aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--flake.lock79
-rw-r--r--flake.nix99
-rw-r--r--home/nipsy/common/core/default.nix41
-rw-r--r--home/nipsy/richese.nix7
-rw-r--r--hosts/common/core/default.nix13
-rw-r--r--hosts/richese/default.nix200
-rw-r--r--hosts/richese/disks.nix98
-rw-r--r--hosts/richese/hardware-configuration.nix46
-rw-r--r--modules/home-manager/default.nix6
-rw-r--r--modules/nixos/default.nix6
-rw-r--r--overlays/default.nix26
-rw-r--r--pkgs/default.nix6
-rwxr-xr-xscripts/install-with-disko68
13 files changed, 534 insertions, 161 deletions
diff --git a/flake.lock b/flake.lock
index 56ff815..21edfe3 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,25 @@
{
"nodes": {
+ "disko": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs-unstable"
+ ]
+ },
+ "locked": {
+ "lastModified": 1712798444,
+ "narHash": "sha256-aAksVB7zMfBQTz0q2Lw3o78HM3Bg2FRziX2D6qnh+sk=",
+ "owner": "nix-community",
+ "repo": "disko",
+ "rev": "a297cb1cb0337ee10a7a0f9517954501d8f6f74d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "disko",
+ "type": "github"
+ }
+ },
"hardware": {
"locked": {
"lastModified": 1711352745,
@@ -15,37 +35,58 @@
"type": "github"
}
},
- "home-manager": {
+ "home-manager-stable": {
"inputs": {
"nixpkgs": [
- "nixpkgs"
+ "nixpkgs-stable"
]
},
"locked": {
- "lastModified": 1712093955,
- "narHash": "sha256-94I0sXz6fiVBvUAk2tg6t3UpM5rOImj4JTSTNFbg64s=",
+ "lastModified": 1712386041,
+ "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "80546b220e95a575c66c213af1b09fe255299438",
+ "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff",
"type": "github"
},
"original": {
"owner": "nix-community",
+ "ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
- "nixpkgs": {
+ "home-manager-unstable": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs-unstable"
+ ]
+ },
+ "locked": {
+ "lastModified": 1712759992,
+ "narHash": "sha256-2APpO3ZW4idlgtlb8hB04u/rmIcKA8O7pYqxF66xbNY=",
+ "owner": "nix-community",
+ "repo": "home-manager",
+ "rev": "31357486b0ef6f4e161e002b6893eeb4fafc3ca9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "home-manager",
+ "type": "github"
+ }
+ },
+ "nixpkgs-stable": {
"locked": {
- "lastModified": 1712168706,
- "narHash": "sha256-XP24tOobf6GGElMd0ux90FEBalUtw6NkBSVh/RlA6ik=",
- "owner": "NixOS",
+ "lastModified": 1712806230,
+ "narHash": "sha256-L5Y0jrTeoIlDjKxZTWUolElXA3fkEwOm7Tp1w3Zna08=",
+ "owner": "nixos",
"repo": "nixpkgs",
- "rev": "1487bdea619e4a7a53a4590c475deabb5a9d1bfb",
+ "rev": "4e26a9254caa61f6599357cbaba9df7ff6ee0b0e",
"type": "github"
},
"original": {
- "owner": "NixOS",
+ "owner": "nixos",
"ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
@@ -53,15 +94,15 @@
},
"nixpkgs-unstable": {
"locked": {
- "lastModified": 1712122226,
- "narHash": "sha256-pmgwKs8Thu1WETMqCrWUm0CkN1nmCKX3b51+EXsAZyY=",
- "owner": "NixOS",
+ "lastModified": 1712608508,
+ "narHash": "sha256-vMZ5603yU0wxgyQeHJryOI+O61yrX2AHwY6LOFyV1gM=",
+ "owner": "nixos",
"repo": "nixpkgs",
- "rev": "08b9151ed40350725eb40b1fe96b0b86304a654b",
+ "rev": "4cba8b53da471aea2ab2b0c1f30a81e7c451f4b6",
"type": "github"
},
"original": {
- "owner": "NixOS",
+ "owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
@@ -69,9 +110,11 @@
},
"root": {
"inputs": {
+ "disko": "disko",
"hardware": "hardware",
- "home-manager": "home-manager",
- "nixpkgs": "nixpkgs",
+ "home-manager-stable": "home-manager-stable",
+ "home-manager-unstable": "home-manager-unstable",
+ "nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable"
}
}
diff --git a/flake.nix b/flake.nix
index 719b19a..ba3005f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,69 +2,60 @@
description = "nipsy's NixOS configuration";
inputs = {
+ disko.url = "github:nix-community/disko";
+ disko.inputs.nixpkgs.follows = "nixpkgs-unstable";
+
hardware.url = "github:nixos/nixos-hardware";
- home-manager = {
+ home-manager-stable = {
+ url = "github:nix-community/home-manager/release-23.11";
+ inputs.nixpkgs.follows = "nixpkgs-stable";
+ };
+
+ home-manager-unstable = {
url = "github:nix-community/home-manager";
- inputs.nixpkgs.follows = "nixpkgs";
+ inputs.nixpkgs.follows = "nixpkgs-unstable";
};
- nixpkgs.url = "github:NixOS/nixpkgs/release-23.11";
- nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+ nixpkgs-stable.url = "github:nixos/nixpkgs/release-23.11";
+ nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
};
- outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, ... } @ inputs:
- let
- inherit (self) outputs;
- lib = nixpkgs.lib // home-manager.lib;
- systems = [
- "x86_64-linux"
- # "aarch64-linux"
- # "x86_64-darwin"
- #"aarch64-darwin"
- # "i686-linux"
- ];
- forEachSystem = f: lib.genAttrs systems (system: f pkgsFor.${system});
- pkgsFor = lib.genAttrs systems (system: import nixpkgs {
- inherit system;
- config.allowUnfree = true;
- });
- in
- {
- inherit lib;
-
- # Custom modules to enable special functionality for nixos or home-manager oriented configs.
- nixosModules = import ./modules/nixos;
- homeManagerModules = import ./modules/home-manager;
-
- # Custom modifications/overrides to upstream packages.
- overlays = import ./overlays { inherit inputs outputs; };
-
- # Your custom packages meant to be shared or upstreamed.
- # Accessible through 'nix build', 'nix shell', etc
- packages = forEachSystem (pkgs: import ./pkgs { inherit pkgs; });
-
- # nixos-rebuild switch --flake .#hostname'
- nixosConfigurations = {
- ginaz = nixpkgs-unstable.lib.nixosSystem rec {
- system = "x86_64-linux";
- modules = [
- {
- nixpkgs.config.pkgs = import nixpkgs-unstable { inherit system; };
- }
- ./hosts/ginaz
- ];
- specialArgs = { inherit inputs outputs; };
- };
+ outputs = inputs@{ home-manager-stable, home-manager-unstable, nixpkgs-stable, nixpkgs-unstable, ... }: rec {
+ nixosConfigurations = {
+ ginaz = nixpkgs-unstable.lib.nixosSystem {
+ pkgs = pkgs-unstable;
+ system = "x86_64-linux";
+ modules = [
+ ./hosts/ginaz
+ home-manager-unstable.nixosModules.home-manager {
+ home-manager.users.nipsy = import ./home/nipsy/ginaz.nix;
+ }
+ ];
};
- # home-manager switch --flake .#primary-username@hostname'
- homeConfigurations = {
- "nipsy@ginaz" = lib.homeManagerConfiguration {
- modules = [ ./home/nipsy/ginaz.nix ];
- pkgs = pkgsFor.x86_64-linux;
- extraSpecialArgs = { inherit inputs outputs; };
- };
+ richese = nixpkgs-unstable.lib.nixosSystem {
+ pkgs = pkgs-unstable;
+ system = "x86_64-linux";
+ modules = [
+ ./hosts/richese
+ home-manager-unstable.nixosModules.home-manager {
+ home-manager.users.nipsy = import ./home/nipsy/richese.nix;
+ }
+ ];
};
};
+
+ pkgs-stable = import nixpkgs-stable {
+ system = "x86_64-linux";
+ config.allowUnfree = true;
+ overlays = [(import ./pkgs)];
+ };
+
+ pkgs-unstable = import nixpkgs-unstable {
+ system = "x86_64-linux";
+ config.allowUnfree = true;
+ overlays = [(import ./pkgs)];
+ };
+ };
}
diff --git a/home/nipsy/common/core/default.nix b/home/nipsy/common/core/default.nix
index 6903d90..821fbfd 100644
--- a/home/nipsy/common/core/default.nix
+++ b/home/nipsy/common/core/default.nix
@@ -8,7 +8,7 @@
./tmux
./vim
./zsh
- ] ++ (builtins.attrValues outputs.homeManagerModules);
+ ];
home = {
username = lib.mkDefault "nipsy";
@@ -16,40 +16,11 @@
stateVersion = lib.mkDefault "23.11";
};
- home.packages = builtins.attrValues {
- inherit (pkgs)
-
- borgbackup
- btop
- coreutils
- eza
- fd
- findutils
- fzf
- jq
- nix-tree
- ncdu
- pciutils
- pfetch
- pre-commit
- p7zip
- ripgrep
- usbutils
- tree
- unzip
- unrar
- wget
- zip;
- };
-
- nixpkgs = {
- overlays = builtins.attrValues outputs.overlays;
- config = {
- allowUnfree = true;
- # Workaround for https://github.com/nix-community/home-manager/issues/2942
- allowUnfreePredicate = (_: true);
- };
- };
+ #home.packages = builtins.attrValues {
+ # inherit (pkgs)
+ # wget
+ # zip;
+ #};
nix = {
package = lib.mkDefault pkgs.nix;
diff --git a/home/nipsy/richese.nix b/home/nipsy/richese.nix
new file mode 100644
index 0000000..17d39fd
--- /dev/null
+++ b/home/nipsy/richese.nix
@@ -0,0 +1,7 @@
+{ inputs, lib, pkgs, config, outputs, ... }:
+{
+ imports = [
+ common/core
+ common/optional/desktops
+ ];
+}
diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix
index 8d19a9f..5fefe2d 100644
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@@ -1,21 +1,10 @@
{ inputs, outputs, ... }: {
imports = [
- inputs.home-manager.nixosModules.home-manager
./locale.nix
./nix.nix
./shells.nix
./zsh.nix
- ] ++ (builtins.attrValues outputs.nixosModules);
-
- home-manager.extraSpecialArgs = { inherit inputs outputs; };
-
- nixpkgs = {
- # you can add global overlays here
- overlays = builtins.attrValues outputs.overlays;
- config = {
- allowUnfree = true;
- };
- };
+ ];
hardware.enableRedistributableFirmware = true;
}
diff --git a/hosts/richese/default.nix b/hosts/richese/default.nix
new file mode 100644
index 0000000..f068784
--- /dev/null
+++ b/hosts/richese/default.nix
@@ -0,0 +1,200 @@
+{ config, pkgs, ... }: {
+ boot = {
+ initrd.kernelModules = [ "zfs" ];
+ kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+ loader.grub.device = "/dev/sda";
+ supportedFilesystems = [ "zfs" ];
+ zfs.devNodes = "/dev/disk/by-label";
+ };
+
+ documentation.dev.enable = true;
+ documentation.man.enable = true;
+
+ environment.systemPackages = with pkgs; [
+ acl
+ ansible
+ autoconf
+ automake
+ bash
+ bc
+ bind
+ binutils
+ bpftools
+ bzip2
+ cmake
+ colordiff
+ conntrack-tools
+ coreutils
+ cpio
+ curl
+ diffutils
+ dig
+ dmenu
+ enscript
+ ethtool
+ evince
+ expect
+ feh
+ file
+ findutils
+ fio
+ fortune
+ fping
+ gcc
+ gcr
+ geeqie
+ ghostscript
+ #gimp-with-plugins
+ gimp
+ git
+ gnugrep
+ gnupatch
+ gnused
+ gnutar
+ google-chrome
+ gv
+ gzip
+ helm
+ i3
+ i3status
+ imagemagick
+ inkscape
+ inxi
+ iotop
+ ipcalc
+ iperf
+ iproute2
+ iputils
+ jq
+ less
+ libreoffice
+ lshw
+ lsof
+ lvm2
+ mariadb
+ mutt
+ nano
+ netcat-openbsd
+ nettools
+ nix-index
+ nmap
+ oath-toolkit
+ openldap
+ openssl
+ openstackclient
+ patchelf
+ (pass.withExtensions (ext: with ext; [pass-otp]))
+ pass
+ pavucontrol
+ pciutils
+ perl
+ pkg-config
+ polkit_gnome
+ poppler_utils
+ procps
+ psmisc
+ pv
+ pwgen
+ python3
+ qpwgraph
+ qrencode
+ recode
+ rsync
+ sqlite
+ st
+ stoken
+ strace
+ sysstat
+ tcpdump
+ traceroute
+ tree
+ unixtools.xxd
+ unrar
+ unzip
+ util-linux
+ vim
+ virtualenv
+ wdiff
+ weechat
+ wget
+ wireshark
+ whois
+ xclip
+ xdotool
+ xorg.xdpyinfo
+ xsnow
+ xz
+ zip
+ zstd
+ ];
+
+ imports = [
+ ./hardware-configuration.nix
+ ../common/core
+ ../common/optional/pipewire.nix
+ ../common/optional/services/openssh.nix
+ ../common/optional/services/xorg.nix
+ ../common/optional/zfs.nix
+ ../common/users/nipsy
+ ../common/users/root
+ ];
+
+ networking = {
+ hostId = "2d990f74";
+ hostName = "richese";
+ nftables.enable = true;
+ };
+
+ programs.atop.enable = true;
+ programs.firefox.enable = true;
+ programs.gnupg.agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+ programs.iftop.enable = true;
+ programs.mtr.enable = true;
+ programs.tmux.enable = true;
+ programs.zsh.enable = true;
+
+ security.polkit = {
+ enable = true;
+ extraConfig = ''
+ polkit.addRule(function(action, subject) {
+ if (
+ subject.isInGroup("users")
+ && (
+ action.id == "org.freedesktop.login1.reboot" ||
+ action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
+ action.id == "org.freedesktop.login1.power-off" ||
+ action.id == "org.freedesktop.login1.power-off-multiple-sessions"
+ )
+ )
+ {
+ return polkit.Result.YES;
+ }
+ })
+ '';
+ };
+
+ systemd = {
+ user.services.polkit-gnome-authentication-agent-1 = {
+ description = "polkit-gnome-authentication-agent-1";
+ wantedBy = [ "graphical-session.target" ];
+ wants = [ "graphical-session.target" ];
+ after = [ "graphical-session.target" ];
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+ Restart = "on-failure";
+ RestartSec = 1;
+ TimeoutStopSec = 10;
+ };
+ };
+ };
+
+ system.stateVersion = "23.11";
+
+ virtualisation.virtualbox.guest.enable = true;
+ # no longer in unstable apparently
+ #virtualisation.virtualbox.guest.x11 = true;
+}
diff --git a/hosts/richese/disks.nix b/hosts/richese/disks.nix
new file mode 100644
index 0000000..9f05d48
--- /dev/null
+++ b/hosts/richese/disks.nix
@@ -0,0 +1,98 @@
+{
+ disko.devices = {
+ disk = {
+ sda = {
+ type = "disk";
+ device = "/dev/sda";
+ content = {
+ type = "gpt";
+ partitions = {
+ boot = {
+ size = "4M";
+ type = "EF02";
+ };
+ ESP = {
+ size = "1G";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ mountOptions = [ "defaults" ];
+ extraArgs = [ "-n boot" ];
+ };
+ };
+ swap = {
+ size = "16G";
+ type = "8200";
+ content = {
+ type = "swap";
+ extraArgs = [ "-L swap" ];
+ };
+ };
+ rpool = {
+ size = "100%";
+ content = {
+ type = "zfs";
+ pool = "rpool";
+ };
+ };
+ };
+ };
+ };
+ };
+ zpool = {
+ rpool = {
+ type = "zpool";
+ rootFsOptions = {
+ acltype = "posixacl";
+ dnodesize = "auto";
+ xattr = "sa";
+ relatime = "on";
+ normalization = "formD";
+ encryption = "aes-256-gcm";
+ keyformat = "passphrase";
+ keylocation = "file:///tmp/data.keyfile";
+ compression = "on";
+ };
+ postCreateHook = ''
+ zfs set keylocation="prompt" rpool
+ '';
+ options = {
+ ashift = "12";
+ #autotrim = "on";
+ };
+ datasets = {
+ "local/root" = {
+ type = "zfs_fs";
+ options.mountpoint = "legacy";
+ mountpoint = "/";
+ };
+ "local/nix" = {
+ type = "zfs_fs";
+ options = {
+ atime = "off";
+ mountpoint = "legacy";
+ };
+ mountpoint = "/nix";
+ };
+ "user/home" = {
+ type = "zfs_fs";
+ options.mountpoint = "legacy";
+ mountpoint = "/home";
+ };
+ "user/home/root" = {
+ type = "zfs_fs";
+ options.mountpoint = "legacy";
+ mountpoint = "/root";
+ };
+ "user/home/nipsy" = {
+ type = "zfs_fs";
+ options.mountpoint = "legacy";
+ mountpoint = "/home/nipsy";
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/hosts/richese/hardware-configuration.nix b/hosts/richese/hardware-configuration.nix
new file mode 100644
index 0000000..dc9fd42
--- /dev/null
+++ b/hosts/richese/hardware-configuration.nix
@@ -0,0 +1,46 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ #(modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "rpool/local/root";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-label/boot";
+ fsType = "vfat";
+ };
+
+ fileSystems."/nix" =
+ { device = "rpool/local/nix";
+ fsType = "zfs";
+ };
+
+ fileSystems."/root" =
+ { device = "rpool/user/home/root";
+ fsType = "zfs";
+ };
+
+ fileSystems."/home/nipsy" =
+ { device = "rpool/user/home/nipsy";
+ fsType = "zfs";
+ };
+
+ swapDevices =
+ [ { device = "/dev/disk/by-label/swap"; }
+ ];
+
+ virtualisation.virtualbox.guest.enable = true;
+}
diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix
deleted file mode 100644
index 45aae31..0000000
--- a/modules/home-manager/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-# Add your reusable home-manager modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
-# These should be stuff you would like to share with others, not your personal configurations.
-{
- # List your module files here
- # my-module = import ./my-module.nix;
-}
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
deleted file mode 100644
index 8605069..0000000
--- a/modules/nixos/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
-# These should be stuff you would like to share with others, not your personal configurations.
-{
- # List your module files here
- # my-module = import ./my-module.nix;
-}
diff --git a/overlays/default.nix b/overlays/default.nix
deleted file mode 100644
index 669bd73..0000000
--- a/overlays/default.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# This file defines overlays/custom modifications to upstream packages
-#
-
-{ inputs, ... }: {
- # This one brings our custom packages from the 'pkgs' directory
- additions = final: _prev: import ../pkgs { pkgs = final; };
-
- # This one contains whatever you want to overlay
- # You can change versions, add patches, set compilation flags, anything really.
- # https://nixos.wiki/wiki/Overlays
- modifications = final: prev: {
- # example = prev.example.overrideAttrs (oldAttrs: let ... in {
- # ...
- # });
- };
-
- # When applied, the unstable nixpkgs set (declared in the flake inputs) will
- # be accessible through 'pkgs.unstable'
- unstable-packages = final: _prev: {
- unstable = import inputs.nixpkgs-unstable {
- system = final.system;
- config.allowUnfree = true;
- };
- };
-}
diff --git a/pkgs/default.nix b/pkgs/default.nix
index d1a6549..3dfcdc0 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,5 +1,3 @@
-# You can build these directly using 'nix build .#example'
-
-{ pkgs ? import <nixpkgs> { } }: rec {
- sdrconnect = pkgs.callPackage ./sdrconnect { };
+self: super: {
+ sdrconnect = super.callPackage ./sdrconnect { };
}
diff --git a/scripts/install-with-disko b/scripts/install-with-disko
new file mode 100755
index 0000000..859a647
--- /dev/null
+++ b/scripts/install-with-disko
@@ -0,0 +1,68 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i zsh --packages rsync zsh
+
+setopt ERR_EXIT NO_UNSET PIPE_FAIL
+DIR="${0:h}"
+
+TARGET_HOST="${1:-}"
+TARGET_USER="${2:-nipsy}"
+
+if [[ "${USERNAME}" != "nixos" ]]; then
+ echo "ERROR! ${0:t} should be run as the nixos user from a NixOS installer." >&2
+ exit 1
+fi
+
+if [[ -z "$TARGET_HOST" ]]; then
+ echo "ERROR! ${0:t} requires a hostname as the first argument." >&2
+ exit 1
+fi
+
+if [[ ! -e "${DIR}/../hosts/${TARGET_HOST}/disks.nix" ]]; then
+ echo "ERROR! ${0:t} could not find the required ${DIR}/../hosts/${TARGET_HOST}/disks.nix." >&2
+ exit 1
+fi
+
+# Check if the machine we're provisioning is using an encrypted pool.
+# If it does, prompt for the passphrase, and write to a known location.
+if grep -q "data.keyfile" "${DIR}/../hosts/${TARGET_HOST}/disks.nix"; then
+ while true; do
+ echo -en "\n${TARGET_HOST} uses ZFS encryption. Enter a passphrase to encrypt your pool: "
+ read -s pass
+ echo -e '\n'
+
+ if [[ "${#pass}" -lt 8 ]]; then
+ echo 'ERROR! Passphrase must be at least 8 characters.' >&2
+ else
+ break
+ fi
+ done
+
+ echo -n "${pass}" > /tmp/data.keyfile && chmod 00600 /tmp/data.keyfile
+fi
+
+
+<<EOF
+++++++++ The disk(s) in ${TARGET_HOST} are about to get wiped!
+WARNING! NixOS will be re-installed on ${TARGET_HOST}.
+++++++++ This is a destructive operation!!!
+
+EOF
+
+read -q '?Are you sure? [y/N] '
+echo
+
+if [[ "${REPLY}" == "y" ]]; then
+ sudo true
+ sudo nix run github:nix-community/disko \
+ --extra-experimental-features "nix-command flakes" \
+ --no-write-lock-file \
+ -- \
+ --mode zap_create_mount \
+ "${DIR}/../hosts/${TARGET_HOST}/disks.nix"
+
+ # rsync NixOS configuration to target host file system and install the system
+ sudo mkdir -p /mnt/etc/nixos
+ sudo rsync -a --delete --exclude .git "${DIR}/.." /mnt/etc/nixos
+ cd /mnt/etc/nixos
+ sudo nixos-install --flake ".#${TARGET_HOST}"
+fi