Add NixOS configuration for ringtail workstation (#207)

## Summary - NixOS flake for ringtail (gaming/compute workstation, RTX 4080) in `nixos/ringtail/` - Declarative disk partitioning via disko (GPT, 512M EFI + ext4 root on NVMe) - NVIDIA proprietary drivers, sway/Wayland desktop, greetd, PipeWire, Steam - Tailscale integration for tailnet connectivity - Ansible playbook + `mise run provision-ringtail` for ongoing management - Pulumi auth key (`tag:homelab`, `tag:blumeops`) for tailnet bootstrap ## Deployment Order 1. **Merge PR** 2. `pulumi up` in tailscale stack → creates auth key 3. Retrieve auth key: `pulumi stack output ringtail_authkey --show-secrets` 4. On ringtail NixOS installer: - `nix run github:nix-community/disko -- --mode disko /tmp/disk-config.nix` (or from cloned repo) - `nixos-install --flake github:eblume/blumeops?dir=nixos/ringtail#ringtail` 5. Reboot, `tailscale up --auth-key=<key>` 6. Verify: `tailscale status`, SSH from gilbert ## Test plan - [ ] Review NixOS configuration for completeness - [ ] Verify disko partition layout matches ringtail hardware - [ ] Run `pulumi preview` for tailscale stack - [ ] Install NixOS on ringtail - [ ] Confirm tailscale connectivity - [ ] Confirm sway desktop works - [ ] Test `mise run provision-ringtail` for ongoing management 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/207
2026-02-18 08:24:25 -08:00 · 2026-02-18 08:24:25 -08:00 · b9d813cde1
commit b9d813cde1
parent 5f9b024b4a
9 changed files with 281 additions and 1 deletions
--- a/nixos/ringtail/configuration.nix
+++ b/nixos/ringtail/configuration.nix
@ -0,0 +1,104 @@
+{ config, pkgs, ... }:
+
+{
+  # Bootloader
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # Networking
+  networking.hostName = "ringtail";
+  networking.networkmanager.enable = true;
+
+  # Time zone
+  time.timeZone = "America/Los_Angeles";
+
+  # Locale
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  # NVIDIA proprietary drivers
+  hardware.graphics.enable = true;
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware.nvidia = {
+    modesetting.enable = true;
+    open = false; # Use proprietary driver for RTX 4080
+    nvidiaSettings = true;
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+  };
+
+  # Wayland / Sway
+  programs.sway = {
+    enable = true;
+    wrapperFeatures.gtk = true;
+    extraPackages = with pkgs; [
+      swaylock
+      swayidle
+      wezterm # terminal
+      wmenu # app launcher
+      mako # notifications
+      grim # screenshots
+      slurp # region selection
+    ];
+  };
+  security.polkit.enable = true;
+
+  # Enable greetd as display manager for sway
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway";
+        user = "greeter";
+      };
+    };
+  };
+
+  # PipeWire for audio
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    pulse.enable = true;
+  };
+
+  # Steam
+  programs.steam = {
+    enable = true;
+    dedicatedServer.openFirewall = true;
+  };
+
+  # Tailscale
+  services.tailscale.enable = true;
+
+  # SSH
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+    };
+  };
+
+  # User account
+  users.users.eblume = {
+    isNormalUser = true;
+    initialPassword = "changeme";
+    extraGroups = [ "wheel" "networkmanager" "video" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmh1SSCdDAyu3vkSQH7kAXEPDi8APyjo9JXDTjtha2j"
+    ];
+  };
+
+  # System packages
+  environment.systemPackages = with pkgs; [
+    git
+    vim
+    htop
+    curl
+    wget
+  ];
+
+  # Enable nix flakes
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # NixOS release
+  system.stateVersion = "25.11";
+}