first commit

README.md

@@ -0,0 +1,2 @@
+# tami-nix-infra
+# tami-nix-infra

flake.lock

@@ -0,0 +1,69 @@
+{
+  "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1684170997,
+        "narHash": "sha256-WgwqHeYv2sDA0eWghnYCUNx7dm5S8lqDVZjp7ufzm30=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "10402e31443941b50bf62e67900743dcb26b3b27",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "nixinate": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1671116920,
+        "narHash": "sha256-QmDGsUUmAGn77UTR7eQJmebl8f3IIUCtmbbAdJqKA3s=",
+        "owner": "MatthewCroughan",
+        "repo": "nixinate",
+        "rev": "b4d17b8e2a4abc47e93e1a1c466e0286a63640d8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "MatthewCroughan",
+        "repo": "nixinate",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1684049129,
+        "narHash": "sha256-7WB9LpnPNAS8oI7hMoHeKLNhRX7k3CI9uWBRSfmOCCE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "0470f36b02ef01d4f43c641bbf07020bcab71bf1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "disko": "disko",
+        "nixinate": "nixinate",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,11 @@
+{
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  inputs.disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; };
+  inputs.nixinate = { url = "github:MatthewCroughan/nixinate"; inputs.nixpkgs.follows = "nixpkgs"; };
+
+  outputs = inputs: {
+    nixosConfigurations.tami-mac = import ./hosts/tami-mac inputs;
+
+    apps = inputs.nixinate.nixinate.x86_64-linux inputs.self;
+  };
+}

hosts/tami-mac/configuration.nix

@@ -0,0 +1,62 @@
+{ pkgs, ... }:
+
+{
+  networking = {
+    hostName = "tami-mac";
+    networkmanager.enable = true;
+  };
+
+  time.timeZone = "Asia/Jerusalem";
+
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+  };
+  hardware.pulseaudio.enable = false;
+  sound.enable = false;
+
+  system.stateVersion = "23.05";
+
+  services.openssh.enable = true;
+
+  programs.vim.defaultEditor = true;
+
+  users = {
+    mutableUsers = false;
+    users."tami" = {
+      isNormalUser = true;
+      hashedPassword = "$y$j9T$BUWA7o2/xFFY6g/B9somr1$rveo/ttShW7jd835kf2pE9vAfDIXj/Hii3B5c9GyCjA";
+      extraGroups = [ "wheel" "networkmanager" ];
+      uid = 1000;
+      packages = with pkgs; [
+        firefox
+        git
+        wget
+      ];
+    };
+  };
+
+  services.xserver = {
+    enable = true;
+    desktopManager.plasma5.enable = true;
+    displayManager = {
+      defaultSession = "plasmawayland";
+      lightdm.enable = true;
+      autoLogin.user = "tami";
+    };
+  };
+
+  programs.dconf.enable = true;
+
+  programs.xwayland.enable = true;
+
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+  };
+
+  programs.adb.enable = true;
+}

hosts/tami-mac/default.nix

@@ -0,0 +1,20 @@
+inputs:
+
+inputs.nixpkgs.lib.nixosSystem {
+  system = "x86_64-linux";
+  specialArgs = { inherit inputs; };
+  modules = [
+    ./configuration.nix
+    ./hardware-configuration.nix
+    "${inputs.self}/profiles/nix-nixpkgs.nix"
+    {
+      _module.args.nixinate = {
+        host = "tami-mac";
+        sshUser = "tami";
+        buildOn = "remote";
+        substituteOnTarget = true;
+        hermetic = false;
+      };
+    }
+  ];
+}

hosts/tami-mac/hardware-configuration.nix

@@ -0,0 +1,60 @@
+{ inputs, pkgs, ... }:
+
+let
+  device = "/dev/sda";
+in
+{
+  imports = [ inputs.disko.nixosModules.disko ];
+
+  disko.devices = {
+    disk.${baseNameOf device} = {
+      inherit device;
+      type = "disk";
+      content = {
+        type = "table";
+        format = "gpt";
+        partitions = [
+          {
+            name = "boot";
+            start = "1MiB";
+            end = "512MiB";
+            bootable = true;
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          }
+          {
+            name = "nixos";
+            start = "512MiB";
+            end = "100%";
+            part-type = "primary";
+            bootable = true;
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          }
+        ];
+      };
+    };
+  };
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+    initrd.systemd.enable = true;
+    tmp.cleanOnBoot = true;
+  };
+
+  hardware = {
+    enableAllFirmware = true;
+    enableRedistributableFirmware = true;
+    cpu.intel.updateMicrocode = true;
+  };
+
+  zramSwap.enable = true;
+}

profiles/nix-nixpkgs.nix

@@ -0,0 +1,25 @@
+{ inputs, ... }:
+
+{
+  environment.etc."nix/flake-channels/nixpkgs".source = inputs.nixpkgs;
+
+  nix = {
+    registry.nixpkgs.flake = inputs.nixpkgs;
+    nixPath = [ "nixpkgs=/etc/nix/flake-channels/nixpkgs" ];
+    settings = {
+      experimental-features = [ "nix-command" "flakes" ];
+      builders-use-substitutes = true;
+      auto-optimise-store = true;
+      warn-dirty = false;
+      trusted-users = [ "@wheel" ];
+      substituters = [
+        "https://nix-community.cachix.org"
+      ];
+      trusted-public-keys = [
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+    };
+  };
+
+  nixpkgs.config.allowUnfree = true;
+}