about summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'nixos')
-rw-r--r--nixos/.sops.yaml2
-rw-r--r--nixos/alpha/configuration.nix8
-rw-r--r--nixos/alpha/hardware-configuration.nix93
-rw-r--r--nixos/alpha/secrets/secrets.yaml52
4 files changed, 85 insertions, 70 deletions
diff --git a/nixos/.sops.yaml b/nixos/.sops.yaml
index 56ea0b6..9e31314 100644
--- a/nixos/.sops.yaml
+++ b/nixos/.sops.yaml
@@ -1,6 +1,6 @@
 keys:
   - &sefidel 387E2BF0402610B00A9CB7E689C80C5BD6DBE2B2
-  - &host_alpha c62b0336ff6e444e5f2041e8074ca855641a5b7f
+  - &host_alpha c8f082e7e8b1554f11bdf1f794ade1df5e8f83f1
   - &host_kompakt e6a9ee28ea91e2dbf24d817d0c5936391be59DC0
 creation_rules:
   - path_regex: alpha/secrets/[^/]+\.yaml$
diff --git a/nixos/alpha/configuration.nix b/nixos/alpha/configuration.nix
index 42675bd..22b7feb 100644
--- a/nixos/alpha/configuration.nix
+++ b/nixos/alpha/configuration.nix
@@ -150,7 +150,7 @@
       cozette
       dina-font
       envypn-font
-      iosevka-pure-bin
+      #iosevka-pure-bin # TODO: FIX
       nanum-gothic
       nanum-myeongjo
       readable-cherry
@@ -219,7 +219,7 @@
 
   sops.defaultSopsFile = ./secrets/secrets.yaml;
   sops.secrets.root-password.neededForUsers = true;
-  sops.secrets.zach-password.neededForUsers = true;
+  sops.secrets.sefidel-password.neededForUsers = true;
 
   users.mutableUsers = false;
 
@@ -227,10 +227,10 @@
 
   users.users = {
     root.passwordFile = config.sops.secrets.root-password.path;
-    zach = {
+    sefidel = {
       isNormalUser = true;
       shell = pkgs.zsh;
-      passwordFile = config.sops.secrets.zach-password.path;
+      passwordFile = config.sops.secrets.sefidel-password.path;
 
       extraGroups = [
         "wheel"
diff --git a/nixos/alpha/hardware-configuration.nix b/nixos/alpha/hardware-configuration.nix
index 9c8ef73..3c702eb 100644
--- a/nixos/alpha/hardware-configuration.nix
+++ b/nixos/alpha/hardware-configuration.nix
@@ -1,46 +1,61 @@
-{ config, lib, pkgs, ... }:
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
 
 {
-  boot.initrd.availableKernelModules = [ "xhci-pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" "tcp_bbr" ];
+  boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
+  fileSystems."/" =
+    { device = "rpool/local/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/C5C1-09F1";
+      fsType = "vfat";
+    };
+
+  fileSystems."/nix" =
+    { device = "rpool/local/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "rpool/safe/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/persist" =
+    { device = "rpool/safe/persist";
+      fsType = "zfs";
+    };
+
+  fileSystems."/mnt/resident" =
+    { device = "/dev/disk/by-uuid/fe7a00a8-0a3c-48de-9d7a-ed7cf172f501";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/4f06a42c-c4cc-4861-8ae0-dcff81d719d3"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-  hardware.enableRedistributableFirmware = true;
-
-  fileSystems."/" = {
-    device = "rpool/local/root";
-    fsType = "zfs";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/31C2-3406";
-    fsType = "vfat";
-  };
-
-  fileSystems."/nix" = {
-    device = "rpool/local/nix";
-    fsType = "zfs";
-  };
-
-  fileSystems."/home" = {
-    device = "rpool/safe/home";
-    fsType = "zfs";
-  };
-
-  fileSystems."/persist" = {
-    device = "rpool/safe/persist";
-    fsType = "zfs";
-  };
-
-  fileSystems."/data" = {
-    device = "/dev/disk/by-uuid/fe7a00a8-0a3c-48de-9d7a-ed7cf172f501";
-    fsType = "ext4";
-  };
-
-  swapDevices = [{ device = "/dev/disk/by-uuid/ff8bd8d2-2b3b-495d-8865-9cd140dd1f54"; }];
-
-  nix.settings.max-jobs = lib.mkDefault 4;
-  powerManagement.cpuFreqGovernor = lib.mkDefault "schedutil";
+  # high-resolution display
+  hardware.video.hidpi.enable = lib.mkDefault true;
 }
diff --git a/nixos/alpha/secrets/secrets.yaml b/nixos/alpha/secrets/secrets.yaml
index 185220f..5e9b0d3 100644
--- a/nixos/alpha/secrets/secrets.yaml
+++ b/nixos/alpha/secrets/secrets.yaml
@@ -1,44 +1,44 @@
-root-password: ENC[AES256_GCM,data:KVPWUhy2dqSz8djBQRogBYUxZXmnJ1m7w+d6osLQXiVyrMf/ZKdJIn3jWUNkTTFRIdiHeZT4WZbffHtZO1GhjQG4jeRIfS6oBmPzhFJKG8d3R2JwbL4gCXQT9mvmX4cgPIs7BJxCo3GnWg==,iv:D9uva5kvuiPtYWGDcStbD+f+K2+xpE3Ogdq4idCnUsQ=,tag:OcwGkm541OPSHMEqU4odgw==,type:str]
-zach-password: ENC[AES256_GCM,data:hjCi2Pu0KtmaJ+RVU1SyLHKMgG/WP/AcTBYce+IV/ftfA9e7z294yZ6EizvtwwTDqJbI0ADSekdiomYIP5u6g1gz9pvexDEw3KR3nhVSQSKnhOwZ6wBm9ycNhRJhPmCM27uh6dM/SPuIgg==,iv:qJuPimIzJP053V1GnUTe5GKC8s/sFfQ7Wr3Wb0meGGM=,tag:SR4jecEt2P6u+PzqEl2ZNQ==,type:str]
+root-password: ENC[AES256_GCM,data:Oks5E9t0XAdWysG8aNazmJjhncyrTm+Chbo/nQpVS+ffsTFVj1bzj5nb6TrVwGFqRv4xtr0hEyQUFDUGEptJoxG0e3tbfY9pwQ==,iv:RrWtjGW/sJpGuSRxWEDD5KnCp3VIRJeNfpDOyf3ezd0=,tag:WmKF4ncrHOc/wLhdXjK4JQ==,type:str]
+sefidel-password: ENC[AES256_GCM,data:W5q+642ogGNseHJSctNqaK25frTuo0lOIYTdxo9t0+PyzC/jBsph7VlOOmJIjovDyNCFwpYuOR8hMyg/wjXO3wZk3BmQIW+1vuaddA874BHWiOFIEaP2jnYNgP0HiBWrjsMHSCxo30Ycng==,iv:RLvT6zWyogZJNpQifTL/8MYAiReYyhqTe6+rMZBoaEE=,tag:87qGzrOeQ8ZDwH//vL1LjA==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-02-05T11:33:33Z"
-    mac: ENC[AES256_GCM,data:bgEgm7Wu53ttYIygSCMZP9F2FMcqjc941cmERolnwFQhbjYMh5viRIsBm5t+bRDRRgIpOZsrieCGzRHll4Ub3718geLx8mkEOA57bRSgl4BBVx2qg7HHhK9yHMhO1VsazVQg/W5QW+m0EGtc/skfnM9rprywbPIGiPQW0RuP0LY=,iv:s8zHX5z9iGzijvn4fb5vZRuyDMsdZKWYRMZ3z/I1c4s=,tag:3WwXUfhmg5rsBxtq/PbOvQ==,type:str]
+    lastmodified: "2023-02-16T02:32:53Z"
+    mac: ENC[AES256_GCM,data:MwT7Lt7J4hqZbY64tHXypZQDShfAW2Zqg9khNosh8gQVKeQaqHfOGnfINH1W5dtRpyLvQON5xyHuGsH6dERuC92257E0Es0vbbqslYT17Nw/kOD6Uq0HPTWa96sQ4K7LNWljVZpzOGLYQMEJt73tCHY8ge0UL1GYekDNMAdVQXc=,iv:T6+SwarPAEQFeJcKmH5aogTdRM3YdxCgi8Oq8b4ZCac=,tag:JR9sx7LZoNeSm3BxpNUnmg==,type:str]
     pgp:
-        - created_at: "2023-02-05T09:49:30Z"
+        - created_at: "2023-02-16T02:29:39Z"
           enc: |
             -----BEGIN PGP MESSAGE-----
 
-            hF4Dr9flwPWa1q8SAQdA+fosTjcmurKUcSFNK/FF5LNqpajbdcBxjm/ZBKMOLFEw
-            ITClO3QJMtQjG8knzV5Pk8EekGFWYcdhQETvuVHZpEpaPmZDcYUsFa/N/7S7dtUl
-            0l4BFfTjxrZTNqO43pnhS+TYOIMuutNKfknE7kaFCw5TpLHkpf+QZz4Ted0B4Wbh
-            JMaiaMGmCGi2z1AjLpHTiRPFd3kkoljhm4geITMqL0AlmumrxosGWkdqejXtIbBr
-            =mxAB
+            hF4Dr9flwPWa1q8SAQdAI/6Vf2s+nzzaxwa0sWIBK61oIy7kNJUWxfzXMCqEbiww
+            3WYfihpq4CSClukTKYhBnMA/Pawmdidn8agXtAXqNbZUc11Iyl9XJDy8x0GxMtF1
+            0lwBjQg77xhUo+0IBb1XLKXfHQVYbs5JBasaZ0P3AgMUw+aUCFpnsSc2mkUmtzBg
+            9GqRwgPqEC3hGNtMHVADaZrNRRF7t8ZFS0VozYReOyboYWAkt8hz9P1NJfqIpw==
+            =59ZL
             -----END PGP MESSAGE-----
           fp: 387E2BF0402610B00A9CB7E689C80C5BD6DBE2B2
-        - created_at: "2023-02-05T09:49:30Z"
+        - created_at: "2023-02-16T02:29:39Z"
           enc: |
             -----BEGIN PGP MESSAGE-----
 
-            hQIMAwdMqFVkGlt/AQ/9Gh0eEPgRGO/n3fihcpy7Ec5n1BTZ6IYcIFayFrLoqztP
-            LzRNwT5gt3T/D7rRCwgYEULXWGC1+9JLoLw6QgjiK4ArO8Wkb+7V2FEHF+jdpqth
-            +XrwGEozwsmOi0Oh1BBUIF5mpPjrQjf3SyF9Rr6hhauhg0WWMAeuDu1uP9xMaZet
-            lZVv73G3WvHwphRzaSoA70yby+o5EzT1DuOSjH5/6X6GP0U5LmnsZx1o7HHJ9tN6
-            9uD5TnUVzE7Ib0Bh/+3Hxb1csWI7HW9nH5A687foX5zuPklvFjtkaR3fH2gzo7l3
-            pL+PXhlpO7BPoNHKghAUhKNrk1TUHZZUyqplVPcLTXt14wK5sWWMvn7h4OMqt7h/
-            rGXNhEzNR66urJBCykBJ+3bdD7t324M+KWK5gcwbJgN9VVs1UVGYNcbqwGP94eNs
-            A3vUUBrMRbSXHi2FMRMQTPCO3CH5X+xpTn3yYSZLDvPrLRpLKffGph/usEwmnXub
-            TYXNMRa+Kt8zjLIF9R+eemjSYQ5Z+jg5GDUGmMw8xEk8nY9TsqOxKQ1keh1BIScF
-            7xY9rzDI2CDmSH88Gs+cifAW3MwOLGjPSmzuNpMqm6JPrOPNWtVIMe5cd5dNNbcu
-            2Qgvxr3KtXzO/fX/DjbdOWSpS6yWpKnoTwkM6ATuAS6OodTvenqj8GO5yiXRDO7S
-            WAFf9iqF0/ajPpbjeRS17NA/eC5CmRJ7aw66TbD4mndGUusTqVNvL98OtadLmSuF
-            T1UkSAJeyGSb2THMLLFcTvpYu1q83l+mBbMDaIkLd/VO2dQG/AfwKuE=
-            =QIC+
+            hQIMA5St4d9ej4PxAQ//adx3JKnElng16kbl30e67y3HCHg4jHOHCU8ilmyAP5iT
+            UFSVO2SVVP3hny3WwqEPJvnkn2d8KeRklPSkhVgXDKU4kthw6rW8uYN991y9NUAa
+            n8d8lZlFz35OwmPmEhRoxdxC/JTj/8iM6N+heL4x6v4VjKOFnBQFY5QTvr0VmsKB
+            wM/pRjiK5KEmpoNd4G3NFJf9od//R5NXS9fFwnudUQXN2vdshJXsSjN69RpdA4vV
+            aL2D0NmufbTx3enaFQ6PwFm3vNs7iUoRNZ7P2diJkxjoVWiGHcepvYjhJTnjjMSA
+            3Vd4ypWvrfYjorJpWiwQMzmgPl6HDpRVZ7dFp0peIJ6gkrOaZTYVq9fMdYmh7tp6
+            ktqPzTAuEF0+13fDXK0fNrz/+Adb0NqWTRssmK+gleMVOjjsHWEmiMIyoSrPNB8U
+            DKPVC92AvShLVpP1HX8UiuXWyr87F6BREqmQbk4+N5QCm6bEQ+eS0ZL4N4wmK/B1
+            z/ee4CTiKZ4C4oUVfUUcSbH7aYfPFAyavKdtDx9tsyqvQYPDxOBtBb0EXcK3epOc
+            GaNDwfLirzlCd7/tv9/5IUf4aW6ghk2BWM7y2DfaCPzqOZVXBly/tiQR81mBZwYe
+            jGTjywLnrQrYGD1IT5TTpMFDtoB3wbioa4QR4sw0F7SygVsqtvfXZdXpm6qaaznS
+            VgHA5e9mYojB69TPa4z7UDhmIqATgEQ1Pig4GIVpDFGndHW4bCfVW6VWo3sLgpQs
+            YcG8Stk1/SrqLcnLYZCsEw7VdLD+y8qWQcWM5jO7pXLd5fx0xC6B
+            =uYfX
             -----END PGP MESSAGE-----
-          fp: c62b0336ff6e444e5f2041e8074ca855641a5b7f
+          fp: c8f082e7e8b1554f11bdf1f794ade1df5e8f83f1
     unencrypted_suffix: _unencrypted
     version: 3.7.3