first building version of lpt2 as flake

2024-10-26 00:04:27 +02:00 · 2024-10-26 00:04:27 +02:00 · b71f8ee636
commit b71f8ee636
parent 31e80e7401
44 changed files with 396 additions and 677 deletions
--- a/hosts/vinzenz-lpt2/default.nix
+++ b/hosts/vinzenz-lpt2/default.nix
@ -0,0 +1,6 @@
+{...}: {
+  imports = [
+    ./hardware.nix
+    ./environment.nix
+  ];
+}
--- a/hosts/vinzenz-lpt2/environment.nix
+++ b/hosts/vinzenz-lpt2/environment.nix
@ -0,0 +1,60 @@
+{pkgs, ...}: {
+  imports = [
+    ../../home
+    ../../home/gnome-home.nix
+    ../../users/vinzenz.nix
+    ../desktop-environment.nix
+    ../gnome.nix
+    ../gaming.nix
+    ../printing.nix
+    ../latex.nix
+  ];
+
+  config = {
+    home-manager.users.vinzenz = import ../../home/vinzenz-home.nix;
+
+    virtualisation = {
+      containers.enable = true;
+      podman = {
+        enable = true;
+        dockerCompat = true;
+        dockerSocket.enable = true;
+        autoPrune.enable = true;
+      };
+    };
+
+    users.users.vinzenz.openssh.authorizedKeys.keys = [
+      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
+      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
+    ];
+    #
+    #users.users.ronja.openssh.authorizedKeys.keys = [
+    #  ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
+    #];
+    #
+    services.nginx = {
+      enable = true;
+
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+
+      virtualHosts = {
+        "vinzenz-lpt2" = {
+          locations."/" = {
+            proxyPass = "http://127.0.0.1:3000/";
+            proxyWebsockets = true;
+          };
+
+          serverAliases = ["172.23.42.96"];
+        };
+      };
+    };
+
+    networking.firewall = {
+      allowedTCPPorts = [80 8001 3000];
+      allowedUDPPorts = [2342];
+    };
+  };
+}
--- a/hosts/vinzenz-lpt2/hardware.nix
+++ b/hosts/vinzenz-lpt2/hardware.nix
@ -0,0 +1,62 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = [
+    ../desktop-hardware.nix
+    ../intel-graphics.nix
+  ];
+  config = {
+    # intel cpu
+    boot.kernelModules = ["kvm-intel"];
+    hardware.cpu.intel.updateMicrocode = true;
+
+    boot.loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+
+    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+    # (the default) this is the recommended approach. When using systemd-networkd it's
+    # still possible to use this option, but it's recommended to use it in conjunction
+    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+    networking.useDHCP = lib.mkDefault true;
+
+    hardware.enableRedistributableFirmware = true;
+
+    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+    boot.initrd = {
+      availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"];
+      luks.devices = {
+        "luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = {
+          device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3";
+        };
+      };
+    };
+
+    fileSystems = {
+      "/" = {
+        device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e";
+        fsType = "btrfs";
+        options = ["subvol=@"];
+      };
+
+      "/boot" = {
+        device = "/dev/disk/by-uuid/E2B7-2BC1";
+        fsType = "vfat";
+      };
+    };
+
+    swapDevices = [
+      {
+        device = "/var/lib/swapfile";
+        size = 32 * 1024;
+      }
+    ];
+
+    services.thermald.enable = true;
+    services.hardware.bolt.enable = true; # thunderbolt security
+  };
+}