Compare commits
7 Commits
ecdf80143d
...
e6f0770f97
Author | SHA1 | Date |
---|---|---|
mrsu | e6f0770f97 | |
mrsu | 05ee6da5ee | |
mrsu | 739018e98f | |
mrsu | 906d11b3b0 | |
mrsu | 89dceb1827 | |
mrsu | 0f83b32f2b | |
mrsu | 91eda4f7cd |
75
flake.lock
75
flake.lock
|
@ -45,15 +45,16 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1718846788,
|
"lastModified": 1715070411,
|
||||||
"narHash": "sha256-9dtXYtEkmXoUJV+PGLqscqF7qTn4AIhAKpFWRFU2NYs=",
|
"narHash": "sha256-5CNvkH0Nf7yMwgKhjUNg/lUK40C7DXB4zKOuA2jVO90=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "e1174d991944a01eaaa04bc59c6281edca4c0e6e",
|
"rev": "4677f6c53482a8b01ee93957e3bdd569d51261d6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
|
"ref": "v1.6.1",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -141,11 +142,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1718879355,
|
"lastModified": 1719259945,
|
||||||
"narHash": "sha256-RTyqP4fBX2MdhNuMP+fnR3lIwbdtXhyj7w7fwtvgspc=",
|
"narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
|
||||||
"owner": "cachix",
|
"owner": "cachix",
|
||||||
"repo": "git-hooks.nix",
|
"repo": "git-hooks.nix",
|
||||||
"rev": "8cd35b9496d21a6c55164d8547d9d5280162b07a",
|
"rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -221,11 +222,11 @@
|
||||||
},
|
},
|
||||||
"impermanence": {
|
"impermanence": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717932370,
|
"lastModified": 1719091691,
|
||||||
"narHash": "sha256-7C5lCpiWiyPoIACOcu2mukn/1JRtz6HC/1aEMhUdcw0=",
|
"narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "impermanence",
|
"repo": "impermanence",
|
||||||
"rev": "27979f1c3a0d3b9617a3563e2839114ba7d48d3f",
|
"rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -261,11 +262,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1718662658,
|
"lastModified": 1719128254,
|
||||||
"narHash": "sha256-AKG7BsqtVWDlefgzyKz7vjaKTLi4+bmTSBhowbQoZtM=",
|
"narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=",
|
||||||
"owner": "lnl7",
|
"owner": "lnl7",
|
||||||
"repo": "nix-darwin",
|
"repo": "nix-darwin",
|
||||||
"rev": "29b3096a6e283d7e6779187244cb2a3942239fdf",
|
"rev": "50581970f37f06a4719001735828519925ef8310",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -277,11 +278,11 @@
|
||||||
"nix-secrets": {
|
"nix-secrets": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1718651801,
|
"lastModified": 1719601133,
|
||||||
"narHash": "sha256-YoYeg48dhvHzwcwb+TJMv4vlB4tcics9u6N/kXxfUYA=",
|
"narHash": "sha256-2+e92LyX1fFj3mIZft+K8OzR9NT/1xtheO8hO/3DyRc=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "e02bf3cecdb9a49e9cc9e777b8406f5ab28a2566",
|
"rev": "278ccbbd646e86cab5fd38d43d9134270d8123d0",
|
||||||
"revCount": 94,
|
"revCount": 141,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
||||||
},
|
},
|
||||||
|
@ -292,11 +293,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1718835956,
|
"lastModified": 1719426051,
|
||||||
"narHash": "sha256-wM9v2yIxClRYsGHut5vHICZTK7xdrUGfrLkXvSuv6s4=",
|
"narHash": "sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "dd457de7e08c6d06789b1f5b88fc9327f4d96309",
|
"rev": "89c49874fb15f4124bf71ca5f42a04f2ee5825fd",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -323,11 +324,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1718478900,
|
"lastModified": 1719099622,
|
||||||
"narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=",
|
"narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "c884223af91820615a6146af1ae1fea25c107005",
|
"rev": "5e8e3b89adbd0be63192f6e645e0a54080004924",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -339,11 +340,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1718895438,
|
"lastModified": 1719254875,
|
||||||
"narHash": "sha256-k3JqJrkdoYwE3fHE6xGDY676AYmyh4U2Zw+0Bwe5DLU=",
|
"narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "d603719ec6e294f034936c0d0dc06f689d91b6c3",
|
"rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -367,11 +368,11 @@
|
||||||
"treefmt-nix": "treefmt-nix"
|
"treefmt-nix": "treefmt-nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1718966331,
|
"lastModified": 1719469291,
|
||||||
"narHash": "sha256-JKc3awrDQhdYT9LUAVgt74rFVcSrZ+VgNTsWLo2Kp24=",
|
"narHash": "sha256-Efir01r7ThPabDBFOygX1UDyerJFHelbRGdMo/VNw14=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "1cd17226d5c75d20df2ebb754c3fc60ccc735a25",
|
"rev": "8f52e4d1e34039937efb0ee05825b9963ef29739",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -383,11 +384,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719053107,
|
"lastModified": 1719596768,
|
||||||
"narHash": "sha256-gUnarEm0XN7xVK2s9t7eEEixctynaERMruLdzkDloV8=",
|
"narHash": "sha256-quSWztqqMxvSJIKddYp1D0GdR7Kg8JjEVCIzMbtBTQ4=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "f1b52ba4df9226117b0f33b5226ccea7aad08068",
|
"rev": "35e48702118124ec52a071e300f55c78a4b7b338",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -418,11 +419,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1718506969,
|
"lastModified": 1719268571,
|
||||||
"narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=",
|
"narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=",
|
||||||
"owner": "mic92",
|
"owner": "mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251",
|
"rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -454,11 +455,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1718522839,
|
"lastModified": 1719243788,
|
||||||
"narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=",
|
"narHash": "sha256-9T9mSY35EZSM1KAwb7K9zwQ78qTlLjosZgtUGnw4rn4=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "treefmt-nix",
|
"repo": "treefmt-nix",
|
||||||
"rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81",
|
"rev": "065a23edceff48f948816b795ea8cc6c0dee7cdf",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
12
flake.nix
12
flake.nix
|
@ -26,7 +26,7 @@
|
||||||
|
|
||||||
# Declarative partitioning and formatting
|
# Declarative partitioning and formatting
|
||||||
disko = {
|
disko = {
|
||||||
url = "github:nix-community/disko";
|
url = "github:nix-community/disko/v1.6.1";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -115,6 +115,16 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
nebula = nixpkgs.lib.nixosSystem {
|
||||||
|
inherit specialArgs;
|
||||||
|
modules = [
|
||||||
|
./hosts/nebula
|
||||||
|
home-manager.nixosModules.home-manager
|
||||||
|
{
|
||||||
|
home-manager.extraSpecialArgs = specialArgs;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,6 @@
|
||||||
inputs.nix-colors.homeManagerModules.default
|
inputs.nix-colors.homeManagerModules.default
|
||||||
./zsh.nix
|
./zsh.nix
|
||||||
./nixvim
|
./nixvim
|
||||||
./fonts.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [
|
||||||
|
@ -29,5 +28,5 @@
|
||||||
libqalculate
|
libqalculate
|
||||||
;
|
;
|
||||||
};
|
};
|
||||||
home.stateVersion = "23.11";
|
home.stateVersion = "24.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,15 +0,0 @@
|
||||||
{ pkgs, ... }:
|
|
||||||
{
|
|
||||||
fonts.fontconfig.enable = true;
|
|
||||||
home.packages = with pkgs; [
|
|
||||||
nerdfonts
|
|
||||||
noto-fonts
|
|
||||||
noto-fonts-cjk
|
|
||||||
noto-fonts-emoji
|
|
||||||
hack-font
|
|
||||||
liberation_ttf
|
|
||||||
libertine
|
|
||||||
font-awesome
|
|
||||||
];
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,4 +1,16 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
|
{
|
||||||
|
fonts.fontconfig.enable = true;
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
nerdfonts
|
||||||
|
noto-fonts
|
||||||
|
noto-fonts-cjk
|
||||||
|
noto-fonts-emoji
|
||||||
|
hack-font
|
||||||
|
liberation_ttf
|
||||||
|
libertine
|
||||||
|
font-awesome
|
||||||
|
];
|
||||||
fonts = {
|
fonts = {
|
||||||
fontconfig = {
|
fontconfig = {
|
||||||
defaultFonts = {
|
defaultFonts = {
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
{ ...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
# Import users
|
||||||
|
./users/admin
|
||||||
|
|
||||||
|
./common/core
|
||||||
|
|
||||||
|
# Import optional
|
||||||
|
./common/optional/git.nix
|
||||||
|
|
||||||
|
];
|
||||||
|
}
|
|
@ -3,7 +3,6 @@
|
||||||
{
|
{
|
||||||
home.username = "admin";
|
home.username = "admin";
|
||||||
home.homeDirectory = "/home/admin";
|
home.homeDirectory = "/home/admin";
|
||||||
home.stateVersion = "23.11";
|
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?
|
] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
{
|
{
|
||||||
home.username = "media";
|
home.username = "media";
|
||||||
home.homeDirectory = "/home/media";
|
home.homeDirectory = "/home/media";
|
||||||
home.stateVersion = "23.11";
|
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
inputs.impermanence.nixosModules.home-manager.impermanence
|
inputs.impermanence.nixosModules.home-manager.impermanence
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
{
|
{
|
||||||
home.username = "sam";
|
home.username = "sam";
|
||||||
home.homeDirectory = "/home/sam";
|
home.homeDirectory = "/home/sam";
|
||||||
home.stateVersion = "23.11";
|
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?
|
] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?
|
||||||
|
|
|
@ -4,6 +4,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
inputs.impermanence.nixosModules.impermanence
|
||||||
./sops.nix
|
./sops.nix
|
||||||
./locale.nix
|
./locale.nix
|
||||||
];
|
];
|
||||||
|
@ -44,5 +45,5 @@ in
|
||||||
pkgs.vim
|
pkgs.vim
|
||||||
];
|
];
|
||||||
|
|
||||||
system.stateVersion = "23.11";
|
system.stateVersion = "24.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
{
|
||||||
|
type = "btrfs";
|
||||||
|
extraArgs = ["-f"];
|
||||||
|
subvolumes = {
|
||||||
|
"/root" = {
|
||||||
|
mountpoint = "/";
|
||||||
|
mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
"/nix" = {
|
||||||
|
mountOptions = [ "subvol=nix" "noatime" ];
|
||||||
|
mountpoint = "/nix";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/swap" = {
|
||||||
|
mountOptions = [ "noatime" ];
|
||||||
|
mountpoint = "/.swapvol";
|
||||||
|
swap.swapfile.size = "8192M";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,11 +1,11 @@
|
||||||
{ device, fsType, encrypted, ... }:
|
{ device, fsType, encrypted, impermanence, ... }:
|
||||||
let
|
let
|
||||||
# basic and perists configs. basic fs = ext4, persist fs = btrfs either encrypted or under lvm
|
fsModule = if impermanence then ./${fsType}/persist.nix else ./${fsType}/standard.nix;
|
||||||
basic = import ./gpt-bios-compact.nix { inherit device; };
|
basic = import ./${fsType}/basic.nix { inherit device; };
|
||||||
btrfs-persist-lvm = import ./btrfs-lvm.nix { inherit device; };
|
lvm = import ./lvm.nix { inherit device; fsModule = fsModule; };
|
||||||
btrfs-persist-luks = import ./btrfs-luks.nix { inherit device; };
|
luks = import ./luks.nix { inherit device; fsModule = fsModule; };
|
||||||
in
|
in
|
||||||
if fsType == "ext4" then basic
|
if fsType == "ext4" then basic
|
||||||
else if fsType == "btrfs" && encrypted then btrfs-persist-luks
|
else if fsType == "btrfs" && encrypted then luks
|
||||||
else if fsType == "btrfs" then btrfs-persist-lvm
|
else if fsType == "btrfs" then lvm
|
||||||
else null # or some default value
|
else null
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
{device ? throw "Must define a device, e.g. /dev/sda"}:
|
{
|
||||||
|
device ? throw "Must define a device, e.g. /dev/sda",
|
||||||
|
fsModule ? "Must specify submodule"
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
disko.devices = {
|
disko.devices = {
|
||||||
disk = {
|
disk = {
|
||||||
|
@ -26,7 +29,7 @@
|
||||||
type = "luks";
|
type = "luks";
|
||||||
name = "crypted";
|
name = "crypted";
|
||||||
passwordFile = "/tmp/luks_secret.key"; # Interactive
|
passwordFile = "/tmp/luks_secret.key"; # Interactive
|
||||||
content = (import ./btrfs-persist.nix);
|
content = (import "${fsModule}");
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
|
@ -1,4 +1,7 @@
|
||||||
{device ? throw "Must define a device, e.g. /dev/sda"}:
|
{
|
||||||
|
device ? throw "Must define a device, e.g. /dev/sda",
|
||||||
|
fsModule ? "Must specify submodule"
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
disko.devices = {
|
disko.devices = {
|
||||||
disk.main = {
|
disk.main = {
|
||||||
|
@ -36,7 +39,7 @@
|
||||||
lvs = {
|
lvs = {
|
||||||
root = {
|
root = {
|
||||||
size = "100%FREE";
|
size = "100%FREE";
|
||||||
content = (import ./btrfs-persist.nix);
|
content = (import "${fsModule}");
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
|
@ -15,14 +15,9 @@ in
|
||||||
hashedPasswordFile = sopsHashedPasswordFile;
|
hashedPasswordFile = sopsHashedPasswordFile;
|
||||||
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
|
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
|
||||||
|
|
||||||
extraGroups =
|
extraGroups = ["wheel"];
|
||||||
[
|
|
||||||
"wheel"
|
|
||||||
];
|
|
||||||
|
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
flatpak
|
|
||||||
gnome.gnome-software
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,51 @@
|
||||||
|
{ inputs, config, lib, pkgs, outputs, ... }:
|
||||||
|
let
|
||||||
|
# Disko setup
|
||||||
|
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
|
||||||
|
dev = "/dev/sda"; # depends on target hardware
|
||||||
|
encrypted = false; # currrently only applies to btrfs
|
||||||
|
impermanence = false; # currrently only applies to btrfs
|
||||||
|
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
|
||||||
|
user = "admin";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
# Create users for this host
|
||||||
|
../common/users/${user}
|
||||||
|
|
||||||
|
# Disk configuration
|
||||||
|
inputs.disko.nixosModules.disko
|
||||||
|
(import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
|
||||||
|
|
||||||
|
# Import core options
|
||||||
|
./hardware-configuration.nix
|
||||||
|
../common/core
|
||||||
|
|
||||||
|
# Import optional options
|
||||||
|
../common/optional/openssh.nix
|
||||||
|
|
||||||
|
|
||||||
|
];
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
loader = {
|
||||||
|
systemd-boot.enable = true;
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
timeout = 3;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "nebula";
|
||||||
|
networkmanager.enable = true;
|
||||||
|
enableIPv6 = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
|
boot.zfs.forceImportRoot = false;
|
||||||
|
networking.hostId = "18aec5d7";
|
||||||
|
|
||||||
|
services.libinput.enable = true;
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
|
||||||
|
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
}
|
|
@ -6,6 +6,7 @@ let
|
||||||
encrypted = true; # currrently only applies to btrfs
|
encrypted = true; # currrently only applies to btrfs
|
||||||
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
|
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
|
||||||
user = "sam";
|
user = "sam";
|
||||||
|
impermanence = true;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
@ -15,11 +16,10 @@ in
|
||||||
|
|
||||||
# Disk configuration
|
# Disk configuration
|
||||||
inputs.disko.nixosModules.disko
|
inputs.disko.nixosModules.disko
|
||||||
(import ../common/disks { device = dev; fsType = fsType; encrypted = encrypted; })
|
(import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
|
||||||
|
|
||||||
# Impermanence
|
# Impermanence
|
||||||
inputs.impermanence.nixosModules.impermanence
|
(import ../common/disks/btrfs/impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
|
||||||
(import ../common/disks/btrfs-impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
|
|
||||||
|
|
||||||
# Import core options
|
# Import core options
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
|
|
@ -5,6 +5,7 @@ let
|
||||||
dev = "/dev/sda"; # depends on target hardware
|
dev = "/dev/sda"; # depends on target hardware
|
||||||
encrypted = false; # currrently only applies to btrfs
|
encrypted = false; # currrently only applies to btrfs
|
||||||
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
|
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
|
||||||
|
impermanence = true;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
@ -14,11 +15,10 @@ in
|
||||||
|
|
||||||
# Disk configuration
|
# Disk configuration
|
||||||
inputs.disko.nixosModules.disko
|
inputs.disko.nixosModules.disko
|
||||||
(import ../common/disks { device = dev; fsType = fsType; encrypted = encrypted; })
|
(import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
|
||||||
|
|
||||||
# Impermanence
|
# Impermanence
|
||||||
inputs.impermanence.nixosModules.impermanence
|
(import ../common/disks/btrfs/impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
|
||||||
(import ../common/disks/btrfs-impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
|
|
||||||
|
|
||||||
# Import core options
|
# Import core options
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
|
|
@ -17,6 +17,8 @@ read -p "Enter hostname of target: " hostname
|
||||||
read -p "Enter IP of target: " ip
|
read -p "Enter IP of target: " ip
|
||||||
read -p "Enter config to install on target: " config
|
read -p "Enter config to install on target: " config
|
||||||
read -p "Enter username (if none, use 'root'): " username
|
read -p "Enter username (if none, use 'root'): " username
|
||||||
|
read -p "Using impermanence? (yes|no): " impermanence
|
||||||
|
[ "$impermanence" = "yes" ] && persist="/persist"
|
||||||
|
|
||||||
# Delete key in known hosts if exists
|
# Delete key in known hosts if exists
|
||||||
sed -i "/$ip/d" ~/.ssh/known_hosts
|
sed -i "/$ip/d" ~/.ssh/known_hosts
|
||||||
|
@ -36,11 +38,11 @@ cleanup() {
|
||||||
trap cleanup EXIT
|
trap cleanup EXIT
|
||||||
|
|
||||||
# Create the directory for target host keys
|
# Create the directory for target host keys
|
||||||
install -d -m755 "$temp/persist/etc/ssh"
|
install -d -m755 "$temp$persist/etc/ssh"
|
||||||
|
|
||||||
# Create ssh keys
|
# Create ssh keys
|
||||||
echo "Creating '$hostname' ssh keys"
|
echo "Creating '$hostname' ssh keys"
|
||||||
ssh-keygen -t ed25519 -f "$temp/persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N ""
|
ssh-keygen -t ed25519 -f "$temp$persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N ""
|
||||||
|
|
||||||
# Extract luks key from secrets
|
# Extract luks key from secrets
|
||||||
luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ../nix-secrets/secrets.yaml")
|
luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ../nix-secrets/secrets.yaml")
|
||||||
|
@ -48,7 +50,7 @@ echo "$luks_secret" > /tmp/luks_secret.key
|
||||||
|
|
||||||
# Generate age key from target host and user public ssh key
|
# Generate age key from target host and user public ssh key
|
||||||
echo "Generating age key from target host and user ssh key"
|
echo "Generating age key from target host and user ssh key"
|
||||||
HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp/persist/etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age")
|
HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp$persist/etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age")
|
||||||
echo -e "Host age key:\n$HOST_AGE_KEY\n"
|
echo -e "Host age key:\n$HOST_AGE_KEY\n"
|
||||||
|
|
||||||
# Update .sops.yaml with new age key:
|
# Update .sops.yaml with new age key:
|
||||||
|
@ -67,10 +69,10 @@ sed -i "{
|
||||||
just update-sops-secrets && just update-flake-secrets && just update-flake
|
just update-sops-secrets && just update-flake-secrets && just update-flake
|
||||||
|
|
||||||
# Copy current nix config over to target
|
# Copy current nix config over to target
|
||||||
cp -prv . "$temp/persist/etc/nixos"
|
cp -prv . "$temp$persist/etc/nixos"
|
||||||
|
|
||||||
# Install Nixos to target
|
# Install Nixos to target
|
||||||
SHELL=/bin/sh nix run github:nix-community/nixos-anywhere -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"
|
SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"
|
||||||
[ $? != 0 ] && echo "Error installing Nixos" && exit 1
|
[ $? != 0 ] && echo "Error installing Nixos" && exit 1
|
||||||
|
|
||||||
## Delete keys from local known_hosts
|
## Delete keys from local known_hosts
|
||||||
|
|
Loading…
Reference in New Issue