hosts: add blacksteel
This commit is contained in:
parent
a445c7a94b
commit
63ccaec8c7
6 changed files with 122 additions and 10 deletions
|
@ -5,9 +5,11 @@ keys:
|
||||||
# Hosts
|
# Hosts
|
||||||
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
||||||
- &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
|
- &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
|
||||||
|
- &blacksteel age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets.yaml$
|
- path_regex: secrets.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *guanranwang
|
- *guanranwang
|
||||||
- *aristotle
|
- *aristotle
|
||||||
|
- *blacksteel
|
||||||
|
|
|
@ -142,6 +142,7 @@
|
||||||
### NixOS
|
### NixOS
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
"aristotle" = mkNixOS "x86_64-linux" [./hosts/aristotle];
|
"aristotle" = mkNixOS "x86_64-linux" [./hosts/aristotle];
|
||||||
|
"blacksteel" = mkNixOS "x86_64-linux" [./hosts/blacksteel];
|
||||||
};
|
};
|
||||||
|
|
||||||
### Darwin
|
### Darwin
|
||||||
|
|
27
hosts/blacksteel/anti-feature.nix
Normal file
27
hosts/blacksteel/anti-feature.nix
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
{lib, ...}: {
|
||||||
|
nixpkgs.config = {
|
||||||
|
# only needed on older version of nvidia
|
||||||
|
#nvidia.acceptLicense = true;
|
||||||
|
|
||||||
|
allowNonSource = false;
|
||||||
|
allowNonSourcePredicate = pkg:
|
||||||
|
builtins.elem (lib.getName pkg) [
|
||||||
|
"adoptopenjdk-hotspot-bin"
|
||||||
|
"cargo-bootstrap"
|
||||||
|
"cef-binary"
|
||||||
|
"rustc-bootstrap"
|
||||||
|
"rustc-bootstrap-wrapper"
|
||||||
|
"sof-firmware"
|
||||||
|
"spotify"
|
||||||
|
"vscodium"
|
||||||
|
];
|
||||||
|
|
||||||
|
allowUnfree = false;
|
||||||
|
allowUnfreePredicate = pkg:
|
||||||
|
builtins.elem (lib.getName pkg) [
|
||||||
|
"nvidia-x11"
|
||||||
|
"spotify"
|
||||||
|
"broadcom-sta"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
24
hosts/blacksteel/default.nix
Normal file
24
hosts/blacksteel/default.nix
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{...}: {
|
||||||
|
imports = [
|
||||||
|
# OS
|
||||||
|
../../nixos/profiles/laptop
|
||||||
|
../../nixos/profiles/common/opt-in/zram-generator.nix
|
||||||
|
../../nixos/profiles/common/opt-in/clash-meta-client
|
||||||
|
|
||||||
|
# Hardware
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./anti-feature.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.hostName = "blacksteel";
|
||||||
|
time.timeZone = "Asia/Shanghai";
|
||||||
|
|
||||||
|
# TODOs:
|
||||||
|
# [x] networkmanager - > iwd
|
||||||
|
# [ ] nouveau -> nvidia
|
||||||
|
# [ ] secureboot (???)
|
||||||
|
# [ ] impermanence
|
||||||
|
# [ ] backlight is always 33% when booted up
|
||||||
|
# [ ] fan is *blasting* even after I installed mbpfans
|
||||||
|
# [ ] audio quality isnt too great (compared to macOS, or i might have wooden ears)
|
||||||
|
}
|
49
hosts/blacksteel/hardware-configuration.nix
Normal file
49
hosts/blacksteel/hardware-configuration.nix
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
{
|
||||||
|
inputs,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
inputs.nixpkgs.nixosModules.notDetected
|
||||||
|
inputs.nixos-hardware.nixosModules.apple-macbook-pro
|
||||||
|
inputs.nixos-hardware.nixosModules.common-cpu-intel
|
||||||
|
inputs.nixos-hardware.nixosModules.common-gpu-intel
|
||||||
|
#inputs.nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
|
||||||
|
inputs.nixos-hardware.nixosModules.common-hidpi
|
||||||
|
inputs.nixos-hardware.nixosModules.common-pc-laptop
|
||||||
|
inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
|
||||||
|
];
|
||||||
|
|
||||||
|
myFlake.hardware.components = {
|
||||||
|
audio.enable = true;
|
||||||
|
bluetooth.enable = true;
|
||||||
|
tpm.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
|
||||||
|
boot.kernelModules = ["kvm-intel" "wl"];
|
||||||
|
boot.extraModulePackages = [config.boot.kernelPackages.broadcom_sta];
|
||||||
|
|
||||||
|
|
||||||
|
#hardware.nvidia.modesetting.enable = true;
|
||||||
|
#hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = "x86_64-linux";
|
||||||
|
system.stateVersion = "23.11";
|
||||||
|
|
||||||
|
# no disko because dual booting with macOS isnt very flexible
|
||||||
|
boot.initrd.luks.devices."luks-8c26de19-f0d4-4ac7-a73c-a28dafd30544".device = "/dev/disk/by-uuid/8c26de19-f0d4-4ac7-a73c-a28dafd30544";
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/disk/by-uuid/ab9b92a9-b67b-43b4-b0d9-9dd59ccd594b";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["subvol=@"];
|
||||||
|
};
|
||||||
|
"/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/E5DE-9C92";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [];
|
||||||
|
}
|
29
secrets.yaml
29
secrets.yaml
|
@ -18,20 +18,29 @@ sops:
|
||||||
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0RFg4SlluSVhQd0wvdE5l
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXL3R3UWF2UjFBZXlVWmEr
|
||||||
T0ZoQ3ZYdFBxcFE2bnBNM1pKL0MrTGtKVmk4Ci9kUE5hWWVBZFR3NVJDQ3htSzdi
|
L3Nva3ZnMW9kUVN0bzhlVlE3UWRWSlRqY3lzCmp4SDlkZUdIQmFMb1UrWWk3SXBI
|
||||||
YjNpelRBbEh6OVVBTU5mbHNtenJXNXMKLS0tIEQ5VmZNMWFFQmltc0JKcGZOTmVv
|
TExucEFodlZaZjFGQ3lkOWh1NFFsckUKLS0tIEZTL0QvZmVVWlVBOWtVczFaYnFl
|
||||||
V0tISUZkbXRUR0U4UzA4UlRuKzJkUjQKHgY1Hp6slqeHlchclqSvpSXeBbaHKdfY
|
ejFYb0J0dmtSL0VURDBHZEhER0FZeEUKErLL9cf65O/YmLt0JVpdXuK2sXLh4x/O
|
||||||
9U6QKaMHyUgjblXJl9gKRl6niJgHArSRADC44rTMF2/lSvHwFyNYRg==
|
YVv9lzzECDAMZbh2RScw5z91zWM9kB5vx17XrpcUnF4ouH+jnlOx8Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
|
- recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRE54b3l5WTM1NHk4UFpZ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHN2RPVVFlYzlyRitlS0Fn
|
||||||
MEpaSHJ5M2MzMWdVY0cyRElxS09JM2NUOUZJCkdKT1hFcjMrUDN6NjArb3lrTUds
|
SGJaR2srdExaT3V5dFd3OFFraXBlbVY0K2d3CnNRUmFkSHJuTWlUeW9haS9lQ2N2
|
||||||
Y1BkNTVpdnZybmY5WE14Q2QrWEpseE0KLS0tIC9lblVvSzkzYVFSNEVPYTFJWThm
|
S3JmU3FmWUtLblRoYnRwK05OY05RK0kKLS0tIGQ2d2REbkFuQnFkT1I1QnFIc1Z6
|
||||||
bEdVQ0dicTVaRkJUNFB0d3Y1S1hmL3MKFVPyIyjRkQcdimUE/tWxQzQU1cqkB5lN
|
TlhnYmhQWnRBWG1CeWp6bktmemNxbk0KXYImIHhtlXUS2H+Ot81zGbC/BaMkba8D
|
||||||
o+7a8JuA5gOxG7OInWbfkDe9/wSFCJW2S5z9jON/tLy6atPdmPYUdg==
|
GUJeizpBBbA6BSjeQYx1Hd/mJJ4eqbN9abnLgYhQ42i9KfWWC4Eu1w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0N2FtN1UvTXQ3MXZPQVN2
|
||||||
|
bTBCQzR1cmhhdmV5K0g4ODZySk42V09aZVE0CndxWTRVZS9Pek85VU1nK1hEYjc5
|
||||||
|
RnFjZEFmVytIYVBtN1IxOU1uSHVLUGcKLS0tIFB2UzlFeFJWOGJ3SFBDNENxT1FN
|
||||||
|
MFdBdDhnbWFwTVd1aFgvUHdRZkhTV3MKIcvIbGmAMVAu5KcOi8xsjIvwAzp8etAn
|
||||||
|
cXbkj9HfU/FHWv2fJNC/2Dda3AKKfDFNQJIk0MYOuyFR+JMu6Dah/g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-02-12T06:09:46Z"
|
lastmodified: "2024-02-12T06:09:46Z"
|
||||||
mac: ENC[AES256_GCM,data:EYe/XOQo+zbsx/2Iwqa8o2Ez2MoE+OacQnXSwyL+YM5olk7uvDFnnnfDBIth5tIqsXJ3HzJqW82rTotwUCrQ7UYbfwq72j3gIF18XQe+n1ahoTBkzudBFXJb84sY7tQDexUzA+SC3LTIJGiHItZ+H23ou6iKFEU6V6FCdJRlLb8=,iv:XDeKRZfx9Lej9Ql4jY/gMWGlY+thx9y4bXRanhOAa3E=,tag:6c91OAH3bAjndpQr+0e90g==,type:str]
|
mac: ENC[AES256_GCM,data:EYe/XOQo+zbsx/2Iwqa8o2Ez2MoE+OacQnXSwyL+YM5olk7uvDFnnnfDBIth5tIqsXJ3HzJqW82rTotwUCrQ7UYbfwq72j3gIF18XQe+n1ahoTBkzudBFXJb84sY7tQDexUzA+SC3LTIJGiHItZ+H23ou6iKFEU6V6FCdJRlLb8=,iv:XDeKRZfx9Lej9Ql4jY/gMWGlY+thx9y4bXRanhOAa3E=,tag:6c91OAH3bAjndpQr+0e90g==,type:str]
|
||||||
|
|
Loading…
Reference in a new issue