john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

incorporated john-p14s, big squash merge of stuff

Browse Source
This commit is contained in:
John Lancaster
2026-03-29 15:12:38 -05:00
parent 31df60a718
commit 93458a5e53
37 changed files with 924 additions and 419 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/hosts/john-p14s/configuration.nix
+138
View File
@@ -0,0 +1,138 @@
{ self, inputs, ... }:
{
flake.modules.nixos.p14sConfiguration = { config, pkgs, lib, ... }:
let
hostname = "john-p14s";
homeDirectory = config.home-manager.users.john.home.homeDirectory;
flakeDir = "${homeDirectory}/Documents/dendritic";
in
{
imports = [
self.modules.nixos.p14sHardware
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config = {
permittedInsecurePackages = [ "openssl-1.1.1w" ];
allowUnfree = true;
};
rebuild.flakeDir = flakeDir;
networking = {
hostName = hostname;
networkmanager.enable = true;
};
# Enable automatic login for the user.
# services.displayManager.autoLogin.enable = true;
# services.displayManager.autoLogin.user = "john";
programs.zsh.enable = true;
services.openssh.enable = true;
services.tailscale.enable = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget
cacert
busybox
dig
samba
];
security.pam.services.swaylock = {};
security.pam.services.swaylock.fprintAuth = true;
programs._1password.enable = true;
programs._1password-gui = {
enable = true;
# Certain features, including CLI integration and system authentication support,
# require enabling PolKit integration on some desktop environments (e.g. Plasma).
polkitPolicyOwners = [ "john" ];
# TODO this should not be a hardcoded username
};
# This is needed for VSCode remote support. Read: https://nixos.wiki/wiki/Visual_Studio_Code
programs.nix-ld.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
# Set your time zone.
time.timeZone = "America/Chicago";
# Select internationalisation properties.
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
services.libinput.enable = true; # Enable touchpad support (enabled default in most desktopManager).
services.fprintd.enable = true; # Enables fingerprint sensor
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true; # PulseAudio server uses this to acquire realtime priority.
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
# media-session.enable = true;
};
home-manager.useGlobalPkgs = true;
home-manager.users.root = {
imports = with inputs.self.modules.homeManager; [
rebuild
janus-ca
];
home.stateVersion = "25.11";
};
home-manager.users.john.imports = with inputs.self.modules.homeManager; [
gnome
desktop
mysops
rebuild
janus-ca
{
my-vscode.enable = true;
mysops.hostSecretFile = "${flakeDir}/modules/hosts/john-p14s/secrets.yaml";
homeManagerFlakeDir = "${flakeDir}";
shell.program = "zsh";
home.packages = with pkgs; [
bash
discord
];
}
];
sops.defaultSopsFile = ./secrets.yaml;
sops.age.sshKeyPaths = [ "${homeDirectory}/.ssh/id_ed25519" ];
mtls = {
enable = true;
subject = hostname;
};
};
}
modules/hosts/john-p14s/default.nix
+26
View File
@@ -0,0 +1,26 @@
{ self, inputs, ... }: {
flake-file.inputs = {
nixos-hardware = {
url = "github:NixOS/nixos-hardware";
flake = false;
};
};
flake.nixosConfigurations.john-p14s = inputs.nixpkgs.lib.nixosSystem {
modules = [
"${inputs.nixos-hardware}/lenovo/thinkpad/p14s"
"${inputs.nixos-hardware}/lenovo/thinkpad/p14s/amd/gen4"
] ++ (with self.modules.nixos; [
p14sConfiguration
rebuild
sudo
john
gnome
steam
wireguard
mtls
# greetd
# niri
]);
};
}
modules/hosts/john-p14s/hardware.nix
+59
View File
@@ -0,0 +1,59 @@
{ self, inputs, ... }: {
flake.modules.nixos.p14sHardware = { config, lib, pkgs, modulesPath, ... }: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "usbhid" "sd_mod" ];
kernelModules = [ "amdgpu" ];
};
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
# boot.loader.systemd-boot.enable = true;
# boot.loader.efi.canTouchEfiVariables = true;
# boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "usbhid" "sd_mod" ];
# boot.initrd.kernelModules = [ "amdgpu" ];
# boot.kernelModules = [ "kvm-amd" ];
# boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/fbc7d8bc-080b-4554-a2b2-5f92d059ce07";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/9A04-ADD8";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp102s0u2u4.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = [ pkgs.rocmPackages.clr.icd ];
};
environment.variables.AMD_VULKAN_ICD = "RADV";
};
}
modules/hosts/john-p14s/secrets.yaml
+26
View File
@@ -0,0 +1,26 @@
restic_password: ENC[AES256_GCM,data:8KeL7kOMTHkK+ZpY3aq0/S4UYbkZh72FxJAolcVes79NPfdHiNi77fmAZuXb8Gxasu16vk4y6ksWFmrZquvcbg+cLt8Yze+qvuCiUW62IOppzRIBLk6w2f8uPhU41gsVuj6u4Jz/Su7miNBvJYmF8vulIwDKS7qg43dzIKXY4q1HaRHCD12PkU9EfGpIgivdNCOO0lCE6m/O3IB8Ed4R51scBnVrIj89K5OuTepvIrGElmXiWqBdsTzCIaJCZJ8fDnzJPorLhsTAzKCnQhNoIrW/aYArzj9+WmglmGuqeaoemBoNTrYC9bssUwuWAOqsf1HC7gWST/dP9FmKl7UHlgkslblRcRedFPAQjDhy/RgZCj8hs/XrVYOzwW8WJ0XeB9UPK03QPJc8EZdz9r2Q0+U3LQxMV6Jne5JZGsMpII4b+7b/WbRZTooX3G09MES/gzwD+hyBr++6EpP9QTYs+4XsNLNN+S6y5+YS/7XmRvR7xb93eZ4EfUUKiQYejVKQBl9b8QTJa3q26RPa/82O5zQlzd1w/EjA4G6Vv8H6wvK0fHNwpU3hl9V8EL7Ca7JKfJr11Vw0fNHx2nXjOLURt27wbDeWUaSrzI+z2h/0TSiKWas/Eu5+4L9n7E3H5u5Hg2uaCQkDpy6RJkW9UL6lCC1YEJw5yHTugrPNoMcRlAKRoSIeSZSPfGl0CKYAC39s422xX2f46GpJu0bO8GG/XN9Qk+SxqPHGuzx7nWghFQctZb1ssGKuvHKqaNYZvWeWqqkxyPWb6xjaBaSGxcp5MsET+RAu2F1XgX9Is11mIJETlHhRE3OpMSHh7toIiuNs8YzsgkedVFWhx+Xu27DWvOFvg/01Rh6s5RGJKMgL7WQMLTtY2KI/ko648WXVoCtVymG8d30qWnSt8319jkILX/wdB8Vqp5ceRqHwDE89jhEh0GOg07eLcREnh+gjXij1/bS66/+hHk4jhkzGtbdfEji9sro4Nm+kVRA+6fgJjCvt1sAvjuj10Scx4uH3AdDTW+y0KaniK8EHTZzaGDuaV+tk3hZEfpwpdan5mquoQvFdZWsWlDefX7gRq38szmi9LtULEai0WKOtqnnDIOnWk/3NYeNdzJ28YzrUDbkxtghkRgr7fNGEtyCGRuWRRMc5mVp2FPzAwRKk29ShILpWbvfUzwAWUOEpyAS4bstzlMybf9L8sp20+Ier8gOMGJ81eXXXmhtgMn6aWZ6EDGe1Shl0gDM0JUEAkA2+kf3oIZAvcWiFxj7vyd4Aacw3RetUSJcy8JwbV3I/isxKyy/xs8zE2PUY0z3Cwh9MpVP9G8N6Mef6v2DNDNg+2iJ/eslQdbZRQzdJwnBMhpOopzRwuUaC7jJKyGBkcNbbmNjceJWEue0XVjIcZHJ7BFe3jKluezNIJIf268V35+HIpXJA7BUJn8NPCIQXze5Frm46U2aRTQ53LU4HBGLXYPzx8QLsn0jLVy518w/TztawdT3/SmSWNwYTuZG18TmXs9v3oB6PrUr4M7kJbNRLpRb0ZelbMDwpR074FPwwud6fkjR2lLQBbufmPUBdpVJZ2xFjijle8h1h29zoFsydFNq5wSXUO/nm/S09KdKi5F2S1uKP+NL80OVEeC+QXcBdTry07meVIhsBOh+9ajy1ExaMaPs2xjB5QvTgJA9kfJOAoUygjMC33FwdRw10eGP//IsiRm9EukF1o++MfZnAtcjhoOoy79TjlO8p8YVNwEhZ14Ik/kIizyQtr0gR+pVEIc6+1W29UOWNRXb+ZavXRDq0wvxigMagfcL+zIr4gctufTfubiOmVa85qVJB,iv:VogP+OQvlsYCSqlmffO+o99C0hJm63ZqLXVd2B0oom0=,tag:+se1QHW6xLMj/dZrbY0MKQ==,type:str]
wireguard_private_key: ENC[AES256_GCM,data:sCskwDhemU1y4M4A4R9KxwiL8q+FtxnUqg1omU7yS81H1bbSM804hNzmq+A=,iv:7wNMAG+7wYYXYgKEohIAYisMN5lbz+M5RhCEaHL4yWE=,tag:FENdJTEEGD9cEJVwIIUQDA==,type:str]
sops:
age:
- recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHS0F1R0NnV0gyNFlkUEhZ
UkxvN1ZLQTFsV0tnR0pLNFJycmduU1VXUlFVCjBkRGxQd1B1c3cweTRsZm9OUCt0
anU3RTFUUkxoaXlhdlR0RkxPclVUdVkKLS0tIG9kTEVNK2piRWI5ZWFSejFFUGtD
emtTUGk0cVZWR3F5R05WTTFJUFUwNTAKrRYQAJen6QVSgaOyqPxSIniHiMLUfXuv
/O1Ebz5xLWn99EhloqW7rHhUxXlhxP2CmwfYXizyKFa6nAu6R+BCgg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXNWRXZTFWREIzRVhRaWRB
anNDb3hsZzFOMFMrclhmeldaOWY4b3BJekFBCkJhbjRvRUwva3lFbzNTKzJqK2p2
WVlMaXpvczlhdGduZHIrb2xPaEg3OUUKLS0tIHFtM09mN0FEUWdjWEVEL3VXL00w
WHpOY280S2hpVU1mNnozODRoMnB4bGMKK5RrDK2kAZlWf2igqyzWgshxLPj+f74A
mCmMLDHo5drNieFYp+guqHaHnZkf9IzpAglj7x6wCITjk+l6go5KvA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-27T03:59:09Z"
mac: ENC[AES256_GCM,data:MsPAxssWUSvsJQP0Ogrl3r/GoVqeL1L95YTJQbAJZ4FVxhRXP7KfbUnKSclzU6G8CP5WxV18TXZfB4JITKG3Lz5rtVpD/WFMdhDmve0f6BPMAimle2ajWUaWYNePvEynClX3nydLk3h31DjHGa8YvJZqW2ieDb/JDMdBXiLTrWc=,iv:82ul5CV3XXllFCDJfF6beIcAIFj71ycJJF4iEQvovMA=,tag:108L7VkAoPUTLtV74qgrrA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2