nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Crypto Change

Browse Source 
luks for xps
ssh via ssh
sops via age
gpg backbone, but not removed
gpg-agent removed
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2025-10-04 22:53:18 +02:00
parent 21fee7056a
commit 6809a6494f
8 changed files with 144 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
system-modules/hardware-configuration.nix
View File

@@ -1,54 +1,48 @@
{ pkgs, ... }@all: with all;
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
environment.systemPackages = with pkgs; [
ntfs3g
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
# boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems = if hyper.host != "NxACE" then {
"/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
"/boot" = { device = "/dev/disk/by-label/EFI"; fsType = "vfat"; };
"/home/${hyper.user}/shared" = { device = "/dev/disk/by-label/shared"; fsType = "ntfs"; options = [ "uid=1000" "gid=100" ]; };
} else {
"/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
"/boot" = { device = "/dev/disk/by-label/EFI"; fsType = "vfat"; };
"/vault" = { device = "/dev/disk/by-label/vault"; fsType = "ext4"; };
};
swapDevices = [
{ device = "/dev/disk/by-label/swap"; }
];
{ pkgs, ... }@all: with all; {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
environment = {
systemPackages = with pkgs; [ ntfs3g cryptsetup ];
variables = pkgs.lib.mkIf (hyper.host == "NxXPS") {
VDPAU_DRIVER = lib.mkIf config.hardware.graphics.enable (lib.mkDefault "va_gl");
};
};
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
luks.devices.cryptroot.device = pkgs.lib.mkIf (hyper.host == "NxXPS") "/dev/nvme0n1p7";
kernelModules = pkgs.lib.mkIf (hyper.host == "NxXPS") [ "i915" "cryptd" ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
extraModprobeConfig = pkgs.lib.mkIf (hyper.host == "NxXPS") ''
options iwlwifi 11n_disable=8
'';
};
fileSystems = let
ntfs = { fsType = "ntfs"; options = [ "uid=1000" "gid=100" ]; };
in {
"/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
"/boot" = { device = "/dev/disk/by-label/EFI"; fsType = "vfat"; };
} // (if hyper.host == "NxXPS" then {
"${hyper.home}/shared" = { device = "/dev/disk/by-label/shared"; } // ntfs;
"${hyper.home}/vault" = { device = "/dev/disk/by-label/vault"; fsType = "ext4"; };
} else if hyper.host == "NxNORTH" then {
"${hyper.home}/shared" = { device = "/dev/disk/by-label/shared"; } // ntfs;
} else if hyper.host == "NxXPS" then {
"/vault" = { device = "/dev/disk/by-label/vault"; fsType = "ext4"; };
} else {});
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
graphics.extraPackages = with pkgs.lib; mkIf (hyper.host == "NxXPS") [
(if (versionOlder (versions.majorMinor version) "25.05") then pkgs.vaapiIntel else pkgs.intel-vaapi-driver)
pkgs.libvdpau-va-gl
pkgs.intel-media-driver
];
};
swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
networking.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# from nixos-hardware
services.thermald.enable = lib.mkDefault true;
boot.extraModprobeConfig = if hyper.host == "NxXPS" then ''
options iwlwifi 11n_disable=8
'' else "";
boot.initrd.kernelModules = if hyper.host == "NxXPS" then [ "i915" ] else [];
environment.variables = if hyper.host == "NxXPS" then {
VDPAU_DRIVER = lib.mkIf config.hardware.graphics.enable (lib.mkDefault "va_gl");
} else {};
hardware.graphics.extraPackages = if hyper.host == "NxXPS" then with pkgs; [
(if (lib.versionOlder (lib.versions.majorMinor lib.version) "25.05") then vaapiIntel else intel-vaapi-driver)
libvdpau-va-gl
intel-media-driver
] else [];
services.upower.enable = true;
services = {
thermald.enable = lib.mkDefault true;
upower.enable = true;
};
}