diff --git a/flake.lock b/flake.lock index aa7390c..1c00dca 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735468753, + "narHash": "sha256-2dt1nOe9zf9pDkf5Kn7FUFyPRo581s0n90jxYXJ94l0=", + "owner": "nix-community", + "repo": "disko", + "rev": "84a5b93637cc16cbfcc61b6e1684d626df61eb21", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -89,6 +109,7 @@ }, "root": { "inputs": { + "disko": "disko", "flake-parts": "flake-parts", "home-manager": "home-manager", "nix-darwin": "nix-darwin", diff --git a/flake.nix b/flake.nix index 8ac12de..a8321d9 100644 --- a/flake.nix +++ b/flake.nix @@ -12,6 +12,9 @@ treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; flake-parts.url = "github:hercules-ci/flake-parts"; + + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = inputs@{ ... }: diff --git a/home-manager/flake-module.nix b/home-manager/flake-module.nix index 906fbe6..8531d34 100644 --- a/home-manager/flake-module.nix +++ b/home-manager/flake-module.nix @@ -37,7 +37,7 @@ ./modules/1password/darwin.nix ./modules/zsh/darwin-aarch64.nix ]; - linux.imports = [ + x86_64-linux.imports = [ ./modules/1password/linux.nix ./modules/zsh/linux.nix ]; diff --git a/home-manager/modules/1password/linux.nix b/home-manager/modules/1password/linux.nix index 34eb449..3f70087 100644 --- a/home-manager/modules/1password/linux.nix +++ b/home-manager/modules/1password/linux.nix @@ -1,11 +1,10 @@ -{ ... }: +{ config, ... }: { imports = [ ./common.nix ]; - # TODO: configure this properly for Linux _1password = { - sockPath = ""; - sshProgram = ""; + sockPath = "${config.home.homeDirectory}/.1password/agent.sock"; + sshProgram = "/run/current-system/sw/bin/op-ssh-sign"; }; } diff --git a/home-manager/modules/alacritty.nix b/home-manager/modules/alacritty.nix index 23ec345..0663f42 100644 --- a/home-manager/modules/alacritty.nix +++ b/home-manager/modules/alacritty.nix @@ -4,6 +4,37 @@ programs.alacritty = { enable = false; settings = { + # Nord theme taken from: https://github.com/alacritty/alacritty-theme/blob/95a7d695605863ede5b7430eb80d9e80f5f504bc/themes/nord.toml + colors = { + primary = { + background = "#2E3440"; + foreground = "#D8DEE9"; + }; + normal = { + black = "#3B4252"; + red = "#BF616A"; + green = "#A3BE8C"; + yellow = "#EBCB8B"; + blue = "#81A1C1"; + magenta = "#B48EAD"; + cyan = "#88C0D0"; + white = "#E5E9F0"; + }; + bright = { + black = "#4C566A"; + red = "#BF616A"; + green = "#A3BE8C"; + yellow = "#EBCB8B"; + blue = "#81A1C1"; + magenta = "#B48EAD"; + cyan = "#8FBCBB"; + white = "#ECEFF4"; + }; + }; + font.normal = { + family = "FiraCode Nerd Font"; + style = "Regular"; + }; window = { dynamic_title = false; option_as_alt = "Both"; diff --git a/home-manager/modules/zellij.nix b/home-manager/modules/zellij.nix index f39a5a9..8fd1580 100644 --- a/home-manager/modules/zellij.nix +++ b/home-manager/modules/zellij.nix @@ -6,6 +6,7 @@ enableZshIntegration = true; settings = { default_layout = "compact"; + default_mode = "locked"; on_force_close = "quit"; theme = "nord"; ui.pane_frames.rounded_corners = true; diff --git a/hosts/flake-module.nix b/hosts/flake-module.nix index 9436e12..91dd186 100644 --- a/hosts/flake-module.nix +++ b/hosts/flake-module.nix @@ -22,6 +22,7 @@ home-manager.users.francis = { imports = [ self.homeModules.common + # TODO: rename to aarch64-darwin self.homeModules.darwin-aarch64 ]; }; @@ -29,5 +30,33 @@ ]; }; }; + nixosConfigurations = { + "t420" = inputs.nixpkgs.lib.nixosSystem { + modules = [ + ./t420 + self.nixosModules.common + inputs.home-manager.nixosModules.home-manager + inputs.disko.nixosModules.default + { + nixpkgs.hostPlatform = "x86_64-linux"; + + networking.hostName = "t420"; + + # These 2 lines are needed to ensure we reuse the nixpkgs config + # so that we allow unfree packages + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + + # TODO: parameterize this + home-manager.users.francis = { + imports = [ + self.homeModules.common + self.homeModules.x86_64-linux + ]; + }; + } + ]; + }; + }; }; } diff --git a/hosts/t420/default.nix b/hosts/t420/default.nix new file mode 100644 index 0000000..dcd5989 --- /dev/null +++ b/hosts/t420/default.nix @@ -0,0 +1,43 @@ +{ pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + ]; + + boot.loader.systemd-boot.enable = true; + + networking.networkmanager.enable = true; + + services.xserver = { + enable = true; + desktopManager.gnome.enable = true; + displayManager.gdm.enable = true; + }; + + services.pipewire = { + enable = true; + pulse.enable = true; + }; + + users.defaultUserShell = pkgs.zsh; + + users.users.francis = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" ]; + initialPassword = "qwerty12345"; + }; + + programs.firefox.enable = true; + + programs.zsh.enable = true; + + programs._1password.enable = true; + programs._1password-gui = { + enable = true; + polkitPolicyOwners = [ "francis" ]; + }; + + system.stateVersion = "24.11"; +} diff --git a/hosts/t420/disk-config.nix b/hosts/t420/disk-config.nix new file mode 100644 index 0000000..61e29a9 --- /dev/null +++ b/hosts/t420/disk-config.nix @@ -0,0 +1,64 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + settings.allowDiscards = true; + passwordFile = "/tmp/secret.key"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + home = { + size = "10G"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/home"; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/t420/hardware-configuration.nix b/hosts/t420/hardware-configuration.nix new file mode 100644 index 0000000..543ec0b --- /dev/null +++ b/hosts/t420/hardware-configuration.nix @@ -0,0 +1,27 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "firewire_ohci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/flake-module.nix b/modules/flake-module.nix index 21ee6e7..b0c1587 100644 --- a/modules/flake-module.nix +++ b/modules/flake-module.nix @@ -8,9 +8,6 @@ gc = { automatic = true; - interval = { - Weekday = 0; - }; options = "--delete-older-than 30d"; };