Created fireweed host configuration flake

2023-11-21 18:24:59 -08:00 · 2023-11-21 18:24:59 -08:00 · 29740c5a24
commit 29740c5a24
parent 8747442203
10 changed files with 172 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -48,7 +48,7 @@ nix run nixpkgs#<package>

 - [ ] Create additional host configurations
 - [ ] Implement the Impermanence module
- [ ] Create specific software installations (i.e. gui, gaming, kali-collection, etc)
 - [ ] Implement [Agenix](https://nixos.wiki/wiki/Agenix) or Sopsnix
 - [ ] Implement [Stylix](https://danth.github.io/stylix/)
 - [ ] Implement [MicroVM.nix](https://github.com/astro/microvm.nix)
+- [ ] Figure out urlview and yank conflict with tmux plugins
--- a/home-manager/dots/xinitrc
+++ b/home-manager/dots/xinitrc
@ -10,7 +10,6 @@ dunst &
 clipmenud &
 trayer --edge bottom --align right --margin 0 --widthtype request --SetDockType true --transparent true --alpha 255 &
 nm-applet &
-#pa-applet &
 mullvad-gui &
 sxhkd &
 xrandr --output DP-1 --primary --mode 2560x1440 --rotate normal --rate "164.99" --output DP-2 --mode 2560x1440 --rotate normal --rate "164.99" --right-of DP-1 &
--- a/hosts/buckwheat/configuration.nix
+++ b/hosts/buckwheat/configuration.nix
@ -41,6 +41,8 @@ in
  users.users.${user.name} = {
    extraGroups = [ "libvirtd" "transmission" "davfs2" ];
    packages = [
+      mixxx
+      virt-manager
    ];
  };
  services = {
--- a/hosts/buckwheat/home.nix
+++ b/hosts/buckwheat/home.nix
@ -1,10 +1,6 @@
 # Buckwheat home.nix
 { config, lib, pkgs, inputs, user, ... }:
 {
-  home.packages = with pkgs; [
-    mixxx
-    virt-manager
-  ];
  services = {
    udiskie = {
      enable = true;
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -25,4 +25,28 @@
      }
    ];
  };
+  fireweed = lib.nixosSystem {
+    inherit system;
+    specialArgs = { inherit user inputs; };
+    modules = [ 
+      ../nixos/all.nix
+      ../nixos/cli.nix
+      ../nixos/gui.nix
+      ../nixos/pentest.nix
+      ./fireweed/configuration.nix
+      home-manager.nixosModules.home-manager {
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.extraSpecialArgs = { inherit user; };
+        home-manager.users.${user.name} = {
+          imports = [
+            ../home-manager/all.nix
+            ../home-manager/cli.nix
+            ../home-manager/gui.nix
+            ./fireweed/home.nix
+          ];
+        };
+      }
+    ];
+  };
 }
--- a/hosts/fireweed/configuration.nix
+++ b/hosts/fireweed/configuration.nix
@ -0,0 +1,61 @@
+# Buckwheat configuration.nix
+{ config, lib, pkgs, inputs, user, ... }:
+let
+  hostname="fireweed";
+in
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+  boot = {
+    loader = {
+      systemd-boot = {
+        enable = true;
+        configurationLimit = 10;
+      };
+      efi.canTouchEfiVariables = true;
+      efi.efiSysMountPoint = "/boot/efi";
+      timeout = 2;
+    };
+
+    # Hardware-configuration edits
+    kernel.sysctl."net.ipv4.ip_forward" = 1;
+
+    # Clean /tmp at boot
+    tmp.cleanOnBoot = true;
+  };
+  networking = {
+    hostName = "${hostname}"; # Define your hostname.
+    firewall = {
+      # To disable the firewall altogether:
+      # enable = false;
+      allowedTCPPorts = [ 445 139 ];
+      allowedUDPPorts = [ 137 138 ];
+    };
+    # Proxy configuration
+    # proxy = {
+    #   default = "http://user:password@proxy:port/";
+    #   noProxy = "127.0.0.1,localhost,internal.domain";
+    # };
+  };
+  users.users.${user.name} = {
+    extraGroups = [ "davfs2" ];
+    packages = [
+    ];
+  };
+  services = {
+    davfs2 = {
+      enable = true;
+    };
+    mullvad-vpn = {
+      enable = true;
+      package = pkgs.mullvad-vpn;
+    };
+    udisks2 = {
+      enable = true;
+      mountOnMedia = true;
+    };
+    # Enable automatic login for the user.
+    # getty.autologinUser = "${user.name}";
+  };
+}
--- a/hosts/fireweed/hardware-configuration.nix
+++ b/hosts/fireweed/hardware-configuration.nix
@ -0,0 +1,64 @@
+# Buckwheat hardware-configuration.nix
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "uas" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ "amdgpu" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/c9833e85-0ea9-45a9-b65d-039c8c4f71f3";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot/efi" = {
+    device = "/dev/disk/by-uuid/5E0D-1487";
+    fsType = "vfat";
+  };
+
+  fileSystems."/mnt/daily" = {
+    device = "/dev/disk/by-uuid/bfdd61f6-2d26-4140-94ac-e60c21636dde";
+    fsType = "ext4";
+  };
+
+  fileSystems."/mnt/weekly" = {
+    device = "/dev/disk/by-uuid/56f7fd65-bf5d-4ce6-830a-ea8fbf6610af";
+    fsType = "ext4";
+  };
+
+  fileSystems."/mnt/videos" = {
+    device = "/dev/disk/by-uuid/e1f9cf9a-4147-4849-83e2-4baa342b6400";
+    fsType = "ext4";
+  };
+
+  #fileSystems."/media" =
+  #  { device = "/mnt/videos";
+  #    fsType = "none";
+  #    options = [ "bind" ];
+  #  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.virbr0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.virbr1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.virbr2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.virbr3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wg-mullvad.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/fireweed/home.nix
+++ b/hosts/fireweed/home.nix
@ -0,0 +1,19 @@
+# Buckwheat home.nix
+{ config, lib, pkgs, inputs, user, ... }:
+{
+  services = {
+    udiskie = {
+      enable = true;
+      automount = true;
+      notify = true;
+      settings = {
+        program_options = {
+          udisks_version = 2;
+        };
+        icon_names.media = [
+          "media-optical"
+        ];
+      };
+    };
+  };
+}
--- a/nixos/cli.nix
+++ b/nixos/cli.nix
@ -72,7 +72,7 @@
    catgirl
    cava
    cifs-utils
-    #cmus
+    cmus
    curlie
    dig
    dogdns
--- a/nixos/gui.nix
+++ b/nixos/gui.nix
@ -81,7 +81,6 @@
    scrot
    signal-desktop
    surf
-    tabbed
    tor-browser-bundle-bin
    urlview
  ];
@ -91,7 +90,6 @@
    hsetroot
    networkmanagerapplet
    notify-desktop
-    #pa_applet
    sxhkd
    trayer
    xbanish