diff --git a/flake.nix b/flake.nix index 7bc4c49..af4dc16 100755 --- a/flake.nix +++ b/flake.nix @@ -37,20 +37,6 @@ ./system/susans-hp/configuration.nix ]; }; - vincents-vm = lib.nixosSystem { - inherit system; - specialArgs = { inherit unstable; }; - modules = [ - ./system/vincents-vm/configuration.nix - ]; - }; - susans-vm = lib.nixosSystem { - inherit system; - specialArgs = { inherit unstable; }; - modules = [ - ./system/susans-vm/configuration.nix - ]; - }; }; }; } diff --git a/setup.sh b/setup.sh index f9b5202..2d6b9bd 100755 --- a/setup.sh +++ b/setup.sh @@ -1,5 +1,7 @@ -sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode disko system/vincents-old-hp/disk.nix +read HOST -sudo nixos-install --flake .#vincents-old-hp +sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode disko system/$HOST/disk.nix + +sudo nixos-install --flake .#$HOST echo "REBOOT YOUR COMPUTER" diff --git a/system/susans-vm/configuration.nix b/system/susans-vm/configuration.nix deleted file mode 100755 index 3589937..0000000 --- a/system/susans-vm/configuration.nix +++ /dev/null @@ -1,273 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, unstable, lib, ... }: - -#let - #unstableTarball = - # fetchTarball - # https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz; -#in - - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # legacy boot - #boot.loader.grub.enable = true; - #boot.loader.grub.device = "/dev/vda"; - #boot.loader.grub.useOSProber = true; - - # UEFI boot - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - #boot.loader.efi.efiSysMountPoint = "/boot/efi"; - - boot.binfmt.registrations.appimage = { - interpreter = "${pkgs.appimage-run}/bin/appimage-run"; - recognitionType = "magic"; - offset = 0; - mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff''; - magicOrExtension = ''\x7fELF....AI\x02''; - }; - - # boot logo - boot.plymouth.enable = true; - - # ZRAM - zramSwap.enable = true; - zramSwap.memoryPercent = 50; - boot.kernel.sysctl = { - "vm.swappiness" = 10; - "vm.vsf_cache_pressure" = 50; - }; - - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - - #boot.kernelPackages = pkgs.linuxPackages_xanmod_stable; - boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; - - networking.hostName = "susans-vm"; # Define your hostname. - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/New_York"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - useXkbConfig = true; - }; - fonts.packages = [ pkgs.corefonts ]; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # displaylink - #services.xserver.videoDrivers = [ "displaylink" "modesetting" ]; - - # waydroid - virtualisation.waydroid.enable = true; - - # Enable the Cinnamon Desktop Environment. - services.displayManager.sddm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - programs.kdeconnect.enable = true; - - # Configure keymap in X11 - services.xserver = { - xkb.layout = "us"; - #xkb.variant = "colemak"; - #xkb.model = "chromebook"; - }; - services.xserver.xkb.options = "grp:win_space_toggle"; - - # Enable CUPS to print documents. - services.printing.enable = true; - services.avahi.enable = true; - services.avahi.nssmdns4 = true; - services.avahi.openFirewall = true; - services.printing.drivers = [ pkgs.hplip ]; - - # Enable sound with pipewire. - #sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - jack.enable = true; - - # use the example session manager (no others are packaged yet so this is en> - # no need to redefine it in your config for now) - wireplumber.enable = true; - }; - programs.noisetorch.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - services.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.susan = { - isNormalUser = true; - shell = pkgs.fish; - initialHashedPassword = "$y$j9T$0PPbSXGEwyGq6ZFvJMhmE/$D5ZlKOwR/4NCDD8eaxWiQiG1TTRSK4PfbQe/Tm60Id/"; - extraGroups = [ "wheel" "networkmanager" "lp" "audio" "video" "cdrom" "input" ]; - }; - programs.fish.enable = true; - - nix.extraOptions = ''experimental-features = nix-command flakes''; - - nixpkgs.config.permittedInsecurePackages = [ - "electron-12.2.3" - "electron-27.3.11" - ]; - - nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment = { - systemPackages = with pkgs; [ - tailscale - bleachbit - btop - neofetch - clamtk - trayscale - topgrade - appimage-run - unstable.gearlever - # kde apps - libsForQt5.discover - libsForQt5.sddm-kcm - libsForQt5.ark - libsForQt5.qtmultimedia - # editors - libsForQt5.kate - nano - # office apps - libreoffice-qt - zoom-us - # package manager - wget - # web browser - firefox - ]; - }; - - # flatpak - xdg.portal.enable = true; - services.flatpak.enable = true; - systemd.services.configure-flathub-repo = { - wantedBy = ["multi-user.target"]; - path = [ pkgs.flatpak ]; - script = '' - flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - ''; - }; - - # bluetooth - hardware.bluetooth.enable = true; - - # dconf - programs.dconf.enable = true; - - # enable the tailscale service - services.tailscale.enable = true; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - programs.mtr.enable = true; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - # List services that you want to enable: - - # preload - services.preload.enable = true; - - # schedualer - services.system76-scheduler.enable = true; - - # Enable the OpenSSH daemon. - services.openssh.enable = false; - - # auto clean - nix.optimise.automatic = true; - nix.gc.automatic = true; - nix.gc.dates = "weekly"; - - # enable fwupd - services.fwupd.enable = true; - - # captive browser - programs.captive-browser.enable = true; - programs.captive-browser.bindInterface = false; - - - # auto update - system.autoUpgrade.enable = true; - system.autoUpgrade.allowReboot = true; - system.autoUpgrade.rebootWindow = { - lower = "01:00"; - upper = "05:00"; - }; - - #clamav - services.clamav.updater.enable = true; - services.clamav.daemon.enable = true; - - - # audit - security.auditd.enable = true; - security.audit.enable = true; - security.audit.rules = [ - "-a exit,always -F arch=b64 -S execve" - ]; - - - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ - 22 - ]; - networking.firewall.allowedUDPPorts = [ - 22 - ]; - networking.firewall.allowedTCPPortRanges = [ - { - from = 1714; - to = 1764; - } - ]; - networking.firewall.allowedUDPPortRanges = [ - { - from = 1714; - to = 1764; - } - ]; - networking.firewall.rejectPackets = true; - # networking.firewall.allowedUDPPorts = [ 21116 ]; - # Or disable the firewall altogether. - networking.firewall.trustedInterfaces = [ "tailscale0" ]; - - services.fail2ban.enable = true; - networking.firewall.enable = true; - - # This value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system were - # taken. It‘s perfectly fine and recommended to leave this value at the release version of the first install of this system. Before changing this value read - # the documentation for this option (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.05"; # Did you read the comment? - -} - diff --git a/system/susans-vm/disk.nix b/system/susans-vm/disk.nix deleted file mode 100755 index 87e7c2f..0000000 --- a/system/susans-vm/disk.nix +++ /dev/null @@ -1,74 +0,0 @@ -#{ config, pkgs, disko, ... }: -{ - disko.devices = { - disk = { - vda = { - type = "disk"; - device = "/dev/vda"; - content = { - type = "gpt"; - partitions = { - ESP = { - label = "boot"; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; - }; - }; - luks = { - size = "100%"; - label = "luks"; - content = { - type = "luks"; - name = "cryptroot"; - extraOpenArgs = [ - "--allow-discards" - "--perf-no_read_workqueue" - "--perf-no_write_workqueue" - ]; - # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html - settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];}; - content = { - type = "btrfs"; - extraArgs = ["-L" "nixos" "-f"]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = ["subvol=root" "compress=zstd" "noatime"]; - }; - "/home" = { - mountpoint = "/home"; - mountOptions = ["subvol=home" "compress=zstd" "noatime"]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = ["subvol=nix" "compress=zstd" "noatime"]; - }; - "/persist" = { - mountpoint = "/persist"; - mountOptions = ["subvol=persist" "compress=zstd" "noatime"]; - }; - "/log" = { - mountpoint = "/var/log"; - mountOptions = ["subvol=log" "compress=zstd" "noatime"]; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = true; - fileSystems."/var/log".neededForBoot = true; -} diff --git a/system/susans-vm/hardware-configuration.nix b/system/susans-vm/hardware-configuration.nix deleted file mode 100644 index ec0c8a9..0000000 --- a/system/susans-vm/hardware-configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/system/vincents-vm/configuration.nix b/system/vincents-vm/configuration.nix deleted file mode 100755 index b576587..0000000 --- a/system/vincents-vm/configuration.nix +++ /dev/null @@ -1,325 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, unstable, lib, ... }: - - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # legacy boot - #boot.loader.grub.enable = true; - #boot.loader.grub.device = "/dev/vda"; - #boot.loader.grub.useOSProber = true; - - # UEFI boot - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - #boot.loader.efi.efiSysMountPoint = "/boot/efi"; - - boot.binfmt.registrations.appimage = { - interpreter = "${pkgs.appimage-run}/bin/appimage-run"; - recognitionType = "magic"; - offset = 0; - mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff''; - magicOrExtension = ''\x7fELF....AI\x02''; - }; - - # boot logo - boot.plymouth.enable = true; - - # ZRAM - zramSwap.enable = true; - zramSwap.memoryPercent = 50; - boot.kernel.sysctl = { - "vm.swappiness" = 10; - "vm.vsf_cache_pressure" = 50; - }; - - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - - #boot.kernelPackages = pkgs.linuxPackages_xanmod_stable; - boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; - - networking.hostName = "vincents-vm"; # Define your hostname. - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/New_York"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - useXkbConfig = true; - }; - fonts.packages = [ pkgs.corefonts ]; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # displaylink - #services.xserver.videoDrivers = [ "displaylink" "modesetting" ]; - - # waydroid - #virtualisation.waydroid.enable = true; - - # Enable the Cinnamon Desktop Environment. - services.displayManager.sddm.enable = true; - services.desktopManager.plasma6.enable = true; - programs.kdeconnect.enable = true; - - # Configure keymap in X11 - services.xserver = { - xkb.layout = "us"; - #xkb.variant = "colemak"; - #xkb.model = "chromebook"; - }; - services.xserver.xkb.options = "grp:win_space_toggle"; - - # Enable CUPS to print documents. - services.printing.enable = true; - services.avahi.enable = true; - services.avahi.nssmdns4 = true; - services.avahi.openFirewall = true; - services.printing.drivers = [ pkgs.hplip ]; - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - jack.enable = true; - - # use the example session manager (no others are packaged yet so this is en> - # no need to redefine it in your config for now) - wireplumber.enable = true; - }; - programs.noisetorch.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - services.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.vincent = { - isNormalUser = true; - shell = pkgs.fish; - initialHashedPassword = "$y$j9T$0PPbSXGEwyGq6ZFvJMhmE/$D5ZlKOwR/4NCDD8eaxWiQiG1TTRSK4PfbQe/Tm60Id/"; - extraGroups = [ "wheel" "networkmanager" "lp" "audio" "video" "cdrom" "input" "libvirtd" "dialout" ]; - }; - programs.fish.enable = true; - - nix.extraOptions = ''experimental-features = nix-command flakes''; - - nixpkgs.config.permittedInsecurePackages = [ - "electron-12.2.3" - "electron-27.3.11" - ]; - - nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment = { - systemPackages = with pkgs; [ - tailscale - bleachbit - btop - neofetch - clamtk - trayscale - topgrade - appimage-run - unstable.gearlever - # kde apps - kdePackages.discover - kdePackages.sddm-kcm - kdePackages.kwayland - kdePackages.ark - kdePackages.qtmultimedia - # editors - kdePackages.kate - nano - # vm - quickemu - quickgui - # containers - podman - podman-compose - distrobox - boxbuddy - # office apps - bottles - libreoffice-qt - logseq - zoom-us - orca-slicer - unstable.freecad-wayland - gpodder - # package manager - wget - # web browser - librewolf - ungoogled-chromium - ]; - }; - - services = { - syncthing = { - enable = true; - user = "vincent"; - openDefaultPorts = true; - dataDir = "/home/vincent/logseq"; # Default folder for new synced folders - configDir = "/home/vincent/Documents/.config/syncthing"; # Folder for Syncthing's settings and keys - }; - }; - - # flatpak - xdg.portal.enable = true; - services.flatpak.enable = true; - systemd.services.configure-flathub-repo = { - wantedBy = ["multi-user.target"]; - path = [ pkgs.flatpak ]; - script = '' - flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - ''; - }; - - # podman - virtualisation.containers.enable = true; - virtualisation = { - podman = { - enable = true; - - # Create a `docker` alias for podman, to use it as a drop-in replacement - dockerCompat = true; - - # Required for containers under podman-compose to be able to talk to each other. - defaultNetwork.settings.dns_enabled = true; - }; - }; - - # bluetooth - hardware.bluetooth.enable = true; - - # dconf - programs.dconf.enable = true; - - # enable the tailscale service - services.tailscale.enable = true; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - programs.mtr.enable = true; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - # List services that you want to enable: - - # preload - services.preload.enable = true; - - # schedualer - services.system76-scheduler.enable = true; - - # Enable the OpenSSH daemon. - services.openssh.enable = false; - - # auto clean - nix.optimise.automatic = true; - - # enable fwupd - services.fwupd.enable = true; - - # captive browser - programs.captive-browser.enable = true; - programs.captive-browser.bindInterface = false; - - - # auto update - system.autoUpgrade.enable = true; - system.autoUpgrade.allowReboot = true; - system.autoUpgrade.rebootWindow = { - lower = "01:00"; - upper = "05:00"; - }; - - #clamav - services.clamav.updater.enable = true; - services.clamav.daemon.enable = true; - - - # audit - security.auditd.enable = true; - security.audit.enable = true; - security.audit.rules = [ - "-a exit,always -F arch=b64 -S execve" - ]; - - - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ - 22 - 8384 - 22000 - 24800 - 21116 - 7236 - 7250 - 47984 - 47989 - 47990 - 48010 - ]; - networking.firewall.allowedUDPPorts = [ - 22000 - 21027 - 24800 - 5353 - 5900 - 3689 - 5353 - 7236 - 47998 - 47999 - 48000 - 48002 - ]; - networking.firewall.allowedTCPPortRanges = [ - { - from = 1714; - to = 1764; - } - ]; - networking.firewall.allowedUDPPortRanges = [ - { - from = 1714; - to = 1764; - } - ]; - networking.firewall.rejectPackets = true; - # networking.firewall.allowedUDPPorts = [ 21116 ]; - # Or disable the firewall altogether. - networking.firewall.trustedInterfaces = [ "tailscale0" ]; - - services.fail2ban.enable = true; - networking.firewall.enable = true; - - # This value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system were - # taken. It‘s perfectly fine and recommended to leave this value at the release version of the first install of this system. Before changing this value read - # the documentation for this option (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.05"; # Did you read the comment? - -} - diff --git a/system/vincents-vm/hardware-configuration.nix b/system/vincents-vm/hardware-configuration.nix deleted file mode 100644 index c7ee088..0000000 --- a/system/vincents-vm/hardware-configuration.nix +++ /dev/null @@ -1,38 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/vda2"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/vda1"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -}