commit 770118247e87a24b59cefa1655a611cdb0e7f4df Author: Ilan Joselevich Date: Mon May 15 21:47:22 2023 +0300 first commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..5086945 --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# tami-nix-infra +# tami-nix-infra diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..f45fcd4 --- /dev/null +++ b/flake.lock @@ -0,0 +1,69 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1684170997, + "narHash": "sha256-WgwqHeYv2sDA0eWghnYCUNx7dm5S8lqDVZjp7ufzm30=", + "owner": "nix-community", + "repo": "disko", + "rev": "10402e31443941b50bf62e67900743dcb26b3b27", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "nixinate": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1671116920, + "narHash": "sha256-QmDGsUUmAGn77UTR7eQJmebl8f3IIUCtmbbAdJqKA3s=", + "owner": "MatthewCroughan", + "repo": "nixinate", + "rev": "b4d17b8e2a4abc47e93e1a1c466e0286a63640d8", + "type": "github" + }, + "original": { + "owner": "MatthewCroughan", + "repo": "nixinate", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1684049129, + "narHash": "sha256-7WB9LpnPNAS8oI7hMoHeKLNhRX7k3CI9uWBRSfmOCCE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0470f36b02ef01d4f43c641bbf07020bcab71bf1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "nixinate": "nixinate", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..bc4fa69 --- /dev/null +++ b/flake.nix @@ -0,0 +1,11 @@ +{ + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + inputs.disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; + inputs.nixinate = { url = "github:MatthewCroughan/nixinate"; inputs.nixpkgs.follows = "nixpkgs"; }; + + outputs = inputs: { + nixosConfigurations.tami-mac = import ./hosts/tami-mac inputs; + + apps = inputs.nixinate.nixinate.x86_64-linux inputs.self; + }; +} diff --git a/hosts/tami-mac/configuration.nix b/hosts/tami-mac/configuration.nix new file mode 100644 index 0000000..3634526 --- /dev/null +++ b/hosts/tami-mac/configuration.nix @@ -0,0 +1,62 @@ +{ pkgs, ... }: + +{ + networking = { + hostName = "tami-mac"; + networkmanager.enable = true; + }; + + time.timeZone = "Asia/Jerusalem"; + + services.pipewire = { + enable = true; + pulse.enable = true; + alsa.enable = true; + alsa.support32Bit = true; + }; + hardware.pulseaudio.enable = false; + sound.enable = false; + + system.stateVersion = "23.05"; + + services.openssh.enable = true; + + programs.vim.defaultEditor = true; + + users = { + mutableUsers = false; + users."tami" = { + isNormalUser = true; + hashedPassword = "$y$j9T$BUWA7o2/xFFY6g/B9somr1$rveo/ttShW7jd835kf2pE9vAfDIXj/Hii3B5c9GyCjA"; + extraGroups = [ "wheel" "networkmanager" ]; + uid = 1000; + packages = with pkgs; [ + firefox + git + wget + ]; + }; + }; + + services.xserver = { + enable = true; + desktopManager.plasma5.enable = true; + displayManager = { + defaultSession = "plasmawayland"; + lightdm.enable = true; + autoLogin.user = "tami"; + }; + }; + + programs.dconf.enable = true; + + programs.xwayland.enable = true; + + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + + programs.adb.enable = true; +} diff --git a/hosts/tami-mac/default.nix b/hosts/tami-mac/default.nix new file mode 100644 index 0000000..07c0dba --- /dev/null +++ b/hosts/tami-mac/default.nix @@ -0,0 +1,20 @@ +inputs: + +inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ./configuration.nix + ./hardware-configuration.nix + "${inputs.self}/profiles/nix-nixpkgs.nix" + { + _module.args.nixinate = { + host = "tami-mac"; + sshUser = "tami"; + buildOn = "remote"; + substituteOnTarget = true; + hermetic = false; + }; + } + ]; +} diff --git a/hosts/tami-mac/hardware-configuration.nix b/hosts/tami-mac/hardware-configuration.nix new file mode 100644 index 0000000..c49fc84 --- /dev/null +++ b/hosts/tami-mac/hardware-configuration.nix @@ -0,0 +1,60 @@ +{ inputs, pkgs, ... }: + +let + device = "/dev/sda"; +in +{ + imports = [ inputs.disko.nixosModules.disko ]; + + disko.devices = { + disk.${baseNameOf device} = { + inherit device; + type = "disk"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "boot"; + start = "1MiB"; + end = "512MiB"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + name = "nixos"; + start = "512MiB"; + end = "100%"; + part-type = "primary"; + bootable = true; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + } + ]; + }; + }; + }; + + boot = { + kernelPackages = pkgs.linuxPackages_latest; + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + initrd.systemd.enable = true; + tmp.cleanOnBoot = true; + }; + + hardware = { + enableAllFirmware = true; + enableRedistributableFirmware = true; + cpu.intel.updateMicrocode = true; + }; + + zramSwap.enable = true; +} diff --git a/profiles/nix-nixpkgs.nix b/profiles/nix-nixpkgs.nix new file mode 100644 index 0000000..c6cde1e --- /dev/null +++ b/profiles/nix-nixpkgs.nix @@ -0,0 +1,25 @@ +{ inputs, ... }: + +{ + environment.etc."nix/flake-channels/nixpkgs".source = inputs.nixpkgs; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ "nixpkgs=/etc/nix/flake-channels/nixpkgs" ]; + settings = { + experimental-features = [ "nix-command" "flakes" ]; + builders-use-substitutes = true; + auto-optimise-store = true; + warn-dirty = false; + trusted-users = [ "@wheel" ]; + substituters = [ + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + }; + }; + + nixpkgs.config.allowUnfree = true; +}