kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luks encrypt laptop

Browse Source
This commit is contained in:
Kopatz
2025-10-29 17:26:11 +01:00
parent 8d48e3a951
commit ba4616877f
9 changed files with 64 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
flake.nix
View File

@@ -142,9 +142,10 @@
"kop-pc" = mkHost {
modules = [ ./users/kopatz ./systems/pc/configuration.nix ];
};
"nix-laptop" = mkHost {
"framework" = mkHost {
modules = [
### User specific ###
disko.nixosModules.disko
./users/kopatz
./systems/laptop/configuration.nix
];

2
home-manager/hyprland/hyprland-settings.nix
View File

@@ -2,7 +2,7 @@
let
cfg = osConfig.custom.graphical.hyprland;
isPc = osConfig.networking.hostName == "kop-pc";
isLaptop = osConfig.networking.hostName == "nix-laptop";
isLaptop = osConfig.networking.hostName == "framework";
restartPortals = pkgs.writeShellScript "restart-portals" ''
#!/usr/bin/env bash
systemctl --user restart xdg-desktop-portal-gtk

2
home-manager/hyprland/waybar.nix
View File

@@ -111,7 +111,7 @@ in {
"temperature".format = "{temperatureC}°C ";
"temperature".interval = 5;
"temperature".hwmon-path =
lib.mkIf (osConfig.networking.hostName == "nix-laptop")
lib.mkIf (osConfig.networking.hostName == "framework")
"/sys/class/hwmon/hwmon6/temp1_input";
"backlight".format = "{percent}% {icon}";
"backlight".states = [ 0 50 ];

2
secrets/secrets.nix
View File

@@ -1,7 +1,7 @@
let
kop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 lukas@Kopatz-PC2";
server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUA7uVKXAF2UcwaIDSJP2Te8Fi++2zkKzSPoRx1vQrI root@server";
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqcphdDEJhnSBkAZzQXZJDCzsyb/Tqpcf0pUADFpbd1 root@nix-laptop";
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqcphdDEJhnSBkAZzQXZJDCzsyb/Tqpcf0pUADFpbd1 root@framework";
mini-pc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGsTZvAahTrszYDHn+94sLtcF8865/mpd26ZDVQklSj root@server-vm"; # actual used server
mini-pc-proxmox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP0kX32LfIOv8FDVvdp7lWesVvMGh5tj84nv7TkIR1cs root@mini-pc";
adam-site = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfaIaKoNStnbfjB9cSJ9+PW0BVO3Uhh1uIbZA2CszDE root@nixos";

3
systems/laptop/configuration.nix
View File

@@ -22,6 +22,7 @@ in
#../../modules/static-ip.nix
#../../modules/wake-on-lan.nix
#./modules/wireguard.nix
./disk-config.nix
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
];
@@ -170,7 +171,7 @@ in
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "nix-laptop"; # Define your hostname.
networking.hostName = "framework"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Enable networking

42
systems/laptop/disk-config.nix Normal file
View File

@@ -0,0 +1,42 @@
# Example to create a bios compatible gpt partition
{ lib, ... }: {
disko.devices = {
disk.main = {
device = lib.mkDefault "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
# LUKS passphrase will be prompted interactively only
type = "luks";
name = "crypted";
settings = {
allowDiscards = true;
};
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [ "noatime" ];
};
};
};
};
};
};
};
}

24
systems/laptop/hardware-configuration.nix
View File

@@ -16,20 +16,20 @@
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/10537ea5-9d9f-4be8-8509-c7f9c9b978b8";
fsType = "ext4";
};
#fileSystems."/" =
# {
# device = "/dev/disk/by-uuid/10537ea5-9d9f-4be8-8509-c7f9c9b978b8";
# fsType = "ext4";
# };
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/C163-6BD5";
fsType = "vfat";
};
#fileSystems."/boot" =
# {
# device = "/dev/disk/by-uuid/C163-6BD5";
# fsType = "vfat";
# };
swapDevices =
[{ device = "/dev/disk/by-uuid/3ef4829c-e9ea-4cc0-85a1-bd8e704b9940"; }];
#swapDevices =
# [{ device = "/dev/disk/by-uuid/3ef4829c-e9ea-4cc0-85a1-bd8e704b9940"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

4
systems/laptop/secrets/secrets.nix
View File

@@ -1,6 +1,6 @@
let
laptop-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuRAKtoU5rjSbjDxlac6oAww/XHgsVRFHwIVnVm/TrTtDNqRyAkr6fIUiSKTHrpBPyJjIKCzkHS8QhbS2zZo4wjcgAyMyK33q/CzLs8DPQMWX0RKxR+OaVNwh90iWHr663a5x7ztTag3oPGOAYjeqCoIJWyQRlvIKflriJnAjWE8nvw4QkErpRWo4JJnhS61GQMrPT6VK0yXzq3zQs2t3cXTvGMmeLjBuluvJ6yiDk2bAGdY2UWnbs1y2M1TD3xn0pHzITeQnoWLfy+cwPHnEulciVqyr4pp6LDygmIPI1rxKAIQUnwo09n/A1eIcqlUo8aKy7ZDyrssuGWKZ/U4FC258NWwdUPbjyQvzNdcZjXC4+AmQTb+DwiECYOCfF7O/uRRqoFl7jfVfKqHJ7DKebt20QKwDCH/d5qfDs6xA0Krl2dgu3vePhsOkmpnIfPk9Cxl+YHGfmpCOVQHhxCwpkQs0Oh7NerO3idnG1enckjCuzCotnL8vDhczdL4eZmus= kopatz@nix-laptop";
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINXJG+MciJHOKSPGkrmVB/+TmWA6GNvXI6IAEkt5wNzV root@nix-laptop-no-gpu";
laptop-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuRAKtoU5rjSbjDxlac6oAww/XHgsVRFHwIVnVm/TrTtDNqRyAkr6fIUiSKTHrpBPyJjIKCzkHS8QhbS2zZo4wjcgAyMyK33q/CzLs8DPQMWX0RKxR+OaVNwh90iWHr663a5x7ztTag3oPGOAYjeqCoIJWyQRlvIKflriJnAjWE8nvw4QkErpRWo4JJnhS61GQMrPT6VK0yXzq3zQs2t3cXTvGMmeLjBuluvJ6yiDk2bAGdY2UWnbs1y2M1TD3xn0pHzITeQnoWLfy+cwPHnEulciVqyr4pp6LDygmIPI1rxKAIQUnwo09n/A1eIcqlUo8aKy7ZDyrssuGWKZ/U4FC258NWwdUPbjyQvzNdcZjXC4+AmQTb+DwiECYOCfF7O/uRRqoFl7jfVfKqHJ7DKebt20QKwDCH/d5qfDs6xA0Krl2dgu3vePhsOkmpnIfPk9Cxl+YHGfmpCOVQHhxCwpkQs0Oh7NerO3idnG1enckjCuzCotnL8vDhczdL4eZmus= kopatz@framework";
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINXJG+MciJHOKSPGkrmVB/+TmWA6GNvXI6IAEkt5wNzV root@framework-no-gpu";
users = [ laptop-user ];
systems = [ laptop ];
in

2
users/anon/default.nix
View File

@@ -22,7 +22,7 @@
extraGroups = [ "networkmanager" "wheel" "docker" "wireshark" ];
openssh.authorizedKeys.keys = [
config.mainUser.sshKey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuRAKtoU5rjSbjDxlac6oAww/XHgsVRFHwIVnVm/TrTtDNqRyAkr6fIUiSKTHrpBPyJjIKCzkHS8QhbS2zZo4wjcgAyMyK33q/CzLs8DPQMWX0RKxR+OaVNwh90iWHr663a5x7ztTag3oPGOAYjeqCoIJWyQRlvIKflriJnAjWE8nvw4QkErpRWo4JJnhS61GQMrPT6VK0yXzq3zQs2t3cXTvGMmeLjBuluvJ6yiDk2bAGdY2UWnbs1y2M1TD3xn0pHzITeQnoWLfy+cwPHnEulciVqyr4pp6LDygmIPI1rxKAIQUnwo09n/A1eIcqlUo8aKy7ZDyrssuGWKZ/U4FC258NWwdUPbjyQvzNdcZjXC4+AmQTb+DwiECYOCfF7O/uRRqoFl7jfVfKqHJ7DKebt20QKwDCH/d5qfDs6xA0Krl2dgu3vePhsOkmpnIfPk9Cxl+YHGfmpCOVQHhxCwpkQs0Oh7NerO3idnG1enckjCuzCotnL8vDhczdL4eZmus= kopatz@nix-laptop"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuRAKtoU5rjSbjDxlac6oAww/XHgsVRFHwIVnVm/TrTtDNqRyAkr6fIUiSKTHrpBPyJjIKCzkHS8QhbS2zZo4wjcgAyMyK33q/CzLs8DPQMWX0RKxR+OaVNwh90iWHr663a5x7ztTag3oPGOAYjeqCoIJWyQRlvIKflriJnAjWE8nvw4QkErpRWo4JJnhS61GQMrPT6VK0yXzq3zQs2t3cXTvGMmeLjBuluvJ6yiDk2bAGdY2UWnbs1y2M1TD3xn0pHzITeQnoWLfy+cwPHnEulciVqyr4pp6LDygmIPI1rxKAIQUnwo09n/A1eIcqlUo8aKy7ZDyrssuGWKZ/U4FC258NWwdUPbjyQvzNdcZjXC4+AmQTb+DwiECYOCfF7O/uRRqoFl7jfVfKqHJ7DKebt20QKwDCH/d5qfDs6xA0Krl2dgu3vePhsOkmpnIfPk9Cxl+YHGfmpCOVQHhxCwpkQs0Oh7NerO3idnG1enckjCuzCotnL8vDhczdL4eZmus= kopatz@framework"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCRCE3RYJ9VQh8QlbPjTnWUc1Q+Vhl6S+HBiKpGeg5pzzN6FdyiZsHWji+HWCtL05Z3QnuVi9CicKXozwFF401FwsoCsVnPmFUQtoyEHOFuGU5RRoXexfw2yBB9XclRNSKPAoqQuXGYd6ukgUeyre/FDABu5MH1H0hnkkYn+ZQU3Y4trYx1FsK5bQ3MXYHTVyHuesODKsLNUYaQTE6VBCsBWTsWWVhRaYuxx/lCfLDwq/IpiwiCEG2kGYoSzRXXft9JlqBKGco0AW/eRnF2vxVfgDchzHbmbT0+oZuJMWDwLqtRzMCJajFp4KILx5DD1YOOaYvwWnEMddaG+I06YRQzqrSBPUJppVCtaEm6a2z/W+RPAsYkiMdmMCIkbSKp9BtjSEdlt/LPa4YChrzDSxZJTe2wmuxCoQFTdg5YezoBpCvzlmju85FhffkOd16mcgnupy92ZoQuVcr3jW6WnLs6gYF2occjdHvRRV1dlQbjpytN1SxJp0zVWGlhJMq36CE= deck@steamdeck"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJ6JEJ5y+Kwf0i3/d+6RKMdblQ8d1W91fstFD5pACHu handy"
];