cyclone: Initial revision

flake.lock

@@ -37,11 +37,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723399884,
+        "lastModified": 1724435763,
-        "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=",
+        "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "086f619dd991a4d355c07837448244029fc2d9ab",
+        "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be",
         "type": "github"
       },
       "original": {
@@ -72,11 +72,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722924007,
+        "lastModified": 1724561770,
-        "narHash": "sha256-+CQDamNwqO33REJLft8c26NbUi2Td083hq6SvAm2xkU=",
+        "narHash": "sha256-zv8C9RNa86CIpyHwPIVO/k+5TfM8ZbjGwOOpTe1grls=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "91010a5613ffd7ee23ee9263213157a1c422b705",
+        "rev": "ac5694a0b855a981e81b4d9f14052e3ff46ca39e",
         "type": "github"
       },
       "original": {
@@ -87,11 +87,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1723362943,
+        "lastModified": 1724479785,
-        "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=",
+        "narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "a58bc8ad779655e790115244571758e8de055e3d",
+        "rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be",
         "type": "github"
       },
       "original": {

flake.nix

@@ -103,6 +103,7 @@
 
       # We provide a NixOS module for easy usage within other system flakes.
       # (Again, we assume a default name of `spotlight` under Linux.)
+      # TODO(spotlightishere): Have this module accept arguments that we can pass on
       nixosModules.default = {
         imports = [
           home-manager.nixosModules.home-manager
@@ -117,6 +118,25 @@
         ];
       };
 
+      # We define a NixOS configuration for a PC workstation.
+      nixosConfigurations.cyclone = nixpkgs.lib.nixosSystem {
+        modules = [
+          ./hosts/cyclone/configuration.nix
+          ./hosts/cyclone/hardware-configuration.nix
+
+          home-manager.nixosModules.home-manager
+          {
+            nixpkgs.overlays = [ self.overlays.default ];
+            home-manager = {
+              useGlobalPkgs = true;
+              useUserPackages = true;
+              users.spotlight = import ./home/home.nix;
+              extraSpecialArgs = { desktop = true; gpg = true; };
+            };
+          }
+        ];
+      };
+
       # We define a default Darwin configuration via nix-darwin.
       darwinConfigurations."spotlights-macbook-air" = nix-darwin.lib.darwinSystem {
         modules = [

hosts/cyclone/README.md

@@ -0,0 +1,4 @@
+# cyclone
+`cyclone` is my primary PC workstation. Its name is worryingly appropriate - look at it wrong, and its fans rival the roar of hurricanes.
+
+It has an AMD Ryzen™ 7 7700X alongside a NVIDIA GeForce RTX 3070 Ti. As such, it requires Nvidia drivers.

hosts/cyclone/configuration.nix

@@ -0,0 +1,124 @@
+{ config, lib, pkgs, ... }:
+
+{
+  networking = {
+    hostName = "cyclone";
+    domain = "host.fox-int.cloud";
+    hostId = "79696666";
+    networkmanager.enable = true;
+    # useNetworkd = true;
+
+    # Use a set of known-good nameservers.
+    nameservers = [
+      # Quad9
+      "2620:fe::fe"
+      "9.9.9.9"
+      # Cloudflare
+      "2606:4700:4700::1111"
+      "1.1.1.1"
+    ];
+  };
+
+  nix.settings.experimental-features = [ "flakes" "nix-command" ];
+
+  # Select internationalisation properties.
+  time.timeZone = "America/Chicago";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  # General service configuration.
+  services = {
+    xserver = {
+      enable = true;
+
+      # GNOME!
+      desktopManager.gnome.enable = true;
+      displayManager.gdm.enable = true;
+
+      # Nvidia driver support.
+      videoDrivers = [ "nvidia" ];
+    };
+
+    # CUPS might be nice.
+    printing.enable = true;
+
+    # Audio support.
+    pipewire = {
+      enable = true;
+      pulse.enable = true;
+    };
+
+    # We'd like SSH available.
+    openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false;
+        PermitRootLogin = "no";
+      };
+    };
+  };
+
+  hardware = {
+    # Pipewire conflicts with PulseAudio.
+    pulseaudio.enable = false;
+
+    # Nvidia
+    graphics.enable = true;
+    nvidia = {
+      modesetting.enable = true;
+
+      # The open source drivers are now recommended.
+      open = true;
+      package = config.boot.kernelPackages.nvidiaPackages.beta;
+    };
+
+    # AMD
+    cpu.amd.updateMicrocode = true;
+  };
+
+  # Hey, world!
+  users.users.spotlight = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQQO+c8ygVzRt55Z9qekqItSjYiw381cFPOqX+vGAGT MacBook Air 2020 macOS"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/gyX9b80oml6z3UGOxVMJk/NS8R5w9NEITJcKb0MnU MacBook Air 2020 NixOS"
+    ];
+    shell = pkgs.zsh;
+  };
+
+  nixpkgs = {
+    hostPlatform = lib.mkDefault "x86_64-linux";
+
+    # Regretfully, we use a few non-free packages:
+    config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+      # Nvidia
+      "nvidia-x11"
+      "nvidia-settings"
+      "nvidia-persistenced"
+      # Visual Studio Code
+      "vscode"
+      # Discord
+      "discord"
+    ];
+  };
+
+  # Standard system utilities.
+  # The bulk of user-specific packages should go within the home-manager configuration.
+  environment.systemPackages = with pkgs; [
+    discord
+    htop
+    git
+    gnome-tweaks
+    firefox
+    tmux
+    vim
+    vscode
+    wget
+  ];
+
+  programs.gnupg.agent.enable = true;
+  programs.zsh.enable = true;
+
+  # Please do not change this without reviewing release notes upstream.
+  system.stateVersion = "24.11";
+}

hosts/cyclone/hardware-configuration.nix

@@ -0,0 +1,80 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot = {
+    # We'll use systemd-boot.
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+
+    initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+    # Use the latest kernel.
+    # As such, we'll also use unstable ZFS.
+    kernelPackages = pkgs.linuxPackages_latest;
+    zfs = {
+      package = pkgs.zfs_unstable;
+      # For reasons unbeknownst to humanity, this drive
+      # appears to keep changing identifiers or similar.
+      # Prefer by-partuuid instead.
+      #
+      # (We could also do by-uuid, but it'd be best not
+      # to have a drive's serial number publicly.)
+      devNodes = "/dev/disk/by-uuid";
+    };
+
+    kernelModules = [ "kvm-amd" ];
+  };
+
+  # Configured ZFS datasets.
+  fileSystems = {
+    "/" = {
+      device = "rpool/ROOT/nixos";
+      fsType = "zfs";
+    };
+
+    "/home" = {
+      device = "rpool/home";
+      fsType = "zfs";
+    };
+
+    "/home/spotlight" = {
+      device = "rpool/home/spotlight";
+      fsType = "zfs";
+    };
+
+    "/root" = {
+      device = "rpool/root";
+      fsType = "zfs";
+    };
+
+    "/var/lib" = {
+      device = "rpool/var/lib";
+      fsType = "zfs";
+    };
+
+    "/var/log" = {
+      device = "rpool/var/log";
+      fsType = "zfs";
+    };
+
+    "/nix" = {
+      device = "rpool/nix";
+      fsType = "zfs";
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/7E20-ABDB";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+  };
+
+  # ZFS is not a fan of swap.
+  swapDevices = [ ];
+}