diff options
| -rw-r--r-- | flake.lock | 79 | ||||
| -rw-r--r-- | flake.nix | 99 | ||||
| -rw-r--r-- | home/nipsy/common/core/default.nix | 41 | ||||
| -rw-r--r-- | home/nipsy/richese.nix | 7 | ||||
| -rw-r--r-- | hosts/common/core/default.nix | 13 | ||||
| -rw-r--r-- | hosts/richese/default.nix | 200 | ||||
| -rw-r--r-- | hosts/richese/disks.nix | 98 | ||||
| -rw-r--r-- | hosts/richese/hardware-configuration.nix | 46 | ||||
| -rw-r--r-- | modules/home-manager/default.nix | 6 | ||||
| -rw-r--r-- | modules/nixos/default.nix | 6 | ||||
| -rw-r--r-- | overlays/default.nix | 26 | ||||
| -rw-r--r-- | pkgs/default.nix | 6 | ||||
| -rwxr-xr-x | scripts/install-with-disko | 68 |
13 files changed, 534 insertions, 161 deletions
@@ -1,5 +1,25 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1712798444, + "narHash": "sha256-aAksVB7zMfBQTz0q2Lw3o78HM3Bg2FRziX2D6qnh+sk=", + "owner": "nix-community", + "repo": "disko", + "rev": "a297cb1cb0337ee10a7a0f9517954501d8f6f74d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "hardware": { "locked": { "lastModified": 1711352745, @@ -15,37 +35,58 @@ "type": "github" } }, - "home-manager": { + "home-manager-stable": { "inputs": { "nixpkgs": [ - "nixpkgs" + "nixpkgs-stable" ] }, "locked": { - "lastModified": 1712093955, - "narHash": "sha256-94I0sXz6fiVBvUAk2tg6t3UpM5rOImj4JTSTNFbg64s=", + "lastModified": 1712386041, + "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "80546b220e95a575c66c213af1b09fe255299438", + "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff", "type": "github" }, "original": { "owner": "nix-community", + "ref": "release-23.11", "repo": "home-manager", "type": "github" } }, - "nixpkgs": { + "home-manager-unstable": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1712759992, + "narHash": "sha256-2APpO3ZW4idlgtlb8hB04u/rmIcKA8O7pYqxF66xbNY=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "31357486b0ef6f4e161e002b6893eeb4fafc3ca9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs-stable": { "locked": { - "lastModified": 1712168706, - "narHash": "sha256-XP24tOobf6GGElMd0ux90FEBalUtw6NkBSVh/RlA6ik=", - "owner": "NixOS", + "lastModified": 1712806230, + "narHash": "sha256-L5Y0jrTeoIlDjKxZTWUolElXA3fkEwOm7Tp1w3Zna08=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "1487bdea619e4a7a53a4590c475deabb5a9d1bfb", + "rev": "4e26a9254caa61f6599357cbaba9df7ff6ee0b0e", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "release-23.11", "repo": "nixpkgs", "type": "github" @@ -53,15 +94,15 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1712122226, - "narHash": "sha256-pmgwKs8Thu1WETMqCrWUm0CkN1nmCKX3b51+EXsAZyY=", - "owner": "NixOS", + "lastModified": 1712608508, + "narHash": "sha256-vMZ5603yU0wxgyQeHJryOI+O61yrX2AHwY6LOFyV1gM=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "08b9151ed40350725eb40b1fe96b0b86304a654b", + "rev": "4cba8b53da471aea2ab2b0c1f30a81e7c451f4b6", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -69,9 +110,11 @@ }, "root": { "inputs": { + "disko": "disko", "hardware": "hardware", - "home-manager": "home-manager", - "nixpkgs": "nixpkgs", + "home-manager-stable": "home-manager-stable", + "home-manager-unstable": "home-manager-unstable", + "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable" } } @@ -2,69 +2,60 @@ description = "nipsy's NixOS configuration"; inputs = { + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs-unstable"; + hardware.url = "github:nixos/nixos-hardware"; - home-manager = { + home-manager-stable = { + url = "github:nix-community/home-manager/release-23.11"; + inputs.nixpkgs.follows = "nixpkgs-stable"; + }; + + home-manager-unstable = { url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; }; - nixpkgs.url = "github:NixOS/nixpkgs/release-23.11"; - nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs-stable.url = "github:nixos/nixpkgs/release-23.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, ... } @ inputs: - let - inherit (self) outputs; - lib = nixpkgs.lib // home-manager.lib; - systems = [ - "x86_64-linux" - # "aarch64-linux" - # "x86_64-darwin" - #"aarch64-darwin" - # "i686-linux" - ]; - forEachSystem = f: lib.genAttrs systems (system: f pkgsFor.${system}); - pkgsFor = lib.genAttrs systems (system: import nixpkgs { - inherit system; - config.allowUnfree = true; - }); - in - { - inherit lib; - - # Custom modules to enable special functionality for nixos or home-manager oriented configs. - nixosModules = import ./modules/nixos; - homeManagerModules = import ./modules/home-manager; - - # Custom modifications/overrides to upstream packages. - overlays = import ./overlays { inherit inputs outputs; }; - - # Your custom packages meant to be shared or upstreamed. - # Accessible through 'nix build', 'nix shell', etc - packages = forEachSystem (pkgs: import ./pkgs { inherit pkgs; }); - - # nixos-rebuild switch --flake .#hostname' - nixosConfigurations = { - ginaz = nixpkgs-unstable.lib.nixosSystem rec { - system = "x86_64-linux"; - modules = [ - { - nixpkgs.config.pkgs = import nixpkgs-unstable { inherit system; }; - } - ./hosts/ginaz - ]; - specialArgs = { inherit inputs outputs; }; - }; + outputs = inputs@{ home-manager-stable, home-manager-unstable, nixpkgs-stable, nixpkgs-unstable, ... }: rec { + nixosConfigurations = { + ginaz = nixpkgs-unstable.lib.nixosSystem { + pkgs = pkgs-unstable; + system = "x86_64-linux"; + modules = [ + ./hosts/ginaz + home-manager-unstable.nixosModules.home-manager { + home-manager.users.nipsy = import ./home/nipsy/ginaz.nix; + } + ]; }; - # home-manager switch --flake .#primary-username@hostname' - homeConfigurations = { - "nipsy@ginaz" = lib.homeManagerConfiguration { - modules = [ ./home/nipsy/ginaz.nix ]; - pkgs = pkgsFor.x86_64-linux; - extraSpecialArgs = { inherit inputs outputs; }; - }; + richese = nixpkgs-unstable.lib.nixosSystem { + pkgs = pkgs-unstable; + system = "x86_64-linux"; + modules = [ + ./hosts/richese + home-manager-unstable.nixosModules.home-manager { + home-manager.users.nipsy = import ./home/nipsy/richese.nix; + } + ]; }; }; + + pkgs-stable = import nixpkgs-stable { + system = "x86_64-linux"; + config.allowUnfree = true; + overlays = [(import ./pkgs)]; + }; + + pkgs-unstable = import nixpkgs-unstable { + system = "x86_64-linux"; + config.allowUnfree = true; + overlays = [(import ./pkgs)]; + }; + }; } diff --git a/home/nipsy/common/core/default.nix b/home/nipsy/common/core/default.nix index 6903d90..821fbfd 100644 --- a/home/nipsy/common/core/default.nix +++ b/home/nipsy/common/core/default.nix @@ -8,7 +8,7 @@ ./tmux ./vim ./zsh - ] ++ (builtins.attrValues outputs.homeManagerModules); + ]; home = { username = lib.mkDefault "nipsy"; @@ -16,40 +16,11 @@ stateVersion = lib.mkDefault "23.11"; }; - home.packages = builtins.attrValues { - inherit (pkgs) - - borgbackup - btop - coreutils - eza - fd - findutils - fzf - jq - nix-tree - ncdu - pciutils - pfetch - pre-commit - p7zip - ripgrep - usbutils - tree - unzip - unrar - wget - zip; - }; - - nixpkgs = { - overlays = builtins.attrValues outputs.overlays; - config = { - allowUnfree = true; - # Workaround for https://github.com/nix-community/home-manager/issues/2942 - allowUnfreePredicate = (_: true); - }; - }; + #home.packages = builtins.attrValues { + # inherit (pkgs) + # wget + # zip; + #}; nix = { package = lib.mkDefault pkgs.nix; diff --git a/home/nipsy/richese.nix b/home/nipsy/richese.nix new file mode 100644 index 0000000..17d39fd --- /dev/null +++ b/home/nipsy/richese.nix @@ -0,0 +1,7 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + common/core + common/optional/desktops + ]; +} diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix index 8d19a9f..5fefe2d 100644 --- a/hosts/common/core/default.nix +++ b/hosts/common/core/default.nix @@ -1,21 +1,10 @@ { inputs, outputs, ... }: { imports = [ - inputs.home-manager.nixosModules.home-manager ./locale.nix ./nix.nix ./shells.nix ./zsh.nix - ] ++ (builtins.attrValues outputs.nixosModules); - - home-manager.extraSpecialArgs = { inherit inputs outputs; }; - - nixpkgs = { - # you can add global overlays here - overlays = builtins.attrValues outputs.overlays; - config = { - allowUnfree = true; - }; - }; + ]; hardware.enableRedistributableFirmware = true; } diff --git a/hosts/richese/default.nix b/hosts/richese/default.nix new file mode 100644 index 0000000..f068784 --- /dev/null +++ b/hosts/richese/default.nix @@ -0,0 +1,200 @@ +{ config, pkgs, ... }: { + boot = { + initrd.kernelModules = [ "zfs" ]; + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + loader.grub.device = "/dev/sda"; + supportedFilesystems = [ "zfs" ]; + zfs.devNodes = "/dev/disk/by-label"; + }; + + documentation.dev.enable = true; + documentation.man.enable = true; + + environment.systemPackages = with pkgs; [ + acl + ansible + autoconf + automake + bash + bc + bind + binutils + bpftools + bzip2 + cmake + colordiff + conntrack-tools + coreutils + cpio + curl + diffutils + dig + dmenu + enscript + ethtool + evince + expect + feh + file + findutils + fio + fortune + fping + gcc + gcr + geeqie + ghostscript + #gimp-with-plugins + gimp + git + gnugrep + gnupatch + gnused + gnutar + google-chrome + gv + gzip + helm + i3 + i3status + imagemagick + inkscape + inxi + iotop + ipcalc + iperf + iproute2 + iputils + jq + less + libreoffice + lshw + lsof + lvm2 + mariadb + mutt + nano + netcat-openbsd + nettools + nix-index + nmap + oath-toolkit + openldap + openssl + openstackclient + patchelf + (pass.withExtensions (ext: with ext; [pass-otp])) + pass + pavucontrol + pciutils + perl + pkg-config + polkit_gnome + poppler_utils + procps + psmisc + pv + pwgen + python3 + qpwgraph + qrencode + recode + rsync + sqlite + st + stoken + strace + sysstat + tcpdump + traceroute + tree + unixtools.xxd + unrar + unzip + util-linux + vim + virtualenv + wdiff + weechat + wget + wireshark + whois + xclip + xdotool + xorg.xdpyinfo + xsnow + xz + zip + zstd + ]; + + imports = [ + ./hardware-configuration.nix + ../common/core + ../common/optional/pipewire.nix + ../common/optional/services/openssh.nix + ../common/optional/services/xorg.nix + ../common/optional/zfs.nix + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + hostId = "2d990f74"; + hostName = "richese"; + nftables.enable = true; + }; + + programs.atop.enable = true; + programs.firefox.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + programs.iftop.enable = true; + programs.mtr.enable = true; + programs.tmux.enable = true; + programs.zsh.enable = true; + + security.polkit = { + enable = true; + extraConfig = '' + polkit.addRule(function(action, subject) { + if ( + subject.isInGroup("users") + && ( + action.id == "org.freedesktop.login1.reboot" || + action.id == "org.freedesktop.login1.reboot-multiple-sessions" || + action.id == "org.freedesktop.login1.power-off" || + action.id == "org.freedesktop.login1.power-off-multiple-sessions" + ) + ) + { + return polkit.Result.YES; + } + }) + ''; + }; + + systemd = { + user.services.polkit-gnome-authentication-agent-1 = { + description = "polkit-gnome-authentication-agent-1"; + wantedBy = [ "graphical-session.target" ]; + wants = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + }; + }; + + system.stateVersion = "23.11"; + + virtualisation.virtualbox.guest.enable = true; + # no longer in unstable apparently + #virtualisation.virtualbox.guest.x11 = true; +} diff --git a/hosts/richese/disks.nix b/hosts/richese/disks.nix new file mode 100644 index 0000000..9f05d48 --- /dev/null +++ b/hosts/richese/disks.nix @@ -0,0 +1,98 @@ +{ + disko.devices = { + disk = { + sda = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "4M"; + type = "EF02"; + }; + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "defaults" ]; + extraArgs = [ "-n boot" ]; + }; + }; + swap = { + size = "16G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap" ]; + }; + }; + rpool = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + dnodesize = "auto"; + xattr = "sa"; + relatime = "on"; + normalization = "formD"; + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + keylocation = "file:///tmp/data.keyfile"; + compression = "on"; + }; + postCreateHook = '' + zfs set keylocation="prompt" rpool + ''; + options = { + ashift = "12"; + #autotrim = "on"; + }; + datasets = { + "local/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + }; + "local/nix" = { + type = "zfs_fs"; + options = { + atime = "off"; + mountpoint = "legacy"; + }; + mountpoint = "/nix"; + }; + "user/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "user/home/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/root"; + }; + "user/home/nipsy" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/nipsy"; + }; + }; + }; + }; + }; +} diff --git a/hosts/richese/hardware-configuration.nix b/hosts/richese/hardware-configuration.nix new file mode 100644 index 0000000..dc9fd42 --- /dev/null +++ b/hosts/richese/hardware-configuration.nix @@ -0,0 +1,46 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ #(modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool/local/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + + fileSystems."/nix" = + { device = "rpool/local/nix"; + fsType = "zfs"; + }; + + fileSystems."/root" = + { device = "rpool/user/home/root"; + fsType = "zfs"; + }; + + fileSystems."/home/nipsy" = + { device = "rpool/user/home/nipsy"; + fsType = "zfs"; + }; + + swapDevices = + [ { device = "/dev/disk/by-label/swap"; } + ]; + + virtualisation.virtualbox.guest.enable = true; +} diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix deleted file mode 100644 index 45aae31..0000000 --- a/modules/home-manager/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -# Add your reusable home-manager modules to this directory, on their own file (https://nixos.wiki/wiki/Module). -# These should be stuff you would like to share with others, not your personal configurations. -{ - # List your module files here - # my-module = import ./my-module.nix; -} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix deleted file mode 100644 index 8605069..0000000 --- a/modules/nixos/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module). -# These should be stuff you would like to share with others, not your personal configurations. -{ - # List your module files here - # my-module = import ./my-module.nix; -} diff --git a/overlays/default.nix b/overlays/default.nix deleted file mode 100644 index 669bd73..0000000 --- a/overlays/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -# -# This file defines overlays/custom modifications to upstream packages -# - -{ inputs, ... }: { - # This one brings our custom packages from the 'pkgs' directory - additions = final: _prev: import ../pkgs { pkgs = final; }; - - # This one contains whatever you want to overlay - # You can change versions, add patches, set compilation flags, anything really. - # https://nixos.wiki/wiki/Overlays - modifications = final: prev: { - # example = prev.example.overrideAttrs (oldAttrs: let ... in { - # ... - # }); - }; - - # When applied, the unstable nixpkgs set (declared in the flake inputs) will - # be accessible through 'pkgs.unstable' - unstable-packages = final: _prev: { - unstable = import inputs.nixpkgs-unstable { - system = final.system; - config.allowUnfree = true; - }; - }; -} diff --git a/pkgs/default.nix b/pkgs/default.nix index d1a6549..3dfcdc0 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,5 +1,3 @@ -# You can build these directly using 'nix build .#example' - -{ pkgs ? import <nixpkgs> { } }: rec { - sdrconnect = pkgs.callPackage ./sdrconnect { }; +self: super: { + sdrconnect = super.callPackage ./sdrconnect { }; } diff --git a/scripts/install-with-disko b/scripts/install-with-disko new file mode 100755 index 0000000..859a647 --- /dev/null +++ b/scripts/install-with-disko @@ -0,0 +1,68 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i zsh --packages rsync zsh + +setopt ERR_EXIT NO_UNSET PIPE_FAIL +DIR="${0:h}" + +TARGET_HOST="${1:-}" +TARGET_USER="${2:-nipsy}" + +if [[ "${USERNAME}" != "nixos" ]]; then + echo "ERROR! ${0:t} should be run as the nixos user from a NixOS installer." >&2 + exit 1 +fi + +if [[ -z "$TARGET_HOST" ]]; then + echo "ERROR! ${0:t} requires a hostname as the first argument." >&2 + exit 1 +fi + +if [[ ! -e "${DIR}/../hosts/${TARGET_HOST}/disks.nix" ]]; then + echo "ERROR! ${0:t} could not find the required ${DIR}/../hosts/${TARGET_HOST}/disks.nix." >&2 + exit 1 +fi + +# Check if the machine we're provisioning is using an encrypted pool. +# If it does, prompt for the passphrase, and write to a known location. +if grep -q "data.keyfile" "${DIR}/../hosts/${TARGET_HOST}/disks.nix"; then + while true; do + echo -en "\n${TARGET_HOST} uses ZFS encryption. Enter a passphrase to encrypt your pool: " + read -s pass + echo -e '\n' + + if [[ "${#pass}" -lt 8 ]]; then + echo 'ERROR! Passphrase must be at least 8 characters.' >&2 + else + break + fi + done + + echo -n "${pass}" > /tmp/data.keyfile && chmod 00600 /tmp/data.keyfile +fi + + +<<EOF +++++++++ The disk(s) in ${TARGET_HOST} are about to get wiped! +WARNING! NixOS will be re-installed on ${TARGET_HOST}. +++++++++ This is a destructive operation!!! + +EOF + +read -q '?Are you sure? [y/N] ' +echo + +if [[ "${REPLY}" == "y" ]]; then + sudo true + sudo nix run github:nix-community/disko \ + --extra-experimental-features "nix-command flakes" \ + --no-write-lock-file \ + -- \ + --mode zap_create_mount \ + "${DIR}/../hosts/${TARGET_HOST}/disks.nix" + + # rsync NixOS configuration to target host file system and install the system + sudo mkdir -p /mnt/etc/nixos + sudo rsync -a --delete --exclude .git "${DIR}/.." /mnt/etc/nixos + cd /mnt/etc/nixos + sudo nixos-install --flake ".#${TARGET_HOST}" +fi |