Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles into nod

2025-10-21 23:51:00 +02:00
parent d81aa406a4 52fe355b0a
commit e7c1c255bc
40 changed files with 855 additions and 680 deletions
--- a/system-modules/gpg.nix
+++ b/system-modules/gpg.nix
@@ -1,14 +1,8 @@
-{ pkgs, ... }@all: with all;
-{
-  environment.systemPackages = with pkgs; [
-    gnupg
-    gpg-tui
-  ];
-
+{ pkgs, ... }@all: with all; {
  programs.gnupg = {
    dirmngr.enable = true;
    agent = {
-      enable = true;
+      enable = false;
      enableSSHSupport = true;
      enableExtraSocket = true;
      enableBrowserSocket = true;
--- a/system-modules/hardware-configuration.nix
+++ b/system-modules/hardware-configuration.nix
@@ -1,54 +1,50 @@
-{ pkgs, ... }@all: with all;
-{
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  environment.systemPackages = with pkgs; [
-    ntfs3g
-  ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
-  # boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems = if hyper.host != "NxACE" then {
-    "/" =                    { device = "/dev/disk/by-label/nixos";    fsType = "ext4"; };
-    "/boot" =                { device = "/dev/disk/by-label/EFI";      fsType = "vfat"; };
-    "/home/${hyper.user}/shared" = { device = "/dev/disk/by-label/shared";   fsType = "ntfs"; options = [ "uid=1000" "gid=100" ]; };
-  } else { 
-    "/" =                    { device = "/dev/disk/by-label/nixos";    fsType = "ext4"; };
-    "/boot" =                { device = "/dev/disk/by-label/EFI";      fsType = "vfat"; };
-    "/vault" =               { device = "/dev/disk/by-label/vault";    fsType = "ext4"; };
-
-};
-
-
-  swapDevices = [
-    { device = "/dev/disk/by-label/swap"; }
-  ];
-
+{ pkgs, ... }@all: with all; {
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  environment = {
+    systemPackages = with pkgs; [ ntfs3g cryptsetup ];
+    variables = pkgs.lib.mkIf (hyper.host == "NxXPS") {
+      VDPAU_DRIVER = lib.mkIf config.hardware.graphics.enable (lib.mkDefault "va_gl");
+    };
+  };
+  boot = {
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+      luks.devices = pkgs.lib.mkIf (hyper.host == "NxXPS") {
+        "vault".device = "/dev/nvme0n1p7";
+      };
+      kernelModules = pkgs.lib.mkIf (hyper.host == "NxXPS") [ "i915" "cryptd" ];
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];  
+    extraModprobeConfig = pkgs.lib.mkIf (hyper.host == "NxXPS") ''
+      options iwlwifi 11n_disable=8
+    '';
+  };
+  fileSystems = let
+    ntfs = { fsType = "ntfs"; options = [ "uid=1000" "gid=100" ]; };
+  in {
+    "/" =                    { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
+    "/boot" =                { device = "/dev/disk/by-label/EFI";   fsType = "vfat"; };
+  } // (if hyper.host == "NxXPS" then {
+    "${hyper.home}/shared" = { device = "/dev/disk/by-label/shared"; } // ntfs;
+    "${hyper.home}/vault"  = { device = "/dev/disk/by-label/vault"; fsType = "ext4"; };
+  } else if hyper.host == "NxNORTH" then {
+    "${hyper.home}/shared" = { device = "/dev/disk/by-label/shared"; } // ntfs;
+  } else if hyper.host == "NxACE" then { 
+    "/vault" =               { device = "/dev/disk/by-label/vault"; fsType = "ext4"; };
+  } else {});
+  hardware = {
+    cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+    graphics.extraPackages = with pkgs.lib; mkIf (hyper.host == "NxXPS") [
+      (if (versionOlder (versions.majorMinor version) "25.05") then pkgs.vaapiIntel else pkgs.intel-vaapi-driver)
+      pkgs.libvdpau-va-gl
+      pkgs.intel-media-driver
+    ];
+  };
+  swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
  networking.useDHCP = lib.mkDefault true;
-
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-
-  # from nixos-hardware
-  services.thermald.enable = lib.mkDefault true;
-  boot.extraModprobeConfig = if hyper.host == "NxXPS" then ''
-    options iwlwifi 11n_disable=8
-  '' else "";
-  boot.initrd.kernelModules = if hyper.host == "NxXPS" then [ "i915" ] else [];
-
-  environment.variables = if hyper.host == "NxXPS" then {
-    VDPAU_DRIVER = lib.mkIf config.hardware.graphics.enable (lib.mkDefault "va_gl");
-  } else {};
-
-  hardware.graphics.extraPackages = if hyper.host == "NxXPS" then with pkgs; [
-    (if (lib.versionOlder (lib.versions.majorMinor lib.version) "25.05") then vaapiIntel else intel-vaapi-driver)
-    libvdpau-va-gl
-    intel-media-driver
-  ] else [];
-
-  services.upower.enable = true;
+  services = {
+    thermald.enable = lib.mkDefault true;
+    upower.enable = true;
+  };
 }
--- a/system-modules/networking.nix
+++ b/system-modules/networking.nix
@@ -1,11 +1,6 @@
-{ config, pkgs, ... }@all: with all;
-{
-  # sops.secrets = {
-  #   "wireless-networking.env" = {};
-  # };
-
+{ config, pkgs, ... }@all: with all; {
  networking = {
-    nameservers = [
+    nameservers = pkgs.lib.mkIf (hyper.host != "NxDCS") [ # wsl manages resolv.conf
      "1.1.1.1"
      "8.8.8.8"
    ];
--- a/system-modules/nvidia.nix
+++ b/system-modules/nvidia.nix
@@ -1,6 +1,4 @@
-{ pkgs, ... }@all: with all;
-lib.mkIf hyper.nvidia.enable 
-{
+{ pkgs, ... }@all: with all; lib.mkIf hyper.nvidia.enable  {
  environment.systemPackages = with pkgs; [
    lshw
    glxinfo
--- a/system-modules/users.nix
+++ b/system-modules/users.nix
@@ -1,36 +1,39 @@
-{ pkgs, ... }@all: with all;
-{
-  users.defaultUserShell = pkgs.bash; # if interactive, itll switch to fish
-
-  users.users."${hyper.user}" = {
-    isNormalUser = true;
-    extraGroups = [ 
-      # TODO: actually put the groups into the relevant files
-      "networkmanager" 
-      "wheel" 
-      "audio" 
-      "video" 
-      "lp"
-      "scanner"
-      "docker" 
-      "libvirtd" 
-      "uinput" 
-      "input" 
-      "ydotool" 
-      "acme" 
-      "nginx" 
-      "adbusers" 
-      "postgres"
-      "radicale"
-      "audiobookshelf"
-      "nextcloud"
-    ];
-    useDefaultShell = true;
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ" # From [A] GPG Sub Key
-    ];
+{ pkgs, ... }@all: with all; {
+  users = {
+    defaultUserShell = pkgs.bash; # if interactive, itll switch to fish
+    users."${hyper.user}" = {
+      isNormalUser = true;
+      extraGroups = [ 
+        # TODO: actually put the groups into the relevant files
+        "acme" 
+        "adbusers" 
+        "audio" 
+        "audiobookshelf"
+        "copyparty" 
+        "docker" 
+        "input" 
+        "libvirtd" 
+        "lp"
+        "networkmanager" 
+        "nextcloud"
+        "nginx" 
+        "postgres"
+        "radicale"
+        "scanner"
+        "uinput" 
+        "video" 
+        "wheel" 
+        "ydotool" 
+      ];
+      useDefaultShell = true;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ" # From [A] GPG Sub Key
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5sYVtPLHXatTjrpol46xr9R4TidcB4t8axO6/ReNNR nxxps-nx2@nxace"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/zcoYuYbamTPMOZPfsP1yQJ5Y6sDlPfBwui8MQjKWn nxnorth-nx2@nxace"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMnbJx7nVeVi5jK1Eybm+jQoopiCTslewuHFLv2yCt4f nxdcs-nx2@nxace"
+      ];
+    };
  };
-
  programs = {
    bash = {
      interactiveShellInit = ''