aboutsummaryrefslogtreecommitdiff
path: root/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'nixos')
-rw-r--r--nixos/machine/binky.nix4
-rw-r--r--nixos/machine/ridcully.nix34
-rw-r--r--nixos/modules/autounlock.nix40
-rw-r--r--nixos/modules/default.nix1
-rw-r--r--nixos/modules/desktop.nix20
-rw-r--r--nixos/modules/generic.nix2
6 files changed, 95 insertions, 6 deletions
diff --git a/nixos/machine/binky.nix b/nixos/machine/binky.nix
index 6ec37d3..c7e319a 100644
--- a/nixos/machine/binky.nix
+++ b/nixos/machine/binky.nix
@@ -12,11 +12,14 @@ with lib;
};
wifiClient = true;
develop = true;
+ gaming = true;
};
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod"];
boot.kernelModules = ["kvm-amd"];
+ hardware.cpu.amd.updateMicrocode = true;
+
boot.initrd.luks.devices = {
"encroot".device = "/dev/disk/by-uuid/b317feb5-d68d-4ec3-a24f-0307c116cac8";
};
@@ -61,7 +64,6 @@ with lib;
config = "config /run/secrets/elektroline.ovpn";
};
- cynerd.gaming = true;
};
diff --git a/nixos/machine/ridcully.nix b/nixos/machine/ridcully.nix
index 882f967..4c0bba9 100644
--- a/nixos/machine/ridcully.nix
+++ b/nixos/machine/ridcully.nix
@@ -5,15 +5,28 @@ with lib;
{
config = {
- cynerd.desktop.enable = true;
+ cynerd = {
+ desktop.enable = true;
+ develop = true;
+ gaming = true;
+ };
+
+ boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage"];
+ boot.kernelModules = ["kvm-amd"];
+ hardware.cpu.amd.updateMicrocode = true;
+
+ cynerd.autounlock = {
+ "encroot" = "/dev/disk/by-uuid/c07e929a-6eac-4f99-accf-f7cb3431290c";
+ "enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db";
+ };
fileSystems = {
"/" = {
- device = "/dev/disk/by-uuid/3b3063aa-c284-4075-bb37-8820df12a2f5";
+ device = "/dev/mapper/encroot";
options = ["compress=lzo" "subvol=@nix"];
};
"/home" = {
- device = "/dev/disk/by-uuid/3b3063aa-c284-4075-bb37-8820df12a2f5";
+ device = "/dev/mapper/encroot";
options = ["compress=lzo" "subvol=@home"];
};
"/boot" = {
@@ -21,11 +34,24 @@ with lib;
};
"/home2" = {
- device = "/dev/disk/by-uuid/c9aa0b7b-7482-4d4a-bcc3-8bd6a853ae7f";
+ device = "/dev/mapper/enchdd";
options = ["compress=lzo" "subvol=@home"];
};
};
+ services.syncthing = {
+ enable = true;
+ user = mkDefault "cynerd";
+ group = mkDefault "cynerd";
+ openDefaultPorts = true;
+
+ overrideDevices = false;
+ overrideFolders = false;
+
+ dataDir = "/home/cynerd";
+ configDir = "/home/cynerd/.config/syncthing";
+ };
+
};
}
diff --git a/nixos/modules/autounlock.nix b/nixos/modules/autounlock.nix
new file mode 100644
index 0000000..2e40bb2
--- /dev/null
+++ b/nixos/modules/autounlock.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ cnf = config.cynerd.autounlock;
+
+in {
+
+ options = {
+ cynerd.autounlock = mkOption {
+ type = with types; attrsOf string;
+ default = {};
+ description = "Devices to be auto-unlocked.";
+ };
+ };
+
+ config = mkIf (cnf != {}) {
+
+ environment.systemPackages = [ pkgs.luks-hw-password ];
+ boot.initrd = {
+ extraFiles."/bin/luks-password" = pkgs.luks-hw-password + "/bin/luks-hw-password";
+ luks.devices = mapAttrs (name: value: {
+ device = value;
+ keyFile = "/keys/${name}.key";
+ fallbackToPassword = true;
+ preOpenCommands = ''
+ mkdir -p /keys
+ luks-hw-password > /keys/${name}.key
+ '';
+ postOpenCommands = ''
+ rm -rf /keys
+ '';
+ }) cnf;
+ };
+
+ };
+
+}
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index 1077dc7..278f2d8 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -1,4 +1,5 @@
nixpkgs: {
+ cynerd-autounlock = import ./autounlock.nix;
cynerd-compile = import ./compile.nix;
cynerd-desktop = import ./desktop.nix;
cynerd-develop = import ./develop.nix nixpkgs;
diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix
index 184c52d..d04b1fb 100644
--- a/nixos/modules/desktop.nix
+++ b/nixos/modules/desktop.nix
@@ -5,6 +5,14 @@ let
cnf = config.cynerd.desktop;
+ autologinScript = pkgs.writeText "login-program.sh" ''
+ if [[ "$(tty)" == '/dev/tty1' ]]; then
+ ${pkgs.shadow}/bin/login -f cynerd;
+ else
+ ${pkgs.shadow}/bin/login;
+ fi
+ '';
+
in {
options = {
@@ -197,5 +205,17 @@ in {
};
};
+ services.getty = {
+ extraArgs = [ "--skip-login" ];
+ loginProgram = "${pkgs.bash}/bin/sh";
+ loginOptions = toString (pkgs.writeText "login-program.sh" ''
+ if [[ "$(tty)" == '/dev/tty1' ]]; then
+ ${pkgs.shadow}/bin/login -f cynerd;
+ else
+ ${pkgs.shadow}/bin/login;
+ fi
+ '');
+ };
+
};
}
diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix
index 67a80f8..ab47f19 100644
--- a/nixos/modules/generic.nix
+++ b/nixos/modules/generic.nix
@@ -30,7 +30,7 @@ with lib;
git # We need git for this repository to even work
# Administration tools
coreutils moreutils psmisc progress lshw file
- dig
+ drill
gnumake
exfat exfatprogs
nix-index