janezicmatej/matej.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: update hosts and feature lists for new architecture

Browse Source
This commit is contained in:
Matej Janezic
2026-04-12 21:28:24 +00:00
parent 8793f97a04
commit 3caace87d3
8 changed files with 107 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
flake/hosts.nix
View File

@@ -15,25 +15,29 @@ in
system = "x86_64-linux"; system = "x86_64-linux";
user = "matej"; user = "matej";
features = [ features = [
"openssh" "bootloader"
"localisation"
"gnupg"
"shell"
"desktop"
"sway"
"greeter"
"printing"
"networkmanager"
"docker"
"tailscale"
"nix-ld"
"yubikey"
"calibre"
"gaming"
"direnv"
"neovim"
"dev"
"claude" "claude"
"desktop"
"dev"
"direnv"
"docker"
"gaming"
"git"
"gnupg"
"localisation"
"neovim"
"networkmanager"
"nix-ld"
"nix-settings"
"onepassword"
"openssh"
"power"
"printing"
"shell"
"sway"
"tailscale"
"udev"
"zsh"
]; ];
}; };
@@ -41,27 +45,30 @@ in
system = "x86_64-linux"; system = "x86_64-linux";
user = "matej"; user = "matej";
features = [ features = [
"openssh" "bootloader"
"localisation"
"gnupg"
"shell"
"desktop"
"sway"
"greeter"
"printing"
"networkmanager"
"docker"
"tailscale"
"nix-ld"
"yubikey"
"calibre"
"gaming"
"initrd-ssh"
"direnv"
"neovim"
"dev"
"claude" "claude"
"desktop"
"dev"
"direnv"
"docker"
"gaming"
"git"
"gnupg"
"harmonia" "harmonia"
"initrd-ssh"
"localisation"
"neovim"
"networkmanager"
"nix-ld"
"nix-settings"
"onepassword"
"openssh"
"printing"
"shell"
"sway"
"tailscale"
"udev"
"zsh"
]; ];
}; };
@@ -70,7 +77,9 @@ in
system = "x86_64-linux"; system = "x86_64-linux";
user = "matej"; user = "matej";
features = [ features = [
"nix-settings"
"openssh" "openssh"
"zsh"
]; ];
}; };
@@ -78,11 +87,14 @@ in
system = "x86_64-linux"; system = "x86_64-linux";
user = "matej"; user = "matej";
features = [ features = [
"openssh" "bootloader"
"localisation" "localisation"
"nix-settings"
"openssh"
"remote-base"
"shell" "shell"
"tailscale" "tailscale"
"remote-base" "zsh"
]; ];
}; };
@@ -91,12 +103,14 @@ in
system = "x86_64-linux"; system = "x86_64-linux";
user = "matej"; user = "matej";
features = [ features = [
"openssh" "filedrop"
"localisation" "localisation"
"nix-settings"
"openssh"
"remote-base"
"shell" "shell"
"tailscale" "tailscale"
"remote-base" "zsh"
"filedrop"
]; ];
}; };
@@ -104,14 +118,15 @@ in
system = "x86_64-linux"; system = "x86_64-linux";
user = "matej"; user = "matej";
features = [ features = [
"localisation" "bootloader"
"desktop"
"gnupg" "gnupg"
"shell-minimal" "localisation"
"desktop-minimal"
"sway"
"greeter"
"networkmanager" "networkmanager"
"yubikey" "nix-settings"
"sway"
"udev"
"zsh"
]; ];
}; };
@@ -119,16 +134,18 @@ in
system = "x86_64-linux"; system = "x86_64-linux";
user = "matej"; user = "matej";
features = [ features = [
"openssh"
"localisation"
"gnupg"
"shell"
"vm-guest"
"vm-9p-automount"
"docker"
"neovim"
"claude" "claude"
"dev" "dev"
"docker"
"git"
"gnupg"
"localisation"
"neovim"
"nix-settings"
"openssh"
"shell"
"vm-guest"
"zsh"
]; ];
}; };
}; };

8
hosts/cube/configuration.nix
View File

@@ -2,9 +2,6 @@
{ {
imports = [ inputs.disko.nixosModules.disko ]; imports = [ inputs.disko.nixosModules.disko ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
disko.devices.disk.main = { disko.devices.disk.main = {
type = "disk"; type = "disk";
device = "/dev/nvme0n1"; device = "/dev/nvme0n1";
@@ -32,10 +29,5 @@
}; };
}; };
localisation = {
timeZone = "Europe/Ljubljana";
defaultLocale = "en_US.UTF-8";
};
system.stateVersion = "25.11"; system.stateVersion = "25.11";
} }

17
hosts/ephvm/configuration.nix
View File

@@ -5,6 +5,7 @@
... ...
}: }:
{ {
features.nix-settings.towerCache.enable = false;
# no hardware firmware needed in a VM # no hardware firmware needed in a VM
hardware.enableRedistributableFirmware = lib.mkForce false; hardware.enableRedistributableFirmware = lib.mkForce false;
hardware.wirelessRegulatoryDatabase = lib.mkForce false; hardware.wirelessRegulatoryDatabase = lib.mkForce false;
@@ -28,18 +29,12 @@
); );
}; };
vm-guest.headless = true; features.vm-guest.headless = true;
features.vm-guest.automount = {
vm-9p-automount.user = "matej"; enable = true;
user = "matej";
localisation = {
timeZone = "UTC";
defaultLocale = "en_US.UTF-8";
};
home-manager.users.matej = {
neovim.dotfiles = inputs.nvim;
}; };
features.neovim.dotfiles = inputs.nvim;
# ensure .config exists with correct ownership before automount # ensure .config exists with correct ownership before automount
systemd.tmpfiles.rules = [ "d /home/matej/.config 0755 matej users -" ]; systemd.tmpfiles.rules = [ "d /home/matej/.config 0755 matej users -" ];

7
hosts/floo/configuration.nix
View File

@@ -2,6 +2,8 @@
{ {
imports = [ inputs.disko.nixosModules.disko ]; imports = [ inputs.disko.nixosModules.disko ];
features.filedrop.sopsFile = ../../secrets/floo.yaml;
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
disko.devices.disk.main = { disko.devices.disk.main = {
@@ -26,10 +28,5 @@
}; };
}; };
localisation = {
timeZone = "Europe/Ljubljana";
defaultLocale = "en_US.UTF-8";
};
system.stateVersion = "25.11"; system.stateVersion = "25.11";
} }

10
hosts/fortress/configuration.nix
View File

@@ -10,13 +10,11 @@
inputs.nixos-hardware.nixosModules.framework-16-amd-ai-300-series inputs.nixos-hardware.nixosModules.framework-16-amd-ai-300-series
]; ];
localisation = { features.desktop = {
timeZone = "Europe/Ljubljana"; apps.enable = false;
defaultLocale = "en_US.UTF-8"; internalCA.enable = false;
}; };
features.gnupg.yubikey.enable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
disko.devices.disk.main = { disko.devices.disk.main = {
type = "disk"; type = "disk";

30
hosts/fw16/configuration.nix
View File

@@ -1,8 +1,7 @@
{ {
lib, lib,
pkgs,
inputs,
options, options,
inputs,
... ...
}: }:
@@ -11,37 +10,22 @@
inputs.nixos-hardware.nixosModules.framework-16-amd-ai-300-series inputs.nixos-hardware.nixosModules.framework-16-amd-ai-300-series
]; ];
localisation = { features.desktop.bluetooth.enable = true;
timeZone = "Europe/Ljubljana"; features.gnupg.yubikey.enable = true;
defaultLocale = "en_US.UTF-8"; features.udev = {
ledger.enable = true;
keyboard-zsa.enable = true;
}; };
features.power.resumeDevice = "/dev/disk/by-uuid/ff4750e7-3a9f-42c2-bb68-c458a6560540";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelParams = [ "pcie_aspm.policy=powersupersave" ]; boot.kernelParams = [ "pcie_aspm.policy=powersupersave" ];
boot.resumeDevice = "/dev/disk/by-uuid/ff4750e7-3a9f-42c2-bb68-c458a6560540";
services.logind.settings.Login = {
HandleLidSwitch = "suspend-then-hibernate";
HandlePowerKey = "suspend-then-hibernate";
IdleAction = "suspend-then-hibernate";
IdleActionSec = "15min";
};
systemd.sleep.settings.Sleep = {
HibernateDelaySec = "30min";
};
programs.nix-ld.libraries = options.programs.nix-ld.libraries.default; programs.nix-ld.libraries = options.programs.nix-ld.libraries.default;
services.gnome.gnome-keyring.enable = true; services.gnome.gnome-keyring.enable = true;
services.teamviewer.enable = true; services.teamviewer.enable = true;
services.hardware.bolt.enable = true; services.hardware.bolt.enable = true;
hardware.keyboard.zsa.enable = true;
hardware.ledger.enable = true;
hardware.bluetooth.powerOnBoot = true; hardware.bluetooth.powerOnBoot = true;
hardware.inputmodule.enable = true; hardware.inputmodule.enable = true;

8
hosts/iso/configuration.nix
View File

@@ -1,15 +1,13 @@
{ lib, ... }: { lib, userKeys, ... }:
{ {
features.nix-settings.towerCache.enable = false;
image.modules.iso-installer = { image.modules.iso-installer = {
isoImage.squashfsCompression = "zstd -Xcompression-level 6"; isoImage.squashfsCompression = "zstd -Xcompression-level 6";
}; };
# live iso: passwordless login and sudo # live iso: passwordless login and sudo
users.users.matej.initialHashedPassword = ""; users.users.matej.initialHashedPassword = "";
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = userKeys.sshAuthorizedKeys;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQGLdINKzs+sEy62Pefng0bcedgU396+OryFgeH99/c janezicmatej"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDk00+Km03epQXQs+xEwwH3zcurACzkEH+kDOPBw6RQe openpgp:0xB095D449"
];
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;

34
hosts/tower/configuration.nix
View File

@@ -1,38 +1,28 @@
{ {
config, config,
lib,
inputs,
userKeys, userKeys,
... ...
}: }:
{ {
imports = [ features.nix-settings.towerCache.enable = false;
inputs.lanzaboote.nixosModules.lanzaboote features.bootloader.mode = "lanzaboote";
]; features.desktop.bluetooth.enable = true;
features.gnupg.yubikey.enable = true;
features.udev = {
ledger.enable = true;
keyboard-zsa.enable = true;
};
features.initrd-ssh = {
networkModule = "r8169";
authorizedKeys = userKeys.sshAuthorizedKeys;
};
# nix store signing # nix store signing
sops.secrets.nix-signing-key.sopsFile = ../../secrets/tower.yaml; sops.secrets.nix-signing-key.sopsFile = ../../secrets/tower.yaml;
nix.settings.secret-key-files = [ config.sops.secrets.nix-signing-key.path ]; nix.settings.secret-key-files = [ config.sops.secrets.nix-signing-key.path ];
localisation = {
timeZone = "Europe/Ljubljana";
defaultLocale = "en_US.UTF-8";
};
initrd-ssh = {
networkModule = "r8169";
authorizedKeys = userKeys.sshAuthorizedKeys;
};
# lanzaboote secure boot
boot.kernelParams = [ "btusb.reset=1" ]; boot.kernelParams = [ "btusb.reset=1" ];
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
services.udisks2.enable = true; services.udisks2.enable = true;