Set up astyanax host

2025-11-11 23:35:48 +01:00
parent d876d02313
commit a68a903b9e
7 changed files with 205 additions and 104 deletions
--- a/hosts/astyanax/configuration.nix
+++ b/hosts/astyanax/configuration.nix
@@ -0,0 +1,46 @@
+{ ... }:
+
+{
+  system.stateVersion = "25.05";
+
+  imports = [
+    ./hard.nix
+    ../../modules/bootloader.nix
+    ../../modules/disko.zfs-encrypted-root.nix
+    ../../modules/keyboard
+    ../../modules/networking.nix
+    ../../modules/users.nix
+    ../../modules/audio.nix
+    ../../modules/printing.nix
+    ../../modules/localization.nix
+    ../../modules/fonts
+    ../../modules/ssh/hardened-openssh.nix
+  ];
+
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  nixpkgs.config.allowUnfree = true;
+
+  services.xserver = {
+    displayManager.gdm.enable = true;
+    displayManager.gdm.wayland = true;
+    desktopManager.gnome.enable = true;
+  };
+
+
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    users.h = ../../home/hosts/astyanax;
+  };
+
+  networking.hostId = "80eef97e";
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  services.openssh = {
+    enable = true;
+    harden = true;
+  };
+}
--- a/hosts/astyanax/hard.nix
+++ b/hosts/astyanax/hard.nix
@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "thunderbolt"
+    "nvme"
+    "uas"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}