+27

flake.nix

··· 39 39 }@inputs: 40 40 { 41 41 nixosConfigurations = { 42 42 + pardinus = 43 43 + let 44 44 + username = "freyja"; 45 45 + specialArgs = { inherit username; }; 46 46 + hostname = "pardinus"; 47 47 + in 48 48 + nixpkgs.lib.nixosSystem { 49 49 + system = "x86_64-linux"; 50 50 + specialArgs = { 51 51 + inherit inputs; 52 52 + }; 53 53 + modules = [ 54 54 + disko.nixosModules.disko 55 55 + ./hosts/${hostname} 56 56 + ./modules/server.nix 57 57 + home-manager.nixosModules.home-manager 58 58 + { 59 59 + home-manager.useGlobalPkgs = true; 60 60 + home-manager.useUserPackages = true; 61 61 + home-manager.extraSpecialArgs = inputs // specialArgs; 62 62 + home-manager.users.${username} = ./home/server.nix; 63 63 + nixpkgs = { 64 64 + config.allowUnfree = true; 65 65 + }; 66 66 + } 67 67 + ]; 68 68 + }; 42 69 bobcat = 43 70 let 44 71 username = "freyja";

+1

home/default.nix

··· 7 7 ./nushell.nix 8 8 ./vcs.nix 9 9 ./stylix.nix 10 10 + ./desktop.nix 10 11 ]; 11 12 }

+13

home/desktop.nix

··· 1 1 + { 2 2 + pkgs, 3 3 + ... 4 4 + }: 5 5 + { 6 6 + # this sucks so bad i need to refactor eventually 7 7 + fonts.fontconfig.enable = true; 8 8 + 9 9 + gtk.cursorTheme = { 10 10 + package = pkgs.rose-pine-cursor; 11 11 + name = "BreezeX-RosePine-Linux"; 12 12 + }; 13 13 + }

-7

home/gen.nix

··· 67 67 enableNushellIntegration = true; 68 68 }; 69 69 }; 70 70 - 71 71 - fonts.fontconfig.enable = true; 72 72 - 73 73 - gtk.cursorTheme = { 74 74 - package = pkgs.rose-pine-cursor; 75 75 - name = "BreezeX-RosePine-Linux"; 76 76 - }; 77 70 }

+9

home/server.nix

··· 1 1 + { 2 2 + # reduced home config for server environments 3 3 + imports = [ 4 4 + ./helix.nix 5 5 + ./gen.nix 6 6 + ./nushell.nix 7 7 + ./vcs.nix 8 8 + ]; 9 9 + }

+42

hosts/pardinus/default.nix

··· 1 1 + { 2 2 + pkgs, 3 3 + lib, 4 4 + ... 5 5 + }@args: 6 6 + { 7 7 + imports = [ 8 8 + ./disko.nix 9 9 + ./hardware-configuration.nix 10 10 + ]; 11 11 + 12 12 + myDisko.installDrive = "/dev/disk/by-id/nvme-SAMSUNG_MZVLB256HAHQ-000L2_S41FNB1K451436"; 13 13 + myDisko.dataDrive = "/dev/disk/by-id/ata-TEAM_T253A3001T_TPBF2007090080600447"; 14 14 + 15 15 + networking = { 16 16 + hostName = "pardinus"; 17 17 + networkmanager.enable = true; 18 18 + }; 19 19 + 20 20 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 21 21 + 22 22 + zramSwap.enable = true; 23 23 + 24 24 + users.users.root.hashedPassword = "$6$rounds=4096$96V6gRPM96ADrBZr$2BOE2hC7Kx3XF3z32HNYp7zjsiAcJ2BynpGlWqdPupY3Mxfcy1aDlxdyx6HixriYuuhiTV4XSgObBASKZjNmF/"; 25 25 + 26 26 + users.users = { 27 27 + "freyja" = { 28 28 + isNormalUser = true; 29 29 + extraGroups = [ 30 30 + "wheel" 31 31 + "tss" 32 32 + ]; 33 33 + hashedPassword = "$6$rounds=4096$048E1JljebjSdlsY$rDwVNrrNj.bG6JPKoe/K3PxPj3P5K3xnlvICk5gEhwGxFMYoH/APNlKDbNHHc/cPP1KbtDd2oYxqWwVxYDAAE1"; 34 34 + shell = pkgs.nushell; 35 35 + 36 36 + openssh.authorizedKeys.keys = [ 37 37 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5TzxbVDkym7B4cPOk+zk7SUWfiQT8oxFL/K5q6TB+q freyja@bobcat" 38 38 + ] 39 39 + ++ (args.extraPublicKeys or [ ]); 40 40 + }; 41 41 + }; 42 42 + }

+142

hosts/pardinus/disko.nix

··· 1 1 + { 2 2 + config, 3 3 + lib, 4 4 + ... 5 5 + }: 6 6 + { 7 7 + options.myDisko.installDrive = lib.mkOption { 8 8 + description = "Disk to install NixOS to."; 9 9 + default = "/dev/nvme0n1"; 10 10 + type = lib.types.str; 11 11 + }; 12 12 + 13 13 + options.myDisko.dataDrive = lib.mkOption { 14 14 + description = "Additional data drive"; 15 15 + default = "/dev/sda"; 16 16 + type = lib.types.str; 17 17 + }; 18 18 + 19 19 + config = { 20 20 + assertions = [ 21 21 + { 22 22 + assertion = config.myDisko.installDrive != ""; 23 23 + message = "config.myDisko.installDrive cannot be empty."; 24 24 + } 25 25 + { 26 26 + assertion = config.myDisko.dataDrive != ""; 27 27 + message = "config.myDisko.dataDrive cannot be empty."; 28 28 + } 29 29 + ]; 30 30 + 31 31 + disko.devices = { 32 32 + disk = { 33 33 + disk1 = { 34 34 + type = "disk"; 35 35 + device = config.myDisko.installDrive; 36 36 + 37 37 + content = { 38 38 + type = "gpt"; 39 39 + 40 40 + partitions = { 41 41 + ESP = { 42 42 + content = { 43 43 + format = "vfat"; 44 44 + 45 45 + mountOptions = [ 46 46 + "defaults" 47 47 + "umask=0077" 48 48 + ]; 49 49 + 50 50 + mountpoint = "/boot"; 51 51 + type = "filesystem"; 52 52 + }; 53 53 + 54 54 + size = "1024M"; 55 55 + type = "EF00"; 56 56 + }; 57 57 + 58 58 + root = { 59 59 + size = "100%"; 60 60 + content = { 61 61 + type = "btrfs"; 62 62 + extraArgs = [ "-f" ]; 63 63 + 64 64 + subvolumes = { 65 65 + "/home" = { 66 66 + mountpoint = "/home"; 67 67 + mountOptions = [ 68 68 + "compress=zstd" 69 69 + "noatime" 70 70 + ]; 71 71 + }; 72 72 + 73 73 + "/home/.snapshots" = { 74 74 + mountOptions = [ 75 75 + "compress=zstd" 76 76 + "noatime" 77 77 + ]; 78 78 + mountpoint = "/home/.snapshots"; 79 79 + }; 80 80 + 81 81 + "/nix" = { 82 82 + mountpoint = "/nix"; 83 83 + mountOptions = [ 84 84 + "compress=zstd" 85 85 + "noatime" 86 86 + ]; 87 87 + }; 88 88 + 89 89 + "persist" = { 90 90 + mountpoint = "/persist"; 91 91 + mountOptions = [ 92 92 + "compress=zstd" 93 93 + "noatime" 94 94 + ]; 95 95 + }; 96 96 + 97 97 + "/root" = { 98 98 + mountpoint = "/"; 99 99 + mountOptions = [ 100 100 + "compress=zstd" 101 101 + "noatime" 102 102 + ]; 103 103 + }; 104 104 + }; 105 105 + }; 106 106 + }; 107 107 + }; 108 108 + }; 109 109 + }; 110 110 + 111 111 + disk2 = { 112 112 + type = "disk"; 113 113 + device = config.myDisko.dataDrive; 114 114 + 115 115 + content = { 116 116 + type = "gpt"; 117 117 + 118 118 + partitions = { 119 119 + main = { 120 120 + size = "100%"; 121 121 + content = { 122 122 + type = "btrfs"; 123 123 + extraArgs = [ "-f" ]; 124 124 + 125 125 + subvolumes = { 126 126 + "/srv" = { 127 127 + mountpoint = "/srv"; 128 128 + mountOptions = [ 129 129 + "compress=zstd" 130 130 + "noatime" 131 131 + ]; 132 132 + }; 133 133 + }; 134 134 + }; 135 135 + }; 136 136 + }; 137 137 + }; 138 138 + }; 139 139 + }; 140 140 + }; 141 141 + }; 142 142 + }

+32

hosts/pardinus/hardware-configuration.nix

··· 1 1 + { 2 2 + config, 3 3 + lib, 4 4 + pkgs, 5 5 + ... 6 6 + }: 7 7 + 8 8 + { 9 9 + boot = { 10 10 + initrd.availableKernelModules = [ 11 11 + "xhci_pci" 12 12 + "ahci" 13 13 + "ehci_pci" 14 14 + "nvme" 15 15 + "usb_storage" 16 16 + "usbhid" 17 17 + "sd_mod" 18 18 + ]; 19 19 + kernelModules = [ "kvm-amd" ]; 20 20 + loader = { 21 21 + systemd-boot = { 22 22 + enable = true; 23 23 + configurationLimit = 10; 24 24 + }; 25 25 + efi.canTouchEfiVariables = true; 26 26 + }; 27 27 + kernelPackages = pkgs.linuxPackages_latest; 28 28 + 29 29 + }; 30 30 + 31 31 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 32 32 + }

+53

modules/server.nix

··· 1 1 + { 2 2 + lib, 3 3 + pkgs, 4 4 + ... 5 5 + }: 6 6 + { 7 7 + imports = [ 8 8 + ./services/tailscale.nix 9 9 + ./services/fwupd.nix 10 10 + ./services/kmscon.nix 11 11 + ]; 12 12 + 13 13 + system.stateVersion = "25.11"; 14 14 + 15 15 + time.timeZone = lib.mkDefault "America/Los_Angeles"; 16 16 + 17 17 + i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; 18 18 + 19 19 + nixpkgs.config.allowUnfree = lib.mkDefault true; 20 20 + 21 21 + environment.systemPackages = with pkgs; [ 22 22 + helix 23 23 + zellij 24 24 + git 25 25 + pciutils 26 26 + ]; 27 27 + 28 28 + nix = { 29 29 + gc = { 30 30 + automatic = lib.mkDefault true; 31 31 + dates = lib.mkDefault "weekly"; 32 32 + options = lib.mkDefault "--delete-older-than 1w"; 33 33 + }; 34 34 + 35 35 + settings = { 36 36 + experimental-features = lib.mkDefault [ 37 37 + "nix-command" 38 38 + "flakes" 39 39 + ]; 40 40 + auto-optimise-store = lib.mkDefault true; 41 41 + }; 42 42 + }; 43 43 + 44 44 + services.openssh = { 45 45 + enable = true; 46 46 + settings = { 47 47 + AllowUsers = [ "freyja" ]; 48 48 + PermitRootLogin = "no"; 49 49 + PasswordAuthentication = false; 50 50 + }; 51 51 + }; 52 52 + networking.firewall.allowedTCPPorts = [ 22 ]; 53 53 + }