ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wip new machine h003

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-08-05 17:08:36 -05:00
parent d9aedb8d2f
commit a29902034e
10 changed files with 222 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

5
hosts/h001/flake.nix
View file

@ -64,6 +64,7 @@
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZigrRMF/HHMhjBIwiOnS2pqbOz8Az19tch680BGvmu nix2h001" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZigrRMF/HHMhjBIwiOnS2pqbOz8Az19tch680BGvmu nix2h001"
]; ];
shell = pkgs.zsh;
}; };
luser = { luser = {
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
@ -75,10 +76,6 @@
"input" "input"
]; ];
shell = pkgs.zsh; shell = pkgs.zsh;
packages = with pkgs; [
bitwarden
vaultwarden
];
}; };
}; };
}; };

1
hosts/h001/readme.md Normal file
View file

@ -0,0 +1 @@
Main media server and run things server, has a bunch of stuff on it I am self hosting

1
hosts/h002/readme.md Normal file
View file

@ -0,0 +1 @@
NAS for my home network

8
hosts/h003/configuration.nix Normal file
View file

@ -0,0 +1,8 @@
{
pkgs,
config,
...
}:
{
}

101
hosts/h003/flake.nix Normal file
View file

@ -0,0 +1,101 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
# Use relative to get current version for testing
# common.url = "path:../../common";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
};
outputs =
{
nixpkgs,
common,
ros_neovim,
...
}:
let
configuration_name = "h003";
lib = nixpkgs.lib;
in
{
nixosConfigurations = {
"${configuration_name}" = (
lib.nixosSystem {
modules = [
common.nixosModules.default
ros_neovim.nixosModules.default
./configuration.nix
./hardware-configuration.nix
(
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
lua
sqlite
];
ringofstorms_common = {
systemName = configuration_name;
boot.systemd.enable = true;
secrets.enable = true;
general = {
reporting.enable = true;
};
programs = {
tailnet.enable = true;
ssh.enable = true;
podman.enable = true;
};
users = {
admins = [ "luser" ]; # First admin is also the primary user owning nix config
users = {
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3riAQ8RP5JXj2eO87JpjbM/9SrfFHcN5pEJwQpRcOl nix2h003"
];
shell = pkgs.zsh;
};
luser = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3riAQ8RP5JXj2eO87JpjbM/9SrfFHcN5pEJwQpRcOl nix2h003"
];
extraGroups = [
"networkmanager"
"video"
"input"
];
shell = pkgs.zsh;
};
};
};
homeManager = {
users = {
luser = {
imports = with common.homeManagerModules; [
kitty
tmux
atuin
direnv
git
nix_deprecations
postgres
ssh
starship
zoxide
zsh
];
};
};
};
};
}
)
];
}
);
};
};
}

56
hosts/h003/hardware-configuration.nix Normal file
View file

@ -0,0 +1,56 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"ehci_pci"
"ahci"
"xhci_pci"
"firewire_ohci"
"usb_storage"
"usbhid"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
swapDevices = [
{
device = "/.swapfile";
size = 18 * 1024; # 18GB
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

1
hosts/h003/readme.md Normal file
View file

@ -0,0 +1 @@
WAN Local networking computer

51
hosts/lio/flake.lock generated
View file

@ -29,24 +29,19 @@
"inputs": { "inputs": {
"home-manager": "home-manager", "home-manager": "home-manager",
"nix-flatpak": "nix-flatpak", "nix-flatpak": "nix-flatpak",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"opencode": "opencode", "opencode": "opencode",
"ragenix": "ragenix" "ragenix": "ragenix"
}, },
"locked": { "locked": {
"lastModified": 1753903580, "path": "../../common",
"narHash": "sha256-9jJqpH5vpYppWeA7BUYLxkhwHELi0sSwOJs17Nu2VWE=", "type": "path"
"ref": "refs/heads/master",
"rev": "05b93ea5f1228827d659b425f957c29a9abf9e7a",
"revCount": 555,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}, },
"original": { "original": {
"type": "git", "path": "../../common",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" "type": "path"
} },
"parent": []
}, },
"crane": { "crane": {
"locked": { "locked": {
@ -196,22 +191,6 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1753694789,
"narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1741379970, "lastModified": 1741379970,
"narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
@ -227,7 +206,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1752866191, "lastModified": 1752866191,
"narHash": "sha256-NV4S2Lf2hYmZQ3Qf4t/YyyBaJNuxLPyjzvDma0zPp/M=", "narHash": "sha256-NV4S2Lf2hYmZQ3Qf4t/YyyBaJNuxLPyjzvDma0zPp/M=",
@ -243,7 +222,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1753848940, "lastModified": 1753848940,
"narHash": "sha256-jH7fqN4HzsIlj2c/SAuVWmgUIjBwDdEKVnL97xlECHY=", "narHash": "sha256-jH7fqN4HzsIlj2c/SAuVWmgUIjBwDdEKVnL97xlECHY=",
@ -1141,16 +1120,16 @@
"opencode": { "opencode": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1753893530, "lastModified": 1754364004,
"narHash": "sha256-7L50P3+u4SHQtjSdFJviPaeLFnOIGP/l4BFLHKm4pNs=", "narHash": "sha256-/FWvHekyAM9U5WLptAr2YbcMOZa/twjucSUnlqfu1Y4=",
"owner": "sst", "owner": "sst",
"repo": "opencode", "repo": "opencode",
"rev": "304e86a8d4ebbaf55de27ac012aecc58028c898d", "rev": "b8248096056d674f964d75e34b8200cf0ff1ac8b",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "sst", "owner": "sst",
"ref": "v0.3.85", "ref": "v0.3.130",
"repo": "opencode", "repo": "opencode",
"type": "github" "type": "github"
} }
@ -1160,7 +1139,7 @@
"agenix": "agenix", "agenix": "agenix",
"crane": "crane", "crane": "crane",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
@ -1180,13 +1159,13 @@
"root": { "root": {
"inputs": { "inputs": {
"common": "common", "common": "common",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_3",
"ros_neovim": "ros_neovim" "ros_neovim": "ros_neovim"
} }
}, },
"ros_neovim": { "ros_neovim": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_4",
"nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim",
"nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim",
"nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring",

4
hosts/lio/flake.nix
View file

@ -3,8 +3,8 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
# Use relative to get current version for testing # Use relative to get current version for testing
# common.url = "path:../../common"; common.url = "path:../../common";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; # common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
}; };

36
readme.md
View file

@ -21,6 +21,42 @@
## NixOS install ## NixOS install
1. Install nix minimal: (new with btrfs backing)
- Partitions
- `parted /dev/DEVICE -- mklabel gpt` - make GPT partition table
- `parted /dev/DEVICE -- mkpart NIXROOT 2GB 100%` - make root partition (2GB offset for boot)
- `parted /dev/DEVICE -- mkpart ESP fat32 1MB 2GB` - make boot partition (2GB)
- `parted /dev/DEVICE -- set 2 esp on` - make boot bootable
- LUKS Encryption
- `cryptsetup luksFormat /dev/DEVICE_1`
- Create passphrase and save to bitwarden
- `cryptsetup luksOpen /dev/DEVUCE_1 cryptroot`
- Create keyfile for auto-unlock (optional)
- `dd if=/dev/random of=/tmp/keyfile bs=1024 count=4`
- `chmod 400 /tmp/keyfile`
- `cryptsetup luksAddKey /dev/DEVICE_1 /tmp/keyfile`
- Formatting
- `mkfs.btrfs -L NIXROOT /dev/mapper/cryptroot`
- `mkfs.fat -F 32 -n NIXBOOT /dev/DEVICE_2`
- Create btrfs subvolumes (for better snapshot performance) (this is optional and can technically be skipped and put everything in one but I like this setup for cleanliness)
- `mount /dev/mapper/cryptroot /mnt`
- `btrfs subvolume create /mnt/root`
- `btrfs subvolume create /mnt/nix`
- `btrfs subvolume create /mnt/snapshots`
- `umount /mnt`
- Mount
- `mount -o subvol=root,compress=zstd,noatime /dev/mapper/cryptroot /mnt`
- `mkdir -p /mnt/{nix,boot,.snapshots}`
- `mount -o subvol=nix,compress=zstd,noatime /dev/mapper/cryptroot /mnt/nix`
- `mount -o subvol=snapshots,compress=zstd,noatime /dev/mapper/cryptroot /mnt/.snapshots`
- `mount -o umask=077 /dev/disk/by-label/NIXBOOT /mnt/boot`
- Copy keyfile for auto-unlock (optional)
- `cp /tmp/keyfile /mnt/boot/keyfile`
- `chmod 400 /mnt/boot/keyfile`
2. same as below...
1. Install nix minimal: 1. Install nix minimal:
- Partitions - Partitions