added stuff

2024-04-09 23:11:33 +02:00 · 2024-04-09 23:11:33 +02:00 · 9d0ebdfbd0
commit 9d0ebdfbd0
parent e8d9044d2b
907 changed files with 70990 additions and 0 deletions
--- a/nyx/hosts/hermes/default.nix
+++ b/nyx/hosts/hermes/default.nix
@ -0,0 +1,10 @@
+{
+  imports = [
+    ./fs
+    ./modules
+
+    ./encryption.nix
+    ./networking.nix
+    ./system.nix
+  ];
+}
--- a/nyx/hosts/hermes/encryption.nix
+++ b/nyx/hosts/hermes/encryption.nix
@ -0,0 +1,27 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  # mildly improves performance for the disk encryption
+  boot.initrd.availableKernelModules = [
+    "aesni_intel"
+    "cryptd"
+    "usb_storage"
+  ];
+
+  services.lvm.enable = lib.mkForce true;
+
+  boot.initrd.luks.devices."enc" = {
+    # improve performance on ssds
+    bypassWorkqueues = true;
+    preLVM = true;
+
+    # the device with the maching id will be searched for the key file
+    # keyFile = "/dev/disk/by-id/usb-Generic_Flash_Disk_B314B63E-0:0";
+    # keyFileSize = 4096;
+
+    # if keyfile is not there, fall back to cryptsetup password
+    fallbackToPassword = !config.boot.initrd.systemd.enable; # IMPLIED BY config.boot.initrd.systemd.enable
+  };
+}
--- a/nyx/hosts/hermes/fs/default.nix
+++ b/nyx/hosts/hermes/fs/default.nix
@ -0,0 +1,46 @@
+{
+  boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/0eb8b547-3644-4d49-a4e9-c28c395b8568";
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/c9527aaf-947d-4dc0-88ab-3af438e3f5b1";
+      fsType = "btrfs";
+      options = ["subvol=root" "compress=zstd" "noatime"];
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/4F12-E737";
+      fsType = "vfat";
+    };
+
+    "/nix" = {
+      device = "/dev/disk/by-uuid/c9527aaf-947d-4dc0-88ab-3af438e3f5b1";
+      fsType = "btrfs";
+      options = ["subvol=nix" "compress=zstd" "noatime"];
+    };
+
+    "/persist" = {
+      device = "/dev/disk/by-uuid/c9527aaf-947d-4dc0-88ab-3af438e3f5b1";
+      fsType = "btrfs";
+      neededForBoot = true;
+      options = ["subvol=persist" "compress=zstd" "noatime"];
+    };
+
+    "/var/log" = {
+      device = "/dev/disk/by-uuid/c9527aaf-947d-4dc0-88ab-3af438e3f5b1";
+      fsType = "btrfs";
+      neededForBoot = true;
+      options = ["subvol=log" "compress=zstd" "noatime"];
+    };
+
+    "/home" = {
+      device = "/dev/disk/by-uuid/c9527aaf-947d-4dc0-88ab-3af438e3f5b1";
+      fsType = "btrfs";
+      options = ["subvol=home" "compress=zstd"];
+    };
+  };
+
+  swapDevices = [
+    {device = "/dev/disk/by-uuid/b55b09f2-b567-4fbf-9150-b05b91710ca2";}
+  ];
+}
--- a/nyx/hosts/hermes/modules/default.nix
+++ b/nyx/hosts/hermes/modules/default.nix
@ -0,0 +1,9 @@
+{
+  imports = [
+    ./device.nix
+    ./profiles.nix
+    ./system.nix
+    ./usrEnv.nix
+    ./style.nix
+  ];
+}
--- a/nyx/hosts/hermes/modules/device.nix
+++ b/nyx/hosts/hermes/modules/device.nix
@ -0,0 +1,15 @@
+{
+  modules.device = {
+    type = "laptop";
+    cpu = {
+      type = "amd";
+      amd.pstate.enable = true;
+      amd.zenpower.enable = true;
+    };
+    gpu.type = "amd";
+    monitors = ["eDP-1"];
+    hasBluetooth = true;
+    hasSound = true;
+    hasTPM = true;
+  };
+}
--- a/nyx/hosts/hermes/modules/profiles.nix
+++ b/nyx/hosts/hermes/modules/profiles.nix
@ -0,0 +1,6 @@
+{
+  config.modules.profiles = {
+    workstation.enable = true;
+    gaming.enable = true;
+  };
+}
--- a/nyx/hosts/hermes/modules/style.nix
+++ b/nyx/hosts/hermes/modules/style.nix
@ -0,0 +1,48 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  config.modules.style = {
+    forceGtk = true;
+
+    gtk = {
+      usePortal = true;
+      theme = {
+        name = "Catppuccin-Mocha-Standard-Blue-Dark";
+        package = pkgs.catppuccin-gtk.override {
+          size = "standard";
+          accents = ["blue"];
+          variant = "mocha";
+          tweaks = ["normal"];
+        };
+      };
+
+      iconTheme = {
+        name = "Papirus-Dark";
+        package = pkgs.catppuccin-papirus-folders.override {
+          accent = "blue";
+          flavor = "mocha";
+        };
+      };
+
+      font = {
+        name = "Lexend";
+        size = 14;
+      };
+    };
+
+    qt = {
+      theme = {
+        name = "Catppuccin-Mocha-Dark";
+        package = pkgs.catppuccin-kde.override {
+          flavour = ["mocha"];
+          accents = ["blue"];
+          winDecStyles = ["modern"];
+        };
+      };
+
+      kdeglobals.source = "${config.modules.style.qt.theme.package}" + "/share/color-schemes/CatppuccinMochaBlue.colors";
+    };
+  };
+}
--- a/nyx/hosts/hermes/modules/system.nix
+++ b/nyx/hosts/hermes/modules/system.nix
@ -0,0 +1,71 @@
+{pkgs, ...}: {
+  modules.system = {
+    mainUser = "notashelf";
+    fs = ["btrfs" "ext4" "vfat"];
+    impermanence.root.enable = true;
+
+    boot = {
+      secureBoot = false;
+      kernel = pkgs.linuxPackages_xanmod_latest;
+      plymouth.enable = true;
+      loader = "systemd-boot";
+      enableKernelTweaks = true;
+      initrd.enableTweaks = true;
+      loadRecommendedModules = true;
+      tmpOnTmpfs = true;
+    };
+
+    encryption = {
+      enable = true;
+      device = "enc";
+    };
+
+    yubikeySupport.enable = true;
+    autoLogin = true;
+
+    video.enable = true;
+    sound.enable = true;
+    bluetooth.enable = true;
+    printing.enable = true;
+    emulation.enable = true;
+
+    networking = {
+      optimizeTcp = true;
+      nftables.enable = true;
+      tailscale = {
+        enable = true;
+        isClient = true;
+      };
+    };
+
+    security = {
+      fixWebcam = false;
+      lockModules = true;
+      usbguard.enable = true;
+    };
+
+    virtualization = {
+      enable = true;
+      docker.enable = false;
+      qemu.enable = true;
+      podman.enable = false;
+    };
+
+    programs = {
+      cli.enable = true;
+      gui.enable = true;
+
+      spotify.enable = true;
+
+      git.signingKey = "0x02D1DD3FA08B6B29";
+
+      gaming = {
+        enable = true;
+      };
+
+      default = {
+        terminal = "foot";
+      };
+    };
+  };
+}
--- a/nyx/hosts/hermes/modules/usrEnv.nix
+++ b/nyx/hosts/hermes/modules/usrEnv.nix
@ -0,0 +1,17 @@
+{
+  modules.usrEnv = {
+    desktop = "Hyprland";
+    useHomeManager = true;
+
+    programs = {
+      media.mpv.enable = true;
+
+      launchers = {
+        anyrun.enable = true;
+        tofi.enable = true;
+      };
+
+      screenlock.swaylock.enable = true;
+    };
+  };
+}
--- a/nyx/hosts/hermes/networking.nix
+++ b/nyx/hosts/hermes/networking.nix
@ -0,0 +1,93 @@
+{
+  #  we don't want the kernel setting up interfaces magically for us
+  boot.extraModprobeConfig = "options bonding max_bonds=0";
+  networking = {
+    useDHCP = false;
+    useNetworkd = false;
+  };
+
+  systemd.network = {
+    enable = true;
+
+    wait-online = {
+      enable = false;
+      anyInterface = true;
+      extraArgs = ["--ipv4"];
+    };
+
+    networks = {
+      # leave the kernel dummy devies unmanagaed
+      "10-dummy" = {
+        matchConfig.Name = "dummy*";
+        networkConfig = {};
+        # linkConfig.ActivationPolicy = "always-down";
+        linkConfig.Unmanaged = "yes";
+      };
+
+      # let me configure tailscale manually
+      "20-tailscale-ignore" = {
+        matchConfig.Name = "tailscale*";
+        linkConfig = {
+          Unmanaged = "yes";
+          RequiredForOnline = false;
+        };
+      };
+
+      "30-network-defaults-wired" = {
+        # matchConfig.Name = "en* | eth* | usb*";
+        matchConfig.Type = "ether";
+        networkConfig = {
+          DHCP = "yes";
+          IPv6AcceptRA = true;
+          IPForward = "yes";
+          IPMasquerade = "no";
+        };
+
+        dhcpV4Config = {
+          ClientIdentifier = "duid"; # "mac"
+          Use6RD = "yes";
+          RouteMetric = 512;
+          UseDNS = false;
+          DUIDType = "link-layer";
+        };
+
+        dhcpV6Config = {
+          RouteMetric = 512;
+          PrefixDelegationHint = "::64";
+          UseDNS = false;
+          DUIDType = "link-layer";
+        };
+      };
+
+      "30-network-defaults-wireless" = {
+        # matchConfig.Name = "wl*";
+        matchConfig.Type = "wlan";
+        networkConfig = {
+          DHCP = "yes";
+          IPv6AcceptRA = true;
+          IPForward = "yes";
+          IPMasquerade = "no";
+        };
+
+        dhcpV4Config = {
+          ClientIdentifier = "mac";
+          RouteMetric = 1500;
+          UseDNS = true;
+          DUIDType = "link-layer";
+          Use6RD = "yes";
+        };
+
+        dhcpV6Config = {
+          RouteMetric = 1500;
+          UseDNS = true;
+          DUIDType = "link-layer";
+          # routes = [
+          #   { routeConfig = { Gateway = "_dhcp4"; Metric = 1500; }; }
+          #   { routeConfig = { Gateway = "_ipv6ra"; Metric = 1500; }; }
+          # ];
+          PrefixDelegationHint = "::64";
+        };
+      };
+    };
+  };
+}
--- a/nyx/hosts/hermes/system.nix
+++ b/nyx/hosts/hermes/system.nix
@ -0,0 +1,13 @@
+{self, ...}: {
+  config = {
+    boot.kernelParams = [
+      "i8042.nomux" # Don't check presence of an active multiplexing controller
+      "i8042.nopnp" # Don't use ACPIPn<P / PnPBIOS to discover KBD/AUX controllers
+    ];
+
+    system = {
+      stateVersion = "23.05";
+      configurationRevision = self.rev or "dirty";
+    };
+  };
+}