diff options
| author | Freya Murphy <freya@freyacat.org> | 2025-01-24 13:06:22 -0500 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2025-01-24 13:06:22 -0500 |
| commit | d999d4d0e68b9d7cfa0f477cdbac8fe82850ae78 (patch) | |
| tree | af2100aabc890c90c52b26640b07e6d342551794 /hosts/shinji | |
| parent | refactor home packages, more labels (diff) | |
| download | dotfiles-nix-d999d4d0e68b9d7cfa0f477cdbac8fe82850ae78.tar.gz dotfiles-nix-d999d4d0e68b9d7cfa0f477cdbac8fe82850ae78.tar.bz2 dotfiles-nix-d999d4d0e68b9d7cfa0f477cdbac8fe82850ae78.zip | |
use sops-nix for secrets
Diffstat (limited to 'hosts/shinji')
| -rw-r--r-- | hosts/shinji/default.nix | 74 | ||||
| -rw-r--r-- | hosts/shinji/secrets.yaml | 23 |
2 files changed, 97 insertions, 0 deletions
diff --git a/hosts/shinji/default.nix b/hosts/shinji/default.nix new file mode 100644 index 0000000..d1a02a8 --- /dev/null +++ b/hosts/shinji/default.nix @@ -0,0 +1,74 @@ +# Shinji +# System configuration for my laptop + +{ + inputs, + options, + ... +}: + +inputs.nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + options + ../../nix + { + # options + hostName = "shinji"; + monitors = [{ + name = "eDP-1"; + scale = 1.25; + }]; + + # hardware + hardware.graphics.enable = true; + hardware.bluetooth.enable = true; + security.tpm2.enable = false; + + # bootloader + boot.loader.systemd-boot.enable = true; + boot.loader.efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot/efi"; + }; + + # kernel modules + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "thunderbolt" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # firmware + hardware.enableRedistributableFirmware = true; + hardware.cpu.amd.updateMicrocode = true; + + # luks device + boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/ad489bfa-4280-44ea-8ad2-60347b516d60"; + + # root + fileSystems."/" = { + device = "/dev/disk/by-uuid/b43a7cf6-b9aa-44c2-ad29-da24ffa56901"; + fsType = "btrfs"; + }; + + # boot + fileSystems."/boot/efi" = { + device = "/dev/disk/by-uuid/6F93-6A0B"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + # swap + swapDevices = [ + { device = "/dev/disk/by-uuid/57caa02d-8569-43e3-8bf9-09dd6f02b191"; } + ]; + } + ]; +} diff --git a/hosts/shinji/secrets.yaml b/hosts/shinji/secrets.yaml new file mode 100644 index 0000000..5bb89cf --- /dev/null +++ b/hosts/shinji/secrets.yaml @@ -0,0 +1,23 @@ +freyanetWg: ENC[AES256_GCM,data:TlaDyx3E6Gez8HHiihFGIGfVedLx9xXSzBNEPmZYC3rqWEHHTfsMh6xL5l8=,iv:qdygQeUQkpVCWOYJ9BLsBtN/F0sYU4fTKz+/Az1QyOg=,tag:88yeDqXtcHshVRiinn2Bsg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-01-24T17:54:22Z" + mac: ENC[AES256_GCM,data:IfPObEnZ46RUXjHwK4ibIlfwveqYaOHPtKgIhLjBuuElPHfvhSqgeN4KEwTDPnk38F39qRiyDA3TlEZjIvC856t+a5FG7UkdQRkOkotcqMPwtmEHz5YXw0gqMny7y4+iFMvog0NQL94ptodD0kD/OoJKt/2tGmm9Jv3yBO/qqwo=,iv:BGBONzCHiWLhS0AX9Xa3Rt8dZTzDEGWS0jr72GAx4bc=,tag:SIJyE/xWuxf2U2x2+1cX4w==,type:str] + pgp: + - created_at: "2025-01-24T17:54:22Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4D/YCJcy0T0DkSAQdAxr7yRTBbTqekdXYr4apLlMvUa00t07itX1tUfrQcQjsw + spxEodkxhj5ZiD/ohAQRBzhwMN+xhqo69b+yfRPYke1IXc8CqeQAJHGXZKxhlOPO + 0l4B7AD9YlNgegBsUhFm/7ll5t1oTy3xXzgVKpWhpqAnyMqzyKx7gZcZagjaRaDn + aMITJxTBRU8cmuZazUvu5O2lUKqFCj9Au/wP42eUWQphzsxKkGeYsnqr1z417N83 + =qn+4 + -----END PGP MESSAGE----- + fp: 2A8A27879715447AEEC59D0C18DCCBE353963394 + unencrypted_suffix: _unencrypted + version: 3.9.3 |