diff --git a/flake.nix b/flake.nix index 7947330..db4a9c2 100644 --- a/flake.nix +++ b/flake.nix @@ -93,38 +93,38 @@ }; lib = import ./lib { inherit (nixpkgs) lib; }; formatter = forAllSystems (system: (makePkgs system).nixfmt-tree); - deploy.nodes.harmonica = { - hostname = "192.168.0.11"; - profiles.system = { - user = "osbm"; - path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.harmonica; - }; - }; - packages = forAllSystems ( - system: - let - makeNixosConfigWithSystemOverride = - configName: - nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs outputs; }; - modules = [ - ./hosts/nixos/${configName}/configuration.nix - { nixpkgs.hostPlatform = nixpkgs.lib.mkForce system; } - ]; - }; - dotfilesMachineNames = [ - "ymir" - "pochita" - "tartarus" - "wallfacer" - ]; - in - builtins.listToAttrs ( - map (name: { - name = "${name}-dotfiles"; - value = (makeNixosConfigWithSystemOverride name).config.home-manager.users.osbm.home-files; - }) dotfilesMachineNames - ) - ); + # deploy.nodes.harmonica = { + # hostname = "192.168.0.11"; + # profiles.system = { + # user = "osbm"; + # path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.harmonica; + # }; + # }; + # packages = forAllSystems ( + # system: + # let + # makeNixosConfigWithSystemOverride = + # configName: + # nixpkgs.lib.nixosSystem { + # specialArgs = { inherit inputs outputs; }; + # modules = [ + # ./hosts/nixos/${configName}/configuration.nix + # { nixpkgs.hostPlatform = nixpkgs.lib.mkForce system; } + # ]; + # }; + # dotfilesMachineNames = [ + # "ymir" + # "pochita" + # "tartarus" + # "wallfacer" + # ]; + # in + # builtins.listToAttrs ( + # map (name: { + # name = "${name}-dotfiles"; + # value = (makeNixosConfigWithSystemOverride name).config.home-manager.users.osbm.home-files; + # }) dotfilesMachineNames + # ) + # ); }; } diff --git a/hosts/nixos/apollo/configuration.nix b/hosts/nixos/apollo/configuration.nix index d6f26e2..b9afc97 100644 --- a/hosts/nixos/apollo/configuration.nix +++ b/hosts/nixos/apollo/configuration.nix @@ -6,106 +6,68 @@ { imports = [ ./hardware-configuration.nix - ../../../modules/common-packages.nix - # ../../modules/services/tailscale.nix - # ../../modules/services/openssh.nix - ../../../modules/nix-settings.nix + ../../../modules/nixos inputs.disko.nixosModules.disko inputs.impermanence.nixosModules.impermanence ]; - # osbmModules = { - # enableKDE = false; - # enableFonts = false; - # blockYoutube = false; - # blockTwitter = false; - # }; + osbmModules = { + desktopEnvironment = "none"; + machineType = "server"; + users = [ "osbm" ]; + defaultUser = "osbm"; - i18n.inputMethod.enable = lib.mkForce false; # no need for japanese input method + nixSettings.enable = true; + + programs = { + commandLine.enable = true; + neovim.enable = true; + }; + + services = { + openssh.enable = true; + }; + + hardware = { + sound.enable = false; + hibernation.enable = false; + + # Disable disko module since we have manual disko config in hardware-configuration.nix + disko.enable = false; + }; + }; + + i18n.inputMethod.enable = lib.mkForce false; system.stateVersion = "25.11"; networking.hostName = "apollo"; + networking.hostId = "0f7de22e"; # Required for ZFS - networking.hostId = "0f7de22e"; # Generate your own with: head -c 8 /etc/machine-id + # ZFS configuration + boot.zfs.requestEncryptionCredentials = true; + + # Initrd SSH for remote unlocking + boot.initrd.network.enable = true; + boot.initrd.availableKernelModules = [ "virtio_pci" ]; + boot.initrd.network.ssh = { + enable = true; + port = 22; + shell = "/bin/cryptsetup-askpass"; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfnV+qqUCJf92npNW4Jy0hIiepCJFBDJHXBHnUlNX0k" + ]; + hostKeys = [ "/etc/ssh/initrd" ]; + }; + boot.initrd.secrets = { + "/etc/ssh/initrd" = "/etc/ssh/initrd"; + }; # Enable zram swap zramSwap.enable = true; - users.users.root.initialPassword = "changeme"; + users.users.osbm.initialPassword = "changeme"; users.mutableUsers = false; - # Persistence configuration - environment.persistence."/persist" = { - hideMounts = true; - files = [ - "/etc/machine-id" - ]; - directories = [ - "/var/log" - "/var/lib/tailscale" - "/var/lib/borg" - "/var/lib/nixos" - ]; - }; - - # Remote ZFS unlocking in initrd - boot = { - # Static IP in initrd - adjust these values for your network - kernelParams = [ "ip=152.53.152.129::152.53.152.1:255.255.252.0::ens3:none" ]; - - initrd = { - # Network driver for initrd - change to match your hardware - # Common options: "virtio_pci" (VMs), "e1000e", "igb", "r8169" - availableKernelModules = [ "virtio_pci" ]; - - network = { - enable = true; - ssh = { - enable = true; - port = 2222; - # Generate with: ssh-keygen -t ed25519 -N "" -f /persist/etc/ssh/ssh_host_ed25519_key_initrd - hostKeys = [ "/persist/etc/ssh/ssh_host_ed25519_key_initrd" ]; - # Add your SSH public key here - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfnV+qqUCJf92npNW4Jy0hIiepCJFBDJHXBHnUlNX0k" - ]; - }; - # Auto-prompt for ZFS password on SSH login - postCommands = '' - cat < /root/.profile - if pgrep -x "zfs" > /dev/null - then - zfs load-key -a - killall zfs - else - echo "zfs not running -- maybe the pool is taking some time to load for some unforseen reason." - fi - EOF - ''; - }; - }; - }; - - # SSH host keys on persistent storage - services.openssh = { - enable = true; - openFirewall = true; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - hostKeys = [ - { - bits = 4096; - path = "/persist/etc/ssh/ssh_host_rsa_key"; - type = "rsa"; - } - { - path = "/persist/etc/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - ]; - }; - + # Network configuration networking = { useDHCP = false; interfaces.ens3 = { @@ -122,4 +84,7 @@ defaultGateway = "152.53.152.1"; defaultGateway6 = { address = "fe80::1"; interface = "ens3"; }; }; + + # Override initrd kernel params for static IP + boot.kernelParams = [ "ip=152.53.152.129::152.53.152.1:255.255.252.0::ens3:none" ]; } diff --git a/hosts/nixos/harmonica-sd/configuration.nix b/hosts/nixos/harmonica-sd/configuration.nix index e3b2acd..473fa06 100644 --- a/hosts/nixos/harmonica-sd/configuration.nix +++ b/hosts/nixos/harmonica-sd/configuration.nix @@ -12,9 +12,9 @@ ]; osbmModules = { - enableKDE = false; - enableFonts = false; - enableTailscale = true; + desktopEnvironment = "none"; + fonts.enable = false; + services.tailscale.enable = true; }; i18n.inputMethod.enable = lib.mkForce false; # no need for japanese input method diff --git a/hosts/nixos/harmonica/configuration.nix b/hosts/nixos/harmonica/configuration.nix index 32838b7..88c6f7f 100644 --- a/hosts/nixos/harmonica/configuration.nix +++ b/hosts/nixos/harmonica/configuration.nix @@ -10,8 +10,8 @@ ]; osbmModules = { - enableKDE = false; - enableFonts = false; + desktopEnvironment = "none"; + fonts.enable = false; }; i18n.inputMethod.enable = lib.mkForce false; # no need for japanese input method diff --git a/hosts/nixos/pochita/configuration.nix b/hosts/nixos/pochita/configuration.nix index c6b4090..61a7e28 100644 --- a/hosts/nixos/pochita/configuration.nix +++ b/hosts/nixos/pochita/configuration.nix @@ -13,14 +13,14 @@ ]; osbmModules = { - enableKDE = false; - enableFonts = false; - enableForgejo = true; - # enableCaddy = true; - # enableCloudflareDyndns = true; - enableCloudflared = true; - enableVaultwarden = true; - enableGlance = true; + desktopEnvironment = "none"; + fonts.enable = false; + services.forgejo.enable = true; + # services.caddy.enable = true; + # services.cloudflare-dyndns.enable = true; + services.cloudflared.enable = true; + services.vaultwarden.enable = true; + services.glance.enable = true; }; services.wanikani-bypass-lessons.enable = true; diff --git a/hosts/nixos/tartarus/configuration.nix b/hosts/nixos/tartarus/configuration.nix index 9034e15..1e5406e 100644 --- a/hosts/nixos/tartarus/configuration.nix +++ b/hosts/nixos/tartarus/configuration.nix @@ -11,9 +11,9 @@ ]; osbmModules = { - enableKDE = true; - enableAarch64Emulation = true; - enableSound = true; + desktopEnvironment = "plasma"; + emulation.aarch64.enable = true; + hardware.sound.enable = true; }; # Bootloader. diff --git a/hosts/nixos/wallfacer/configuration.nix b/hosts/nixos/wallfacer/configuration.nix index c7eb70a..265861e 100644 --- a/hosts/nixos/wallfacer/configuration.nix +++ b/hosts/nixos/wallfacer/configuration.nix @@ -5,13 +5,13 @@ ../../../modules/nixos ]; osbmModules = { - enableKDE = false; - enableFonts = false; - enableNextcloud = true; - enableHydra = true; - # enableCaddy = true; - enableAttic = true; - enableCloudflared = true; + desktopEnvironment = "none"; + fonts.enable = false; + services.nextcloud.enable = true; + services.hydra.enable = true; + # services.caddy.enable = true; + services.attic.enable = true; + services.cloudflared.enable = true; }; boot.loader.systemd-boot.enable = true; diff --git a/hosts/nixos/ymir/configuration.nix b/hosts/nixos/ymir/configuration.nix index bcaeb00..6469eeb 100644 --- a/hosts/nixos/ymir/configuration.nix +++ b/hosts/nixos/ymir/configuration.nix @@ -10,15 +10,14 @@ ]; osbmModules = { - enableKDE = true; - enableJellyfin = true; - enableAarch64Emulation = true; - disableHibernation = true; - enableWakeOnLan = true; - enableSound = true; - enableADB = true; - enableOllama = true; - # enableMinegrubTheme = true; + desktopEnvironment = "plasma"; + services.jellyfin.enable = true; + emulation.aarch64.enable = true; + hardware.hibernation.enable = false; + hardware.wakeOnLan.enable = true; + hardware.sound.enable = true; + programs.adbFastboot.enable = true; + services.ollama.enable = true; }; # Bootloader. diff --git a/modules/nixos/options.nix b/modules/nixos/options.nix index 104647a..d5db454 100644 --- a/modules/nixos/options.nix +++ b/modules/nixos/options.nix @@ -332,7 +332,16 @@ }; }; - + # Emulation + emulation = { + aarch64 = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable aarch64 emulation via binfmt"; + }; + }; + }; # Internationalization i18n = { diff --git a/modules/nixos/system/home-manager.nix b/modules/nixos/system/home-manager.nix index a399245..e0552d8 100644 --- a/modules/nixos/system/home-manager.nix +++ b/modules/nixos/system/home-manager.nix @@ -1,7 +1,7 @@ { lib, config, inputs, ... }: { - imports = [ + imports = lib.optionals (inputs ? home-manager) [ inputs.home-manager.nixosModules.home-manager ]; @@ -13,8 +13,8 @@ # Pass inputs and outputs to home-manager modules extraSpecialArgs = { inherit inputs; }; - # Configure home-manager for each user - users = lib.genAttrs config.osbmModules.users (username: { + # Configure home-manager for each user (excluding root) + users = lib.genAttrs (builtins.filter (u: u != "root") config.osbmModules.users) (username: { home.stateVersion = lib.mkDefault "24.05"; imports = [ ../../home-manager ]; }); diff --git a/modules/nixos/system/users.nix b/modules/nixos/system/users.nix index dfc3b40..18870e7 100644 --- a/modules/nixos/system/users.nix +++ b/modules/nixos/system/users.nix @@ -1,12 +1,14 @@ { lib, config, ... }: let cfg = config.osbmModules; + # Filter out 'root' from the users list since it's a special system user + regularUsers = builtins.filter (u: u != "root") cfg.users; in { config = lib.mkIf (cfg.users != []) { users.users = lib.mkMerge [ - # Create users based on the list - (lib.genAttrs cfg.users (username: { + # Create users based on the list (excluding root) + (lib.genAttrs regularUsers (username: { isNormalUser = true; description = username; extraGroups = [ "networkmanager" ] @@ -15,7 +17,7 @@ in ++ lib.optional config.osbmModules.programs.adbFastboot.enable "adbusers"; })) - # Additional configuration for default user + # Additional configuration for default user (including root if it's default) { ${cfg.defaultUser} = { openssh.authorizedKeys.keys = lib.mkDefault [