move hosts into a submodule
This commit is contained in:
parent
1557612209
commit
b1c275ad64
12 changed files with 4 additions and 508 deletions
3
.gitmodules
vendored
3
.gitmodules
vendored
|
@ -5,3 +5,6 @@
|
||||||
[submodule "secrets"]
|
[submodule "secrets"]
|
||||||
path = secrets
|
path = secrets
|
||||||
url = git@git.cherrykitten.dev:sammy/secret-store
|
url = git@git.cherrykitten.dev:sammy/secret-store
|
||||||
|
[submodule "hosts"]
|
||||||
|
path = hosts
|
||||||
|
url = git@git.cherrykitten.dev:sammy/nix-hosts
|
||||||
|
|
1
hosts
Submodule
1
hosts
Submodule
|
@ -0,0 +1 @@
|
||||||
|
Subproject commit f75c0b5d2238ad0d2c792328f8bae07a6157170e
|
|
@ -1,16 +0,0 @@
|
||||||
{ ... }: {
|
|
||||||
imports = [
|
|
||||||
./hardware-configuration.nix
|
|
||||||
../../profiles/desktop
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
|
|
||||||
networking.networkmanager.enable = true;
|
|
||||||
|
|
||||||
services.printing.enable = true;
|
|
||||||
|
|
||||||
hardware.pulseaudio.enable = true;
|
|
||||||
|
|
||||||
system.stateVersion = "23.11"; # Did you read the comment?
|
|
||||||
}
|
|
|
@ -1,34 +0,0 @@
|
||||||
{ config, lib, modulesPath, ... }: {
|
|
||||||
imports = [
|
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/disk/by-uuid/7a713df7-7027-4ae6-b1a3-839dda62dcbc";
|
|
||||||
fsType = "btrfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/fbd8d597-8cdb-4c6b-9fa0-b05f4cbfce86";
|
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
|
||||||
device = "/dev/disk/by-uuid/B4A7-702B";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [{ device = "/dev/disk/by-uuid/8cca600e-735e-4486-92e3-01ff6c0b7599"; }];
|
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
|
||||||
# still possible to use this option, but it's recommended to use it in conjunction
|
|
||||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
|
||||||
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
}
|
|
|
@ -1,85 +0,0 @@
|
||||||
{ pkgs, ... }: {
|
|
||||||
imports = [
|
|
||||||
../../profiles/desktop
|
|
||||||
./hardware-configuration.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
networking.wireless.iwd.enable = true;
|
|
||||||
|
|
||||||
# Enable CUPS to print documents.
|
|
||||||
services.printing.enable = true;
|
|
||||||
|
|
||||||
users.users.sammy.packages = with pkgs; [
|
|
||||||
picard
|
|
||||||
];
|
|
||||||
|
|
||||||
home-manager.users.sammy.programs.ssh.includes = [
|
|
||||||
"./famedly-config"
|
|
||||||
];
|
|
||||||
home-manager.users.sammy.programs.git.includes = [
|
|
||||||
{
|
|
||||||
path = "~/famedly/.gitconfig";
|
|
||||||
condition = "gitdir:~/famedly/";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
fileSystems."/mnt/Media" = {
|
|
||||||
device = "192.168.0.3:/mnt/user/Media";
|
|
||||||
fsType = "nfs";
|
|
||||||
options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" "noatime" ]; # disconnects after 10 minutes (i.e. 600 seconds)
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "23.11"; # Did you read the comment?
|
|
||||||
|
|
||||||
# Famedly compliance foo - stolen from evelyn :3
|
|
||||||
|
|
||||||
systemd.user.services.usbguard-notifier.enable = true;
|
|
||||||
|
|
||||||
services.clamav = {
|
|
||||||
daemon = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
updater = {
|
|
||||||
enable = true;
|
|
||||||
frequency = 24;
|
|
||||||
interval = "hourly";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
deployment.keys."osquery-secret.txt" = {
|
|
||||||
keyCommand = [ "pass" "work/osquery-secret" ];
|
|
||||||
|
|
||||||
destDir = "/etc/osquery/";
|
|
||||||
uploadAt = "pre-activation";
|
|
||||||
};
|
|
||||||
|
|
||||||
services.osquery = {
|
|
||||||
enable = true;
|
|
||||||
flags = {
|
|
||||||
tls_hostname = "fleet.famedly.de";
|
|
||||||
host_identifier = "instance";
|
|
||||||
enroll_secret_path = "/etc/osquery/osquery-secret.txt";
|
|
||||||
enroll_tls_endpoint = "/api/osquery/enroll";
|
|
||||||
config_plugin = "tls";
|
|
||||||
config_tls_endpoint = "/api/v1/osquery/config";
|
|
||||||
config_refresh = "10";
|
|
||||||
disable_distributed = "false";
|
|
||||||
distributed_plugin = "tls";
|
|
||||||
distributed_interval = "10";
|
|
||||||
distributed_tls_max_attempts = "3";
|
|
||||||
distributed_tls_read_endpoint = "/api/v1/osquery/distributed/read";
|
|
||||||
distributed_tls_write_endpoint = "/api/v1/osquery/distributed/write";
|
|
||||||
logger_plugin = "tls";
|
|
||||||
logger_tls_endpoint = "/api/v1/osquery/log";
|
|
||||||
logger_tls_period = "10";
|
|
||||||
disable_carver = "false";
|
|
||||||
carver_start_endpoint = "/api/v1/osquery/carve/begin";
|
|
||||||
carver_continue_endpoint = "/api/v1/osquery/carve/block";
|
|
||||||
carver_block_size = "2000000";
|
|
||||||
tls_server_certs = "/etc/ssl/certs/ca-certificates.crt";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,76 +0,0 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[
|
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{
|
|
||||||
device = "/dev/disk/by-uuid/a3e601e7-7005-4513-8dff-748d9f384646";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=root" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/73e8faf4-a250-4edb-9583-a16dcfff621b";
|
|
||||||
boot.initrd.luks.devices."swap".device = "/dev/disk/by-uuid/4bd4ac67-74a8-4a67-b5eb-e8ebf814d5d7";
|
|
||||||
|
|
||||||
fileSystems."/home" =
|
|
||||||
{
|
|
||||||
device = "/dev/disk/by-uuid/a3e601e7-7005-4513-8dff-748d9f384646";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=home" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nix" =
|
|
||||||
{
|
|
||||||
device = "/dev/disk/by-uuid/a3e601e7-7005-4513-8dff-748d9f384646";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=nix" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/persist" =
|
|
||||||
{
|
|
||||||
device = "/dev/disk/by-uuid/a3e601e7-7005-4513-8dff-748d9f384646";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=persist" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/var/log" =
|
|
||||||
{
|
|
||||||
device = "/dev/disk/by-uuid/a3e601e7-7005-4513-8dff-748d9f384646";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=log" ];
|
|
||||||
neededForBoot = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{
|
|
||||||
device = "/dev/disk/by-uuid/6891-5A39";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices =
|
|
||||||
[{ device = "/dev/disk/by-uuid/65f4c4dd-57e7-4709-a017-2277874d3917"; }];
|
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
|
||||||
# still possible to use this option, but it's recommended to use it in conjunction
|
|
||||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
|
||||||
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
|
|
||||||
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
|
|
||||||
# networking.interfaces.wwp0s20f0u2.useDHCP = lib.mkDefault true;
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
}
|
|
|
@ -1,61 +0,0 @@
|
||||||
{ lib, config, ... }: {
|
|
||||||
imports = [
|
|
||||||
./gotosocial.nix
|
|
||||||
../../profiles/hcloud
|
|
||||||
./website.nix
|
|
||||||
];
|
|
||||||
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
|
||||||
fileSystems."/mnt/gts" = { device = "/dev/sdb1"; fsType = "ext4"; };
|
|
||||||
services.restic.backups.default.paths = ["/mnt/gts"];
|
|
||||||
cherrykitten.backups.enable = true;
|
|
||||||
cherrykitten.network = {
|
|
||||||
public_IPv4 = "128.140.109.125";
|
|
||||||
public_IPv6 = "2a01:4f8:c2c:bd32::1";
|
|
||||||
internal_IPv4 = "10.69.0.5";
|
|
||||||
internal_IPv6 = "fe80::8400:ff:fe8e:470d";
|
|
||||||
};
|
|
||||||
cherrykitten.prometheus.client.enable = true;
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
nameservers = [
|
|
||||||
"8.8.8.8"
|
|
||||||
];
|
|
||||||
defaultGateway = "172.31.1.1";
|
|
||||||
defaultGateway6 = {
|
|
||||||
address = "fe80::1";
|
|
||||||
interface = "eth0";
|
|
||||||
};
|
|
||||||
dhcpcd.enable = false;
|
|
||||||
usePredictableInterfaceNames = lib.mkForce false;
|
|
||||||
interfaces = {
|
|
||||||
eth0 = {
|
|
||||||
ipv4.addresses = [
|
|
||||||
{ address = config.cherrykitten.network.public_IPv4; prefixLength = 32; }
|
|
||||||
];
|
|
||||||
ipv6.addresses = [
|
|
||||||
{ address = config.cherrykitten.network.public_IPv6; prefixLength = 64; }
|
|
||||||
];
|
|
||||||
ipv4.routes = [{ address = "172.31.1.1"; prefixLength = 32; }];
|
|
||||||
ipv6.routes = [{ address = "fe80::1"; prefixLength = 128; }];
|
|
||||||
};
|
|
||||||
eth1 = {
|
|
||||||
ipv4.addresses = [
|
|
||||||
{ address = config.cherrykitten.network.internal_IPv4; prefixLength = 32; }
|
|
||||||
];
|
|
||||||
ipv6.addresses = [
|
|
||||||
{ address = config.cherrykitten.network.internal_IPv6; prefixLength = 64; }
|
|
||||||
];
|
|
||||||
ipv4.routes = [
|
|
||||||
{ address = "10.69.0.1"; prefixLength = 32; }
|
|
||||||
{ address = "10.69.0.0"; prefixLength = 24; via = "10.69.0.1"; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
ATTR{address}=="96:00:03:24:67:7a", NAME="eth0"
|
|
||||||
ATTR{address}=="86:00:00:8e:47:0d", NAME="eth1"
|
|
||||||
'';
|
|
||||||
|
|
||||||
system.stateVersion = "23.11";
|
|
||||||
}
|
|
|
@ -1,57 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
let
|
|
||||||
bind-address = "127.0.0.1";
|
|
||||||
host = "cherrykitten.gay";
|
|
||||||
port = 8553;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
services.gotosocial = {
|
|
||||||
enable = true;
|
|
||||||
setupPostgresqlDB = true;
|
|
||||||
settings = {
|
|
||||||
inherit bind-address host port;
|
|
||||||
application-name = "CherryKitten";
|
|
||||||
landing-page-user = "sammy";
|
|
||||||
|
|
||||||
instance-expose-suspended = true;
|
|
||||||
instance-expose-suspended-web = true;
|
|
||||||
accounts-registration-open = false;
|
|
||||||
|
|
||||||
media-image-max-size = 41943040;
|
|
||||||
media-video-max-size = 83886080;
|
|
||||||
media-description-max-chars = 3000;
|
|
||||||
media-remote-cache-days = 14;
|
|
||||||
media-emoji-local-max-size = 204800;
|
|
||||||
media-emoji-remote-max-size = 204800;
|
|
||||||
|
|
||||||
statuses-max-chars = 69420;
|
|
||||||
statuses-cw-max-chars = 200;
|
|
||||||
statuses-poll-max-options = 10;
|
|
||||||
statuses-poll-option-max-chars = 150;
|
|
||||||
statuses-media-max-files = 16;
|
|
||||||
|
|
||||||
storage-backend = "local";
|
|
||||||
storage-local-base-path = "/mnt/gts";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
clientMaxBodySize = "80M";
|
|
||||||
virtualHosts = {
|
|
||||||
"${host}" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations = {
|
|
||||||
"/" = {
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
proxyWebsockets = true;
|
|
||||||
proxyPass = "http://${bind-address}:${toString port}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,17 +0,0 @@
|
||||||
{ inputs, ... }: {
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
virtualHosts = {
|
|
||||||
"cherrykitten.dev" = {
|
|
||||||
extraConfig = "error_page 404 /404.html;";
|
|
||||||
addSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations = {
|
|
||||||
"/" = {
|
|
||||||
root = "${inputs.cherrykitten-website.packages.x86_64-linux.website}/var/www/cherrykitten.dev";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,65 +0,0 @@
|
||||||
{ lib, config, ... }: {
|
|
||||||
imports = [ ../../profiles/hcloud ];
|
|
||||||
|
|
||||||
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
|
||||||
cherrykitten.backups.enable = true;
|
|
||||||
cherrykitten.prometheus = {
|
|
||||||
server.enable = true;
|
|
||||||
client.enable = true;
|
|
||||||
};
|
|
||||||
cherrykitten.grafana = {
|
|
||||||
enable = true;
|
|
||||||
hostname = "graph.cherrykitten.dev";
|
|
||||||
};
|
|
||||||
cherrykitten.network = {
|
|
||||||
public_IPv4 = "116.203.116.228";
|
|
||||||
public_IPv6 = "2a01:4f8:1c1b:5db9::1";
|
|
||||||
internal_IPv4 = "10.69.0.2";
|
|
||||||
internal_IPv6 = "fe80::8400:ff:fe8e:e0a0";
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
nameservers = [
|
|
||||||
"2a01:4ff:ff00::add:2"
|
|
||||||
"2a01:4ff:ff00::add:1"
|
|
||||||
"185.12.64.2"
|
|
||||||
];
|
|
||||||
defaultGateway = "172.31.1.1";
|
|
||||||
defaultGateway6 = {
|
|
||||||
address = "fe80::1";
|
|
||||||
interface = "eth0";
|
|
||||||
};
|
|
||||||
dhcpcd.enable = false;
|
|
||||||
usePredictableInterfaceNames = lib.mkForce false;
|
|
||||||
interfaces = {
|
|
||||||
eth0 = {
|
|
||||||
ipv4.addresses = [
|
|
||||||
{ address = config.cherrykitten.network.public_IPv4; prefixLength = 32; }
|
|
||||||
];
|
|
||||||
ipv6.addresses = [
|
|
||||||
{ address = config.cherrykitten.network.public_IPv6; prefixLength = 64; }
|
|
||||||
];
|
|
||||||
ipv4.routes = [{ address = "172.31.1.1"; prefixLength = 32; }];
|
|
||||||
ipv6.routes = [{ address = "fe80::1"; prefixLength = 128; }];
|
|
||||||
};
|
|
||||||
ens10 = {
|
|
||||||
ipv4.addresses = [
|
|
||||||
{ address = config.cherrykitten.network.internal_IPv4; prefixLength = 32; }
|
|
||||||
];
|
|
||||||
ipv6.addresses = [
|
|
||||||
{ address = config.cherrykitten.network.internal_IPv6; prefixLength = 64; }
|
|
||||||
];
|
|
||||||
ipv4.routes = [
|
|
||||||
{ address = "10.69.0.1"; prefixLength = 32; }
|
|
||||||
{ address = "10.69.0.0"; prefixLength = 24; via = "10.69.0.1"; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
ATTR{address}=="96:00:03:60:ec:55", NAME="eth0"
|
|
||||||
ATTR{address}=="86:00:00:8e:e0:a0", NAME="ens10"
|
|
||||||
'';
|
|
||||||
|
|
||||||
system.stateVersion = "23.11";
|
|
||||||
}
|
|
|
@ -1,52 +0,0 @@
|
||||||
# Edit this configuration file to define what should be installed on
|
|
||||||
# your system. Help is available in the configuration.nix(5) man page, on
|
|
||||||
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
|
||||||
|
|
||||||
{ pkgs, pkgs-unstable, lib, inputs, ... }: {
|
|
||||||
imports = [
|
|
||||||
../../profiles/desktop
|
|
||||||
./hardware-configuration.nix
|
|
||||||
inputs.nixos-hardware.nixosModules.framework-16-7040-amd
|
|
||||||
];
|
|
||||||
|
|
||||||
services.hardware.bolt.enable = true;
|
|
||||||
cherrykitten.impermanence.enable = true;
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
networking.wireless.iwd.enable = true;
|
|
||||||
|
|
||||||
fileSystems."/mnt/Media" = {
|
|
||||||
device = "192.168.0.3:/mnt/user/Media";
|
|
||||||
fsType = "nfs";
|
|
||||||
options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" "noatime" ]; # disconnects after 10 minutes (i.e. 600 seconds)
|
|
||||||
};
|
|
||||||
|
|
||||||
# Enable CUPS to print documents.
|
|
||||||
services.printing.enable = true;
|
|
||||||
|
|
||||||
services.fwupd.enable = true;
|
|
||||||
|
|
||||||
services.xserver.xkb.layout = lib.mkForce "us";
|
|
||||||
|
|
||||||
users.users.sammy.packages = with pkgs; [
|
|
||||||
picard
|
|
||||||
discord
|
|
||||||
inkscape
|
|
||||||
pkgs-unstable.osu-lazer-bin
|
|
||||||
];
|
|
||||||
|
|
||||||
programs.steam = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
hardware.steam-hardware.enable = true;
|
|
||||||
services.usbmuxd.enable = true;
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
libimobiledevice
|
|
||||||
ifuse # optional, to mount using 'ifuse'
|
|
||||||
];
|
|
||||||
|
|
||||||
system.stateVersion = "24.05"; # Did you read the comment?
|
|
||||||
}
|
|
|
@ -1,45 +0,0 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[
|
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "uas" "sd_mod" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{
|
|
||||||
device = "none";
|
|
||||||
fsType = "tmpfs";
|
|
||||||
options = [ "defaults" "size=50%" "mode=755" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{
|
|
||||||
device = "/dev/disk/by-uuid/7BD4-96D5";
|
|
||||||
fsType = "vfat";
|
|
||||||
options = [ "fmask=0022" "dmask=0022" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nix" =
|
|
||||||
{
|
|
||||||
device = "/dev/disk/by-uuid/b1377283-89a6-434b-8315-60314dcd56ab";
|
|
||||||
fsType = "btrfs";
|
|
||||||
neededForBoot = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.initrd.luks.devices."nix".device = "/dev/disk/by-uuid/51f9bf11-5b38-4753-b927-2ff3e01dd5e0";
|
|
||||||
boot.initrd.luks.devices."swap".device = "/dev/disk/by-uuid/2c2f9f9d-0eca-4375-b284-108564c48af8";
|
|
||||||
|
|
||||||
swapDevices =
|
|
||||||
[{ device = "/dev/mapper/swap"; }];
|
|
||||||
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
}
|
|
Loading…
Reference in a new issue