/rico2/programs/zsh.nix @@ -0,0 +1,10 @@ +_: { + programs = { + zsh = { + enable = true; + autosuggestions.enable = true; + syntaxHighlighting.enable = true; + }; + }; + environment.pathsToLink = [ "/share/zsh" ]; +} diff --git a/hosts/rico2/security.nix b/hosts/rico2/security.nix new file mode 100644 index 0000000..b2d7da4 --- /dev/null +++ b/hosts/rico2/security.nix @@ -0,0 +1,9 @@ +_: { + security = { + sudo = { + wheelNeedsPassword = false; + }; + polkit.enable = true; + rtkit.enable = true; + }; +} diff --git a/hosts/rico2/services/btrfs.nix b/hosts/rico2/services/btrfs.nix new file mode 100644 index 0000000..dc00c6b --- /dev/null +++ b/hosts/rico2/services/btrfs.nix @@ -0,0 +1,6 @@ +_: { + services.btrfs.autoScrub = { + enable = true; + fileSystems = [ "/mnt/system" ]; + }; +} diff --git a/hosts/rico2/services/default.nix b/hosts/rico2/services/default.nix new file mode 100644 index 0000000..fb02349 --- /dev/null +++ b/hosts/rico2/services/default.nix @@ -0,0 +1,7 @@ +_: { + imports = [ + ./btrfs.nix + ./ssh.nix + ]; + +} diff --git a/hosts/rico2/services/ssh.nix b/hosts/rico2/services/ssh.nix new file mode 100644 index 0000000..7cba6eb --- /dev/null +++ b/hosts/rico2/services/ssh.nix @@ -0,0 +1,21 @@ +_: { + services.openssh = { + enable = true; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + hostKeys = [ + { + path = "/persist/secrets/ssh/keys/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/persist/secrets/ssh/keys/ssh_host_rsa_key"; + type = "rsa"; + bits = "4096"; + } + ]; + }; +}