nyancat/flake
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

hosts: add blacksteel

Browse source
This commit is contained in:
Guanran Wang 2024-02-13 12:01:59 +08:00
parent a445c7a94b
commit 63ccaec8c7
Signed by: nyancat
SSH key fingerprint: SHA256:8oWGKciPALWut/6WA27oFKofX+6Wtc0gQnsefXLQx/8
6 changed files with 122 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -5,9 +5,11 @@ keys:
# Hosts # Hosts
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' # nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
- &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp - &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
- &blacksteel age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
creation_rules: creation_rules:
- path_regex: secrets.yaml$ - path_regex: secrets.yaml$
key_groups: key_groups:
- age: - age:
- *guanranwang - *guanranwang
- *aristotle - *aristotle
- *blacksteel

1
flake.nix
View file

@ -142,6 +142,7 @@
### NixOS ### NixOS
nixosConfigurations = { nixosConfigurations = {
"aristotle" = mkNixOS "x86_64-linux" [./hosts/aristotle]; "aristotle" = mkNixOS "x86_64-linux" [./hosts/aristotle];
"blacksteel" = mkNixOS "x86_64-linux" [./hosts/blacksteel];
}; };
### Darwin ### Darwin

27
hosts/blacksteel/anti-feature.nix Normal file
View file

@ -0,0 +1,27 @@
{lib, ...}: {
nixpkgs.config = {
# only needed on older version of nvidia
#nvidia.acceptLicense = true;
allowNonSource = false;
allowNonSourcePredicate = pkg:
builtins.elem (lib.getName pkg) [
"adoptopenjdk-hotspot-bin"
"cargo-bootstrap"
"cef-binary"
"rustc-bootstrap"
"rustc-bootstrap-wrapper"
"sof-firmware"
"spotify"
"vscodium"
];
allowUnfree = false;
allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"nvidia-x11"
"spotify"
"broadcom-sta"
];
};
}

24
hosts/blacksteel/default.nix Normal file
View file

@ -0,0 +1,24 @@
{...}: {
imports = [
# OS
../../nixos/profiles/laptop
../../nixos/profiles/common/opt-in/zram-generator.nix
../../nixos/profiles/common/opt-in/clash-meta-client
# Hardware
./hardware-configuration.nix
./anti-feature.nix
];
networking.hostName = "blacksteel";
time.timeZone = "Asia/Shanghai";
# TODOs:
# [x] networkmanager - > iwd
# [ ] nouveau -> nvidia
# [ ] secureboot (???)
# [ ] impermanence
# [ ] backlight is always 33% when booted up
# [ ] fan is *blasting* even after I installed mbpfans
# [ ] audio quality isnt too great (compared to macOS, or i might have wooden ears)
}

49
hosts/blacksteel/hardware-configuration.nix Normal file
View file

@ -0,0 +1,49 @@
{
inputs,
config,
...
}: {
imports = [
inputs.nixpkgs.nixosModules.notDetected
inputs.nixos-hardware.nixosModules.apple-macbook-pro
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-gpu-intel
#inputs.nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
inputs.nixos-hardware.nixosModules.common-hidpi
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
];
myFlake.hardware.components = {
audio.enable = true;
bluetooth.enable = true;
tpm.enable = true;
};
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
boot.kernelModules = ["kvm-intel" "wl"];
boot.extraModulePackages = [config.boot.kernelPackages.broadcom_sta];
#hardware.nvidia.modesetting.enable = true;
#hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
nixpkgs.hostPlatform = "x86_64-linux";
system.stateVersion = "23.11";
# no disko because dual booting with macOS isnt very flexible
boot.initrd.luks.devices."luks-8c26de19-f0d4-4ac7-a73c-a28dafd30544".device = "/dev/disk/by-uuid/8c26de19-f0d4-4ac7-a73c-a28dafd30544";
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/ab9b92a9-b67b-43b4-b0d9-9dd59ccd594b";
fsType = "btrfs";
options = ["subvol=@"];
};
"/boot" = {
device = "/dev/disk/by-uuid/E5DE-9C92";
fsType = "vfat";
};
};
swapDevices = [];
}

29
secrets.yaml
View file

@ -18,20 +18,29 @@ sops:
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq - recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0RFg4SlluSVhQd0wvdE5l YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXL3R3UWF2UjFBZXlVWmEr
T0ZoQ3ZYdFBxcFE2bnBNM1pKL0MrTGtKVmk4Ci9kUE5hWWVBZFR3NVJDQ3htSzdi L3Nva3ZnMW9kUVN0bzhlVlE3UWRWSlRqY3lzCmp4SDlkZUdIQmFMb1UrWWk3SXBI
YjNpelRBbEh6OVVBTU5mbHNtenJXNXMKLS0tIEQ5VmZNMWFFQmltc0JKcGZOTmVv TExucEFodlZaZjFGQ3lkOWh1NFFsckUKLS0tIEZTL0QvZmVVWlVBOWtVczFaYnFl
V0tISUZkbXRUR0U4UzA4UlRuKzJkUjQKHgY1Hp6slqeHlchclqSvpSXeBbaHKdfY ejFYb0J0dmtSL0VURDBHZEhER0FZeEUKErLL9cf65O/YmLt0JVpdXuK2sXLh4x/O
9U6QKaMHyUgjblXJl9gKRl6niJgHArSRADC44rTMF2/lSvHwFyNYRg== YVv9lzzECDAMZbh2RScw5z91zWM9kB5vx17XrpcUnF4ouH+jnlOx8Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp - recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRE54b3l5WTM1NHk4UFpZ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHN2RPVVFlYzlyRitlS0Fn
MEpaSHJ5M2MzMWdVY0cyRElxS09JM2NUOUZJCkdKT1hFcjMrUDN6NjArb3lrTUds SGJaR2srdExaT3V5dFd3OFFraXBlbVY0K2d3CnNRUmFkSHJuTWlUeW9haS9lQ2N2
Y1BkNTVpdnZybmY5WE14Q2QrWEpseE0KLS0tIC9lblVvSzkzYVFSNEVPYTFJWThm S3JmU3FmWUtLblRoYnRwK05OY05RK0kKLS0tIGQ2d2REbkFuQnFkT1I1QnFIc1Z6
bEdVQ0dicTVaRkJUNFB0d3Y1S1hmL3MKFVPyIyjRkQcdimUE/tWxQzQU1cqkB5lN TlhnYmhQWnRBWG1CeWp6bktmemNxbk0KXYImIHhtlXUS2H+Ot81zGbC/BaMkba8D
o+7a8JuA5gOxG7OInWbfkDe9/wSFCJW2S5z9jON/tLy6atPdmPYUdg== GUJeizpBBbA6BSjeQYx1Hd/mJJ4eqbN9abnLgYhQ42i9KfWWC4Eu1w==
-----END AGE ENCRYPTED FILE-----
- recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0N2FtN1UvTXQ3MXZPQVN2
bTBCQzR1cmhhdmV5K0g4ODZySk42V09aZVE0CndxWTRVZS9Pek85VU1nK1hEYjc5
RnFjZEFmVytIYVBtN1IxOU1uSHVLUGcKLS0tIFB2UzlFeFJWOGJ3SFBDNENxT1FN
MFdBdDhnbWFwTVd1aFgvUHdRZkhTV3MKIcvIbGmAMVAu5KcOi8xsjIvwAzp8etAn
cXbkj9HfU/FHWv2fJNC/2Dda3AKKfDFNQJIk0MYOuyFR+JMu6Dah/g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-12T06:09:46Z" lastmodified: "2024-02-12T06:09:46Z"
mac: ENC[AES256_GCM,data:EYe/XOQo+zbsx/2Iwqa8o2Ez2MoE+OacQnXSwyL+YM5olk7uvDFnnnfDBIth5tIqsXJ3HzJqW82rTotwUCrQ7UYbfwq72j3gIF18XQe+n1ahoTBkzudBFXJb84sY7tQDexUzA+SC3LTIJGiHItZ+H23ou6iKFEU6V6FCdJRlLb8=,iv:XDeKRZfx9Lej9Ql4jY/gMWGlY+thx9y4bXRanhOAa3E=,tag:6c91OAH3bAjndpQr+0e90g==,type:str] mac: ENC[AES256_GCM,data:EYe/XOQo+zbsx/2Iwqa8o2Ez2MoE+OacQnXSwyL+YM5olk7uvDFnnnfDBIth5tIqsXJ3HzJqW82rTotwUCrQ7UYbfwq72j3gIF18XQe+n1ahoTBkzudBFXJb84sY7tQDexUzA+SC3LTIJGiHItZ+H23ou6iKFEU6V6FCdJRlLb8=,iv:XDeKRZfx9Lej9Ql4jY/gMWGlY+thx9y4bXRanhOAa3E=,tag:6c91OAH3bAjndpQr+0e90g==,type:str]