kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luks encrypt laptop

Browse Source
This commit is contained in:
Kopatz
2025-10-29 17:26:11 +01:00
parent 8d48e3a951
commit ba4616877f
9 changed files with 64 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
flake.nix
View File

@@ -142,9 +142,10 @@
"kop-pc" = mkHost { "kop-pc" = mkHost {
modules = [ ./users/kopatz ./systems/pc/configuration.nix ]; modules = [ ./users/kopatz ./systems/pc/configuration.nix ];
}; };
"nix-laptop" = mkHost { "framework" = mkHost {
modules = [ modules = [
### User specific ### ### User specific ###
disko.nixosModules.disko
./users/kopatz ./users/kopatz
./systems/laptop/configuration.nix ./systems/laptop/configuration.nix
]; ];

2
home-manager/hyprland/hyprland-settings.nix
View File

@@ -2,7 +2,7 @@
let let
cfg = osConfig.custom.graphical.hyprland; cfg = osConfig.custom.graphical.hyprland;
isPc = osConfig.networking.hostName == "kop-pc"; isPc = osConfig.networking.hostName == "kop-pc";
isLaptop = osConfig.networking.hostName == "nix-laptop"; isLaptop = osConfig.networking.hostName == "framework";
restartPortals = pkgs.writeShellScript "restart-portals" '' restartPortals = pkgs.writeShellScript "restart-portals" ''
#!/usr/bin/env bash #!/usr/bin/env bash
systemctl --user restart xdg-desktop-portal-gtk systemctl --user restart xdg-desktop-portal-gtk

2
home-manager/hyprland/waybar.nix
View File

@@ -111,7 +111,7 @@ in {
"temperature".format = "{temperatureC}°C "; "temperature".format = "{temperatureC}°C ";
"temperature".interval = 5; "temperature".interval = 5;
"temperature".hwmon-path = "temperature".hwmon-path =
lib.mkIf (osConfig.networking.hostName == "nix-laptop") lib.mkIf (osConfig.networking.hostName == "framework")
"/sys/class/hwmon/hwmon6/temp1_input"; "/sys/class/hwmon/hwmon6/temp1_input";
"backlight".format = "{percent}% {icon}"; "backlight".format = "{percent}% {icon}";
"backlight".states = [ 0 50 ]; "backlight".states = [ 0 50 ];

2
secrets/secrets.nix
View File

@@ -1,7 +1,7 @@
let let
kop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 lukas@Kopatz-PC2"; kop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 lukas@Kopatz-PC2";
server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUA7uVKXAF2UcwaIDSJP2Te8Fi++2zkKzSPoRx1vQrI root@server"; server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUA7uVKXAF2UcwaIDSJP2Te8Fi++2zkKzSPoRx1vQrI root@server";
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqcphdDEJhnSBkAZzQXZJDCzsyb/Tqpcf0pUADFpbd1 root@nix-laptop"; laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqcphdDEJhnSBkAZzQXZJDCzsyb/Tqpcf0pUADFpbd1 root@framework";
mini-pc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGsTZvAahTrszYDHn+94sLtcF8865/mpd26ZDVQklSj root@server-vm"; # actual used server mini-pc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGsTZvAahTrszYDHn+94sLtcF8865/mpd26ZDVQklSj root@server-vm"; # actual used server
mini-pc-proxmox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP0kX32LfIOv8FDVvdp7lWesVvMGh5tj84nv7TkIR1cs root@mini-pc"; mini-pc-proxmox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP0kX32LfIOv8FDVvdp7lWesVvMGh5tj84nv7TkIR1cs root@mini-pc";
adam-site = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfaIaKoNStnbfjB9cSJ9+PW0BVO3Uhh1uIbZA2CszDE root@nixos"; adam-site = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfaIaKoNStnbfjB9cSJ9+PW0BVO3Uhh1uIbZA2CszDE root@nixos";

3
systems/laptop/configuration.nix
View File

@@ -22,6 +22,7 @@ in
#../../modules/static-ip.nix #../../modules/static-ip.nix
#../../modules/wake-on-lan.nix #../../modules/wake-on-lan.nix
#./modules/wireguard.nix #./modules/wireguard.nix
./disk-config.nix
inputs.nixos-hardware.nixosModules.framework-13-7040-amd inputs.nixos-hardware.nixosModules.framework-13-7040-amd
]; ];
@@ -170,7 +171,7 @@ in
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "nix-laptop"; # Define your hostname. networking.hostName = "framework"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Enable networking # Enable networking

42
systems/laptop/disk-config.nix Normal file
View File

@@ -0,0 +1,42 @@
# Example to create a bios compatible gpt partition
{ lib, ... }: {
disko.devices = {
disk.main = {
device = lib.mkDefault "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
# LUKS passphrase will be prompted interactively only
type = "luks";
name = "crypted";
settings = {
allowDiscards = true;
};
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [ "noatime" ];
};
};
};
};
};
};
};
}

24
systems/laptop/hardware-configuration.nix
View File

@@ -16,20 +16,20 @@
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = #fileSystems."/" =
{ # {
device = "/dev/disk/by-uuid/10537ea5-9d9f-4be8-8509-c7f9c9b978b8"; # device = "/dev/disk/by-uuid/10537ea5-9d9f-4be8-8509-c7f9c9b978b8";
fsType = "ext4"; # fsType = "ext4";
}; # };
fileSystems."/boot" = #fileSystems."/boot" =
{ # {
device = "/dev/disk/by-uuid/C163-6BD5"; # device = "/dev/disk/by-uuid/C163-6BD5";
fsType = "vfat"; # fsType = "vfat";
}; # };
swapDevices = #swapDevices =
[{ device = "/dev/disk/by-uuid/3ef4829c-e9ea-4cc0-85a1-bd8e704b9940"; }]; # [{ device = "/dev/disk/by-uuid/3ef4829c-e9ea-4cc0-85a1-bd8e704b9940"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

4
systems/laptop/secrets/secrets.nix
View File

@@ -1,6 +1,6 @@
let let
laptop-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuRAKtoU5rjSbjDxlac6oAww/XHgsVRFHwIVnVm/TrTtDNqRyAkr6fIUiSKTHrpBPyJjIKCzkHS8QhbS2zZo4wjcgAyMyK33q/CzLs8DPQMWX0RKxR+OaVNwh90iWHr663a5x7ztTag3oPGOAYjeqCoIJWyQRlvIKflriJnAjWE8nvw4QkErpRWo4JJnhS61GQMrPT6VK0yXzq3zQs2t3cXTvGMmeLjBuluvJ6yiDk2bAGdY2UWnbs1y2M1TD3xn0pHzITeQnoWLfy+cwPHnEulciVqyr4pp6LDygmIPI1rxKAIQUnwo09n/A1eIcqlUo8aKy7ZDyrssuGWKZ/U4FC258NWwdUPbjyQvzNdcZjXC4+AmQTb+DwiECYOCfF7O/uRRqoFl7jfVfKqHJ7DKebt20QKwDCH/d5qfDs6xA0Krl2dgu3vePhsOkmpnIfPk9Cxl+YHGfmpCOVQHhxCwpkQs0Oh7NerO3idnG1enckjCuzCotnL8vDhczdL4eZmus= kopatz@nix-laptop"; laptop-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuRAKtoU5rjSbjDxlac6oAww/XHgsVRFHwIVnVm/TrTtDNqRyAkr6fIUiSKTHrpBPyJjIKCzkHS8QhbS2zZo4wjcgAyMyK33q/CzLs8DPQMWX0RKxR+OaVNwh90iWHr663a5x7ztTag3oPGOAYjeqCoIJWyQRlvIKflriJnAjWE8nvw4QkErpRWo4JJnhS61GQMrPT6VK0yXzq3zQs2t3cXTvGMmeLjBuluvJ6yiDk2bAGdY2UWnbs1y2M1TD3xn0pHzITeQnoWLfy+cwPHnEulciVqyr4pp6LDygmIPI1rxKAIQUnwo09n/A1eIcqlUo8aKy7ZDyrssuGWKZ/U4FC258NWwdUPbjyQvzNdcZjXC4+AmQTb+DwiECYOCfF7O/uRRqoFl7jfVfKqHJ7DKebt20QKwDCH/d5qfDs6xA0Krl2dgu3vePhsOkmpnIfPk9Cxl+YHGfmpCOVQHhxCwpkQs0Oh7NerO3idnG1enckjCuzCotnL8vDhczdL4eZmus= kopatz@framework";
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINXJG+MciJHOKSPGkrmVB/+TmWA6GNvXI6IAEkt5wNzV root@nix-laptop-no-gpu"; laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINXJG+MciJHOKSPGkrmVB/+TmWA6GNvXI6IAEkt5wNzV root@framework-no-gpu";
users = [ laptop-user ]; users = [ laptop-user ];
systems = [ laptop ]; systems = [ laptop ];
in in

2
users/anon/default.nix
View File

@@ -22,7 +22,7 @@
extraGroups = [ "networkmanager" "wheel" "docker" "wireshark" ]; extraGroups = [ "networkmanager" "wheel" "docker" "wireshark" ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
config.mainUser.sshKey config.mainUser.sshKey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuRAKtoU5rjSbjDxlac6oAww/XHgsVRFHwIVnVm/TrTtDNqRyAkr6fIUiSKTHrpBPyJjIKCzkHS8QhbS2zZo4wjcgAyMyK33q/CzLs8DPQMWX0RKxR+OaVNwh90iWHr663a5x7ztTag3oPGOAYjeqCoIJWyQRlvIKflriJnAjWE8nvw4QkErpRWo4JJnhS61GQMrPT6VK0yXzq3zQs2t3cXTvGMmeLjBuluvJ6yiDk2bAGdY2UWnbs1y2M1TD3xn0pHzITeQnoWLfy+cwPHnEulciVqyr4pp6LDygmIPI1rxKAIQUnwo09n/A1eIcqlUo8aKy7ZDyrssuGWKZ/U4FC258NWwdUPbjyQvzNdcZjXC4+AmQTb+DwiECYOCfF7O/uRRqoFl7jfVfKqHJ7DKebt20QKwDCH/d5qfDs6xA0Krl2dgu3vePhsOkmpnIfPk9Cxl+YHGfmpCOVQHhxCwpkQs0Oh7NerO3idnG1enckjCuzCotnL8vDhczdL4eZmus= kopatz@nix-laptop" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuRAKtoU5rjSbjDxlac6oAww/XHgsVRFHwIVnVm/TrTtDNqRyAkr6fIUiSKTHrpBPyJjIKCzkHS8QhbS2zZo4wjcgAyMyK33q/CzLs8DPQMWX0RKxR+OaVNwh90iWHr663a5x7ztTag3oPGOAYjeqCoIJWyQRlvIKflriJnAjWE8nvw4QkErpRWo4JJnhS61GQMrPT6VK0yXzq3zQs2t3cXTvGMmeLjBuluvJ6yiDk2bAGdY2UWnbs1y2M1TD3xn0pHzITeQnoWLfy+cwPHnEulciVqyr4pp6LDygmIPI1rxKAIQUnwo09n/A1eIcqlUo8aKy7ZDyrssuGWKZ/U4FC258NWwdUPbjyQvzNdcZjXC4+AmQTb+DwiECYOCfF7O/uRRqoFl7jfVfKqHJ7DKebt20QKwDCH/d5qfDs6xA0Krl2dgu3vePhsOkmpnIfPk9Cxl+YHGfmpCOVQHhxCwpkQs0Oh7NerO3idnG1enckjCuzCotnL8vDhczdL4eZmus= kopatz@framework"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCRCE3RYJ9VQh8QlbPjTnWUc1Q+Vhl6S+HBiKpGeg5pzzN6FdyiZsHWji+HWCtL05Z3QnuVi9CicKXozwFF401FwsoCsVnPmFUQtoyEHOFuGU5RRoXexfw2yBB9XclRNSKPAoqQuXGYd6ukgUeyre/FDABu5MH1H0hnkkYn+ZQU3Y4trYx1FsK5bQ3MXYHTVyHuesODKsLNUYaQTE6VBCsBWTsWWVhRaYuxx/lCfLDwq/IpiwiCEG2kGYoSzRXXft9JlqBKGco0AW/eRnF2vxVfgDchzHbmbT0+oZuJMWDwLqtRzMCJajFp4KILx5DD1YOOaYvwWnEMddaG+I06YRQzqrSBPUJppVCtaEm6a2z/W+RPAsYkiMdmMCIkbSKp9BtjSEdlt/LPa4YChrzDSxZJTe2wmuxCoQFTdg5YezoBpCvzlmju85FhffkOd16mcgnupy92ZoQuVcr3jW6WnLs6gYF2occjdHvRRV1dlQbjpytN1SxJp0zVWGlhJMq36CE= deck@steamdeck" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCRCE3RYJ9VQh8QlbPjTnWUc1Q+Vhl6S+HBiKpGeg5pzzN6FdyiZsHWji+HWCtL05Z3QnuVi9CicKXozwFF401FwsoCsVnPmFUQtoyEHOFuGU5RRoXexfw2yBB9XclRNSKPAoqQuXGYd6ukgUeyre/FDABu5MH1H0hnkkYn+ZQU3Y4trYx1FsK5bQ3MXYHTVyHuesODKsLNUYaQTE6VBCsBWTsWWVhRaYuxx/lCfLDwq/IpiwiCEG2kGYoSzRXXft9JlqBKGco0AW/eRnF2vxVfgDchzHbmbT0+oZuJMWDwLqtRzMCJajFp4KILx5DD1YOOaYvwWnEMddaG+I06YRQzqrSBPUJppVCtaEm6a2z/W+RPAsYkiMdmMCIkbSKp9BtjSEdlt/LPa4YChrzDSxZJTe2wmuxCoQFTdg5YezoBpCvzlmju85FhffkOd16mcgnupy92ZoQuVcr3jW6WnLs6gYF2occjdHvRRV1dlQbjpytN1SxJp0zVWGlhJMq36CE= deck@steamdeck"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJ6JEJ5y+Kwf0i3/d+6RKMdblQ8d1W91fstFD5pACHu handy" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJ6JEJ5y+Kwf0i3/d+6RKMdblQ8d1W91fstFD5pACHu handy"
]; ];