add t15

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
2024-03-19 19:46:12 +01:00 · 2024-03-19 19:46:12 +01:00 · 4c3da72715
parent 7ffd2b5128
commit 4c3da72715
3 changed files with 199 additions and 0 deletions
--- a/homes/x86_64-linux/harald@t15/default.nix
+++ b/homes/x86_64-linux/harald@t15/default.nix
@ -0,0 +1,65 @@
 { lib
 , config
 , ...
 }:
 {
  home.sessionPath = [ "$HOME/bin" ];
  plusultra = {
    user = {
      enable = true;
      name = config.snowfallorg.user.name;
    };
    cli-apps = {
      bash.enable = true;
      fish.enable = true;
      neovim.enable = true;
      bat.enable = true;
      starship.enable = true;
      home-manager.enable = true;
    };
    tools = {
      git.enable = true;
      direnv.enable = true;
    };
  };
  fonts.fontconfig.enable = true;
  dconf.settings = {
    # ...
    "org/gnome/shell" = {
      disable-user-extensions = false;
      # `gnome-extensions list` for a list
      enabled-extensions = [
        "Vitals@CoreCoding.com"
        "appindicatorsupport@rgcjonas.gmail.com"
        "dash-to-panel@jderose9.github.com"
        "hibernate-status@dromi"
      ];
      favorite-apps = [
        "org.gnome.Console.desktop"
        "jetbrains-toolbox.desktop"
        "org.mozilla.firefox.desktop"
        "firefox.desktop"
        "thunderbird.desktop"
        "org.mozilla.Thunderbird.desktop"
        "slack.desktop"
        "keybase.desktop"
        "spotify.desktop"
        "org.gnome.Nautilus.desktop"
        "virt-manager.desktop"
      ];
    };
    "org/virt-manager/virt-manager/connections" = {
      autoconnect = [ "qemu:///system" ];
      uris = [ "qemu:///system" ];
    };
  };
  xdg.enable = true;
  xdg.mime.enable = true;
 }
--- a/systems/x86_64-linux/t15/default.nix
+++ b/systems/x86_64-linux/t15/default.nix
@ -0,0 +1,41 @@
 { pkgs, lib, ... }:
 with lib;
 with lib.plusultra;
 {
  imports = [ ./hardware-configuration.nix ];
  plusultra = {
    base.enable = true;
    gui.enable = true;
    nix-ld.enable = true;
    nix.enable = true;
    nix.extra-substituters."https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
    podman.enable = true;
    secureboot.enable = false;
  };
  system.autoUpgrade = {
    enable = true;
    operation = "boot";
    allowReboot = false;
  };
  system.stateVersion = "23.11";
  sops.age.sshKeyPaths = [ "/persist/ssh/ssh_host_ed25519_key" ];
  sops.secrets.backup-s3.sopsFile = ../../../.secrets/t15/backup-s3.yaml;
  sops.secrets.backup-pw.sopsFile = ../../../.secrets/t15/backup-s3.yaml;
  services.openssh.hostKeys = [
    {
      path = "/persist/ssh/ssh_host_ed25519_key";
      type = "ed25519";
    }
    {
      path = "/persist/ssh/ssh_host_rsa_key";
      type = "rsa";
      bits = 4096;
    }
  ];
 }
--- a/systems/x86_64-linux/t15/hardware-configuration.nix
+++ b/systems/x86_64-linux/t15/hardware-configuration.nix
@ -0,0 +1,93 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.initrd.availableKernelModules = [
    "ahci"
    "nvme"
    "rng_core"
    "sd_mod"
    "sdhci_pci"
    "thunderbolt"
    "tpm"
    "tpm_crb"
    "tpm_tis"
    "tpm_tis_core"
    "trusted"
    "uas"
    "usb_storage"
    "usbhid"
    "xhci_pci"
    "uas"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelParams = [
    "lockdown=confidentiality"
    "intel_iommu=on"
    "quiet"
    "splash"
    "video=efifb:nobgrt"
  ];
  boot.extraModulePackages = [ ];
  services.btrfs.autoScrub.enable = true;
  swapDevices = [{ device = "/swapfile"; }];
  boot.initrd.luks.devices.crypted = {
    device = "/dev/nvme0n1p2";
    preLVM = true;
  };
  fileSystems = {
    "/" =
      {
        device = "/dev/mapper/crypted";
        fsType = "btrfs";
        options = [ "subvol=/rootfs" ];
        neededForBoot = true;
      };
    "/nix" = {
      device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "subvol=/nix" ];
      neededForBoot = true;
    };
    "/home" = {
      device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "subvol=/home" ];
    };
    "/persist" = {
      device = "/dev/mapper/crypted";
      fsType = "btrfs";
      options = [ "subvol=/persist" ];
      neededForBoot = true;
    };
    "/boot" =
    {
      device = "/dev/disk/by-partlabel/disk-one-ESP";
      fsType = "vfat";
    };
  };
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp82s0u1u3u4.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }