shahab/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add work laptop configuration

Browse Source
This commit is contained in:
Shahab Dogar
2025-12-09 21:03:44 +05:00
parent 1ad2c6ea8e
commit 5e84abe9d9
23 changed files with 582 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hosts/common/core/default.nix
View File

@@ -16,9 +16,6 @@
];
hostSpec = {
username = "shahab";
handle = "shahab96";
email = {user = "shahab@dogar.dev";};
userFullName = "Shahab Dogar";
networking.ports.tcp.ssh = 22;
};
@@ -69,7 +66,7 @@
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 10d --keep 10";
flake = "/home/user/${config.hostSpec.home}/nix-config";
flake = "${config.hostSpec.home}/nix-config";
};
# ========= Sops =========

116
hosts/common/disks/blueocean.nix Normal file
View File

@@ -0,0 +1,116 @@
{
lib,
primary,
nix,
withSwap,
swapSize,
label,
...
}: {
disko = {
devices = {
disk = {
main = {
device = primary;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
luks = {
size = "100%";
content = {
name = "crypted";
type = "luks";
passwordFile = "/tmp/secret.key";
settings = {
allowDiscards = true;
crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
};
content = {
type = "lvm_pv";
vg = "crypt_vg";
};
};
};
};
};
};
secondary = {
device = nix;
type = "disk";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
name = "crypt-nix";
type = "luks";
passwordFile = "/tmp/secret.key";
settings = {
allowDiscards = true;
crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];
};
content = {
type = "btrfs";
extraArgs = ["-L nix -f"];
subvolumes = {
"@nix" = {
mountpoint = "/nix";
mountOptions = ["subvol=nix" "compress=zstd" "noatime"];
};
};
};
};
};
};
};
};
};
lvm_vg = {
crypt_vg = {
type = "lvm_vg";
lvs = {
swap = lib.mkIf withSwap {
size = "${swapSize}G";
content = {
type = "swap";
resumeDevice = true;
};
};
main = {
size = "100%";
content = {
type = "btrfs";
extraArgs = ["-L" label "-f"];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = ["subvol=root" "compress=zstd" "noatime"];
};
};
};
};
};
};
};
};
};
}

95
hosts/nixos/blueocean/default.nix Normal file
View File

@@ -0,0 +1,95 @@
{
inputs,
lib,
config,
...
}: {
imports = lib.flatten [
#
# ========= Hardware =========
#
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-gpu-amd
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.nixos-hardware.nixosModules.lenovo-legion-16ithg6
#
# ========= Disk Layout =========
#
inputs.disko.nixosModules.disko
(lib.custom.relativeToRoot "hosts/common/disks/blueocean.nix")
{
_module.args = {
primary = "/dev/nvme0n1";
nix = "/dev/nvme1n1";
withSwap = true;
swapSize = "4";
label = "nixos";
};
}
#
# ========= Required Configs =========
#
(map lib.custom.relativeToRoot ["hosts/common/core"])
#
# ========= Optional Configs =========
#
(map (c: lib.custom.relativeToRoot "hosts/common/optional/${c}.nix") [
"1password"
"claude-code"
"dconf"
"docker"
"hyprland"
"nix-ld"
"secure-boot"
"yubikey"
])
#
# ========= Optional Services =========
#
(map
(s: lib.custom.relativeToRoot "hosts/common/optional/services/${s}.nix") [
"audio"
"bluetooth"
"firmware"
"greetd"
"openssh"
"printing"
"smart-card"
"vpn"
])
];
#
# ========= Host specification =========
#
hostSpec = {
hostName = "blueocean";
username = "dogar";
handle = "shadogar";
email = {user = "shahab.dogar@blueocean.ai";};
};
networking = {
networkmanager.enable = true;
enableIPv6 = false;
};
boot = {
loader = {
# Set this to true on first install. This must be false for secure boot.
systemd-boot = {
enable = lib.mkForce (!config.hostSpec.secureBoot);
configurationLimit = config.hostSpec.bootHistoryLimit;
};
efi.canTouchEfiVariables = true;
};
};
security.rtkit.enable = true;
system.stateVersion = "25.05";
}

47
hosts/nixos/blueocean/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,47 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot = {
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"thunderbolt"
"usb_storage"
"sd_mod"
];
kernelModules = [];
};
kernelModules = ["kvm-amd"];
extraModulePackages = [];
binfmt.emulatedSystems = ["aarch64-linux"]; # Add other target architectures as needed
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp193s0f3u2.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = {
cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
graphics = {
enable = true;
};
};
}

3
hosts/nixos/rihla/default.nix
View File

@@ -87,6 +87,9 @@
secureBoot = false;
persist = "/persist";
impermanance = false;
username = "shahab";
handle = "shahab96";
email = {user = "shahab@dogar.dev";};
};
networking = {

3
hosts/nixos/rihla/hardware-configuration.nix
View File

@@ -2,7 +2,6 @@
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
@@ -38,8 +37,6 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = {
cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
graphics = {
enable = true;
};