nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
home-manager = {
- url = "github:nix-community/home-manager/release-24.11";
- inputs.nixpkgs.follows = "nixpkgs";
+ url = "github:nix-community/home-manager/release-24.11";
+ inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
- url = "github:nix-community/disko";
- inputs.nixpkgs.follows = "nixpkgs";
+ url = "github:nix-community/disko";
+ inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
- url = "github:nix-community/lanzaboote/v0.4.1";
- inputs.nixpkgs.follows = "nixpkgs";
+ url = "github:nix-community/lanzaboote/v0.4.1";
+ inputs.nixpkgs.follows = "nixpkgs";
};
nur.url = "github:nix-community/NUR";
outputs = { nixpkgs, home-manager, nur, disko, lanzaboote, sops-nix, ... }@attrs: {
nixosConfigurations = {
- installer = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- modules = [
- (
- { pkgs, modulesPath, ... }:
- {
- imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ];
- }
- )
- ./systems/installer/default.nix
- ];
- };
-
- continuity = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- specialArgs = attrs;
- modules = [
- lanzaboote.nixosModules.lanzaboote
- disko.nixosModules.disko
- home-manager.nixosModules.home-manager
- sops-nix.nixosModules.sops
- { nixpkgs.overlays = [ nur.overlays.default ]; }
- { home-manager.extraSpecialArgs = attrs; }
-
- ./modules/sda-simple.nix
- ./systems/continuity/default.nix
- ];
- };
-
- affinity = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- specialArgs = attrs;
- modules = [
- lanzaboote.nixosModules.lanzaboote
- disko.nixosModules.disko
- home-manager.nixosModules.home-manager
- sops-nix.nixosModules.sops
- { nixpkgs.overlays = [ nur.overlays.default ]; }
- { home-manager.extraSpecialArgs = attrs; }
- ./modules/nvme-simple.nix
- ./systems/affinity/default.nix
- ];
- };
-
- spontaneity = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- specialArgs = attrs;
- modules = [];
- };
+ installer = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ (
+ { pkgs, modulesPath, ... }:
+ {
+ imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ];
+ }
+ )
+ ./systems/installer/default.nix
+ ];
+ };
+
+ continuity = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ specialArgs = attrs;
+ modules = [
+ lanzaboote.nixosModules.lanzaboote
+ disko.nixosModules.disko
+ home-manager.nixosModules.home-manager
+ sops-nix.nixosModules.sops
+ { nixpkgs.overlays = [ nur.overlays.default ]; }
+ { home-manager.extraSpecialArgs = attrs; }
+
+ ./modules/sda-simple.nix
+ ./systems/continuity/default.nix
+ ];
+ };
+
+ affinity = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ specialArgs = attrs;
+ modules = [
+ lanzaboote.nixosModules.lanzaboote
+ disko.nixosModules.disko
+ home-manager.nixosModules.home-manager
+ sops-nix.nixosModules.sops
+ { nixpkgs.overlays = [ nur.overlays.default ]; }
+ { home-manager.extraSpecialArgs = attrs; }
+ ./modules/nvme-simple.nix
+ ./systems/affinity/default.nix
+ ];
+ };
+
+ spontaneity = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ specialArgs = attrs;
+ modules = [];
+ };
};
};
}
environment = {
etc = {
- securetty.text = ''
- # /etc/securetty: list of terminals on which root is allowed to login.
- # See securetty(5) and login(1).
- '';
+ securetty.text = ''
+ # /etc/securetty: list of terminals on which root is allowed to login.
+ # See securetty(5) and login(1).
+ '';
};
};
coredump.enable = false;
network.config.networkConfig.IPv6PrivacyExtensions = "kernel";
tmpfiles.settings = {
- "restricthome"."/home/*".Z.mode = "~0700";
+ "restricthome"."/home/*".Z.mode = "~0700";
- "restrictetcnixos"."/etc/nixos/*".Z = {
- mode = "0000";
- user = "root";
- group = "root";
- };
+ "restrictetcnixos"."/etc/nixos/*".Z = {
+ mode = "0000";
+ user = "root";
+ group = "root";
+ };
};
};
extraModulePackages = [ ];
initrd = {
- availableKernelModules = [
- "xhci_pci"
- "ahci"
- "usb_storage"
- "sd_mod"
- "nvme"
- "sd_mod"
- "ehci_pci"
- "rtsx_pci_sdmmc"
- "usbhid"
- ];
-
- kernelModules = [ ];
+ availableKernelModules = [
+ "xhci_pci"
+ "ahci"
+ "usb_storage"
+ "sd_mod"
+ "nvme"
+ "sd_mod"
+ "ehci_pci"
+ "rtsx_pci_sdmmc"
+ "usbhid"
+ ];
+
+ kernelModules = [ ];
};
lanzaboote = {
- enable = config.monorepo.profiles.secureBoot.enable;
- pkiBundle = "/etc/secureboot";
+ enable = config.monorepo.profiles.secureBoot.enable;
+ pkiBundle = "/etc/secureboot";
};
loader = {
- systemd-boot.enable = lib.mkForce (! config.monorepo.profiles.secureBoot.enable);
- efi.canTouchEfiVariables = true;
+ systemd-boot.enable = lib.mkForce (! config.monorepo.profiles.secureBoot.enable);
+ efi.canTouchEfiVariables = true;
};
kernelModules = [
- "snd-seq"
- "snd-rawmidi"
- "xhci_hcd"
- "kvm_intel"
+ "snd-seq"
+ "snd-rawmidi"
+ "xhci_hcd"
+ "kvm_intel"
];
kernelParams = [
- "debugfs=off"
- "page_alloc.shuffle=1"
- "slab_nomerge"
- "page_poison=1"
-
- # madaidan
- "pti=on"
- "randomize_kstack_offset=on"
- "vsyscall=none"
- "module.sig_enforce=1"
- "lockdown=confidentiality"
-
- # cpu
- "spectre_v2=on"
- "spec_store_bypass_disable=on"
- "tsx=off"
- "tsx_async_abort=full,nosmt"
- "mds=full,nosmt"
- "l1tf=full,force"
- "nosmt=force"
- "kvm.nx_huge_pages=force"
-
- # hardened
- "extra_latent_entropy"
-
- # mineral
- "init_on_alloc=1"
- "random.trust_cpu=off"
- "random.trust_bootloader=off"
- "intel_iommu=on"
- "amd_iommu=force_isolation"
- "iommu=force"
- "iommu.strict=1"
- "init_on_free=1"
- "quiet"
- "loglevel=0"
+ "debugfs=off"
+ "page_alloc.shuffle=1"
+ "slab_nomerge"
+ "page_poison=1"
+
+ # madaidan
+ "pti=on"
+ "randomize_kstack_offset=on"
+ "vsyscall=none"
+ "module.sig_enforce=1"
+ "lockdown=confidentiality"
+
+ # cpu
+ "spectre_v2=on"
+ "spec_store_bypass_disable=on"
+ "tsx=off"
+ "tsx_async_abort=full,nosmt"
+ "mds=full,nosmt"
+ "l1tf=full,force"
+ "nosmt=force"
+ "kvm.nx_huge_pages=force"
+
+ # hardened
+ "extra_latent_entropy"
+
+ # mineral
+ "init_on_alloc=1"
+ "random.trust_cpu=off"
+ "random.trust_bootloader=off"
+ "intel_iommu=on"
+ "amd_iommu=force_isolation"
+ "iommu=force"
+ "iommu.strict=1"
+ "init_on_free=1"
+ "quiet"
+ "loglevel=0"
];
blacklistedKernelModules = [
- "netrom"
- "rose"
-
- "adfs"
- "affs"
- "bfs"
- "befs"
- "cramfs"
- "efs"
- "erofs"
- "exofs"
- "freevxfs"
- "f2fs"
- "hfs"
- "hpfs"
- "jfs"
- "minix"
- "nilfs2"
- "ntfs"
- "omfs"
- "qnx4"
- "qnx6"
- "sysv"
- "ufs"
+ "netrom"
+ "rose"
+
+ "adfs"
+ "affs"
+ "bfs"
+ "befs"
+ "cramfs"
+ "efs"
+ "erofs"
+ "exofs"
+ "freevxfs"
+ "f2fs"
+ "hfs"
+ "hpfs"
+ "jfs"
+ "minix"
+ "nilfs2"
+ "ntfs"
+ "omfs"
+ "qnx4"
+ "qnx6"
+ "sysv"
+ "ufs"
];
kernel.sysctl = {
- "kernel.ftrace_enabled" = false;
- "net.core.bpf_jit_enable" = false;
- "kernel.kptr_restrict" = 2;
-
- # madaidan
- "vm.swappiness" = 1;
- "vm.unprivileged_userfaultfd" = 0;
- "dev.tty.ldisc_autoload" = 0;
- "kernel.kexec_load_disabled" = 1;
- "kernel.sysrq" = 4;
- "kernel.perf_event_paranoid" = 3;
-
- # net
- "net.ipv4.icmp_echo_ignore_broadcasts" = true;
-
- "net.ipv4.conf.all.accept_redirects" = false;
- "net.ipv4.conf.all.secure_redirects" = false;
- "net.ipv4.conf.default.accept_redirects" = false;
- "net.ipv4.conf.default.secure_redirects" = false;
- "net.ipv6.conf.all.accept_redirects" = false;
- "net.ipv6.conf.default.accept_redirects" = false;
+ "kernel.ftrace_enabled" = false;
+ "net.core.bpf_jit_enable" = false;
+ "kernel.kptr_restrict" = 2;
+
+ # madaidan
+ "vm.swappiness" = 1;
+ "vm.unprivileged_userfaultfd" = 0;
+ "dev.tty.ldisc_autoload" = 0;
+ "kernel.kexec_load_disabled" = 1;
+ "kernel.sysrq" = 4;
+ "kernel.perf_event_paranoid" = 3;
+
+ # net
+ "net.ipv4.icmp_echo_ignore_broadcasts" = true;
+
+ "net.ipv4.conf.all.accept_redirects" = false;
+ "net.ipv4.conf.all.secure_redirects" = false;
+ "net.ipv4.conf.default.accept_redirects" = false;
+ "net.ipv4.conf.default.secure_redirects" = false;
+ "net.ipv6.conf.all.accept_redirects" = false;
+ "net.ipv6.conf.default.accept_redirects" = false;
};
};
useDHCP = lib.mkDefault true;
hostName = config.monorepo.vars.hostName;
networkmanager = {
- enable = true;
- # wifi.macAddress = "";
+ enable = true;
+ # wifi.macAddress = "";
};
firewall = {
- allowedTCPPorts = [ ];
- allowedUDPPorts = [ ];
+ allowedTCPPorts = [ 11434 ];
+ allowedUDPPorts = [ ];
};
};
pulseaudio.enable = ! config.monorepo.profiles.pipewire.enable;
bluetooth = {
- enable = true;
- powerOnBoot = true;
+ enable = true;
+ powerOnBoot = true;
};
};
services = {
chrony = {
- enable = true;
- enableNTS = true;
- servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ];
+ enable = true;
+ enableNTS = true;
+ servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ];
};
jitterentropy-rngd.enable = true;
# Misc.
udev = {
- extraRules = '''';
- packages = with pkgs; [
- platformio-core
- platformio-core.udev
- openocd
- ];
+ extraRules = '''';
+ packages = with pkgs; [
+ platformio-core
+ platformio-core.udev
+ openocd
+ ];
};
printing.enable = true;
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config = {
- allowUnfree = true;
- cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable;
+ allowUnfree = true;
+ cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable;
};
};
security = {
apparmor = {
- enable = true;
- killUnconfinedConfinables = true;
+ enable = true;
+ killUnconfinedConfinables = true;
};
pam.loginLimits = [
- { domain = "*"; item = "nofile"; type = "-"; value = "32768"; }
- { domain = "*"; item = "memlock"; type = "-"; value = "32768"; }
+ { domain = "*"; item = "nofile"; type = "-"; value = "32768"; }
+ { domain = "*"; item = "memlock"; type = "-"; value = "32768"; }
];
rtkit.enable = true;
forcePageTableIsolation = true;
tpm2 = {
- enable = true;
- pkcs11.enable = true;
- tctiEnvironment.enable = true;
+ enable = true;
+ pkcs11.enable = true;
+ tctiEnvironment.enable = true;
};
auditd.enable = true;
enable = true;
wlr.enable = true;
extraPortals = with pkgs; [
- xdg-desktop-portal-gtk
- xdg-desktop-portal
- xdg-desktop-portal-hyprland
+ xdg-desktop-portal-gtk
+ xdg-desktop-portal
+ xdg-desktop-portal-hyprland
];
config.common.default = "*";
};
users.users = {
root.openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch"
];
git = {
- isSystemUser = true;
- home = "/srv/git";
- shell = "${pkgs.git}/bin/git-shell";
+ isSystemUser = true;
+ home = "/srv/git";
+ shell = "${pkgs.git}/bin/git-shell";
};
"${config.monorepo.vars.userName}" = {
- initialPassword = "${config.monorepo.vars.userName}";
- isNormalUser = true;
- description = config.monorepo.vars.fullName;
- extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" ];
- shell = pkgs.zsh;
- packages = [];
+ initialPassword = "${config.monorepo.vars.userName}";
+ isNormalUser = true;
+ description = config.monorepo.vars.fullName;
+ extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" ];
+ shell = pkgs.zsh;
+ packages = [];
};
};
My zsh config has some useful aliases that one should read through. Otherwise it is pretty
standard.
#+begin_src nix :tangle ../nix/modules/home/zsh.nix
-{ lib, config, pkgs, ... }:
-{
- programs.zsh = {
- enable = true;
- initExtra = ''
- umask 0077
- export EXTRA_CCFLAGS="-I/usr/include"
- source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh
- export QT_QPA_PLATFORM="wayland"
- '';
+ { lib, config, pkgs, ... }:
+ {
+ programs.zsh = {
+ enable = true;
+ initExtra = ''
+ umask 0077
+ export EXTRA_CCFLAGS="-I/usr/include"
+ source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh
+ export QT_QPA_PLATFORM="wayland"
+ '';
- localVariables = {
- EDITOR = "emacsclient --create-frame --alternate-editor=vim";
- INPUT_METHOD = "fcitx";
- QT_IM_MODULE = "fcitx";
- GTK_IM_MODULE = "fcitx";
- XMODIFIERS = "@im=fcitx";
- XIM_SERVERS = "fcitx";
- WXSUPPRESS_SIZER_FLAGS_CHECK = "1";
- };
+ localVariables = {
+ EDITOR = "emacsclient --create-frame --alternate-editor=vim";
+ INPUT_METHOD = "fcitx";
+ QT_IM_MODULE = "fcitx";
+ GTK_IM_MODULE = "fcitx";
+ XMODIFIERS = "@im=fcitx";
+ XIM_SERVERS = "fcitx";
+ WXSUPPRESS_SIZER_FLAGS_CHECK = "1";
+ };
- shellAliases = {
- c = "clear";
- g = "git";
- v = "vim";
- py = "python3";
- rb = "sudo nixos-rebuild switch --flake .#continuity";
- nfu = "cd ~/monorepo/nix && git add . && git commit -m \"new flake lock\" && nix flake update";
- usite
- = "cd ~/monorepo/publish-org-roam-ui && bash local.sh && rm -rf ~/website_html/graph_view; cp -r ~/monorepo/publish-org-roam-ui/out ~/website_html/graph_view && rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/usr/share/nginx/ret2pop/";
- sai = "eval \"$(ssh-agent -s)\" && ssh-add ~/.ssh/id_ed25519 && ssh-add -l";
- i3 = "exec ${pkgs.i3-gaps}/bin/i3";
+ shellAliases = {
+ c = "clear";
+ g = "git";
+ v = "vim";
+ py = "python3";
+ rb = "sudo nixos-rebuild switch --flake .#continuity";
+ rba = "sudo nixos-rebuild switch --flake .#affinity";
+ nfu = "cd ~/monorepo/nix && git add . && git commit -m \"new flake lock\" && nix flake update";
+ usync = "rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@nullring.xyz:/usr/share/nginx/ret2pop/";
+ usite
+ = "cd ~/src/publish-org-roam-ui && bash local.sh && rm -rf ~/website_html/graph_view; cp -r ~/src/publish-org-roam-ui/out ~/website_html/graph_view && rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/usr/share/nginx/ret2pop/";
+ sai = "eval \"$(ssh-agent -s)\" && ssh-add ~/.ssh/id_ed25519 && ssh-add -l";
+ i3 = "exec ${pkgs.i3-gaps}/bin/i3";
+ };
+ loginExtra = ''
+ if [[ "$(tty)" = "/dev/tty1" ]]; then
+ exec Hyprland
+ fi
+ '';
};
- loginExtra = ''
- if [[ "$(tty)" = "/dev/tty1" ]]; then
- exec Hyprland
- fi
- '';
- };
-}
+ }
#+end_src
*** User
This configuration is the backbone configuration for the default user. It specifies some
if [ ! -d /home/${config.monorepo.vars.userName}/org ]; then
mkdir -p /home/${config.monorepo.vars.userName}/org
fi
+ if [ ! -d /home/${config.monorepo.vars.userName}/src ]; then
+ mkdir -p /home/${config.monorepo.vars.userName}/src
+ fi
touch /home/${config.monorepo.vars.userName}/org/agenda.org
touch /home/${config.monorepo.vars.userName}/org/notes.org
'';
*** ISO Default Profile
This contains the installation script I use to install my systems.
#+begin_src nix :tangle ../nix/systems/installer/default.nix
- { pkgs, config, ... }:
+ { pkgs, config, lib, ... }:
let
commits = import ./commits.nix;
in
enable = true;
};
firewall = {
- allowedTCPPorts = [ ];
+ allowedTCPPorts = [ 22 ];
allowedUDPPorts = [ ];
};
wireless.enable = false;
};
+ services.openssh = {
+ enable = true;
+ ports = [ 22 ];
+ settings = {
+ PasswordAuthentication = true;
+ AllowUsers = null;
+ UseDns = true;
+ PermitRootLogin = lib.mkForce "prohibit-password";
+ };
+ };
users.extraUsers.root.password = "nixos";
users.extraUsers.nixos.password = "nixos";
users.users = {
+ root.openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"
+ ];
nixos = {
packages = with pkgs; [
git
ping -q -c1 google.com &>/dev/null && echo "online! Proceeding with the installation..." || nmtui
cd
if [ ! -d "$HOME/monorepo/" ]; then
- git clone --recurse-submodules https://git.nullring.xyz/monorepo.git
+ git clone https://git.nullring.xyz/monorepo.git
cd monorepo
git checkout "${commits.monorepoCommitHash}"
fi
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
home-manager = {
- url = "github:nix-community/home-manager/release-24.11";
- inputs.nixpkgs.follows = "nixpkgs";
+ url = "github:nix-community/home-manager/release-24.11";
+ inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
- url = "github:nix-community/disko";
- inputs.nixpkgs.follows = "nixpkgs";
+ url = "github:nix-community/disko";
+ inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
- url = "github:nix-community/lanzaboote/v0.4.1";
- inputs.nixpkgs.follows = "nixpkgs";
+ url = "github:nix-community/lanzaboote/v0.4.1";
+ inputs.nixpkgs.follows = "nixpkgs";
};
nur.url = "github:nix-community/NUR";
outputs = { nixpkgs, home-manager, nur, disko, lanzaboote, sops-nix, ... }@attrs: {
nixosConfigurations = {
- installer = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- modules = [
- (
- { pkgs, modulesPath, ... }:
- {
- imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ];
- }
- )
- ./systems/installer/default.nix
- ];
- };
+ installer = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ (
+ { pkgs, modulesPath, ... }:
+ {
+ imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ];
+ }
+ )
+ ./systems/installer/default.nix
+ ];
+ };
- continuity = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- specialArgs = attrs;
- modules = [
- lanzaboote.nixosModules.lanzaboote
- disko.nixosModules.disko
- home-manager.nixosModules.home-manager
- sops-nix.nixosModules.sops
- { nixpkgs.overlays = [ nur.overlays.default ]; }
- { home-manager.extraSpecialArgs = attrs; }
+ continuity = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ specialArgs = attrs;
+ modules = [
+ lanzaboote.nixosModules.lanzaboote
+ disko.nixosModules.disko
+ home-manager.nixosModules.home-manager
+ sops-nix.nixosModules.sops
+ { nixpkgs.overlays = [ nur.overlays.default ]; }
+ { home-manager.extraSpecialArgs = attrs; }
- ./modules/sda-simple.nix
- ./systems/continuity/default.nix
- ];
- };
+ ./modules/sda-simple.nix
+ ./systems/continuity/default.nix
+ ];
+ };
- affinity = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- specialArgs = attrs;
- modules = [
- lanzaboote.nixosModules.lanzaboote
- disko.nixosModules.disko
- home-manager.nixosModules.home-manager
- sops-nix.nixosModules.sops
- { nixpkgs.overlays = [ nur.overlays.default ]; }
- { home-manager.extraSpecialArgs = attrs; }
- ./modules/nvme-simple.nix
- ./systems/affinity/default.nix
- ];
- };
+ affinity = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ specialArgs = attrs;
+ modules = [
+ lanzaboote.nixosModules.lanzaboote
+ disko.nixosModules.disko
+ home-manager.nixosModules.home-manager
+ sops-nix.nixosModules.sops
+ { nixpkgs.overlays = [ nur.overlays.default ]; }
+ { home-manager.extraSpecialArgs = attrs; }
+ ./modules/nvme-simple.nix
+ ./systems/affinity/default.nix
+ ];
+ };
- spontaneity = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- specialArgs = attrs;
- modules = [];
- };
+ spontaneity = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ specialArgs = attrs;
+ modules = [];
+ };
};
};
}
projects / monorepo.git / commitdiff
