From b5c8b8e76d329cc1fa8bf9e38d5228c14342afe5 Mon Sep 17 00:00:00 2001 From: Patrick Flynn Date: Fri, 20 Feb 2026 23:48:33 -0500 Subject: [PATCH 1/6] feat(weller): add bootstrap configuration for two-stage install - Refactor 'hosts/weller/default.nix' to extract hardware config to 'hosts/weller/hardware.nix'. - Create 'modules/bootstrap.nix' for initial mutable install with SSH enabled and no secrets. - Add 'weller-bootstrap' nixosConfiguration to 'flake.nix'. Fixes #263 --- flake.nix | 12 +++++ hosts/weller/default.nix | 92 +--------------------------------- hosts/weller/hardware.nix | 102 ++++++++++++++++++++++++++++++++++++++ modules/bootstrap.nix | 51 +++++++++++++++++++ 4 files changed, 166 insertions(+), 91 deletions(-) create mode 100644 hosts/weller/hardware.nix create mode 100644 modules/bootstrap.nix diff --git a/flake.nix b/flake.nix index 316bfba..caa1fe6 100644 --- a/flake.nix +++ b/flake.nix @@ -156,6 +156,18 @@ ]; }; + # Hostname: weller-bootstrap (Initial install target) + weller-bootstrap = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ./hosts/weller/hardware.nix + ./hosts/weller/disk-config.nix + ./modules/bootstrap.nix + inputs.disko.nixosModules.disko + ]; + }; + # Hostname: weller (dual-boot Windows 11 + NixOS workstation) weller = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; diff --git a/hosts/weller/default.nix b/hosts/weller/default.nix index 0feaae4..203f38f 100644 --- a/hosts/weller/default.nix +++ b/hosts/weller/default.nix @@ -1,6 +1,5 @@ { config, - lib, pkgs, modulesPath, inputs, @@ -9,7 +8,7 @@ { imports = [ - (modulesPath + "/installer/scan/not-detected.nix") + ./hardware.nix ../../modules/common/system.nix ../../modules/common/users.nix ../../modules/common/workstation.nix @@ -19,95 +18,6 @@ cosmo.user.default = "patrick"; cosmo.user.email = "big.pat@gmail.com"; - # --------------------------------------------------------------------------- - # Hardware (normally in hardware-configuration.nix, but disko handles mounts) - # --------------------------------------------------------------------------- - boot.initrd.availableKernelModules = [ - "nvme" - "xhci_pci" - "ahci" - "usbhid" - "sd_mod" - ]; - boot.kernelModules = [ "kvm-amd" ]; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - # --------------------------------------------------------------------------- - # Bootloader - systemd-boot - # --------------------------------------------------------------------------- - # Windows is on Disk 0, NixOS on Disk 1 - use UEFI boot menu (F11/F12) to switch - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.initrd.systemd.enable = true; - - # Seagate FireCuda 510 firmware crashes with APST power saving (#263) - boot.kernelParams = [ - "nvme_core.default_ps_max_latency_us=0" - "btusb.enable_autosuspend=n" - ]; - - # --------------------------------------------------------------------------- - # Filesystem - Btrfs with LUKS encryption (managed by disko) - # --------------------------------------------------------------------------- - boot.supportedFilesystems = [ - "btrfs" - "ntfs" - ]; - - # --------------------------------------------------------------------------- - # Networking - # --------------------------------------------------------------------------- - networking.hostName = "weller"; - networking.networkmanager.enable = true; - - # --------------------------------------------------------------------------- - # Hardware - NVIDIA RTX 4090 - # --------------------------------------------------------------------------- - nixpkgs.config.allowUnfree = true; - - hardware.graphics.enable = true; - - services.xserver.videoDrivers = [ "nvidia" ]; - hardware.nvidia = { - modesetting.enable = true; - powerManagement.enable = false; - powerManagement.finegrained = false; - open = false; # Use proprietary driver for best compatibility - nvidiaSettings = true; - package = config.boot.kernelPackages.nvidiaPackages.stable; - }; - - # --------------------------------------------------------------------------- - # Bluetooth – optimised for Kinesis Advantage 360 Pro (ZMK / BLE) - # --------------------------------------------------------------------------- - hardware.bluetooth = { - enable = true; - powerOnBoot = true; - settings = { - General = { - # Keep adapter in page-scan mode for instant reconnects - FastConnectable = "true"; - # ZMK uses "Just Works" pairing – always allow re-pairing - JustWorksRepairing = "always"; - # Better LE handling & battery reporting - Experimental = "true"; - }; - LE = { - # Tighter polling interval (7.5–11.25 ms) for lower input latency - MinConnectionInterval = 6; - MaxConnectionInterval = 9; - ConnectionLatency = 0; - }; - Policy = { - AutoEnable = "true"; - ReconnectAttempts = 7; - ReconnectIntervals = "1,2,4,8,16,32,64"; - }; - }; - }; - environment.systemPackages = with pkgs; [ bluetuith ]; - # --------------------------------------------------------------------------- # Remote Access # --------------------------------------------------------------------------- diff --git a/hosts/weller/hardware.nix b/hosts/weller/hardware.nix new file mode 100644 index 0000000..e8139b6 --- /dev/null +++ b/hosts/weller/hardware.nix @@ -0,0 +1,102 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + # --------------------------------------------------------------------------- + # Hardware (normally in hardware-configuration.nix, but disko handles mounts) + # --------------------------------------------------------------------------- + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "sd_mod" + ]; + boot.kernelModules = [ "kvm-amd" ]; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + # --------------------------------------------------------------------------- + # Bootloader - systemd-boot + # --------------------------------------------------------------------------- + # Windows is on Disk 0, NixOS on Disk 1 - use UEFI boot menu (F11/F12) to switch + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.initrd.systemd.enable = true; + + # Seagate FireCuda 510 firmware crashes with APST power saving (#263) + boot.kernelParams = [ + "nvme_core.default_ps_max_latency_us=0" + "btusb.enable_autosuspend=n" + ]; + + # --------------------------------------------------------------------------- + # Filesystem - Btrfs with LUKS encryption (managed by disko) + # --------------------------------------------------------------------------- + boot.supportedFilesystems = [ + "btrfs" + "ntfs" + ]; + + # --------------------------------------------------------------------------- + # Networking + # --------------------------------------------------------------------------- + networking.hostName = "weller"; + networking.networkmanager.enable = true; + + # --------------------------------------------------------------------------- + # Hardware - NVIDIA RTX 4090 + # --------------------------------------------------------------------------- + nixpkgs.config.allowUnfree = true; + + hardware.graphics.enable = true; + + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.nvidia = { + modesetting.enable = true; + powerManagement.enable = false; + powerManagement.finegrained = false; + open = false; # Use proprietary driver for best compatibility + nvidiaSettings = true; + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + + # --------------------------------------------------------------------------- + # Bluetooth – optimised for Kinesis Advantage 360 Pro (ZMK / BLE) + # --------------------------------------------------------------------------- + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + settings = { + General = { + # Keep adapter in page-scan mode for instant reconnects + FastConnectable = "true"; + # ZMK uses "Just Works" pairing – always allow re-pairing + JustWorksRepairing = "always"; + # Better LE handling & battery reporting + Experimental = "true"; + }; + LE = { + # Tighter polling interval (7.5–11.25 ms) for lower input latency + MinConnectionInterval = 6; + MaxConnectionInterval = 9; + ConnectionLatency = 0; + }; + Policy = { + AutoEnable = "true"; + ReconnectAttempts = 7; + ReconnectIntervals = "1,2,4,8,16,32,64"; + }; + }; + }; + environment.systemPackages = with pkgs; [ bluetuith ]; +} diff --git a/modules/bootstrap.nix b/modules/bootstrap.nix new file mode 100644 index 0000000..64935a1 --- /dev/null +++ b/modules/bootstrap.nix @@ -0,0 +1,51 @@ +{ + config, + pkgs, + lib, + ... +}: + +let + keys = import ../secrets/keys.nix; +in +{ + imports = [ + ./common/system.nix + ]; + + # Define the default user options here since we are importing system.nix + cosmo.user.default = "patrick"; + cosmo.user.email = "big.pat@gmail.com"; + + # Enable SSH + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "yes"; + PasswordAuthentication = true; + }; + }; + + # Mutable users for bootstrap + users.mutableUsers = true; + + users.users.root.openssh.authorizedKeys.keys = keys.users; + + users.users.${config.cosmo.user.default} = { + isNormalUser = true; + uid = 1000; + extraGroups = [ + "wheel" + "networkmanager" + "video" + ]; + initialPassword = "nixos"; + openssh.authorizedKeys.keys = keys.users; + }; + + # Make it easy to assume root during bootstrap + security.sudo.wheelNeedsPassword = false; + + # Ensure compatibility + system.stateVersion = "25.11"; +} From dc5ffc359cd95a7a84c655ff07742d1da1e6e946 Mon Sep 17 00:00:00 2001 From: Patrick Flynn Date: Fri, 20 Feb 2026 23:51:19 -0500 Subject: [PATCH 2/6] refactor(bootstrap): genericize bootstrap logic for reuse - Add 'mkBootstrap' helper function to flake.nix for easy creation of bootstrap images for any host. - Update 'modules/bootstrap.nix' to use 'lib.mkDefault' for user options, allowing overrides. - Use 'mkBootstrap' for 'weller-bootstrap' configuration. --- flake.nix | 37 ++++++++++++++++++++++++++++--------- modules/bootstrap.nix | 4 ++-- 2 files changed, 30 insertions(+), 11 deletions(-) diff --git a/flake.nix b/flake.nix index caa1fe6..56d863a 100644 --- a/flake.nix +++ b/flake.nix @@ -71,6 +71,31 @@ } ]; }; + + mkBootstrap = + { + system ? "x86_64-linux", + hardware, + disk ? null, + hostName ? "nixos-bootstrap", + user ? "patrick", + email ? "big.pat@gmail.com", + }: + nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit inputs; }; + modules = [ + hardware + (if disk != null then disk else { }) + (if disk != null then inputs.disko.nixosModules.disko else { }) + ./modules/bootstrap.nix + { + networking.hostName = hostName; + cosmo.user.default = user; + cosmo.user.email = email; + } + ]; + }; in { formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-tree; @@ -157,15 +182,9 @@ }; # Hostname: weller-bootstrap (Initial install target) - weller-bootstrap = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - ./hosts/weller/hardware.nix - ./hosts/weller/disk-config.nix - ./modules/bootstrap.nix - inputs.disko.nixosModules.disko - ]; + weller-bootstrap = mkBootstrap { + hardware = ./hosts/weller/hardware.nix; + disk = ./hosts/weller/disk-config.nix; }; # Hostname: weller (dual-boot Windows 11 + NixOS workstation) diff --git a/modules/bootstrap.nix b/modules/bootstrap.nix index 64935a1..3f15e91 100644 --- a/modules/bootstrap.nix +++ b/modules/bootstrap.nix @@ -14,8 +14,8 @@ in ]; # Define the default user options here since we are importing system.nix - cosmo.user.default = "patrick"; - cosmo.user.email = "big.pat@gmail.com"; + cosmo.user.default = lib.mkDefault "patrick"; + cosmo.user.email = lib.mkDefault "big.pat@gmail.com"; # Enable SSH services.openssh = { From 7234b36539e638d8cded9dd134f06e85571fe10f Mon Sep 17 00:00:00 2001 From: Patrick Flynn Date: Fri, 20 Feb 2026 23:57:09 -0500 Subject: [PATCH 3/6] docs(weller): update setup instructions for two-stage install - Update Weller setup guide with Stage 1 (bootstrap) and Stage 2 (full) steps. - Explain usage of 'weller-bootstrap' flake target. - Document the SSH key generation and secret rekeying workflow. --- docs/weller-dualboot-2025.md | 119 ++++++++++++++++++++--------------- 1 file changed, 67 insertions(+), 52 deletions(-) diff --git a/docs/weller-dualboot-2025.md b/docs/weller-dualboot-2025.md index 2dc4482..3169c3e 100644 --- a/docs/weller-dualboot-2025.md +++ b/docs/weller-dualboot-2025.md @@ -95,58 +95,73 @@ Configure UDM Pro: --- -## 5. Installation Steps - -### 5.1 Boot NixOS Installer via PXE - -1. Boot the machine and press F11/F12 for boot menu -2. Select "UEFI: Network Boot" or similar -3. netboot.xyz will load → select Linux Network Installs → NixOS -4. Connect to network (should already be connected via PXE) - -### 5.2 Verify Target Disk - -```bash -# List disks and find the Seagate by-id -ls -la /dev/disk/by-id/ | grep -i seagate - -# Should show something like: -# nvme-Seagate_FireCuda_510_SSD_ZP2000GM30001_0024_CF01_4800_43D3 - -# Verify this matches the disk-config.nix device path -``` - -### 5.3 Partition, Encrypt, and Format with Disko - -```bash -# Clone cosmo repo -nix-shell -p git -git clone https://github.com/patflynn/cosmo /tmp/cosmo -cd /tmp/cosmo - -# Run disko to partition, encrypt, and mount -# This will prompt for the LUKS encryption password -sudo nix --experimental-features "nix-command flakes" \ - run github:nix-community/disko -- \ - --mode disko ./hosts/weller/disk-config.nix -``` - -Disko will: -- Create GPT partition table -- Create 1GB EFI partition -- Create LUKS2 encrypted partition (prompts for password) -- Format with Btrfs and create subvolumes (@root, @home, @nix, @swap) -- Mount everything to /mnt -- Create 16GB swapfile - -### 5.4 Install NixOS - -```bash -# Install NixOS from the flake -nixos-install --no-write-lock-file --flake /tmp/cosmo#weller - -# Set root password when prompted (or skip if using SSH keys only) -``` +## 5. Installation Steps (Two-Stage Process) + +To avoid "chicken-and-egg" problems with secrets (`agenix`) and SSH keys, we use a two-stage installation process. + +### 5.1 Stage 1: Bootstrap Install + +The first stage installs a minimal system with: +- **Mutable users** (allows setting/changing passwords) +- **SSH enabled** with password authentication +- **No secrets/agenix** (prevents decryption errors on first boot) + +1. **Boot NixOS Installer via PXE** + - Boot the machine and press F11/F12 for boot menu + - Select "UEFI: Network Boot" or similar + - netboot.xyz will load → select Linux Network Installs → NixOS + +2. **Partition and Format with Disko** + ```bash + # Clone cosmo repo + nix-shell -p git + git clone https://github.com/patflynn/cosmo /tmp/cosmo + cd /tmp/cosmo + + # Run disko to partition, encrypt, and mount + # This will prompt for the LUKS encryption password + sudo nix --experimental-features "nix-command flakes" \ + run github:nix-community/disko -- \ + --mode disko ./hosts/weller/disk-config.nix + ``` + +3. **Install the Bootstrap Configuration** + ```bash + # Install using the weller-bootstrap target + nixos-install --no-write-lock-file --flake /tmp/cosmo#weller-bootstrap + ``` + +4. **Reboot and Set Password** + - Reboot into the new system. + - Log in as `patrick` with the initial password `nixos`. + - Change your password immediately: `passwd`. + +### 5.2 Stage 2: Full Configuration + +Once the bootstrap system is running, we can finalize the setup. + +1. **Generate Host SSH Key** + ```bash + # The host key is usually at /etc/ssh/ssh_host_ed25519_key.pub + cat /etc/ssh/ssh_host_ed25519_key.pub + ``` + +2. **Update Repository Secrets (on your laptop)** + - Copy the new host key to `secrets/keys.nix`. + - Rekey secrets: `agenix -r`. + - Commit and push changes to GitHub. + +3. **Apply Full Configuration (on weller)** + ```bash + cd ~/hack/cosmo # or wherever you keep the repo + git pull + sudo nixos-rebuild switch --flake .#weller + ``` + +The system will now have: +- Immutable users (managed by Nix) +- Secrets decrypted via `agenix` +- Full workstation environment (NVIDIA, Hyprland, etc.) --- From b37907b26921f557e5a5d1de7e4105a530c68bda Mon Sep 17 00:00:00 2001 From: Patrick Flynn Date: Sat, 21 Feb 2026 15:16:11 -0500 Subject: [PATCH 4/6] fix(bootstrap): harden security and fix hostname conflict - Disable password-based SSH and root login for bootstrap. - Remove hardcoded default 'nixos' password; use repo SSH keys instead. - Require sudo password by default in bootstrap for better security. - Move weller hostname definition to default.nix to resolve CI conflict. --- flake.nix | 1 + hosts/weller/default.nix | 5 +++++ hosts/weller/hardware.nix | 1 - modules/bootstrap.nix | 10 +++++----- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index 56d863a..41a9fdd 100644 --- a/flake.nix +++ b/flake.nix @@ -185,6 +185,7 @@ weller-bootstrap = mkBootstrap { hardware = ./hosts/weller/hardware.nix; disk = ./hosts/weller/disk-config.nix; + hostName = "weller-bootstrap"; }; # Hostname: weller (dual-boot Windows 11 + NixOS workstation) diff --git a/hosts/weller/default.nix b/hosts/weller/default.nix index 203f38f..da75818 100644 --- a/hosts/weller/default.nix +++ b/hosts/weller/default.nix @@ -18,6 +18,11 @@ cosmo.user.default = "patrick"; cosmo.user.email = "big.pat@gmail.com"; + # --------------------------------------------------------------------------- + # Networking + # --------------------------------------------------------------------------- + networking.hostName = "weller"; + # --------------------------------------------------------------------------- # Remote Access # --------------------------------------------------------------------------- diff --git a/hosts/weller/hardware.nix b/hosts/weller/hardware.nix index e8139b6..f8ae5c1 100644 --- a/hosts/weller/hardware.nix +++ b/hosts/weller/hardware.nix @@ -50,7 +50,6 @@ # --------------------------------------------------------------------------- # Networking # --------------------------------------------------------------------------- - networking.hostName = "weller"; networking.networkmanager.enable = true; # --------------------------------------------------------------------------- diff --git a/modules/bootstrap.nix b/modules/bootstrap.nix index 3f15e91..6a4887e 100644 --- a/modules/bootstrap.nix +++ b/modules/bootstrap.nix @@ -21,8 +21,8 @@ in services.openssh = { enable = true; settings = { - PermitRootLogin = "yes"; - PasswordAuthentication = true; + PermitRootLogin = "prohibit-password"; # Only allow key-based root login + PasswordAuthentication = false; # Disable password-based login for better security }; }; @@ -39,12 +39,12 @@ in "networkmanager" "video" ]; - initialPassword = "nixos"; + # No initial password - use SSH keys for access openssh.authorizedKeys.keys = keys.users; }; - # Make it easy to assume root during bootstrap - security.sudo.wheelNeedsPassword = false; + # For bootstrap, we want a balance of security and convenience + security.sudo.wheelNeedsPassword = lib.mkDefault true; # Ensure compatibility system.stateVersion = "25.11"; From 71946c45d037cca65af6403118d20a2a3fa71c06 Mon Sep 17 00:00:00 2001 From: Patrick Flynn Date: Sat, 21 Feb 2026 15:21:02 -0500 Subject: [PATCH 5/6] docs(weller): update bootstrap login to use SSH keys --- docs/weller-dualboot-2025.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/weller-dualboot-2025.md b/docs/weller-dualboot-2025.md index 3169c3e..a6c6b55 100644 --- a/docs/weller-dualboot-2025.md +++ b/docs/weller-dualboot-2025.md @@ -131,10 +131,14 @@ The first stage installs a minimal system with: nixos-install --no-write-lock-file --flake /tmp/cosmo#weller-bootstrap ``` -4. **Reboot and Set Password** +4. **Reboot and Access via SSH** - Reboot into the new system. - - Log in as `patrick` with the initial password `nixos`. - - Change your password immediately: `passwd`. + - From your laptop, log in as `root` (using your SSH keys): + ```bash + ssh root@weller-bootstrap + ``` + - No initial password is required as your keys from `secrets/keys.nix` are pre-authorized in the bootstrap image. + - For better security, password authentication is disabled by default. ### 5.2 Stage 2: Full Configuration From e6f15537769e6fb662f71063ffb184c1310e32de Mon Sep 17 00:00:00 2001 From: Patrick Flynn Date: Sat, 21 Feb 2026 15:23:58 -0500 Subject: [PATCH 6/6] feat(classic-laddie): add bootstrap recovery target - Refactor classic-laddie to use hardware.nix for better modularity. - Add classic-laddie-bootstrap to flake.nix. - Support networking.hostId in mkBootstrap for ZFS hosts. --- flake.nix | 9 ++++++ hosts/classic-laddie/default.nix | 43 +++++---------------------- hosts/classic-laddie/hardware.nix | 49 +++++++++++++++++++++++++++++++ 3 files changed, 66 insertions(+), 35 deletions(-) create mode 100644 hosts/classic-laddie/hardware.nix diff --git a/flake.nix b/flake.nix index 41a9fdd..4c6fe2c 100644 --- a/flake.nix +++ b/flake.nix @@ -78,6 +78,7 @@ hardware, disk ? null, hostName ? "nixos-bootstrap", + hostId ? null, user ? "patrick", email ? "big.pat@gmail.com", }: @@ -94,6 +95,7 @@ cosmo.user.default = user; cosmo.user.email = email; } + (if hostId != null then { networking.hostId = hostId; } else { }) ]; }; in @@ -128,6 +130,13 @@ ]; }; + # Hostname: classic-laddie-bootstrap + classic-laddie-bootstrap = mkBootstrap { + hardware = ./hosts/classic-laddie/hardware.nix; + hostName = "classic-laddie-bootstrap"; + hostId = "8425e349"; + }; + # Hostname: makers-nix makers-nix = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; diff --git a/hosts/classic-laddie/default.nix b/hosts/classic-laddie/default.nix index 9a4cff6..c15b78a 100644 --- a/hosts/classic-laddie/default.nix +++ b/hosts/classic-laddie/default.nix @@ -7,7 +7,7 @@ { imports = [ - ./hardware-configuration.nix + ./hardware.nix ../../modules/common/system.nix ../../modules/common/users.nix ../../modules/common/workstation.nix @@ -18,6 +18,11 @@ cosmo.user.default = "patrick"; cosmo.user.email = "big.pat@gmail.com"; + # --------------------------------------------------------------------------- + # Networking + # --------------------------------------------------------------------------- + networking.hostName = "classic-laddie"; + # --------------------------------------------------------------------------- # Remote Desktop Streaming (Sunshine/Moonlight) # --------------------------------------------------------------------------- @@ -40,41 +45,9 @@ mode = "0440"; }; - # Bootloader (Keep what matches your hardware!) - # If your hardware-configuration.nix says you are EFI, use systemd-boot: - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - # If you are Legacy BIOS, you might need: boot.loader.grub.device = "/dev/sda"; - - # Enable proprietary software (required for Nvidia drivers) - nixpkgs.config.allowUnfree = true; - - # Graphics - hardware.graphics.enable = true; - - # Nvidia Driver Configuration - services.xserver.videoDrivers = [ "nvidia" ]; - hardware.nvidia = { - modesetting.enable = true; - powerManagement.enable = false; - powerManagement.finegrained = false; - open = false; - nvidiaSettings = true; - package = config.boot.kernelPackages.nvidiaPackages.stable; - }; - - # Allow qemu-libvirtd to access the GPU - users.groups.video.members = [ "qemu-libvirtd" ]; - users.groups.render.members = [ "qemu-libvirtd" ]; - - networking.hostName = "classic-laddie"; - networking.hostId = "8425e349"; # Required for ZFS - networking.networkmanager.enable = true; - - # Storage Support (Roadmap Phase 1) - boot.supportedFilesystems = [ "zfs" ]; - + # --------------------------------------------------------------------------- # Remote Access (Roadmap Phase 1) + # --------------------------------------------------------------------------- services.tailscale = { enable = true; useRoutingFeatures = "server"; diff --git a/hosts/classic-laddie/hardware.nix b/hosts/classic-laddie/hardware.nix new file mode 100644 index 0000000..f7ff16c --- /dev/null +++ b/hosts/classic-laddie/hardware.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ + ./hardware-configuration.nix + ]; + + # --------------------------------------------------------------------------- + # Bootloader + # --------------------------------------------------------------------------- + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # --------------------------------------------------------------------------- + # Networking + # --------------------------------------------------------------------------- + networking.hostId = "8425e349"; # Required for ZFS + networking.networkmanager.enable = true; + + # --------------------------------------------------------------------------- + # Hardware - NVIDIA + # --------------------------------------------------------------------------- + nixpkgs.config.allowUnfree = true; + hardware.graphics.enable = true; + + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.nvidia = { + modesetting.enable = true; + powerManagement.enable = false; + powerManagement.finegrained = false; + open = false; + nvidiaSettings = true; + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + + # Allow qemu-libvirtd to access the GPU + users.groups.video.members = [ "qemu-libvirtd" ]; + users.groups.render.members = [ "qemu-libvirtd" ]; + + # --------------------------------------------------------------------------- + # Storage Support + # --------------------------------------------------------------------------- + boot.supportedFilesystems = [ "zfs" ]; +}