From 578d5774cecdd18f77ca85105e76c41834ba692e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Jane=C5=BEi=C4=8D?= Date: Fri, 20 Feb 2026 15:10:57 +0100 Subject: [PATCH] feat: add matej-tower host --- hosts/matej-tower/configuration.nix | 292 +++++++++++++++++++ hosts/matej-tower/hardware-configuration.nix | 84 ++++++ 2 files changed, 376 insertions(+) create mode 100644 hosts/matej-tower/configuration.nix create mode 100644 hosts/matej-tower/hardware-configuration.nix diff --git a/hosts/matej-tower/configuration.nix b/hosts/matej-tower/configuration.nix new file mode 100644 index 0000000..e3554ea --- /dev/null +++ b/hosts/matej-tower/configuration.nix @@ -0,0 +1,292 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ + config, + lib, + pkgs, + inputs, + options, + ... +}: + +let + packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}; +in + +{ + imports = [ + inputs.stylix.nixosModules.stylix + inputs.lanzaboote.nixosModules.lanzaboote + inputs.self.nixosModules.yubikey + inputs.self.nixosModules.sway + ]; + + sway.enable = true; + yubikey.enable = true; + + fonts.packages = with pkgs; [ + font-awesome + nerd-fonts.jetbrains-mono + maple-mono.NF + ]; + + stylix = { + enable = true; + polarity = "dark"; + image = "${inputs.self}/assets/wallpaper.png"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-material-dark-medium.yaml"; + }; + + virtualisation.docker = { + enable = true; + logDriver = "json-file"; + }; + + # Use the systemd-boot EFI boot loader. + boot.loader.efi.canTouchEfiVariables = true; + + boot.loader.systemd-boot.enable = lib.mkForce false; + boot.lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; + + services.udev.packages = with pkgs; [ + yubikey-personalization + ]; + + services.tailscale = { + enable = true; + useRoutingFeatures = "both"; + }; + + services.udisks2.enable = true; + security.polkit.enable = true; + + hardware.bluetooth.enable = true; + services.blueman.enable = true; + + users.defaultUserShell = pkgs.zsh; + programs.zsh = { + enable = true; + }; + environment.etc."zshenv".text = '' + export ZDOTDIR=$HOME/.config/zsh + ''; + + programs._1password.enable = true; + programs._1password-gui.enable = true; + + users.users.matej = { + uid = 1000; + isNormalUser = true; + home = "/home/matej"; + extraGroups = [ + "wheel" + "docker" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQGLdINKzs+sEy62Pefng0bcedgU396+OryFgeH99/c janezicmatej" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDk00+Km03epQXQs+xEwwH3zcurACzkEH+kDOPBw6RQe openpgp:0xB095D449" + ]; + }; + + services.openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = null; + PermitRootLogin = "no"; + StreamLocalBindUnlink = "yes"; + }; + }; + + services.greetd = { + enable = true; + useTextGreeter = true; + settings = { + default_session = { + user = "greeter"; + command = '' + ${pkgs.tuigreet}/bin/tuigreet \ + --time \ + --remember \ + --cmd "sway" + ''; + }; + }; + }; + + networking.hostName = "matej-tower"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + time.timeZone = "Europe/Ljubljana"; + environment.variables.TZ = "Europe/Ljubljana"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # services.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # tree + # ]; + # }; + + # programs.firefox.enable = true; + + services.printing.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + + services.pipewire = { + enable = true; + # alsa.enable = true; + # alsa.support32Bit = true; + pulse.enable = true; + # jack.enable = true; + extraConfig.pipewire.adjust-sample-rate = { + "context.properties" = { + "default.clock.rate" = 192000; + #"defautlt.allowed-rates" = [ 192000 48000 44100 ]; + "defautlt.allowed-rates" = [ 192000 ]; + # "default.clock.quantum" = 32; + # "default.clock.min-quantum" = 32; + # "default.clock.max-quantum" = 32; + }; + }; + }; + + services.dbus.enable = true; + + services.playerctld.enable = true; + + xdg = { + portal = { + xdgOpenUsePortal = true; + enable = true; + extraPortals = [ + pkgs.xdg-desktop-portal-wlr + pkgs.xdg-desktop-portal-gtk + ]; + }; + mime.defaultApplications = { + "application/pdf" = "org.pwmt.zathura.desktop"; + }; + }; + + # List packages installed in system profile. + # You can use https://search.nixos.org/ to find more packages (and options). + environment.systemPackages = with pkgs; [ + vim + wget + ghostty + vesktop + rocketchat-desktop + telegram-desktop + slack + mdbook + google-chrome + pavucontrol + protonmail-bridge + python3 + zathura + smartmontools + marksman + mdformat + jellyfin-media-player + cider-2 + bolt-launcher + easyeffects + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + programs.gnupg.agent = { + enable = true; + enableExtraSocket = true; + enableSSHSupport = true; + }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.05"; # Did you read the comment? + +} diff --git a/hosts/matej-tower/hardware-configuration.nix b/hosts/matej-tower/hardware-configuration.nix new file mode 100644 index 0000000..c7a686b --- /dev/null +++ b/hosts/matej-tower/hardware-configuration.nix @@ -0,0 +1,84 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + hardware.firmware = [ pkgs.linux-firmware ]; + + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ + "dm-snapshot" + "r8169" + ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + boot.initrd.luks.devices."cryptlvm".device = + "/dev/disk/by-uuid/0b4778fc-647c-409a-ac53-dd12433a759c"; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/8103b1f4-2965-4ec2-95b2-6e71ffa82c29"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/8493-4127"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/e0952ef2-1a9a-4022-bbcf-b2f016384258"; } + ]; + + boot.initrd.network = { + enable = true; + ssh = { + enable = true; + port = 22; + hostKeys = [ + "/etc/secrets/initrd/ssh_host_rsa_key" + "/etc/secrets/initrd/ssh_host_ed25519_key" + ]; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQGLdINKzs+sEy62Pefng0bcedgU396+OryFgeH99/c janezicmatej" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDk00+Km03epQXQs+xEwwH3zcurACzkEH+kDOPBw6RQe openpgp:0xB095D449" + ]; + }; + postCommands = '' + echo 'cryptsetup-askpass' >> /root/.profile + ''; + + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp11s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}