tidied disks

flake.lock

@@ -45,15 +45,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1718846788,
+        "lastModified": 1715070411,
-        "narHash": "sha256-9dtXYtEkmXoUJV+PGLqscqF7qTn4AIhAKpFWRFU2NYs=",
+        "narHash": "sha256-5CNvkH0Nf7yMwgKhjUNg/lUK40C7DXB4zKOuA2jVO90=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "e1174d991944a01eaaa04bc59c6281edca4c0e6e",
+        "rev": "4677f6c53482a8b01ee93957e3bdd569d51261d6",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
+        "ref": "v1.6.1",
         "repo": "disko",
         "type": "github"
       }
@@ -141,11 +142,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1718879355,
+        "lastModified": 1719259945,
-        "narHash": "sha256-RTyqP4fBX2MdhNuMP+fnR3lIwbdtXhyj7w7fwtvgspc=",
+        "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "8cd35b9496d21a6c55164d8547d9d5280162b07a",
+        "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
         "type": "github"
       },
       "original": {
@@ -221,11 +222,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1717932370,
+        "lastModified": 1719091691,
-        "narHash": "sha256-7C5lCpiWiyPoIACOcu2mukn/1JRtz6HC/1aEMhUdcw0=",
+        "narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "27979f1c3a0d3b9617a3563e2839114ba7d48d3f",
+        "rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a",
         "type": "github"
       },
       "original": {
@@ -261,11 +262,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1718662658,
+        "lastModified": 1719128254,
-        "narHash": "sha256-AKG7BsqtVWDlefgzyKz7vjaKTLi4+bmTSBhowbQoZtM=",
+        "narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "29b3096a6e283d7e6779187244cb2a3942239fdf",
+        "rev": "50581970f37f06a4719001735828519925ef8310",
         "type": "github"
       },
       "original": {
@@ -277,11 +278,11 @@
     "nix-secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1718651801,
+        "lastModified": 1719601133,
-        "narHash": "sha256-YoYeg48dhvHzwcwb+TJMv4vlB4tcics9u6N/kXxfUYA=",
+        "narHash": "sha256-2+e92LyX1fFj3mIZft+K8OzR9NT/1xtheO8hO/3DyRc=",
         "ref": "refs/heads/master",
-        "rev": "e02bf3cecdb9a49e9cc9e777b8406f5ab28a2566",
+        "rev": "278ccbbd646e86cab5fd38d43d9134270d8123d0",
-        "revCount": 94,
+        "revCount": 141,
         "type": "git",
         "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
       },
@@ -292,11 +293,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1718835956,
+        "lastModified": 1719426051,
-        "narHash": "sha256-wM9v2yIxClRYsGHut5vHICZTK7xdrUGfrLkXvSuv6s4=",
+        "narHash": "sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "dd457de7e08c6d06789b1f5b88fc9327f4d96309",
+        "rev": "89c49874fb15f4124bf71ca5f42a04f2ee5825fd",
         "type": "github"
       },
       "original": {
@@ -323,11 +324,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1718478900,
+        "lastModified": 1719099622,
-        "narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=",
+        "narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c884223af91820615a6146af1ae1fea25c107005",
+        "rev": "5e8e3b89adbd0be63192f6e645e0a54080004924",
         "type": "github"
       },
       "original": {
@@ -339,11 +340,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1718895438,
+        "lastModified": 1719254875,
-        "narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=",
+        "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3",
+        "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
         "type": "github"
       },
       "original": {
@@ -367,11 +368,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1718966331,
+        "lastModified": 1719469291,
-        "narHash": "sha256-JKc3awrDQhdYT9LUAVgt74rFVcSrZ+VgNTsWLo2Kp24=",
+        "narHash": "sha256-Efir01r7ThPabDBFOygX1UDyerJFHelbRGdMo/VNw14=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "1cd17226d5c75d20df2ebb754c3fc60ccc735a25",
+        "rev": "8f52e4d1e34039937efb0ee05825b9963ef29739",
         "type": "github"
       },
       "original": {
@@ -383,11 +384,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1719053107,
+        "lastModified": 1719596768,
-        "narHash": "sha256-gUnarEm0XN7xVK2s9t7eEEixctynaERMruLdzkDloV8=",
+        "narHash": "sha256-quSWztqqMxvSJIKddYp1D0GdR7Kg8JjEVCIzMbtBTQ4=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "f1b52ba4df9226117b0f33b5226ccea7aad08068",
+        "rev": "35e48702118124ec52a071e300f55c78a4b7b338",
         "type": "github"
       },
       "original": {
@@ -418,11 +419,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1718506969,
+        "lastModified": 1719268571,
-        "narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=",
+        "narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=",
         "owner": "mic92",
         "repo": "sops-nix",
-        "rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251",
+        "rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3",
         "type": "github"
       },
       "original": {
@@ -454,11 +455,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1718522839,
+        "lastModified": 1719243788,
-        "narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=",
+        "narHash": "sha256-9T9mSY35EZSM1KAwb7K9zwQ78qTlLjosZgtUGnw4rn4=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81",
+        "rev": "065a23edceff48f948816b795ea8cc6c0dee7cdf",
         "type": "github"
       },
       "original": {

flake.nix

@@ -26,7 +26,7 @@
 
     # Declarative partitioning and formatting
     disko = {
-      url = "github:nix-community/disko";
+      url = "github:nix-community/disko/v1.6.1";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
@@ -115,6 +115,16 @@
             }
           ];
         };
+        nebula = nixpkgs.lib.nixosSystem {
+          inherit specialArgs;
+          modules = [
+            ./hosts/nebula
+            home-manager.nixosModules.home-manager
+            {
+              home-manager.extraSpecialArgs = specialArgs;
+            }
+          ];
+        };
       };
     };
 }

home/common/core/default.nix

@@ -4,7 +4,6 @@
     inputs.nix-colors.homeManagerModules.default
     ./zsh.nix
     ./nixvim
-    ./fonts.nix
   ];
 
   nixpkgs.overlays = [
@@ -29,5 +28,5 @@
       libqalculate
       ;
   };
-  home.stateVersion = "23.11";
+  home.stateVersion = "24.05";
 }

home/common/core/fonts.nix

@@ -1,15 +0,0 @@
-{ pkgs, ... }:
-{
-  fonts.fontconfig.enable = true;
-  home.packages = with pkgs; [
-    nerdfonts
-    noto-fonts
-    noto-fonts-cjk
-    noto-fonts-emoji
-    hack-font
-    liberation_ttf
-    libertine
-    font-awesome
-  ];
-
-}

home/common/optional/desktop/common/fontconfig.nix

@@ -1,4 +1,16 @@
-{ ... }: {
+{ ... }: 
+{
+  fonts.fontconfig.enable = true;
+  home.packages = with pkgs; [
+    nerdfonts
+    noto-fonts
+    noto-fonts-cjk
+    noto-fonts-emoji
+    hack-font
+    liberation_ttf
+    libertine
+    font-awesome
+  ];
   fonts = {
     fontconfig = {
       defaultFonts = {

home/nebula.nix

@@ -0,0 +1,13 @@
+{ ...
+}: {
+  imports = [
+    # Import users
+    ./users/admin
+
+    ./common/core
+
+    # Import optional
+    ./common/optional/git.nix
+
+  ];
+}

home/users/admin/default.nix

@@ -3,7 +3,6 @@
 {
   home.username = "admin";
   home.homeDirectory = "/home/admin";
-  home.stateVersion = "23.11"; 
 
   imports = [
   ] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?

home/users/media/default.nix

@@ -3,7 +3,6 @@
 {
   home.username = "media";
   home.homeDirectory = "/home/media";
-  home.stateVersion = "23.11";
 
   imports = [
     inputs.impermanence.nixosModules.home-manager.impermanence

home/users/sam/default.nix

@@ -3,7 +3,6 @@
 {
   home.username = "sam";
   home.homeDirectory = "/home/sam";
-  home.stateVersion = "23.11";
 
   imports = [
   ] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?

hosts/common/core/default.nix

@@ -4,6 +4,7 @@ let
 in
 {
   imports = [
+    inputs.impermanence.nixosModules.impermanence
     ./sops.nix
     ./locale.nix
   ];
@@ -44,5 +45,5 @@ in
     pkgs.vim
   ];
 
-  system.stateVersion = "23.11";
+  system.stateVersion = "24.05";
 }

hosts/common/disks/btrfs/standard.nix

@@ -0,0 +1,21 @@
+{
+  type = "btrfs";
+  extraArgs = ["-f"];
+    subvolumes = {
+      "/root" = {
+        mountpoint = "/";
+        mountOptions = [ "compress=zstd" "noatime" ];
+      };
+
+      "/nix" = {
+        mountOptions = [ "subvol=nix" "noatime" ];
+        mountpoint = "/nix";
+      };
+  
+      "/swap" = {
+        mountOptions = [ "noatime" ];
+        mountpoint = "/.swapvol";
+        swap.swapfile.size = "8192M";
+      };
+    };
+}

hosts/common/disks/default.nix

@@ -1,11 +1,11 @@
-{ device, fsType, encrypted, ... }:
+{ device, fsType, encrypted, impermanence, ... }:
 let
-  # basic and perists configs. basic fs = ext4, persist fs = btrfs either encrypted or under lvm 
+  fsModule = if impermanence then ./${fsType}/persist.nix else ./${fsType}/standard.nix;
-  basic = import ./gpt-bios-compact.nix { inherit device; };
+  basic = import ./${fsType}/basic.nix { inherit device; };
-  btrfs-persist-lvm = import ./btrfs-lvm.nix { inherit device; };
+  lvm = import ./lvm.nix { inherit device; fsModule = fsModule; };
-  btrfs-persist-luks = import ./btrfs-luks.nix { inherit device; };
+  luks = import ./luks.nix { inherit device; fsModule = fsModule; };
 in
 if fsType == "ext4" then basic
-else if fsType == "btrfs" && encrypted then btrfs-persist-luks
+else if fsType == "btrfs" && encrypted then luks
-else if fsType == "btrfs" then btrfs-persist-lvm
+else if fsType == "btrfs" then lvm
-else null # or some default value
+else null 

hosts/common/disks/luks.nix

@@ -1,4 +1,7 @@
-{device ? throw "Must define a device, e.g. /dev/sda"}:
+{
+device ? throw "Must define a device, e.g. /dev/sda",
+fsModule ? "Must specify submodule"
+}:
 {
   disko.devices = {
     disk = {
@@ -26,7 +29,7 @@
                 type = "luks";
                 name = "crypted";
                 passwordFile = "/tmp/luks_secret.key"; # Interactive
-                content = (import ./btrfs-persist.nix);
+                content = (import "${fsModule}");
                 };
               };
           };

hosts/common/disks/lvm.nix

@@ -1,4 +1,7 @@
-{device ? throw "Must define a device, e.g. /dev/sda"}:
+{
+device ? throw "Must define a device, e.g. /dev/sda",
+fsModule ? "Must specify submodule"
+}:
 {
   disko.devices = {
     disk.main = {
@@ -36,7 +39,7 @@
         lvs = {
           root = {
             size = "100%FREE";
-            content = (import ./btrfs-persist.nix);
+            content = (import "${fsModule}");
             };
         };
       };

hosts/common/users/admin/default.nix

@@ -15,14 +15,9 @@ in
     hashedPasswordFile = sopsHashedPasswordFile;
     openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
 
-    extraGroups =
+    extraGroups = ["wheel"]; 
-       [  
-         "wheel" 
-       ]; 
 
     packages = with pkgs; [
-      flatpak
-      gnome.gnome-software
     ];
   };
 

hosts/nebula/default.nix

@@ -0,0 +1,51 @@
+{ inputs, config, lib, pkgs, outputs, ... }:
+let
+  # Disko setup
+  fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
+  dev = "/dev/sda"; # depends on target hardware
+  encrypted = false; # currrently only applies to btrfs
+  impermanence = false; # currrently only applies to btrfs
+  btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
+  user = "admin";
+in
+{
+  imports =
+    [
+      # Create users for this host
+      ../common/users/${user}
+
+      # Disk configuration
+      inputs.disko.nixosModules.disko
+      (import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
+
+      # Import core options
+      ./hardware-configuration.nix
+      ../common/core
+
+      # Import optional options
+      ../common/optional/openssh.nix
+
+
+    ];
+
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+      timeout = 3;
+    };
+  };
+
+  networking = {
+    hostName = "nebula";
+    networkmanager.enable = true;
+    enableIPv6 = false;
+  };
+
+  boot.supportedFilesystems = [ "zfs" ];
+  boot.zfs.forceImportRoot = false;
+  networking.hostId = "18aec5d7";
+
+  services.libinput.enable = true;
+}
+

hosts/nebula/hardware-configuration.nix

@@ -0,0 +1,24 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

hosts/semita/default.nix

@@ -6,6 +6,7 @@ let
   encrypted = true; # currrently only applies to btrfs
   btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
   user = "sam";
+  impermanence = true;
 in
 {
   imports =
@@ -15,11 +16,10 @@ in
 
       # Disk configuration
       inputs.disko.nixosModules.disko
-      (import ../common/disks { device = dev; fsType = fsType; encrypted = encrypted; })
+      (import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
 
       # Impermanence
-      inputs.impermanence.nixosModules.impermanence
+      (import ../common/disks/btrfs/impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
-      (import ../common/disks/btrfs-impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
 
       # Import core options
       ./hardware-configuration.nix

hosts/sparky/default.nix

@@ -5,6 +5,7 @@ let
   dev = "/dev/sda"; # depends on target hardware
   encrypted = false; # currrently only applies to btrfs
   btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
+  impermanence = true;
 in
 {
   imports =
@@ -14,11 +15,10 @@ in
 
       # Disk configuration
       inputs.disko.nixosModules.disko
-      (import ../common/disks { device = dev; fsType = fsType; encrypted = encrypted; })
+      (import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
 
       # Impermanence
-      inputs.impermanence.nixosModules.impermanence
+      (import ../common/disks/btrfs/impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
-      (import ../common/disks/btrfs-impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
 
       # Import core options
       ./hardware-configuration.nix

scripts/bootstrap.sh

@@ -17,6 +17,8 @@ read -p "Enter hostname of target: " hostname
 read -p "Enter IP of target: " ip
 read -p "Enter config to install on target: " config
 read -p "Enter username (if none, use 'root'): " username
+read -p "Using impermanence? (yes|no): " impermanence 
+[ "$impermanence" = "yes" ] && persist="/persist"
 
 # Delete key in known hosts if exists
 sed -i "/$ip/d" ~/.ssh/known_hosts
@@ -36,11 +38,11 @@ cleanup() {
 trap cleanup EXIT
 
 # Create the directory for target host keys
-install -d -m755 "$temp/persist/etc/ssh"
+install -d -m755 "$temp$persist/etc/ssh"
 
 # Create ssh keys
 echo "Creating '$hostname' ssh keys"
-ssh-keygen -t ed25519 -f "$temp/persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N ""
+ssh-keygen -t ed25519 -f "$temp$persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N ""
 
 # Extract luks key from secrets
 luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ../nix-secrets/secrets.yaml")
@@ -48,7 +50,7 @@ echo "$luks_secret" > /tmp/luks_secret.key
 
 # Generate age key from target host and user public ssh key
 echo "Generating age key from target host and user ssh key"
-HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp/persist/etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age")
+HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp$persist/etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age")
 echo -e "Host age key:\n$HOST_AGE_KEY\n"
 
 # Update .sops.yaml with new age key:
@@ -67,10 +69,10 @@ sed -i "{
 just update-sops-secrets && just update-flake-secrets && just update-flake
 
 # Copy current nix config over to target
-cp -prv . "$temp/persist/etc/nixos"
+cp -prv . "$temp$persist/etc/nixos"
 
 # Install Nixos to target
-SHELL=/bin/sh nix run github:nix-community/nixos-anywhere -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"
+SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"
 [ $? != 0 ] && echo "Error installing Nixos" && exit 1
 
 ## Delete keys from local known_hosts