From 625bb16a078148c6ea49bf8369b8f5a6172ad455 Mon Sep 17 00:00:00 2001 From: sefidel Date: Thu, 16 Feb 2023 11:36:19 +0900 Subject: feat(nixos/alpha): reinstall --- nixos/.sops.yaml | 2 +- nixos/alpha/configuration.nix | 8 +-- nixos/alpha/hardware-configuration.nix | 93 ++++++++++++++++++++-------------- nixos/alpha/secrets/secrets.yaml | 52 +++++++++---------- 4 files changed, 85 insertions(+), 70 deletions(-) (limited to 'nixos') diff --git a/nixos/.sops.yaml b/nixos/.sops.yaml index 56ea0b6..9e31314 100644 --- a/nixos/.sops.yaml +++ b/nixos/.sops.yaml @@ -1,6 +1,6 @@ keys: - &sefidel 387E2BF0402610B00A9CB7E689C80C5BD6DBE2B2 - - &host_alpha c62b0336ff6e444e5f2041e8074ca855641a5b7f + - &host_alpha c8f082e7e8b1554f11bdf1f794ade1df5e8f83f1 - &host_kompakt e6a9ee28ea91e2dbf24d817d0c5936391be59DC0 creation_rules: - path_regex: alpha/secrets/[^/]+\.yaml$ diff --git a/nixos/alpha/configuration.nix b/nixos/alpha/configuration.nix index 42675bd..22b7feb 100644 --- a/nixos/alpha/configuration.nix +++ b/nixos/alpha/configuration.nix @@ -150,7 +150,7 @@ cozette dina-font envypn-font - iosevka-pure-bin + #iosevka-pure-bin # TODO: FIX nanum-gothic nanum-myeongjo readable-cherry @@ -219,7 +219,7 @@ sops.defaultSopsFile = ./secrets/secrets.yaml; sops.secrets.root-password.neededForUsers = true; - sops.secrets.zach-password.neededForUsers = true; + sops.secrets.sefidel-password.neededForUsers = true; users.mutableUsers = false; @@ -227,10 +227,10 @@ users.users = { root.passwordFile = config.sops.secrets.root-password.path; - zach = { + sefidel = { isNormalUser = true; shell = pkgs.zsh; - passwordFile = config.sops.secrets.zach-password.path; + passwordFile = config.sops.secrets.sefidel-password.path; extraGroups = [ "wheel" diff --git a/nixos/alpha/hardware-configuration.nix b/nixos/alpha/hardware-configuration.nix index 9c8ef73..3c702eb 100644 --- a/nixos/alpha/hardware-configuration.nix +++ b/nixos/alpha/hardware-configuration.nix @@ -1,46 +1,61 @@ -{ config, lib, pkgs, ... }: +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: { - boot.initrd.availableKernelModules = [ "xhci-pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" "tcp_bbr" ]; + boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; + fileSystems."/" = + { device = "rpool/local/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/C5C1-09F1"; + fsType = "vfat"; + }; + + fileSystems."/nix" = + { device = "rpool/local/nix"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "rpool/safe/home"; + fsType = "zfs"; + }; + + fileSystems."/persist" = + { device = "rpool/safe/persist"; + fsType = "zfs"; + }; + + fileSystems."/mnt/resident" = + { device = "/dev/disk/by-uuid/fe7a00a8-0a3c-48de-9d7a-ed7cf172f501"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/4f06a42c-c4cc-4861-8ae0-dcff81d719d3"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - hardware.enableRedistributableFirmware = true; - - fileSystems."/" = { - device = "rpool/local/root"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/31C2-3406"; - fsType = "vfat"; - }; - - fileSystems."/nix" = { - device = "rpool/local/nix"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "rpool/safe/home"; - fsType = "zfs"; - }; - - fileSystems."/persist" = { - device = "rpool/safe/persist"; - fsType = "zfs"; - }; - - fileSystems."/data" = { - device = "/dev/disk/by-uuid/fe7a00a8-0a3c-48de-9d7a-ed7cf172f501"; - fsType = "ext4"; - }; - - swapDevices = [{ device = "/dev/disk/by-uuid/ff8bd8d2-2b3b-495d-8865-9cd140dd1f54"; }]; - - nix.settings.max-jobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "schedutil"; + # high-resolution display + hardware.video.hidpi.enable = lib.mkDefault true; } diff --git a/nixos/alpha/secrets/secrets.yaml b/nixos/alpha/secrets/secrets.yaml index 185220f..5e9b0d3 100644 --- a/nixos/alpha/secrets/secrets.yaml +++ b/nixos/alpha/secrets/secrets.yaml @@ -1,44 +1,44 @@ -root-password: ENC[AES256_GCM,data:KVPWUhy2dqSz8djBQRogBYUxZXmnJ1m7w+d6osLQXiVyrMf/ZKdJIn3jWUNkTTFRIdiHeZT4WZbffHtZO1GhjQG4jeRIfS6oBmPzhFJKG8d3R2JwbL4gCXQT9mvmX4cgPIs7BJxCo3GnWg==,iv:D9uva5kvuiPtYWGDcStbD+f+K2+xpE3Ogdq4idCnUsQ=,tag:OcwGkm541OPSHMEqU4odgw==,type:str] -zach-password: ENC[AES256_GCM,data:hjCi2Pu0KtmaJ+RVU1SyLHKMgG/WP/AcTBYce+IV/ftfA9e7z294yZ6EizvtwwTDqJbI0ADSekdiomYIP5u6g1gz9pvexDEw3KR3nhVSQSKnhOwZ6wBm9ycNhRJhPmCM27uh6dM/SPuIgg==,iv:qJuPimIzJP053V1GnUTe5GKC8s/sFfQ7Wr3Wb0meGGM=,tag:SR4jecEt2P6u+PzqEl2ZNQ==,type:str] +root-password: ENC[AES256_GCM,data:Oks5E9t0XAdWysG8aNazmJjhncyrTm+Chbo/nQpVS+ffsTFVj1bzj5nb6TrVwGFqRv4xtr0hEyQUFDUGEptJoxG0e3tbfY9pwQ==,iv:RrWtjGW/sJpGuSRxWEDD5KnCp3VIRJeNfpDOyf3ezd0=,tag:WmKF4ncrHOc/wLhdXjK4JQ==,type:str] +sefidel-password: ENC[AES256_GCM,data:W5q+642ogGNseHJSctNqaK25frTuo0lOIYTdxo9t0+PyzC/jBsph7VlOOmJIjovDyNCFwpYuOR8hMyg/wjXO3wZk3BmQIW+1vuaddA874BHWiOFIEaP2jnYNgP0HiBWrjsMHSCxo30Ycng==,iv:RLvT6zWyogZJNpQifTL/8MYAiReYyhqTe6+rMZBoaEE=,tag:87qGzrOeQ8ZDwH//vL1LjA==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-02-05T11:33:33Z" - mac: ENC[AES256_GCM,data:bgEgm7Wu53ttYIygSCMZP9F2FMcqjc941cmERolnwFQhbjYMh5viRIsBm5t+bRDRRgIpOZsrieCGzRHll4Ub3718geLx8mkEOA57bRSgl4BBVx2qg7HHhK9yHMhO1VsazVQg/W5QW+m0EGtc/skfnM9rprywbPIGiPQW0RuP0LY=,iv:s8zHX5z9iGzijvn4fb5vZRuyDMsdZKWYRMZ3z/I1c4s=,tag:3WwXUfhmg5rsBxtq/PbOvQ==,type:str] + lastmodified: "2023-02-16T02:32:53Z" + mac: ENC[AES256_GCM,data:MwT7Lt7J4hqZbY64tHXypZQDShfAW2Zqg9khNosh8gQVKeQaqHfOGnfINH1W5dtRpyLvQON5xyHuGsH6dERuC92257E0Es0vbbqslYT17Nw/kOD6Uq0HPTWa96sQ4K7LNWljVZpzOGLYQMEJt73tCHY8ge0UL1GYekDNMAdVQXc=,iv:T6+SwarPAEQFeJcKmH5aogTdRM3YdxCgi8Oq8b4ZCac=,tag:JR9sx7LZoNeSm3BxpNUnmg==,type:str] pgp: - - created_at: "2023-02-05T09:49:30Z" + - created_at: "2023-02-16T02:29:39Z" enc: | -----BEGIN PGP MESSAGE----- - hF4Dr9flwPWa1q8SAQdA+fosTjcmurKUcSFNK/FF5LNqpajbdcBxjm/ZBKMOLFEw - ITClO3QJMtQjG8knzV5Pk8EekGFWYcdhQETvuVHZpEpaPmZDcYUsFa/N/7S7dtUl - 0l4BFfTjxrZTNqO43pnhS+TYOIMuutNKfknE7kaFCw5TpLHkpf+QZz4Ted0B4Wbh - JMaiaMGmCGi2z1AjLpHTiRPFd3kkoljhm4geITMqL0AlmumrxosGWkdqejXtIbBr - =mxAB + hF4Dr9flwPWa1q8SAQdAI/6Vf2s+nzzaxwa0sWIBK61oIy7kNJUWxfzXMCqEbiww + 3WYfihpq4CSClukTKYhBnMA/Pawmdidn8agXtAXqNbZUc11Iyl9XJDy8x0GxMtF1 + 0lwBjQg77xhUo+0IBb1XLKXfHQVYbs5JBasaZ0P3AgMUw+aUCFpnsSc2mkUmtzBg + 9GqRwgPqEC3hGNtMHVADaZrNRRF7t8ZFS0VozYReOyboYWAkt8hz9P1NJfqIpw== + =59ZL -----END PGP MESSAGE----- fp: 387E2BF0402610B00A9CB7E689C80C5BD6DBE2B2 - - created_at: "2023-02-05T09:49:30Z" + - created_at: "2023-02-16T02:29:39Z" enc: | -----BEGIN PGP MESSAGE----- - hQIMAwdMqFVkGlt/AQ/9Gh0eEPgRGO/n3fihcpy7Ec5n1BTZ6IYcIFayFrLoqztP - LzRNwT5gt3T/D7rRCwgYEULXWGC1+9JLoLw6QgjiK4ArO8Wkb+7V2FEHF+jdpqth - +XrwGEozwsmOi0Oh1BBUIF5mpPjrQjf3SyF9Rr6hhauhg0WWMAeuDu1uP9xMaZet - lZVv73G3WvHwphRzaSoA70yby+o5EzT1DuOSjH5/6X6GP0U5LmnsZx1o7HHJ9tN6 - 9uD5TnUVzE7Ib0Bh/+3Hxb1csWI7HW9nH5A687foX5zuPklvFjtkaR3fH2gzo7l3 - pL+PXhlpO7BPoNHKghAUhKNrk1TUHZZUyqplVPcLTXt14wK5sWWMvn7h4OMqt7h/ - rGXNhEzNR66urJBCykBJ+3bdD7t324M+KWK5gcwbJgN9VVs1UVGYNcbqwGP94eNs - A3vUUBrMRbSXHi2FMRMQTPCO3CH5X+xpTn3yYSZLDvPrLRpLKffGph/usEwmnXub - TYXNMRa+Kt8zjLIF9R+eemjSYQ5Z+jg5GDUGmMw8xEk8nY9TsqOxKQ1keh1BIScF - 7xY9rzDI2CDmSH88Gs+cifAW3MwOLGjPSmzuNpMqm6JPrOPNWtVIMe5cd5dNNbcu - 2Qgvxr3KtXzO/fX/DjbdOWSpS6yWpKnoTwkM6ATuAS6OodTvenqj8GO5yiXRDO7S - WAFf9iqF0/ajPpbjeRS17NA/eC5CmRJ7aw66TbD4mndGUusTqVNvL98OtadLmSuF - T1UkSAJeyGSb2THMLLFcTvpYu1q83l+mBbMDaIkLd/VO2dQG/AfwKuE= - =QIC+ + hQIMA5St4d9ej4PxAQ//adx3JKnElng16kbl30e67y3HCHg4jHOHCU8ilmyAP5iT + UFSVO2SVVP3hny3WwqEPJvnkn2d8KeRklPSkhVgXDKU4kthw6rW8uYN991y9NUAa + n8d8lZlFz35OwmPmEhRoxdxC/JTj/8iM6N+heL4x6v4VjKOFnBQFY5QTvr0VmsKB + wM/pRjiK5KEmpoNd4G3NFJf9od//R5NXS9fFwnudUQXN2vdshJXsSjN69RpdA4vV + aL2D0NmufbTx3enaFQ6PwFm3vNs7iUoRNZ7P2diJkxjoVWiGHcepvYjhJTnjjMSA + 3Vd4ypWvrfYjorJpWiwQMzmgPl6HDpRVZ7dFp0peIJ6gkrOaZTYVq9fMdYmh7tp6 + ktqPzTAuEF0+13fDXK0fNrz/+Adb0NqWTRssmK+gleMVOjjsHWEmiMIyoSrPNB8U + DKPVC92AvShLVpP1HX8UiuXWyr87F6BREqmQbk4+N5QCm6bEQ+eS0ZL4N4wmK/B1 + z/ee4CTiKZ4C4oUVfUUcSbH7aYfPFAyavKdtDx9tsyqvQYPDxOBtBb0EXcK3epOc + GaNDwfLirzlCd7/tv9/5IUf4aW6ghk2BWM7y2DfaCPzqOZVXBly/tiQR81mBZwYe + jGTjywLnrQrYGD1IT5TTpMFDtoB3wbioa4QR4sw0F7SygVsqtvfXZdXpm6qaaznS + VgHA5e9mYojB69TPa4z7UDhmIqATgEQ1Pig4GIVpDFGndHW4bCfVW6VWo3sLgpQs + YcG8Stk1/SrqLcnLYZCsEw7VdLD+y8qWQcWM5jO7pXLd5fx0xC6B + =uYfX -----END PGP MESSAGE----- - fp: c62b0336ff6e444e5f2041e8074ca855641a5b7f + fp: c8f082e7e8b1554f11bdf1f794ade1df5e8f83f1 unencrypted_suffix: _unencrypted version: 3.7.3 -- cgit 1.4.1