moms-laptop -> media-laptop

2025-12-10 00:43:56 -05:00 · 2023-10-14 17:02:47 -04:00 · 2023-10-14 17:02:47 -04:00 · 5a6d712c2e
commit 5a6d712c2e
parent 681ea15292
10 changed files with 12 additions and 55 deletions
--- a/hosts/media-laptop/disko.nix
+++ b/hosts/media-laptop/disko.nix
@ -0,0 +1,39 @@
+{ disko, ... }:
+{
+  imports = [ disko.nixosModules.disko ];
+  disko.devices.disk.sda =
+    let
+      baseDevice = "/dev/disk/by-id/ata-WDC_WDS240G2G0A-00JH30_180936803144";
+    in
+    {
+      device = baseDevice;
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          ESP = {
+            device = "${baseDevice}-part1";
+            start = "1MiB";
+            end = "1GiB";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            device = "${baseDevice}-part2";
+            start = "1GiB";
+            end = "100%";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          };
+        };
+      };
+    };
+  _file = ./disko.nix;
+}
--- a/hosts/media-laptop/main.nix
+++ b/hosts/media-laptop/main.nix
@ -0,0 +1,91 @@
+_:
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+{
+  local = {
+    remoteBuild.enable = true;
+    DM = {
+      lightdm.enable = true;
+      autoLogin = true;
+      loginUser = "media";
+    };
+    DE.xfce.enable = true;
+    theming = {
+      enable = true;
+      kmscon.enable = true;
+    };
+  };
+
+  environment.systemPackages = builtins.attrValues {
+    inherit (pkgs)
+      neovim
+      vlc
+      pavucontrol # gui volume control
+      chromium
+    ;
+  };
+  services.xserver.videoDrivers = [ "intel" ];
+
+  networking.networkmanager.enable = true;
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  sops.secrets.root.neededForUsers = true;
+
+  users = {
+    mutableUsers = false;
+    users = {
+      media = {
+        useDefaultShell = true;
+        uid = 1000;
+        isNormalUser = true;
+        extraGroups = [
+          "networkmanager"
+          "audio"
+        ];
+        initialHashedPassword = "";
+      };
+      "root" = {
+        uid = 0;
+        home = "/root";
+        openssh.authorizedKeys.keys = [
+          config.local.keys.gerg_gerg-phone
+          config.local.keys.gerg_gerg-windows
+          config.local.keys.gerg_gerg-desktop
+        ];
+        hashedPasswordFile = config.sops.secrets.root.path;
+      };
+    };
+  };
+  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
+  boot = {
+    initrd.availableKernelModules = [
+      "xhci-pci"
+      "ehci-pci"
+      "ahci"
+      "usbhid"
+      "sd_mod"
+      "sr_mod"
+      "rtsx_usb_sdmmc"
+    ];
+    kernelModules = [ "kvm-intel" ];
+  };
+  systemd.user.tmpfiles.users.media.rules = [
+    "L+ %h/Desktop/chromium.desktop - - - - ${pkgs.chromium}/share/applications/chromium.desktop"
+    "L+ %h/Desktop/vlc.desktop - - - - ${pkgs.vlc}/share/applications/vlc.desktop"
+  ];
+
+  system.stateVersion = "23.05";
+
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 8 * 1024;
+    }
+  ];
+  _file = ./main.nix;
+}
--- a/hosts/media-laptop/secrets.yaml
+++ b/hosts/media-laptop/secrets.yaml
@ -0,0 +1,30 @@
+root: ENC[AES256_GCM,data:tQMtWAjqHcuny+6R3M0BFyEaFiaAr0eU04xhLiMdZ9KuqeQoV2aasJ9I6yVWNeaNE/K2DEWEXIv3fhLVp11/CMBjd9Yi1An9Jg==,iv:cx1jHEioCRaL7u2zwp8NfDxnHr5zzWTOh8/gJgUKN+0=,tag:JVex88fYnSmfwhortUi0Xw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vxx3qdsucv2v2slag67c4f0kwd8jtta4tue6m8d9xfl4ryrqvyusxgwl68
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwU3doYWlIdWEwTmVOUGRY
+            aGJPMy9ac1RoUS9LdUcvbkxSU1N2MVpIeFRjCmV6QTlhMUhoVmdUOGdFdmVMNW5h
+            cVI4YlBwaEZFbC8xZWYrMFZQOFVaQzgKLS0tIHMzN081UmowTXYzc1hhNk5FOWdu
+            Vmh5WGFXT2M0dUttQjMxMXA5TUJFTkEKvI3cbR9A9vK6oiEc6Qaj9j84FxVekQvl
+            ZfQhT6nLrh7IjR+uJ1ZqwJioSsGKLCDmBropjTWei469fJkma7p8BQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age180y8kdtdlqelayyz9mq2c7xv248rh4gdfr3amjzvdcjrz6wdaqmsj762pp
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZk1ScGpmT1Fjd1p3MFFw
+            dE1mRjUyQkN4N05VMThUZnNHL2pQbjVQem5nCjVsejY0L0piTHMzOVo4d2xHL2Fq
+            aVp0WXpMbUlEMGFoS080N1BITXhDa1EKLS0tIHRTSTAybUFUZFFNL1NOWHduWmE3
+            SVJpZmRIcjJZWjNGZFllTGU4L0NLZG8K/J87ETorELtOxABopOvEcRPiY8qubzou
+            Ogs1d+4CqPx/PC4tW06tkp8Fp8DWcr8/XxxsPJ9DBfVT7wCRb/RqCw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-03-11T20:02:40Z"
+    mac: ENC[AES256_GCM,data:XK10hpfe5zKQvP4Lf0lXTgmSULsqC446CYR7B57R6G99BJgpkdYOK9Zi1IHF3g1mwjplxY3LSi8mW+ETV7DgnhOhpTiGJQzFKmLVQCogImM63aWR6/SYRAoI3wvgb4TMv/cZvaqRHmU+HzjTN5ZCGWDfKyQvFVjOWps8FvK4kNM=,iv:cK5ARa1+Qtw/LHHNUZVFa1k79LuDIW40jhS9AyEBUCQ=,tag:b621ftO1UVE1/4G3KVsIOQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3