diff --git a/systems/x86_64-linux/mow0m/default.nix b/systems/x86_64-linux/mow0m/default.nix new file mode 100644 index 0000000..73a733b --- /dev/null +++ b/systems/x86_64-linux/mow0m/default.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware.nix + ]; + + + # Networking + networking.hostName = "mow0m"; + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "de"; + }; + + users.users.master = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + packages = with pkgs; [ + tree + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+qnaWHrGk+DHz5I3L8wK5MPVzjck9LTuctnzK55WJs kb@LoyAdjo" + ]; + + }; + + # programs.firefox.enable = true; + + # System Packages: (search via $ nix search wget) + environment.systemPackages = with pkgs; [ + vim + tree + wget + ]; + + # SSH and Mosh + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + ports = [ 9553 ]; + openFirewall = true; + }; + programs.mosh.enable = true; + + + # Firewall + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + + system.stateVersion = "24.11"; # NEVER CHANGE THIS!!! +} + diff --git a/systems/x86_64-linux/mow0m/hardware.nix b/systems/x86_64-linux/mow0m/hardware.nix new file mode 100644 index 0000000..46a27e9 --- /dev/null +++ b/systems/x86_64-linux/mow0m/hardware.nix @@ -0,0 +1,85 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + boot.supportedFilesystems = [ "zfs" ]; + networking.hostId = "c61a0c21"; + networking.useDHCP = lib.mkDefault true; + + # Grub boot loader + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot"; + boot.loader.grub.enable = true; + boot.loader.grub.copyKernels = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.device = "nodev"; + #boot.loader.grub.devices = [ + # "/dev/disk/by-uuid/90A1-2F0B" + # "/dev/disk/by-uuid/90F1-EAEB" + #]; + boot.loader.grub.mirroredBoots = [ + { + devices = [ "/dev/disk/by-uuid/90A1-2F0B" ]; + path = "/boot"; + } + { + devices = [ "/dev/disk/by-uuid/90F1-EAEB" ]; + path = "/boot-fallback"; + } + # The first Boot Device is Mounted on /boot and gets added Automatically + ]; + + # Remote Filesystem(s) unlocking + boot.kernelParams = [ "ip=dhcp" ]; + boot.initrd.network.enable = true; + boot.initrd.network.ssh = { + enable = true; + port = 2550; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPKorzbCjRROOmFpiEfbH2mmLJ8qACUUt7pln87PgkA kb@LoyAdjo" + ]; + hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; + }; + boot.initrd.network.postCommands = '' + zpool import -a + echo "zfs load-key -a; killall zfs" >> /root/.profile + ''; + + # Filesystems + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/90A1-2F0B"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + fileSystems."/boot-fallback" = { + device = "/dev/disk/by-uuid/90F1-EAEB"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + fileSystems."/" = { + device = "mow0m/root"; + fsType = "zfs"; + }; + fileSystems."/nix" = { + device = "mow0m/root/nix"; + fsType = "zfs"; + }; + fileSystems."/home" = { + device = "mow0m/root/home"; + fsType = "zfs"; + }; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} +