jonas/.hive
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move monolith

Browse Source
This commit is contained in:
Jonas Röger
2026-03-28 14:24:53 +01:00
parent 0df3b7ebde
commit 5e6abe53f2
12 changed files with 471 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

209
hosts/monolith/configuration.nix Normal file
View File

@@ -0,0 +1,209 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# Secret management
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.secrets.wg-priv = {
sopsFile = ../../secrets/monolith/wg.yaml;
key = "privateKey";
};
sops.secrets.spotifyShortcutsClientId = {
sopsFile = ../../secrets/spotify-shortcuts.yaml;
key = "clientId";
};
sops.secrets.spotifyShortcutsClientSecret = {
sopsFile = ../../secrets/spotify-shortcuts.yaml;
key = "clientSecret";
};
# Users
users.users.jonas = {
isNormalUser = true;
description = "Jonas";
hashedPassword = ""; # passwordless login (sudo is now unusable without specifying NOPASSWD)
extraGroups = ["networkmanager" "wheel" "docker" "dialout"];
};
security.sudo.wheelNeedsPassword = false;
users.groups.data = {
gid = 1001;
members = ["jonas"];
};
users.defaultUserShell = pkgs.zsh;
programs.zsh.enable = true;
# fonts
fonts.packages = with pkgs; [
fira
fira-code-symbols
nerd-fonts.fira-code
];
# hive modules
hive.kwallet.forUsers = ["jonas"];
hive.virt-manager.forUsers = ["jonas"];
hive.sound.noisetorch = true;
hive.wg.client.privateKeyFile = config.sops.secrets.wg-priv.path;
hive.wg.client.peer = "monolith";
hive.programs.games.dayz = true;
hive.programs.games.lutris = true;
hive.programs.games.steam = true;
hive.programs.games.wine = true;
hive.programs.creative = {
image-management = true;
image-editing = true;
image-raw-processing = true;
video-editing-light = true;
video-editing-heavy = true;
};
hive.programs.spotify-shortcuts = {
enable = true;
clientIdSopsKey = config.sops.secrets.spotifyShortcutsClientId.name;
clientSecretSopsKey = config.sops.secrets.spotifyShortcutsClientSecret.name;
};
# system packages
environment.systemPackages = with pkgs; [
age
alejandra
arduino
borgbackup
borgmatic
chromium
discord
docker
docker-compose
feh
firefox
git
gramps
insomnia
libreoffice
mosquitto
mpv
mupdf
nextcloud-client
nh
nix-index
nix-output-monitor
obsidian
qalculate-qt
qdirstat
qtpass
ranger
sops
spotify
vim
vlc
vscode
wget
zoom
zotero
];
nixpkgs.config.permittedInsecurePackages = [
"electron-25.9.0" # required by obsidian
];
virtualisation.docker.enable = true;
# dpi correction
services.xserver.dpi = 91;
environment.variables = {
## Used by GTK 3
# `GDK_SCALE` is limited to integer values
GDK_SCALE = "1";
# Inverse of GDK_SCALE
GDK_DPI_SCALE = "1";
# Used by Qt 5
QT_AUTO_SCREEN_SCALE_FACTOR = "1";
_JAVA_OPTIONS = "-Dsun.java2d.uiScale=1";
};
# Expose variables to graphical systemd user services
services.xserver.displayManager.importedVariables = [
"GDK_SCALE"
"GDK_DPI_SCALE"
"QT_AUTO_SCREEN_SCALE_FACTOR"
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.11"; # Did you read the comment?
# gc settings and binary caches
nix = {
settings = {
substituters = [
"https://aseipp-nix-cache.freetls.fastly.net"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
experimental-features = ["nix-command" "flakes"];
auto-optimise-store = true;
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
};
# boot
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.plymouth.enable = true;
boot.initrd.systemd.enable = true;
boot.supportedFilesystems = ["ntfs"];
# Configure console keymap
console.keyMap = "de";
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
networking.firewall.enable = true;
networking.hostName = "monolith"; # Define your hostname.
networking.extraHosts = ''
127.0.0.1 monolith
'';
# Enable networking
networking.networkmanager.enable = true;
# printing
services.printing.enable = true;
# ld-fix
programs.nix-ld.enable = true;
programs.nix-ld.libraries = [
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
}

36
hosts/monolith/default.nix Normal file
View File

@@ -0,0 +1,36 @@
{
inputs,
self,
...
}: {
flake.nixosConfigurations.monolith = inputs.nixpkgs.lib.nixosSystem {
modules = [
({...}: {
nixpkgs.config.allowUnfree = true;
nixpkgs.config.nvidia.acceptLicense = true;
})
./configuration.nix
inputs.nixos-hardware.nixosModules.msi-b550-a-pro
inputs.sops-nix.nixosModules.sops
self.nixosModules.nvidia
self.nixosModules.ckb-next
self.nixosModules.plasma
self.nixosModules.layan
self.nixosModules.nix-scripts
self.nixosModules.kwallet
self.nixosModules.virt-manager
self.nixosModules.bluetooth
self.nixosModules.sound
self.nixosModules.yubikey
self.nixosModules.wireguard-client
self.nixosModules.games
self.nixosModules.creative
self.nixosModules.openhantek
self.nixosModules.firefox
self.nixosModules.kdeconnect
self.nixosModules.spotify-shortcuts
];
};
}

57
hosts/monolith/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,57 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/11d59216-2e76-499f-853f-9801486e330a";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/0892-649B";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
fileSystems."/data1" = {
device = "/dev/disk/by-uuid/8426515e-2be1-4c51-8b5f-d1850aa17270";
fsType = "ext4";
};
fileSystems."/data2" = {
device = "/dev/disk/by-uuid/4f39ed6d-74ed-420b-b542-89d432459f79";
fsType = "ext4";
};
swapDevices = [
{
device = "/.swapfile";
size = 24 * 1024;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp42s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}