work

2026-01-11 01:34:08 -05:00 · 2025-05-29 09:44:28 -04:00 · 2025-05-29 09:44:28 -04:00 · db1cddb143
commit db1cddb143
parent 4b38b8bd2c
4 changed files with 217 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -18,6 +18,7 @@
  - `nixos` - machine specific configurations for NixOS-based hosts
    - `Parzival` - Primary Box - Ryzen 5 7600 - 32GB DDR5 - RX 7800 XT
    - `Incarceron` - Work issued framework 13 - AMD Ryzen 7 7840U - 32GB DDR5
+    - `Bulwark` - Forensics and RE VM
 - `home/<user>` - Home-manager configurations, built automatically during host
  rebuilds.
  - `common` - Shared home-manager configurations consumed the user's machine
--- a/hosts/common/disks/btrfs-disk.nix
+++ b/hosts/common/disks/btrfs-disk.nix
@ -0,0 +1,64 @@
+# NOTE: ... is needed because dikso passes diskoFile
+{
+  lib,
+  disk ? "/dev/vda",
+  withSwap ? false,
+  swapSize,
+  ...
+}: {
+  disko.devices = {
+    disk = {
+      disk0 = {
+        type = "disk";
+        device = disk;
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              priority = 1;
+              name = "ESP";
+              start = "1M";
+              end = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = ["defaults"];
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "btrfs";
+                extraArgs = ["-f"]; # Override existing partition
+                # Subvolumes must set a mountpoint in order to be mounted,
+                # unless their parent is mounted
+                subvolumes = {
+                  "@root" = {
+                    mountpoint = "/";
+                    mountOptions = [
+                      "compress=zstd"
+                      "noatime"
+                    ];
+                  };
+                  "@nix" = {
+                    mountpoint = "/nix";
+                    mountOptions = [
+                      "compress=zstd"
+                      "noatime"
+                    ];
+                  };
+                  "@swap" = lib.mkIf withSwap {
+                    mountpoint = "/.swapvol";
+                    swap.swapfile.size = "${swapSize}G";
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/nixos/Bulwark/default.nix
+++ b/hosts/nixos/Bulwark/default.nix
@ -0,0 +1,51 @@
+##################################
+#                                #
+# Bulwark - Forensincs and RE VM #
+#                                #
+##################################
+{
+  inputs,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = lib.flatten [
+    # Hardware
+    ./hardware-configuration.nix # I want to use factor if possible
+
+    # Disks
+    inputs.disko.nixosModules.disko
+    (lib.custom.relativeToRoot "hosts/common/disks/btrfs-disk.nix")
+    {
+      _module.args = {
+        disk = "/dev/vda";
+        withSwap = false;
+      };
+    }
+
+    # Misc
+    # inputs.stylix.nixosModules.stylix
+
+    (map lib.custom.relativeToRoot [
+      # Required configs
+      "hosts/common/core"
+
+      # Optional configs
+    ])
+  ];
+
+  hostSpec = {
+    hostName = "bulwark";
+  };
+
+  networking = {
+    networkmanager.enable = true;
+    enableIPv6 = false;
+  };
+
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+    timeout = 3;
+  };
+}
--- a/modules/common/host-spec.nix
+++ b/modules/common/host-spec.nix
@ -0,0 +1,101 @@
+# Specifications For Differentiating Hosts
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  options.hostSpec = {
+    # Data variables that don't dictate configuration settings
+    username = lib.mkOption {
+      type = lib.types.str;
+      description = "The username of the host";
+    };
+    hostName = lib.mkOption {
+      type = lib.types.str;
+      description = "The hostname of the host";
+    };
+    email = lib.mkOption {
+      type = lib.types.attrsOf lib.types.str;
+      description = "The email of the user";
+    };
+    networking = lib.mkOption {
+      default = {};
+      type = lib.types.attrsOf lib.types.anything;
+      description = "An attribute set of networking information";
+    };
+    wifi = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Used to indicate if a host has wifi";
+    };
+    domain = lib.mkOption {
+      type = lib.types.str;
+      description = "The domain of the host";
+    };
+    userFullName = lib.mkOption {
+      type = lib.types.str;
+      description = "The full name of the user";
+    };
+    handle = lib.mkOption {
+      type = lib.types.str;
+      description = "The handle of the user (eg: github user)";
+    };
+    home = lib.mkOption {
+      type = lib.types.str;
+      description = "The home directory of the user";
+      default = let
+        user = config.hostSpec.username;
+      in
+        if pkgs.stdenv.isLinux
+        then "/home/${user}"
+        else "/Users/${user}";
+    };
+    persistFolder = lib.mkOption {
+      type = lib.types.str;
+      description = "The folder to persist data if impermenance is enabled";
+      default = "";
+    };
+
+    # Configuration Settings
+    isMinimal = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Used to indicate a minimal host";
+    };
+    isMobile = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Used to indicate a mobile host";
+    };
+    isProduction = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Used to indicate a production host";
+    };
+    isServer = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Used to indicate a server host";
+    };
+    # Sometimes we can't use pkgs.stdenv.isLinux due to infinite recursion
+    isDarwin = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Used to indicate a host that is darwin";
+    };
+  };
+
+  config = {
+    assertions = let
+      # We import these options to HM and NixOS, so need to not fail on HM
+      isImpermanent =
+        config ? "system" && config.system ? "impermanence" && config.system.impermanence.enable;
+    in [
+      {
+        assertion = !isImpermanent || (isImpermanent && !("${config.hostSpec.persistFolder}" == ""));
+        message = "config.system.impermanence.enable is true but no persistFolder path is provided";
+      }
+    ];
+  };
+}