youthlic/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add another machine, Akun

Browse source
This commit is contained in:
ulic-youthlic 2025-01-19 16:10:08 +08:00
parent d159fed672
commit f36c71bd26
Signed by: youthlic
GPG key ID: 63E86C3C14A0D721
13 changed files with 415 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

10
flake.nix
View file

@ -65,6 +65,11 @@
stylix = {
url = "github:danth/stylix";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
@ -193,7 +198,10 @@
in
{
homeConfigurations = nixpkgs.lib.foldr (a: b: a // b) { } (
map (hostName: mkHomeConfig { inherit hostName; }) [ "Tytonidae" ]
map (hostName: mkHomeConfig { inherit hostName; }) [
"Tytonidae"
"Akun"
]
);
homeManagerModules =
{

113
home/david/configurations/Akun/default.nix Normal file
View file

@ -0,0 +1,113 @@
{
pkgs,
unixName,
config,
...
}:
{
youthlic.programs = {
firefox.enable = true;
fuzzel.enable = true;
helix.enable = true;
gpg.enable = true;
git = {
email = "ulic.youthlic@gmail.com";
name = "ulic-youthlic";
signKey = "C6FCBD7F49E1CBBABD6661F7FC02063F04331A95";
};
fish.enable = true;
bash.enable = true;
ghostty.enable = true;
starship.enable = true;
sops.enable = true;
mpv.enable = true;
};
david = {
wallpaper.enable = true;
};
xdg.userDirs = {
enable = true;
download = "${config.home.homeDirectory}/dls";
documents = "${config.home.homeDirectory}/doc";
music = "${config.home.homeDirectory}/mus";
pictures = "${config.home.homeDirectory}/pic";
videos = "${config.home.homeDirectory}/vid";
templates = "${config.home.homeDirectory}/tpl";
publicShare = "${config.home.homeDirectory}/pub";
desktop = "${config.home.homeDirectory}/dsk";
createDirectories = true;
};
home.username = "${unixName}";
home.homeDirectory = "/home/${unixName}";
home.stateVersion = "24.11";
programs.home-manager.enable = true;
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-source-record
input-overlay
];
};
home.packages = with pkgs; [
tealdeer
ripgrep
fzf
file
which
gnused
gnutar
bat
gawk
zstd
tree
ouch
dust
duf
doggo
qq
telegram-desktop
ghostty
scrcpy
ast-grep
lazygit
dig
fend
gitoxide
kdePackages.kdenlive
fd
viu
];
programs.ssh = {
enable = true;
hashKnownHosts = true;
extraOptionOverrides = {
HostKeyAlgorithms = "ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256";
KexAlgorithms = "curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256";
MACs = "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com";
Ciphers = "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr";
};
matchBlocks = {
"github.com" = {
hostname = "ssh.github.com";
port = 443;
user = "git";
extraOptions = {
AddKeysToAgent = "yes";
};
};
};
# includes = [ config.sops.secrets.ssh-config.path ];
};
programs.chromium = {
enable = true;
commandLineArgs = [
"--ozone-platform=wayland"
"--enable-wayland-ime=true"
"--enable-features=UseOzonePlatform"
];
};
}

23
home/david/configurations/Tytonidae/default.nix
View file

@ -22,6 +22,7 @@
email = "ulic.youthlic@gmail.com";
name = "ulic-youthlic";
signKey = "C6FCBD7F49E1CBBABD6661F7FC02063F04331A95";
encrypt-credential = true;
};
fish.enable = true;
bash.enable = true;
@ -125,14 +126,20 @@
};
};
sops.secrets."ssh-private-key" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519";
sops.secrets = {
"ssh-private-key/tytonidae" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519_tytonidae";
};
"ssh-private-key/akun" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519_akun";
};
"ssh-config" = {
mode = "0400";
format = "yaml";
sopsFile = rootPath + "/secrets/ssh-config.yaml";
};
};
sops.secrets."ssh-config" = {
mode = "0400";
format = "yaml";
sopsFile = rootPath + "/secrets/ssh-config.yaml";
};
}

5
home/modules/git.nix
View file

@ -28,6 +28,7 @@
key fingerprint for sign commit
'';
};
encrypt-credential = lib.mkEnableOption "encrypt git credential";
};
};
config =
@ -62,12 +63,14 @@
};
};
lfs.enable = true;
}
(lib.mkIf cfg.encrypt-credential {
extraConfig = {
credential = {
helper = "store --file=${config.sops.secrets."git-credential".path}";
};
};
}
})
(lib.mkIf (cfg.signKey != null) {
signing = {
signByDefault = true;

64
nixos/configurations/Akun/default.nix Normal file
View file

@ -0,0 +1,64 @@
{ pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./stylix.nix
./users
./networking.nix
./disk-config.nix
];
youthlic = {
home-manager = {
enable = true;
unixName = "david";
hostName = "Akun";
};
i18n.enable = true;
programs = {
# dae.enable = true;
openssh.enable = true;
kanata.enable = true;
};
gui.enabled = "kde";
};
programs.gnupg.agent = {
enable = true;
};
networking.hostName = "Akun";
time.timeZone = "Asia/Shanghai";
services.printing.enable = true;
environment.systemPackages = with pkgs; [
nix-output-monitor
wget
git
vim
helix
element-desktop
discord-ptb
vlc
btop
spotify
localsend
];
environment.variables.EDITOR = "hx";
services.dbus.implementation = "broker";
boot = {
kernelPackages = pkgs.linuxPackages_zen;
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
# loader.grub = {
# efiSupport = true;
# efiInstallAsRemovable = true;
# };
};
system.stateVersion = "24.11";
}

85
nixos/configurations/Akun/disk-config.nix Normal file
View file

@ -0,0 +1,85 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypto";
# disable settings.keyFile if you want to use interactive password entry
passwordFile = "/tmp/secret.key"; # Interactive
settings = {
allowDiscards = true;
fallbackToPassword = true;
};
initrdUnlock = true;
extraFormatArgs = [
"--type luks2"
"--cipher aes-xts-plain64"
"--hash sha512"
"--iter-time 5000"
"--pbkdf argon2id"
"--use-random"
];
extraOpenArgs = [
"--timeout 10"
];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"@swap" = {
mountpoint = "/swap";
swap.swapfile.size = "8G";
};
};
};
};
};
};
};
};
};
};
}

25
nixos/configurations/Akun/hardware-configuration.nix Normal file
View file

@ -0,0 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s20f0u2u1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

39
nixos/configurations/Akun/networking.nix Normal file
View file

@ -0,0 +1,39 @@
{ ... }:
{
systemd.network = {
enable = true;
wait-online.enable = false;
networks = {
"enp0s20f0u2u1" = {
matchConfig.Name = "enp0s20f0u2u1";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
networking = {
networkmanager.enable = false;
useNetworkd = true;
useDHCP = false;
nftables = {
enable = true;
};
wireless.iwd = {
enable = true;
settings = {
General = {
EnableNetworkConfiguration = true;
};
Network = {
EnableIPv6 = true;
NameResolvingService = "systemd";
};
};
};
firewall.enable = false;
};
}

27
nixos/configurations/Akun/stylix.nix Normal file
View file

@ -0,0 +1,27 @@
{ pkgs, rootPath, ... }:
{
stylix = {
enable = true;
image = rootPath + "/assets/wallpaper/01.png";
polarity = "dark";
base16Scheme = "${pkgs.base16-schemes}/share/themes/ayu-dark.yaml";
fonts = {
serif = {
package = pkgs.lxgw-wenkai;
name = "LXGW WenKai";
};
sansSerif = {
package = pkgs.noto-fonts-cjk-serif;
name = "Noto Serif CJK SC";
};
monospace = {
package = pkgs.nerd-fonts.fira-code;
name = "FiraCode Nerd Font";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
};
}

1
nixos/configurations/Akun/users/akun.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFYWNXzILqXRwonZKtpu/LBrDMUkywDNuY7vdLQQdUI david@Tytonidae

27
nixos/configurations/Akun/users/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ lib, pkgs, ... }:
{
users.users.david = {
isNormalUser = true;
description = "david";
extraGroups = [
"networkmanager"
"libvirtd"
"wheel"
"video"
];
};
services.udev = {
enable = true;
extraRules = ''
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${lib.getExe' pkgs.coreutils "chgrp"} video /sys/class/backlight/%k/brightness"
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${lib.getExe' pkgs.coreutils "chmod"} g+w /sys/class/backlight/%k/brightness"
ACTION=="add", SUBSYSTEM=="leds", RUN+="${lib.getExe' pkgs.coreutils "chgrp"} video /sys/class/leds/%k/brightness"
ACTION=="add", SUBSYSTEM=="leds", RUN+="${lib.getExe' pkgs.coreutils "chmod"} g+w /sys/class/leds/%k/brightness"
'';
};
programs.fish.enable = true;
users.users.david.shell = pkgs.fish;
users.users.david.openssh.authorizedKeys.keyFiles = [
./akun.pub
];
}

1
nixos/modules/default.nix
View file

@ -12,6 +12,7 @@
dae.nixosModules.dae
sops-nix.nixosModules.sops
stylix.nixosModules.stylix
disko.nixosModules.disko
])
++ [
./nix.nix

8
secrets/general.yaml
View file

@ -1,4 +1,6 @@
ssh-private-key: ENC[AES256_GCM,data:hT2/OaZBAXK8eQe0qAxHw8nO6Z9ErzUdGWUgN/0c04NKUz6dyynKXsSEE7sC/P/WfUCOTXVgf7u/SY2/hMBG2tpceEwx2FDVJnUDF6Wi/2U8C1z3TjBitjYY1apku3lMTNYF7GwflUA+lB3xcKJ9dKnJlU/5moPqCf58G5w9DFXM1YJcUfVQ1Cl5MKguJkxpSw4MMm7QxGhruX5C/a84TYIZC/IHll3f1e6qvM+5TEibXIa9LBMcT7pxw4SQ/vhPmAJO54/GHbktTHxkjPbo2keGr3J1Im+TlX9OB81cbNZMxIn++Igw9iffF0LZmudmndLhWFPUK0itpkP8pjMY3rIrI6KsPG/7w4zQMO0p6rNfeGjkLvKp3mj5mYRlBdMaqtiqngAxzelsKaVhXlO+JXR+qdpONico8mRP+f3KSJU6gmGCIw0RNFcBlV/NN2VNUTxBS7/cwYGKF1kkb4Or9h5l5N7Ta1U5m2PEYclrneuclx6fdKXfChLG65E0l86EgpMyC6hHSL1x51e8QJSnHBkbjAMI59Kj9sy4QE8J4/a3q1D/sr/bn2t2Y7W0CckK7iPqyeiA0RSXiIVZ,iv:QVQCQJyc2ZgSzBpJ2MIrjgxBKghpr48k9yGzBUIoffg=,tag:3zo3vzwqWhQkAWB4N4R0NQ==,type:str]
ssh-private-key:
tytonidae: ENC[AES256_GCM,data:I1RF/umtOGAuSVoLfwDnN2DG+w1yWqPkhZzM61y5XRSxF2Xq5C/iUJGWeCc+1Hwbw+oEMnm2e57m79Uke0LIJJrw//kRMqNOewQtx2xHkNSscWKCIANoNiDdhlOnB0r0BfXObr0xEu/69ST11lupPGIGQiWhjT1BY7c4NhAhhzfThttQCwznfrX3SfLu4p2Akg6p8QmRcU6h9kox+PK1Im+h956W0dYVnIe4ePZ3NGitQll9hxLxM+agnxF9wDDO+4pQ3i8aadbxLr8ug/boEhBy/e+sOKqzboAiWpuDjfQRUxklz0IxBihK8z6J/AHgXusxs70EdUDKf5sH7RIi95poYqJdl6bKToSCJtuM7JQ/eNTUjHvUZlRvlXSZG4iNypUYTOxSHTFGH7rA0wNeE0sMXkaTfJHD5utZDjxibICW1+BYXam8mTKWhXMUyfAL2bLMRmshxRB81bPnik08axpzJ22oSxZ1AfPz5I98zn/o0bDlAPTRetImQtSN181WrRHCCVUMe4wZIfgQvVryFgfPU06gqztgU2DB22QphXXysHn4p3jbAF3Hqvgq0f+iNXoh6NJLaUD+i7xb,iv:nSTfnDbaS9DZL2WhVgcu8qIPkYH1Zws58yvcIeSZCzk=,tag:JJV7vJylaFOYdVjyeeOt9g==,type:str]
akun: ENC[AES256_GCM,data:d04sdY1cvJuOPSq9H2lT26jrUFSA1sHz1i9jj+XtXGeagQyc4XaknTmfC3EDfvNghoizZWZ/Ma+BfIvnlWDBFqhkGhdhB7X8PnI9rySOfkMmOk2HXHtvP4GfSy2oQ4BMRfYX2N9TcViascnXA9MRsetDjD3fhiCKkZ+2H/sthxw38JgK95O74lFCze7sc4ZzK/RhXaBkLFrQpMdqnGBYpH9wuHiQSlFxBQ0jHJDUeOSxOdCanw2xfdkJnNe5dKRweoYp4Mtit2C3DRdaT3lMQ/SQjfEhUs/0TIXyunoWE7nX5tUN2F2s/FtkPMU5lpiW1x+kntMBBfY9TA+r4CyH4lkhFit+DsIkPfdUZGzSquQAHHWzDzS5vXnKTf8NFCzHIeoQzegkf4JS+CWf51Iy15FfWy+Pd6CmxLikAQnGTixGDa7LMqOV48BhZ5it/hJmrzg0FMkNFeeJW/s9YvCNMae8lMt/0K+N+pUD/Ud8VJnIxP4MmWGKRwNNFHivGuZjtKCJR9agf1N7NPBDDqV7HRDYAfxa2sPozWZ5ZGGGlsmINeymNk10aY4ovRs/6CcRWw2gPspNuxvqb9HQ7r/cQFmGhLYpkliRLpFM/skLCHA=,iv:YVPvHL4nxqJMR8PE+hraS0piboGYXqyljgGcBHqG38g=,tag:HSab+C3Xd5wMzyomF9dGMA==,type:str]
git-credential: ENC[AES256_GCM,data:Rt6ccMJ+D/Jv1U7Ex51j4zIKp5KIyPFJdWZwJyW6liU5CHxBfrFWeNOJobhT5tFPrhzHRUI=,iv:f2SYFKpAcHoKG3dMsniKRi02EFDzwgzzli5Qzw8CWqo=,tag:hUi0FAZ7+2+mcqUsz5HtbQ==,type:str]
url: ENC[AES256_GCM,data:ouWl1losoEBxgUYkZLGhcA7bmqJG0ivx8wNoYx64+lvOVNzg0Q0wp8GFK1ikRQAq2gljiYoLlbGAehePpadAIgePQKP03LC65EzME/gynjZpq2FC9shm75SnymH7imhYcvEVidpoDR/FDBmsTLqAvbV2nmF+,iv:KKr2S1faSHAuiLvGiKdgiJXXrBoXY7qDGfvPuHEi1C8=,tag:srSWuFwGVkLE2GB9yhzTXw==,type:str]
sops:
@ -16,8 +18,8 @@ sops:
dTkwcThVQTNYZ0RKWnIwMEgzQ2lYMVEKWs0OsGlPCRfsjZwntyVa6RGhZLye35kX
3PDxZ66jP63OGi5Hai17fp5IvT3/mIRWh6UMq44TFz9OQoUWCymakg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-13T08:37:59Z"
mac: ENC[AES256_GCM,data:7Y1fHRBvU1HqNeX8R0s/zduiH96z2xLR4Mf4X4v1UYG/uhMk2MJ42Q8dHyK6HCeR0m81WiPal5zZRSWQzwxCSC9GDZiUTJhacsTazqXbqZHGyKm3IW5lFP21dqNqZQ//cIM+VVg/KpqFRHOOqA0gSIjMJxgef7nC7jm8vWTbr9k=,iv:dJ31SWiGYdnoRaJwrex6UlarTofdr02zosMF63GDJQI=,tag:mdIqQqiUyPXbK5JCKZsXuw==,type:str]
lastmodified: "2025-01-18T13:11:25Z"
mac: ENC[AES256_GCM,data:VYuAAQDfw80tBNQwA+RI9KiWQ75wPd5OdZplEsPjxW4aIlDFPooRU+tYkkQtCFhmqpSNWuM3quaLpwVKg6FCNSpLV+dleHbcR8FaxXK6TN39bH2M9WjeMnSAjbqL4EpwWhwI3mZGxF9oBrpJOwLDXdQ6s7ZceyfCSLd0DOZHmHQ=,iv:olAhT6J5BEHpWVxZl+jrlWJ/Ati4Uarvy7yGnpsoZNQ=,tag:LsA9C6W2QBQbE9nqeYgryw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2