sid/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial commit

Browse source
This commit is contained in:
sid 2026-02-23 20:50:47 +01:00
commit c094b5770c
113 changed files with 6879 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
hosts/pc/boot.nix Normal file
View file

@ -0,0 +1,7 @@
{
boot.loader.systemd-boot = {
enable = true;
configurationLimit = 20;
};
boot.loader.efi.canTouchEfiVariables = true;
}

49
hosts/pc/default.nix Normal file
View file

@ -0,0 +1,49 @@
{
inputs,
outputs,
...
}:
{
imports = [
./boot.nix
./hardware.nix
./networking.nix
./packages.nix
./secrets
./services.nix
../../users/sid
inputs.synix.nixosModules.bluetooth
inputs.synix.nixosModules.common
inputs.synix.nixosModules.device.desktop
inputs.synix.nixosModules.hyprland
outputs.nixosModules.common
outputs.nixosModules.docs
# outputs.nixosModules.syncthing
outputs.nixosModules.tailscale
outputs.nixosModules.wine
];
normalUsers = {
sid = {
extraGroups = [
"audio"
"dialout"
"floppy"
"input"
"lp"
"networkmanager"
"video"
];
};
};
programs.steam.enable = true;
boot.enableContainers = true;
system.stateVersion = "25.11";
}

63
hosts/pc/disks.sh Normal file
View file

@ -0,0 +1,63 @@
#!/usr/bin/env bash
SSD='/dev/disk/by-id/nvme-SPCC_M.2_PCIe_SSD_7E1D079A184C00191521'
MNT='/mnt'
SWAP_GB=8
# Helper function to wait for devices
wait_for_device() {
local device=$1
echo "Waiting for device: $device ..."
while [[ ! -e $device ]]; do
sleep 1
done
echo "Device $device is ready."
}
# Function to install a package if it's not already installed
install_if_missing() {
local cmd="$1"
local package="$2"
if ! command -v "$cmd" &> /dev/null; then
echo "$cmd not found, installing $package..."
nix-env -iA "nixos.$package"
fi
}
install_if_missing "sgdisk" "gptfdisk"
install_if_missing "partprobe" "parted"
wait_for_device $SSD
echo "Wiping filesystem on $SSD..."
wipefs -a $SSD
echo "Clearing partition table on $SSD..."
sgdisk --zap-all $SSD
echo "Partitioning $SSD..."
sgdisk -n1:1M:+1G -t1:EF00 -c1:BOOT $SSD
sgdisk -n2:0:+"$SWAP_GB"G -t2:8200 -c2:SWAP $SSD
sgdisk -n3:0:0 -t3:8304 -c3:ROOT $SSD
partprobe -s $SSD
udevadm settle
wait_for_device ${SSD}-part1
wait_for_device ${SSD}-part2
wait_for_device ${SSD}-part3
echo "Formatting partitions..."
mkfs.vfat -F 32 -n BOOT "${SSD}-part1"
mkswap -L SWAP "${SSD}-part2"
mkfs.ext4 -L ROOT "${SSD}-part3"
echo "Mounting partitions..."
mount -o X-mount.mkdir "${SSD}-part3" "$MNT"
mkdir -p "$MNT/boot"
mount -t vfat -o fmask=0077,dmask=0077,iocharset=iso8859-1 "${SSD}-part1" "$MNT/boot"
echo "Enabling swap..."
swapon "${SSD}-part2"
echo "Partitioning and setup complete:"
lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL

50
hosts/pc/hardware.nix Normal file
View file

@ -0,0 +1,50 @@
{
inputs,
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/ROOT";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.graphics.enable = true;
hardware.nvidia.open = false;
services.xserver.videoDrivers = lib.mkDefault [ "nvidia" ];
}

7
hosts/pc/networking.nix Normal file
View file

@ -0,0 +1,7 @@
{
networking.hostName = "pc";
networking.interfaces.enp6s0.wakeOnLan = {
enable = true;
policy = [ "magic" ];
};
}

10
hosts/pc/packages.nix Normal file
View file

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
evtest
linuxConsoleTools
];
};
}

5
hosts/pc/secrets/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ inputs, ... }:
{
imports = [ inputs.synix.nixosModules.sops ];
}

28
hosts/pc/secrets/secrets.yaml Normal file
View file

@ -0,0 +1,28 @@
tailscale:
auth-key: ENC[AES256_GCM,data:ieDjXpk1YJ2+rb5X5dV3NPtr8+FGwcQtdinSbB+SIuyNbLoSogKrutsBqa+v0I5g,iv:0bV4VwRGCf0yIKpR850/CuTvGFUPXOnFaHpWkdyokjk=,tag:vlRo7cZqgYnvSJiCPSutmw==,type:str]
forgejo-runner:
token: ENC[AES256_GCM,data:rDwc/w9RpL/++VXg+YEYTP0CPz+trQp2OP5rHgWrPU0qODh1VjHjJA==,iv:SEFGOTB4YVnZqaJ2Lg87MSPV++8kAgtYMabvqouLuaw=,tag:NvRQHU8yvc6BdyTsnmIqyg==,type:str]
sops:
age:
- recipient: age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucExCZjNtNGFnUTlnMjl0
RVpCU1NxazNXSjBma2tTTlIvWDlPcy9EcGxZCmp2WC9xa2ptVkQvaWFYcnRqcHgz
Mk1scjBWY3g1TzNWalNVYVVqN3JLS0UKLS0tIGJQTG42aXFENFdVd0hkWGxLWVVu
STI4aWJxR3A4VUNyek5JMEtHeG1RZUUKKRDWdOXfarN7UZZzIBoSpmGlcWFsyJtX
bZgccbigI6TJpnssTkFT89FysD6i++mmC0mmTeZ/oNOXUk5OuwrCgA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zdd344x69n8umt2qjjvz8pjnt43lacvvqfdquc5jqz4x9x7pnu3sg0as0k
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeThiZGhmNTB6Uk1YdGg3
WFlvNGtENnNlOU1wUXJyOWFPb3M2bm5UQVd3CkE0ck81ZjRwa2hIY1hQLzF2VmY3
NWN4Z0x5MVlJY2Z5OGszbnBxd3ZIM1EKLS0tIGlMUUlXN1ZLRUlwRmhCek5ZR29l
OHNTYTFFYTJQeXkzWDN3bE91RFgyMzAKV49+02ik78/chrQ1arlkQZH4G6oeRHCa
Gp/WhuuOUJ7gwERNxhduhl4+IOSGcepgN5EJeTDXppUtiKXvNzmxpA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-18T17:43:14Z"
mac: ENC[AES256_GCM,data:1QcpQcLQ/TQwfzzHSGsoveB4HoN5ByCURoJn+TZjXd/szx0dBtUIxzc4ktkQZ388HFgYJ4rqpNudlc4AvYvDJULSpfP7KRADKG1reSuqpInGjU79t5U4Wwp+KJ+o29lulTV4fIqfCuqB9QhD4lqLjMSjnKUx5wkmtPuvIEjvWDw=,iv:T3ygIFwbXA/GLAbRAbQn9AP+V6evdmUCOlUfVbZc4fs=,tag:V7tLIukIAo5jyN/HkrciAw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

32
hosts/pc/services.nix Normal file
View file

@ -0,0 +1,32 @@
{
inputs,
outputs,
config,
...
}:
{
imports = [
inputs.synix.nixosModules.openssh
outputs.nixosModules.forgejo-runner
];
services = {
openssh.enable = true;
};
services.forgejo-runner = {
enable = true;
url = "https://git.sid.ovh";
tokenFile = config.sops.templates."forgejo-runner/token".path;
label = "runner";
};
sops = {
secrets."forgejo-runner/token" = { };
templates."forgejo-runner/token".content = ''
TOKEN=${config.sops.placeholder."forgejo-runner/token"}
'';
};
}