From 5d4b78a4109c22bcdbfaf449f96888ea908cf222 Mon Sep 17 00:00:00 2001 From: Nikita Wootten Date: Thu, 7 Dec 2023 23:34:26 -0500 Subject: [PATCH] Added new host configuration for my GPD Pocket 2 --- Makefile | 16 +- flake.lock | 323 +++++++++++++++------- flake.nix | 14 +- homes/nikita@cochrane.nix | 17 ++ hosts/cochrane/default.nix | 31 +++ hosts/cochrane/hardware-configuration.nix | 39 +++ packages/oscal-deep-diff/default.nix | 5 +- shell.nix | 3 + 8 files changed, 342 insertions(+), 106 deletions(-) create mode 100644 homes/nikita@cochrane.nix create mode 100644 hosts/cochrane/default.nix create mode 100644 hosts/cochrane/hardware-configuration.nix diff --git a/Makefile b/Makefile index 00bbc09..879f71e 100644 --- a/Makefile +++ b/Makefile @@ -5,10 +5,9 @@ define IN_NIXSHELL nix-shell shell.nix --command '$1' endef -.PHONY: help test update switch-home switch-nixos remote-switch-nixos - # This help command was adapted from https://github.com/tiiuae/sbomnix # https://marmelab.com/blog/2016/02/29/auto-documented-makefile.html +.PHONY: help help: ## Show this help message @grep -E '^[a-zA-Z_-]+:.*?##.*$$' $(MAKEFILE_LIST) | awk 'BEGIN { \ FS = ":.*?## "; \ @@ -16,27 +15,34 @@ help: ## Show this help message } \ { printf "\033[32m%-30s\033[0m %s\n", $$1, $$2 }' +.PHONY: test test: ## Test flake outputs with "nix flake check" $(call IN_NIXSHELL,nix flake check) +.PHONY: update update: ## Update "flake.lock" $(call IN_NIXSHELL,nix flake update) +.PHONY: switch-home switch-home: ## Switch local home-manager config $(call IN_NIXSHELL,home-manager switch --flake .) +.PHONY: build-home build-home: ## Build local home-manager config $(call IN_NIXSHELL,home-manager build --flake .) +.PHONY: switch-nixos switch-nixos: ## Switch local NixOS config $(call IN_NIXSHELL,sudo nixos-rebuild switch --flake .#) +.PHONY: build-nixos build-nixos: ## Build local NixOS config $(call IN_NIXSHELL,sudo nixos-rebuild dry-activate --flake .#) # Default to connecting to the hostname directly ADDR=$(HOST) +.PHONY: remote-switch-nixos remote-switch-nixos: ## Switch a remote NixOS config (e.x. make remote-switch-nixos HOST="" USER="" ADDR="") ADDR defaults to HOST @if [[ -z "$(HOST)" || -z "$(USER)" || -z "$(ADDR)" ]]; then \ echo 'one or more variables are undefined'; \ @@ -47,3 +53,9 @@ remote-switch-nixos: ## Switch a remote NixOS config (e.x. make remote-switch-ni $(call IN_NIXSHELL,NIX_SSHOPTS=-t nixos-rebuild --flake ".#$(HOST)" \ --target-host "$(USER)@$(ADDR)" --use-remote-sudo switch) + +# Utility roles + +.PHONY: get-hosts +list-hosts: ## List NixOS configuration names + @$(call IN_NIXSHELL,nix flake show --json 2>/dev/null | jq -r ".nixosConfigurations | keys | .[] | @text") diff --git a/flake.lock b/flake.lock index e5d29cc..642f5ee 100644 --- a/flake.lock +++ b/flake.lock @@ -34,11 +34,11 @@ ] }, "locked": { - "lastModified": 1701196744, - "narHash": "sha256-ZCuplnqMIIPs5zCPgYEp+m7mHqFh8Fy0lJD3ybZ/h0w=", + "lastModified": 1701794742, + "narHash": "sha256-A4TZktNCr975ddMf4ShZwuB8x7USOYGCZ9Xwfits8gs=", "owner": "hercules-ci", "repo": "arion", - "rev": "39030b95666e018230dc9b85d76dc6e5b617ab87", + "rev": "da2141cd9383c8c1cdcd3364b1ba6c32058ba659", "type": "github" }, "original": { @@ -47,6 +47,27 @@ "type": "github" } }, + "crane": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1699218802, + "narHash": "sha256-5l0W4Q7z7A4BCstaF5JuBqXOVrZ3Vqst5+hUnP7EdUc=", + "owner": "ipetkov", + "repo": "crane", + "rev": "2d6c2aaff5a05e443eb15efddc21f9c73720340c", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -95,7 +116,7 @@ "inputs": { "flake-compat": "flake-compat_2", "nix": "nix", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "pre-commit-hooks": "pre-commit-hooks" }, "locked": { @@ -145,6 +166,22 @@ "type": "github" } }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -153,11 +190,11 @@ ] }, "locked": { - "lastModified": 1675933616, - "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", + "lastModified": 1701473968, + "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", + "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", "type": "github" }, "original": { @@ -168,14 +205,18 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": [ + "arion", + "hercules-ci-effects", + "nixpkgs" + ] }, "locked": { - "lastModified": 1688466019, - "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", + "lastModified": 1696343447, + "narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", + "rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4", "type": "github" }, "original": { @@ -186,18 +227,16 @@ "flake-parts_3": { "inputs": { "nixpkgs-lib": [ - "arion", - "hercules-ci-effects", - "hercules-ci-agent", + "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1688466019, - "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", + "lastModified": 1698882062, + "narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", + "rev": "8c9fa2545007b49a5db5f650ae91f227672c3877", "type": "github" }, "original": { @@ -236,9 +275,27 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flatpaks": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "utils": "utils_2" }, "locked": { @@ -278,72 +335,58 @@ "type": "github" } }, - "haskell-flake": { + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1675296942, - "narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=", - "owner": "srid", - "repo": "haskell-flake", - "rev": "c2cafce9d57bfca41794dc3b99c593155006c71e", + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", "type": "github" }, "original": { - "owner": "srid", - "ref": "0.1.0", - "repo": "haskell-flake", + "owner": "hercules-ci", + "repo": "gitignore.nix", "type": "github" } }, - "haskell-flake_2": { + "haskell-flake": { "locked": { - "lastModified": 1684780604, - "narHash": "sha256-2uMZsewmRn7rRtAnnQNw1lj0uZBMh4m6Cs/7dV5YF08=", + "lastModified": 1675296942, + "narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=", "owner": "srid", "repo": "haskell-flake", - "rev": "74210fa80a49f1b6f67223debdbf1494596ff9f2", + "rev": "c2cafce9d57bfca41794dc3b99c593155006c71e", "type": "github" }, "original": { "owner": "srid", - "ref": "0.3.0", + "ref": "0.1.0", "repo": "haskell-flake", "type": "github" } }, - "hercules-ci-agent": { - "inputs": { - "flake-parts": "flake-parts_3", - "haskell-flake": "haskell-flake_2", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1688568579, - "narHash": "sha256-ON0M56wtY/TIIGPkXDlJboAmuYwc73Hi8X9iJGtxOhM=", - "owner": "hercules-ci", - "repo": "hercules-ci-agent", - "rev": "367dd8cd649b57009a6502e878005a1e54ad78c5", - "type": "github" - }, - "original": { - "id": "hercules-ci-agent", - "type": "indirect" - } - }, "hercules-ci-effects": { "inputs": { "flake-parts": "flake-parts_2", - "hercules-ci-agent": "hercules-ci-agent", "nixpkgs": [ "arion", "nixpkgs" ] }, "locked": { - "lastModified": 1689397210, - "narHash": "sha256-fVxZnqxMbsDkB4GzGAs/B41K0wt/e+B/fLxmTFF/S20=", + "lastModified": 1701009247, + "narHash": "sha256-GuX16rzRze2y7CsewJLTV6qXkXWyEwp6VCZXi8HLruU=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "0a63bfa3f00a3775ea3a6722b247880f1ffe91ce", + "rev": "31b6cd7569191bfcd0a548575b0e2ef953ed7d09", "type": "github" }, "original": { @@ -359,11 +402,11 @@ ] }, "locked": { - "lastModified": 1701433070, - "narHash": "sha256-Gf9JStfENaUQ7YWFz3V7x/srIwr4nlnVteqaAxtwpgM=", + "lastModified": 1701728041, + "narHash": "sha256-x0pyrI1vC8evVDxCxyO6olOyr4wlFg9+VS3C3p4xFYQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "4a8545f5e737a6338814a4676dc8e18c7f43fc57", + "rev": "ac7216918cd65f3824ba7817dea8f22e61221eaf", "type": "github" }, "original": { @@ -372,6 +415,32 @@ "type": "github" } }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat_3", + "flake-parts": "flake-parts_3", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1701686621, + "narHash": "sha256-OAR4jhfldEGuXH8DB9w8YrFLcEsZsApWdYPsmJHwM/E=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "5655251a38f2a31f26aebae3e0d7fe0f5bd74683", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lanzaboote", + "type": "github" + } + }, "lowdown-src": { "flake": false, "locked": { @@ -419,11 +488,11 @@ ] }, "locked": { - "lastModified": 1700968077, - "narHash": "sha256-Lax+2g7G3Fe+ckMrHLYTl+97unbmNDmN1qS9MLBkxr4=", + "lastModified": 1701980277, + "narHash": "sha256-qSMnoUIZl3lyaAXgXGQ4qnA5jufnNrBAI0bYw7kJgtE=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "bd3aec0ecb0fdde863a7ed2c6caa220c47e22c07", + "rev": "ca1f1798f63ada20dffcb8b23039b00a597dafe9", "type": "github" }, "original": { @@ -455,11 +524,11 @@ ] }, "locked": { - "lastModified": 1696058303, - "narHash": "sha256-eNqKWpF5zG0SrgbbtljFOrRgFgRzCc4++TMFADBMLnc=", + "lastModified": 1701689616, + "narHash": "sha256-ewnfgvRy73HoP5KnYmy1Rcr4m4yShvsb6TCCaKoW8pc=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "150f38bd1e09e20987feacb1b0d5991357532fb5", + "rev": "246219bc21b943c6f6812bb7744218ba0df08600", "type": "github" }, "original": { @@ -470,11 +539,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1701250978, - "narHash": "sha256-ohu3cz4edjpGxs2qUTgbs0WrnewOX4crnUJNEB6Jox4=", + "lastModified": 1701656485, + "narHash": "sha256-xDFormrGCKKGqngHa2Bz1GTeKlFMMjLnHhTDRdMJ1hs=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "8772491ed75f150f02552c60694e1beff9f46013", + "rev": "fa194fc484fd7270ab324bb985593f71102e84d1", "type": "github" }, "original": { @@ -486,34 +555,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1688322751, - "narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0fbe93c5a7cac99f90b60bdf5f149383daaa615f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-lib": { - "locked": { - "dir": "lib", - "lastModified": 1688049487, - "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=", + "lastModified": 1678875422, + "narHash": "sha256-T3o6NcQPwXjxJMn2shz86Chch4ljXgZn746c2caGxd8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9", + "rev": "126f49a01de5b7e35a43fd43f891ecf6d3a51459", "type": "github" }, "original": { - "dir": "lib", "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -550,23 +601,23 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs-stable_2": { "locked": { - "lastModified": 1678875422, - "narHash": "sha256-T3o6NcQPwXjxJMn2shz86Chch4ljXgZn746c2caGxd8=", + "lastModified": 1685801374, + "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "126f49a01de5b7e35a43fd43f891ecf6d3a51459", + "rev": "c37ca420157f4abc31e26f436c1145f8951ff373", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-23.05", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_2": { "locked": { "lastModified": 1701156937, "narHash": "sha256-jpMJOFvOTejx211D8z/gz0ErRtQPy6RXxgD2ZB86mso=", @@ -582,13 +633,13 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { - "lastModified": 1701253981, - "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=", + "lastModified": 1701718080, + "narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58", + "rev": "2c7f3c0fb7c08a0814627611d9d7d45ab6d75335", "type": "github" }, "original": { @@ -626,6 +677,37 @@ "type": "github" } }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "gitignore": "gitignore_2", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_2" + }, + "locked": { + "lastModified": 1699271226, + "narHash": "sha256-8Jt1KW3xTjolD6c6OjJm9USx/jmL+VVmbooADCkdDfU=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "ea758da1a6dcde6dc36db348ed690d09b9864128", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -635,10 +717,36 @@ "flake-schemas": "flake-schemas", "flatpaks": "flatpaks", "home-manager": "home-manager", + "lanzaboote": "lanzaboote", "nix-index-database": "nix-index-database", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1699409596, + "narHash": "sha256-L3g1smIol3dGTxkUQOlNShJtZLvjLzvtbaeTRizwZBU=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "58240e1ac627cef3ea30c7732fedfb4f51afd8e7", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" } }, "systems": { @@ -656,6 +764,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1667395993, diff --git a/flake.nix b/flake.nix index 3720e78..bee7c96 100644 --- a/flake.nix +++ b/flake.nix @@ -10,6 +10,11 @@ }; # Provides hardware-specific NixOS modules nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + # Provides secureboot support + lanzaboote = { + url = "github:nix-community/lanzaboote"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # Reproducible build environment devenv.url = "github:cachix/devenv/latest"; # Provides a handy "command not found" nixpkgs hook @@ -49,6 +54,7 @@ nixpkgs, home-manager, nixos-hardware, + lanzaboote, devenv, nix-index-database, agenix, @@ -64,7 +70,7 @@ # Args passed to home-manager and nixos modules specialArgs = { - inherit devenv nixos-hardware nix-index-database agenix arion nixos-generators secrets keys flatpaks self; + inherit devenv nixos-hardware lanzaboote nix-index-database agenix arion nixos-generators secrets keys flatpaks self; }; homes = self.lib.mkHomes { @@ -77,6 +83,7 @@ "nikita@dionysus".system = "x86_64-linux"; "nikita@hades".system = "x86_64-linux"; "nikita@olympus".system = "x86_64-linux"; + "nikita@cochrane".system = "x86_64-linux"; "pi@raspberrypi4".system = "aarch64-linux"; }; }; @@ -113,6 +120,11 @@ username = "nikita"; system = "x86_64-linux"; }; + # My GPD Pocket 2 mini-pc + cochrane = { + username = "nikita"; + system = "x86_64-linux"; + }; raspberrypi4 = { username = "pi"; system = "aarch64-linux"; diff --git a/homes/nikita@cochrane.nix b/homes/nikita@cochrane.nix new file mode 100644 index 0000000..1f70e2b --- /dev/null +++ b/homes/nikita@cochrane.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: { + personal.vscode.enable = true; + personal.gnome.enable = true; + personal.gnome.enableGSConnect = true; + personal.fonts.enable = true; + personal.sectools.enable = true; + personal.firefox.enable = true; + personal.firefox.gnome-theme.enable = true; + personal.firefox.sideberry-autohide = { + enable = true; + profiles = [ "default" ]; + }; + + home.packages = with pkgs; [ + tor-browser-bundle-bin + ]; +} diff --git a/hosts/cochrane/default.nix b/hosts/cochrane/default.nix new file mode 100644 index 0000000..ba073cf --- /dev/null +++ b/hosts/cochrane/default.nix @@ -0,0 +1,31 @@ +{ self, ... }: +{ + imports = [ + ./hardware-configuration.nix + self.nixosModules.personal + ]; + + personal.gnome.enable = true; + + personal.networkmanager.enable = true; + personal.printing.enable = true; + personal.steam.enable = true; + personal.docker.enable = true; + #personal.virtualbox.enable = true; + personal.vpn.enable = true; + personal.wireshark.enable = true; + personal.flatpak.enable = true; + personal.zsa.enable = true; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.supportedFilesystems = [ "ntfs" ]; + + boot.kernelParams = [ "fbcon=rotate:1" ]; + + users.users.nikita = { + description = "Nikita Wootten"; + }; +} diff --git a/hosts/cochrane/hardware-configuration.nix b/hosts/cochrane/hardware-configuration.nix new file mode 100644 index 0000000..ce2a715 --- /dev/null +++ b/hosts/cochrane/hardware-configuration.nix @@ -0,0 +1,39 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/64ed8061-a49f-46e9-b0b8-7df801319fff"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/CB95-E5D4"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/c4665fe9-5c55-44c9-ac7f-e531ac40b2c6"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/packages/oscal-deep-diff/default.nix b/packages/oscal-deep-diff/default.nix index 55a263f..83ea578 100644 --- a/packages/oscal-deep-diff/default.nix +++ b/packages/oscal-deep-diff/default.nix @@ -1,6 +1,5 @@ -# Disclaimer: Although I am the author and current maintainer of -# OSCAL-deep-diff, and while I work on this project as part of my job, this is -# not an official package endorsed by my organization. +# Disclaimer: Although I am the author of OSCAL-deep-diff, this is not an +# official package endorsed by NIST. { pkgs ? let lock = (builtins.fromJSON (builtins.readFile ../../flake.lock)).nodes.nixpkgs.locked; nixpkgs = fetchTarball { diff --git a/shell.nix b/shell.nix index ecc22fd..72c266a 100644 --- a/shell.nix +++ b/shell.nix @@ -25,5 +25,8 @@ pkgs.mkShell { # Editor support nixpkgs-fmt nil + + # Secureboot + sbctl ]; }