diff --git a/flake.nix b/flake.nix index 7b515a7..599dd0a 100755 --- a/flake.nix +++ b/flake.nix @@ -149,6 +149,16 @@ inputs.lix-module.nixosModules.default inputs.sops-nix.nixosModules.sops ]; + eris = inputs.self.lib.mkLinuxSystem [ + ./systems/eris + ./profiles/user0 + config.nixosModules.eris + config.nixosModules.core + config.nixosModules.mantle + inputs.home-manager.nixosModules.home-manager + inputs.lix-module.nixosModules.default + inputs.sops-nix.nixosModules.sops + ]; }; templates = { haskell = { diff --git a/modules/config/default.nix b/modules/config/default.nix index b850080..27f1116 100755 --- a/modules/config/default.nix +++ b/modules/config/default.nix @@ -231,6 +231,7 @@ in ceresStorageDriveName = "NAS1"; ceresIP = "192.168.50.140"; + erisIP = "192.168.50.139"; deimosIP = "192.168.50.176"; marsIP = "192.168.50.218"; phoneIP = "192.168.50.243"; @@ -244,6 +245,8 @@ in desktopLabel = "Mars"; server = "ceres"; serverLabel = "Ceres"; + eris = "eris"; + erisLabel = "Eris"; laptop = "deimos"; laptopLabel = "Deimos"; laptop2 = "phobos"; diff --git a/modules/config/devices/config/eris.nix b/modules/config/devices/config/eris.nix new file mode 100755 index 0000000..db2c97c --- /dev/null +++ b/modules/config/devices/config/eris.nix @@ -0,0 +1,31 @@ +{ moduleFunctions }: +let + inherit (moduleFunctions.devicesFunctions) + fileModeAndDirMode + ownerExclusiveReadWriteMask + sambaPermissions + userIdForUser0 + erisIP + deviceNames + ; + + erisName = deviceNames.eris; +in +{ + label = deviceNames.serverLabel; + name = erisName; + sync = { + address0 = ""; + }; + ip = { + address0 = erisIP; + }; + boot = { + options = ownerExclusiveReadWriteMask; + }; + samba0 = { + mount = "/mnt/media/${erisName}"; + device = "//${erisIP}"; + options = sambaPermissions ++ fileModeAndDirMode ++ userIdForUser0; + }; +} diff --git a/modules/home/default.nix b/modules/home/default.nix index 9619418..ea645a0 100755 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -11,6 +11,7 @@ in deimos ceres phobos + eris ; inherit (config.people) user0 @@ -154,5 +155,12 @@ in ; }; }; + "${eris.name}-${user0}" = { + imports = builtins.attrValues { + inherit (modules) + cli + ; + }; + }; }; } diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index b739090..18bc7e3 100755 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -73,6 +73,14 @@ in }; }; + eris = { + imports = builtins.attrValues { + inherit (modules) + nextcloud + ; + }; + }; + crust = { imports = builtins.attrValues { inherit (modules) diff --git a/systems/eris/config/boot.nix b/systems/eris/config/boot.nix new file mode 100755 index 0000000..6f25045 --- /dev/null +++ b/systems/eris/config/boot.nix @@ -0,0 +1,43 @@ +{ + pkgs, + config, + ... +}: +{ + boot = { + extraModulePackages = [ + config.boot.kernelPackages.v4l2loopback.out + ]; + supportedFilesystems = [ + "ntfs" + ]; + initrd = { + availableKernelModules = [ + "nvme" + "ahci" + "xhci_pci" + "usb_storage" + "usbhid" + "sd_mod" + ]; + kernelModules = [ + ]; + }; + + kernelModules = [ + "kvm-amd" + "vfio-pci" + "v4l2loopback" + ]; + + kernelPackages = pkgs.linuxPackages_latest; + + loader = { + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + systemd-boot.enable = true; + }; + }; +} diff --git a/systems/eris/config/filesystem.nix b/systems/eris/config/filesystem.nix new file mode 100755 index 0000000..2ab06ad --- /dev/null +++ b/systems/eris/config/filesystem.nix @@ -0,0 +1,18 @@ +{ + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/de4e681b-0667-4bf8-8d6e-c50894aa41cd"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/C68D-B1C0"; + fsType = "vfat"; + }; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/259fcc06-912c-4bd3-b781-8f77449e935a"; } + ]; + + services.udisks2.enable = true; +} diff --git a/systems/eris/config/graphics.nix b/systems/eris/config/graphics.nix new file mode 100755 index 0000000..d61e778 --- /dev/null +++ b/systems/eris/config/graphics.nix @@ -0,0 +1,17 @@ +{ + hardware = { + graphics = { + enable = true; + }; + }; + + services.xserver = { + videoDrivers = [ + "intel" + "modesetting" + ]; + deviceSection = '' + Option "TearFree" "true" + ''; + }; +} diff --git a/systems/eris/config/hardware.nix b/systems/eris/config/hardware.nix new file mode 100755 index 0000000..d2e2302 --- /dev/null +++ b/systems/eris/config/hardware.nix @@ -0,0 +1,15 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + hardware = { + firmware = [ + pkgs.rtl8761b-firmware + ]; + enableAllFirmware = true; + cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; +} diff --git a/systems/eris/config/networking.nix b/systems/eris/config/networking.nix new file mode 100755 index 0000000..d399774 --- /dev/null +++ b/systems/eris/config/networking.nix @@ -0,0 +1,42 @@ +{ + lib, + flake, + ... +}: +let + inherit (flake.config.machines.devices) eris; +in +{ + networking = { + hostName = eris.name; + networkmanager.enable = true; + nftables.enable = true; + useDHCP = lib.mkDefault true; + firewall = { + enable = true; + allowedTCPPorts = [ + 22 # SSH + 25 # SMTP + 139 # SMTP + 587 # SMTP + 2525 # SMTP + ]; + }; + }; + services = { + avahi = { + enable = true; + openFirewall = true; + nssmdns4 = true; + publish = { + enable = true; + userServices = true; + }; + }; + sshd.enable = true; + openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; + }; +} diff --git a/systems/eris/default.nix b/systems/eris/default.nix new file mode 100755 index 0000000..d1f0003 --- /dev/null +++ b/systems/eris/default.nix @@ -0,0 +1,17 @@ +{ lib, ... }: +let + configPath = ./config; + + ceresImports = + let + files = builtins.attrNames (builtins.readDir configPath); + in + map (name: configPath + "/${name}") ( + builtins.filter (name: builtins.match ".*\\.nix$" name != null) files + ); +in +{ + imports = ceresImports; + nixpkgs.hostPlatform = lib.mkForce "x86_64-linux"; + system.stateVersion = lib.mkForce "24.05"; +}