feat(fatteh): integrate into niveum

2026-03-16 10:11:08 +01:00 · 2024-03-19 20:31:02 +01:00
parent d4cb0abc24
commit f57d1780fb
14 changed files with 71 additions and 134 deletions
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -83,16 +83,11 @@ in {
      users.users.me = {
        name = "kfm";
        description = kieran.name;
        hashedPasswordFile = config.age.secrets.kfm-password.path;
        isNormalUser = true;
        uid = 1000;
        extraGroups = ["pipewire" "audio"];
      };
      age.secrets = {
        kfm-password.file = ../secrets/kfm-password.age;
      };
      home-manager.users.me.xdg.enable = true;
    }
    {
--- a/configs/fu-berlin.nix
+++ b/configs/fu-berlin.nix
@@ -68,12 +68,6 @@ in {
      group = config.users.users.me.group;
      mode = "400";
    };
    blackboard-calendar-ics = {
      file = ../secrets/blackboard-calendar-ics.age;
      owner = config.users.users.me.name;
      group = config.users.users.me.group;
      mode = "400";
    };
  };
  # https://www.zedat.fu-berlin.de/tip4u_157.pdf
--- a/configs/gnome.nix
+++ b/configs/gnome.nix
@@ -0,0 +1,5 @@
 {
  services.xserver.enable = true;
  services.xserver.displayManager.lightdm.enable = true;
  services.xserver.desktopManager.gnome.enable = true;
 }
--- a/configs/ssh.nix
+++ b/configs/ssh.nix
@@ -74,6 +74,11 @@ in {
        user = "kfm";
        port = sshPort;
      };
      fatteh = {
        hostname = "fatteh.hr";
        user = "kfm";
        port = sshPort;
      };
    };
  };
 }
--- a/configs/battery.nix
+++ b/configs/battery.nix
--- a/flake.lock
+++ b/flake.lock
@@ -1179,11 +1179,11 @@
    },
    "retiolum_2": {
      "locked": {
-        "lastModified": 1708082526,
+        "lastModified": 1710877137,
-        "narHash": "sha256-Zp5qGHlJge93vM2Z+5jGyyD6o48NvmCjjaujeZJ1vsI=",
+        "narHash": "sha256-oc6CXM2abODnQ4q+/A5a+9SXrdRVp5pwyv7rKO/YUiw=",
        "ref": "refs/heads/master",
-        "rev": "00af6f8e749d720a0423834024adafef4f9ebf03",
+        "rev": "3506e34e564a777015718007ec9b8847fcd38637",
-        "revCount": 338,
+        "revCount": 339,
        "type": "git",
        "url": "https://git.thalheim.io/Mic92/retiolum"
      },
--- a/flake.nix
+++ b/flake.nix
@@ -102,6 +102,7 @@
              makanek = "root@makanek";
              manakish = "root@manakish";
              kabsa = "root@kabsa";
              fatteh = "root@fatteh";
            };
          in
            lib.attrsets.nameValuePair "deploy-${hostname}" {
@@ -266,6 +267,18 @@
            stylix.nixosModules.stylix
          ];
        };
        fatteh = nixpkgs.lib.nixosSystem rec {
          system = "x86_64-linux";
          specialArgs = niveumSpecialArgs system;
          modules = [
            systems/fatteh/configuration.nix
            agenix.nixosModules.default
            retiolum.nixosModules.retiolum
            home-manager.nixosModules.home-manager
            nur.nixosModules.nur
            stylix.nixosModules.stylix
          ];
        };
      };
    }
    // flake-utils.lib.eachSystem [flake-utils.lib.system.x86_64-linux flake-utils.lib.system.x86_64-darwin flake-utils.lib.system.aarch64-linux] (system: let
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -70,7 +70,7 @@
    sshKeys = pkgs:
      pkgs.lib.strings.splitString "\n" (pkgs.lib.strings.fileContents (pkgs.fetchurl {
        url = "https://github.com/kmein.keys";
-        hash = "sha256-TVv1UHfNs3zIW8vrnCG7PPeMtgr2SDjrb8yZBMvp9/A=";
+        hash = "sha256-kabB1yNEToMw1Lcf4WYx4IfuuLzHOPvABTQku5CE60A=";
      }));
  };
--- a/lib/retiolum-network.nix
+++ b/lib/retiolum-network.nix
@@ -19,6 +19,11 @@
    ipv6 = "42:0:3c46:f7a9:1f0a:1b2b:822a:6050";
  };
  fatteh = {
    ipv6 = "42:0:3c46:aa73:82b0:14d7:7bf8:bf2";
    ipv4 = "10.243.2.77";
  };
  manakish = {
    ipv4 = "10.243.2.85";
    ipv6 = "42:0:3c46:ac99:ae36:cb8:c551:ba27";
--- a/2
+++ b/2
--- a/systems/fatteh/configuration.nix
+++ b/systems/fatteh/configuration.nix
@@ -2,128 +2,44 @@
  config,
  pkgs,
  ...
-}: {
+}: let
  inherit (import ../../lib) retiolumAddresses;
 in {
  imports = [
    ./hardware-configuration.nix
    ../../configs/networkmanager.nix
    ../../configs/default.nix
    # ../../configs/gnome.nix
  ];
-  # Bootloader.
+  niveum = {
-  boot.loader.systemd-boot.enable = true;
+    batteryName = "BAT1";
-  boot.loader.efi.canTouchEfiVariables = true;
+    wirelessInterface = "wlp3s0";
-
+    promptColours.success = "blue";
  boot.initrd.luks.devices."luks-aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5".device = "/dev/disk/by-uuid/aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5";
  networking.hostName = "nixos"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  # Enable networking
  networking.networkmanager.enable = true;
  # Set your time zone.
  time.timeZone = "Europe/Berlin";
  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "de_DE.UTF-8";
    LC_IDENTIFICATION = "de_DE.UTF-8";
    LC_MEASUREMENT = "de_DE.UTF-8";
    LC_MONETARY = "de_DE.UTF-8";
    LC_NAME = "de_DE.UTF-8";
    LC_NUMERIC = "de_DE.UTF-8";
    LC_PAPER = "de_DE.UTF-8";
    LC_TELEPHONE = "de_DE.UTF-8";
    LC_TIME = "de_DE.UTF-8";
  };
-  # Enable the X11 windowing system.
+  stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/onedark.yaml";
  services.xserver.enable = true;
-  # Enable the GNOME Desktop Environment.
+  age.secrets = {
-  services.xserver.displayManager.gdm.enable = true;
+    retiolum-rsa = {
-  services.xserver.desktopManager.gnome.enable = true;
+      file = ../../secrets/fatteh-retiolum-privateKey-rsa.age;
-
+      mode = "400";
-  # Configure keymap in X11
+      owner = "tinc.retiolum";
-  services.xserver = {
+      group = "tinc.retiolum";
-    layout = "de";
+    };
-    xkbVariant = "T3";
+    retiolum-ed25519 = {
      file = ../../secrets/fatteh-retiolum-privateKey-ed25519.age;
      mode = "400";
      owner = "tinc.retiolum";
      group = "tinc.retiolum";
    };
    restic.file = ../../secrets/restic.age;
    syncthing-cert.file = ../../secrets/fatteh-syncthing-cert.age;
    syncthing-key.file = ../../secrets/fatteh-syncthing-key.age;
  };
-  # Configure console keymap
+  networking.hostName = "fatteh";
-  console.keyMap = "de";
+  networking.retiolum = retiolumAddresses.fatteh;
-  # Enable CUPS to print documents.
+  system.stateVersion = "23.11";
  services.printing.enable = true;
  # Enable sound with pipewire.
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    # If you want to use JACK applications, uncomment this
    #jack.enable = true;
    # use the example session manager (no others are packaged yet so this is enabled by default,
    # no need to redefine it in your config for now)
    #media-session.enable = true;
  };
  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.kfm = {
    isNormalUser = true;
    description = "Kierán Meinhardt";
    extraGroups = ["networkmanager" "wheel"];
    packages = with pkgs; [
      firefox
      #  thunderbird
    ];
  };
  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
    #  wget
  ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.11"; # Did you read the comment?
 }
--- a/systems/fatteh/hardware-configuration.nix
+++ b/systems/fatteh/hardware-configuration.nix
@@ -16,6 +16,10 @@
  boot.initrd.kernelModules = [];
  boot.kernelModules = ["kvm-intel"];
  boot.extraModulePackages = [];
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.initrd.luks.devices."luks-aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5".device = "/dev/disk/by-uuid/aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5";
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/42b747ff-a432-4c0e-bb0a-59f0a68c44a2";
--- a/systems/kabsa/configuration.nix
+++ b/systems/kabsa/configuration.nix
@@ -8,9 +8,9 @@
 in {
  imports = [
    ./hardware-configuration.nix
-    ../../configs/battery.nix
+    ../../configs/tlp.nix
    ../../configs/default.nix
-    ../../configs/networkmanager.nix # TODO how to get passwords into there?
+    ../../configs/networkmanager.nix
  ];
  niveum = {
--- a/systems/manakish/configuration.nix
+++ b/systems/manakish/configuration.nix
@@ -10,7 +10,7 @@ in {
    ./hardware-configuration.nix
    ./hdmi.nix
    ../../configs/default.nix
-    ../../configs/battery.nix
+    ../../configs/tlp.nix
    ../../configs/wpa_supplicant.nix
    ../../configs/admin-essentials.nix
  ];