diff options
| -rw-r--r-- | Justfile | 14 | ||||
| -rw-r--r-- | README.md | 82 | ||||
| -rw-r--r-- | flake.nix | 43 | ||||
| -rw-r--r-- | home-manager/dotfiles/default.nix | 5 | ||||
| -rw-r--r-- | home-manager/dotfiles/example.rc | 1 | ||||
| -rw-r--r-- | home-manager/dotfiles/monitors.xml | 162 | ||||
| -rw-r--r-- | home-manager/home.nix | 43 | ||||
| -rw-r--r-- | home-manager/packages.nix | 17 | ||||
| -rw-r--r-- | home-manager/programs/default.nix | 13 | ||||
| -rw-r--r-- | home-manager/programs/firefox/default.nix | 36 | ||||
| -rw-r--r-- | home-manager/programs/git.nix | 15 | ||||
| -rw-r--r-- | home-manager/programs/ssh.nix | 20 | ||||
| -rw-r--r-- | modules/home-manager/default.nix | 6 | ||||
| -rw-r--r-- | modules/nixos/default.nix | 6 | ||||
| -rw-r--r-- | nixos/configuration.nix | 51 | ||||
| -rw-r--r-- | nixos/desktop/default.nix | 26 | ||||
| -rw-r--r-- | nixos/desktop/fonts.nix | 42 | ||||
| -rw-r--r-- | nixos/hardware.nix | 127 | ||||
| -rw-r--r-- | nixos/impermanence.nix | 48 | ||||
| -rw-r--r-- | nixos/locale.nix | 12 | ||||
| -rw-r--r-- | nixos/nix.nix | 22 | ||||
| -rw-r--r-- | nixos/user.nix | 25 | ||||
| -rw-r--r-- | overlays/default.nix | 16 | ||||
| -rw-r--r-- | pkgs/default.nix | 6 | ||||
| -rw-r--r-- | scripts/disko.nix | 74 | ||||
| -rwxr-xr-x | scripts/install.sh | 14 |
26 files changed, 926 insertions, 0 deletions
diff --git a/Justfile b/Justfile new file mode 100644 index 0000000..0408323 --- /dev/null +++ b/Justfile @@ -0,0 +1,14 @@ +rebuild: + sudo nixos-rebuild switch --flake .#nixbook + +debug: + sudo nixos-rebuild switch --flake .#nixbook --show-trace --verbose + +test: + sudo nixos-rebuild test --flake .#nixbook --show-trace --verbose + +clean: + nix-collect-garbage -d + +update: + nix flake update --commit-lock-file diff --git a/README.md b/README.md new file mode 100644 index 0000000..880fdd9 --- /dev/null +++ b/README.md @@ -0,0 +1,82 @@ +[](https://builtwithnix.org) +[](https://chen.cachix.org) + +<p align="center"> + <img src="./assets/nixos-logo.png" width=30% /> +</p> + +<h2 align="center"> + NixBook: Chen's NixOS Configurations +</h2> + +> Welcome to NixBook, a repository where I share my NixOS and home-manager configuration files for my EliteBook 865 G10. + +## Highlights + +- **Tmpfs as root & home**: Automatically erases the root (`/`) and home (`/home`) on each boot, ensuring a clean state. Persistent data is managed by the [Impermanence] module (See [tmpfs as root] and [tmpfs as home] for more details). +- **Encrypted single Btrfs partition**: LUKS enhances security by adding password protection to the disk. Btrfs also supports easy snapshot backups. +- **Declarative disk partitioning**: eliminates the need for manual partitioning, mounting, and unmounting during the installation phase +- **Efficient Desktop Environment**: Optimized for productivity with minimal distractions, featuring only essential visual elements. It supports an automatic switch between light and dark themes. +- **Theorem proving toolchains in PL research**: `abella`, `coq`, `lngen` and `ott` toolchain stuff. Packages maintained by me: + - `nixpkgs`: [`lngen`] + - [`nur.repos.chen`]: forked version of `abella` ([`abella-modded`]) and `ott` ([`ott-sweirich`]) + +## Installation + +To install the Nixbook configurations on your system, start by booting your computer with a LiveCD. Once you have successfully booted into the LiveCD environment, open a terminal and enter: + +```console +git clone https://github.com/cu1ch3n/nixbook +cd nixbook/script +chmod +x ./install.sh +./install.sh +``` + +**IMPORTANT NOTE**: If you are not me and your hardware is not EliteBook 865 G10, please avoid using `./install.sh` directly. Instead, consider adapting the configurations to suit your own hardware and needs. You'll likely need to make adjustments in several very personal places: + +- `scripts/disko.nix`: Update the disk device, partitions, and the path to password files. +- `nixos/hardware.nix`: Generate an initial hardware configuration with `nixos-generate-config` and **carefully** replace the settings accordingly. +- `nixos/user.nix`: Replace the username if it's not "Chen." +- `nixos/secrets.nix`: Replace the username. +- `home-manager/home.nix`: Replace the username. +- `home-manager/dotfiles/default.nix`: Comment out the configuration unless you're using the same monitor setup. +- `home-manager/programs/git.nix`: Update your Git settings as needed. + +## Post-installation + +After the installation, there are a few settings that need to be configured manually. These settings are not managed declaratively through NixOS: +- Set user fingerprint +- 1Password SSH & CLI integration +- Doom Emacs (git clone and install) + +## Rebuild NixOS configuration + +```console +just rebuild +``` + +## Update flake lock file + +```console +just update +``` + +## Preview + +### Light + + + + +### Dark + + + + +[`abella-modded`]: https://github.com/nix-community/nur-combined/tree/master/repos/chen/pkgs/abella-modded/default.nix +[`ott-sweirich`]: https://github.com/nix-community/nur-combined/tree/master/repos/chen/pkgs/ott-sweirich/default.nix +[`lngen`]: https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/ln/lngen/package.nix +[`nur.repos.chen`]: https://nur.nix-community.org/repos/chen/ +[Impermanence]: https://github.com/nix-community/impermanence +[tmpfs as root]: https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/ +[tmpfs as home]: https://elis.nu/blog/2020/06/nixos-tmpfs-as-home/ diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..10309ea --- /dev/null +++ b/flake.nix @@ -0,0 +1,43 @@ +{ + description = "Copied configurations"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-master.url = "github:nixos/nixpkgs/master"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nur.url = "github:nix-community/NUR"; + hardware.url = "github:nixos/nixos-hardware"; + impermanence.url = "github:nix-community/impermanence"; + }; + + outputs = { + self, + nixpkgs, + ... + } @ inputs: let + inherit (self) outputs; + systems = ["x86_64-linux"]; + forAllSystems = nixpkgs.lib.genAttrs systems; + in { + packages = forAllSystems (system: import ./pkgs {pkgs = nixpkgs.legacyPackages.${system};}); + formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra); + + overlays = import ./overlays {inherit inputs;}; + + nixosModules = import ./modules/nixos; + homeManagerModules = import ./modules/home-manager; + + # nixos-rebuild --flake .#nixbook + nixosConfigurations = { + nixosvm = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs outputs;}; + modules = [./nixos/configuration.nix]; + }; + }; + }; +} diff --git a/home-manager/dotfiles/default.nix b/home-manager/dotfiles/default.nix new file mode 100644 index 0000000..4efd38f --- /dev/null +++ b/home-manager/dotfiles/default.nix @@ -0,0 +1,5 @@ +{ + xdg.configFile = { + "example.rc".source = ./example.rc; + }; +} diff --git a/home-manager/dotfiles/example.rc b/home-manager/dotfiles/example.rc new file mode 100644 index 0000000..c48c419 --- /dev/null +++ b/home-manager/dotfiles/example.rc @@ -0,0 +1 @@ +this is the example.rc diff --git a/home-manager/dotfiles/monitors.xml b/home-manager/dotfiles/monitors.xml new file mode 100644 index 0000000..316c57e --- /dev/null +++ b/home-manager/dotfiles/monitors.xml @@ -0,0 +1,162 @@ +<monitors version="2"> + <configuration> + <logicalmonitor> + <x>0</x> + <y>1017</y> + <scale>1</scale> + <primary>yes</primary> + <monitor> + <monitorspec> + <connector>eDP-1</connector> + <vendor>BOE</vendor> + <product>0x0a4f</product> + <serial>0x00000000</serial> + </monitorspec> + <mode> + <width>1920</width> + <height>1200</height> + <rate>60.003</rate> + </mode> + </monitor> + </logicalmonitor> + <logicalmonitor> + <x>1920</x> + <y>0</y> + <scale>1</scale> + <transform> + <rotation>left</rotation> + <flipped>no</flipped> + </transform> + <monitor> + <monitorspec> + <connector>HDMI-1</connector> + <vendor>DEL</vendor> + <product>DELL S2721DGF</product> + <serial>4GYNS83</serial> + </monitorspec> + <mode> + <width>2560</width> + <height>1440</height> + <rate>59.951</rate> + </mode> + </monitor> + </logicalmonitor> + </configuration> + <configuration> + <logicalmonitor> + <x>1920</x> + <y>0</y> + <scale>1</scale> + <primary>yes</primary> + <monitor> + <monitorspec> + <connector>eDP</connector> + <vendor>BOE</vendor> + <product>0x0a4f</product> + <serial>0x00000000</serial> + </monitorspec> + <mode> + <width>1920</width> + <height>1200</height> + <rate>60.003</rate> + </mode> + </monitor> + </logicalmonitor> + <logicalmonitor> + <x>0</x> + <y>0</y> + <scale>1</scale> + <monitor> + <monitorspec> + <connector>DisplayPort-1</connector> + <vendor>RTK</vendor> + <product>FHD</product> + <serial>0x00000000</serial> + </monitorspec> + <mode> + <width>1920</width> + <height>1280</height> + <rate>60.000</rate> + </mode> + </monitor> + </logicalmonitor> + </configuration> + <configuration> + <logicalmonitor> + <x>1920</x> + <y>0</y> + <scale>1</scale> + <primary>yes</primary> + <monitor> + <monitorspec> + <connector>eDP-1</connector> + <vendor>BOE</vendor> + <product>0x0a4f</product> + <serial>0x00000000</serial> + </monitorspec> + <mode> + <width>1920</width> + <height>1200</height> + <rate>60.003</rate> + </mode> + </monitor> + </logicalmonitor> + <logicalmonitor> + <x>0</x> + <y>0</y> + <scale>2</scale> + <monitor> + <monitorspec> + <connector>DP-1</connector> + <vendor>RTK</vendor> + <product>FHD</product> + <serial>0x00000000</serial> + </monitorspec> + <mode> + <width>1920</width> + <height>1280</height> + <rate>60.000</rate> + </mode> + </monitor> + </logicalmonitor> + </configuration> + <configuration> + <logicalmonitor> + <x>0</x> + <y>0</y> + <scale>2</scale> + <monitor> + <monitorspec> + <connector>DP-2</connector> + <vendor>RTK</vendor> + <product>FHD</product> + <serial>0x00000000</serial> + </monitorspec> + <mode> + <width>1920</width> + <height>1280</height> + <rate>60.000</rate> + </mode> + </monitor> + </logicalmonitor> + <logicalmonitor> + <x>1920</x> + <y>0</y> + <scale>1</scale> + <primary>yes</primary> + <monitor> + <monitorspec> + <connector>eDP-1</connector> + <vendor>BOE</vendor> + <product>0x0a4f</product> + <serial>0x00000000</serial> + </monitorspec> + <mode> + <width>1920</width> + <height>1200</height> + <rate>60.003</rate> + </mode> + </monitor> + </logicalmonitor> + </configuration> +</monitors>
\ No newline at end of file diff --git a/home-manager/home.nix b/home-manager/home.nix new file mode 100644 index 0000000..88fbcf3 --- /dev/null +++ b/home-manager/home.nix @@ -0,0 +1,43 @@ +{ + inputs, + outputs, + config, + ... +}: { + imports = [ + ./dotfiles + ./programs + ./packages.nix + ]; + + nixpkgs = { + overlays = [ + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.master-packages + ]; + config = { + allowUnfree = true; + # Workaround for https://github.com/nix-community/home-manager/issues/2942 + allowUnfreePredicate = _: true; + + # permittedInsecurePackages = [ + # "openssl-1.1.1w" + # "electron-27.3.11" + # ]; + }; + }; + + home = { + username = "grm"; + homeDirectory = "/home/grm"; + sessionPath = ["$HOME/bin"]; + }; + + xdg.mimeApps.enable = true; + + # Nicely reload system units when changing configs + systemd.user.startServices = "sd-switch"; + + home.stateVersion = "24.11"; +} diff --git a/home-manager/packages.nix b/home-manager/packages.nix new file mode 100644 index 0000000..eeef0c6 --- /dev/null +++ b/home-manager/packages.nix @@ -0,0 +1,17 @@ +{pkgs, ...}: { + home.packages = with pkgs; [ + # discord + firefox + inotify-tools + tree + ]; + + # xdg.mimeApps = { + # associations.added = { + # "application/pdf" = "okular.desktop"; + # }; + # defaultApplications = { + # "application/pdf" = "okular.desktop"; + # }; + # }; +} diff --git a/home-manager/programs/default.nix b/home-manager/programs/default.nix new file mode 100644 index 0000000..cbd589d --- /dev/null +++ b/home-manager/programs/default.nix @@ -0,0 +1,13 @@ +{ + imports = [ + ./firefox + ./git.nix + ./ssh.nix + ]; + + programs = { + home-manager.enable = true; + tmux.enable = true; + vim.enable = true; + }; +} diff --git a/home-manager/programs/firefox/default.nix b/home-manager/programs/firefox/default.nix new file mode 100644 index 0000000..01ef321 --- /dev/null +++ b/home-manager/programs/firefox/default.nix @@ -0,0 +1,36 @@ +{pkgs, ...}: { + programs.firefox = { + enable = true; + package = pkgs.firefox; + + profiles.default = { + id = 0; + isDefault = true; + + extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + translate-web-pages + ublock-origin + ]; + + settings = { + "browser.tabs.loadBookmarksInTabs" = true; # Opening bookmarks in new tabs + "browser.tabs.firefox-view" = false; + "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; # Disable pocket + "extensions.pocket.enabled" = false; # Disable pocket + "identity.fxaccounts.enabled" = false; # Disable Firefox accounts integration + "media.eme.enabled" = true; # Enable DRM + "media.gmp-widevinecdm.visible" = true; # Enable DRM + "media.gmp-widevinecdm.enabled" = true; # Enable DRM + "media.videocontrols.picture-in-picture.video-toggle.always-show" = true; # Always shows the Picture in Picture toggle + "narrate.enabled" = false; # Disable text to speech in reader mode + "signon.autofillForms" = false; # Disable built-in form-filling + "signon.rememberSignons" = false; # Disable built-in password manager + "ui.systemUsesDarkTheme" = true; # Dark mode + }; + + # search = { + # default = "Google"; + # }; + }; + }; +} diff --git a/home-manager/programs/git.nix b/home-manager/programs/git.nix new file mode 100644 index 0000000..f48766f --- /dev/null +++ b/home-manager/programs/git.nix @@ -0,0 +1,15 @@ +{pkgs, ...}: { + programs.git = { + enable = true; + userName = "grm"; + userEmail = "anastasis.gramm2@gmail.com"; + # extraConfig = { + # user.signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAikGltB46LIhsjvVIa2X8iP2do5CnpVXJojvfGiYsmW"; + # gpg = { + # format = "ssh"; + # "ssh".program = "${pkgs._1password-gui}/bin/op-ssh-sign"; + # }; + # commit.gpgsign = true; + # }; + }; +} diff --git a/home-manager/programs/ssh.nix b/home-manager/programs/ssh.nix new file mode 100644 index 0000000..8c079b0 --- /dev/null +++ b/home-manager/programs/ssh.nix @@ -0,0 +1,20 @@ +{ + programs.ssh = { + enable = true; + matchBlocks = { + "portal" = { + hostname = "portal.eyesin.space"; + port = 22; + user = "root"; + }; + "gizmo" = { + hostname = "37.60.220.238"; + port = 22; + user = "root"; + }; + # "*" = { + # extraOptions.IdentityAgent = ""; + # }; + }; + }; +} diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix new file mode 100644 index 0000000..45aae31 --- /dev/null +++ b/modules/home-manager/default.nix @@ -0,0 +1,6 @@ +# Add your reusable home-manager modules to this directory, on their own file (https://nixos.wiki/wiki/Module). +# These should be stuff you would like to share with others, not your personal configurations. +{ + # List your module files here + # my-module = import ./my-module.nix; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..8605069 --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,6 @@ +# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module). +# These should be stuff you would like to share with others, not your personal configurations. +{ + # List your module files here + # my-module = import ./my-module.nix; +} diff --git a/nixos/configuration.nix b/nixos/configuration.nix new file mode 100644 index 0000000..be8e03f --- /dev/null +++ b/nixos/configuration.nix @@ -0,0 +1,51 @@ +{ + inputs, + outputs, + pkgs, + ... +}: { + imports = [ + ./desktop + ./hardware.nix + ./impermanence.nix + ./locale.nix + ./nix.nix + ./user.nix + inputs.home-manager.nixosModules.home-manager + ]; + + nixpkgs = { + overlays = [ + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.master-packages + inputs.nur.overlay + ]; + config = { + allowUnfree = true; + }; + }; + + home-manager = { + backupFileExtension = "bak"; + extraSpecialArgs = {inherit inputs outputs;}; + users.chen = import ../home-manager/home.nix; + }; + + networking = { + hostName = "nixosvm"; + networkmanager.enable = true; + firewall.enable = true; + }; + + environment.systemPackages = with pkgs; [ + git + htop + wget + ]; + + services.ntp.enable = true; + security.sudo.execWheelOnly = true; + + system.stateVersion = "24.11"; +} diff --git a/nixos/desktop/default.nix b/nixos/desktop/default.nix new file mode 100644 index 0000000..dc34f11 --- /dev/null +++ b/nixos/desktop/default.nix @@ -0,0 +1,26 @@ +{ + imports = [./fonts.nix]; + + services.xserver = { + enable = true; + xkb.layout = "us"; + + desktopManager = { + xterm.enable = false; + xfce.enable = true; + }; + }; + + services.displayManager.defaultSession = "xfce"; + services.libinput.enable = true; + + # For trash + #services.gvfs.enable = true; + + #virtualisation.waydroid.enable = true; + + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; +} diff --git a/nixos/desktop/fonts.nix b/nixos/desktop/fonts.nix new file mode 100644 index 0000000..38b3ca7 --- /dev/null +++ b/nixos/desktop/fonts.nix @@ -0,0 +1,42 @@ +{pkgs, ...}: { + fonts = { + enableDefaultPackages = true; + fontconfig = { + enable = true; + defaultFonts = { + emoji = ["Noto Color Emoji"]; + monospace = [ + "Liberation Mono" + ]; + sansSerif = [ + "Liberation Sans" + ]; + serif = [ + "Liberation Serif" + ]; + }; + hinting = { + enable = true; + style = "full"; + autohint = true; + }; + }; + fontDir.enable = true; + enableGhostscriptFonts = true; + packages = with pkgs; [ + fira + fira-mono + fira-code + hack-font + inter + iosevka + liberation_ttf + nerdfonts + noto-fonts + noto-fonts-color-emoji + roboto + roboto-mono + roboto-serif + ]; + }; +} diff --git a/nixos/hardware.nix b/nixos/hardware.nix new file mode 100644 index 0000000..824d88c --- /dev/null +++ b/nixos/hardware.nix @@ -0,0 +1,127 @@ +{ + inputs, + config, + lib, + pkgs, + ... +}: { + imports = [ + inputs.hardware.nixosModules.common-cpu-amd + inputs.hardware.nixosModules.common-cpu-amd-pstate + inputs.hardware.nixosModules.common-gpu-amd + inputs.hardware.nixosModules.common-pc-laptop + inputs.hardware.nixosModules.common-pc-laptop-acpi_call + inputs.hardware.nixosModules.common-pc-laptop-ssd + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + hardware.enableRedistributableFirmware = lib.mkDefault true; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = ["synaptics_usb"]; + boot.kernelModules = ["kvm-amd"]; + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.extraModulePackages = []; + + # disable Scatter/Gather APU recently enabled by default, + # which results in white screen after display reconfiguration + boot.kernelParams = [ + "amdgpu.sg_display=0" + "amd_pstate=active" + ]; + + fileSystems."/" = { + device = "none"; + fsType = "tmpfs"; + options = ["defaults" "size=8G" "mode=755"]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-partlabel/disk-main-ESP"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + + boot.initrd.luks.devices."crypted".device = "/dev/disk/by-partlabel/disk-main-luks"; + + fileSystems."/nix" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["subvol=nix" "compress=zstd" "noatime"]; + }; + + fileSystems."/persist" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["subvol=persist" "compress=zstd" "noatime"]; + neededForBoot = true; + }; + + fileSystems."/swap" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["subvol=swap" "noatime"]; + }; + + fileSystems."/tmp" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["subvol=tmp" "noatime"]; + }; + + fileSystems."/var/log" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["subvol=log" "compress=zstd" "noatime"]; + neededForBoot = true; + }; + + boot.tmp.cleanOnBoot = true; + swapDevices = [{device = "/swap/swapfile";}]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + services.xserver = { + videoDrivers = ["amdgpu"]; + }; + + # sound = { + # enable = lib.mkForce false; + # mediaKeys.enable = true; + # }; + + # hardware.pulseaudio = { + # enable = true; + # support32Bit = true; + # }; + + # Fingerprint + services.fprintd = { + enable = true; + }; + systemd.services.fprintd = { + wantedBy = ["multi-user.target"]; + serviceConfig.Type = "simple"; + }; + + # Bluetooth + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + }; + + services.printing = { + enable = true; + drivers = [pkgs.hplip]; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/impermanence.nix b/nixos/impermanence.nix new file mode 100644 index 0000000..a2c32d9 --- /dev/null +++ b/nixos/impermanence.nix @@ -0,0 +1,48 @@ +{inputs, ...}: { + imports = [ + inputs.impermanence.nixosModules.impermanence + ]; + + environment.persistence."/persist" = { + hideMounts = true; + + directories = [ + "/var/lib/bluetooth" + "/var/lib/fprint" + "/var/lib/nixos" + "/var/lib/systemd" + "/etc/NetworkManager/system-connections" + ]; + + files = [ + # "/etc/machine-id" + ]; + + users.chen = { + directories = [ + # XDG user directories + "Desktop" + "Documents" + "Downloads" + "Music" + "Pictures" + "Public" + "Templates" + "Videos" + + # More directories + ".config/emacs" + ".local/share/Steam" + ".ssh" + ]; + + files = [ + ".history" + ]; + }; + }; + + environment.etc.machine-id.text = "67803336e24344e9aa58ea47b51180d0"; + + programs.fuse.userAllowOther = true; +} diff --git a/nixos/locale.nix b/nixos/locale.nix new file mode 100644 index 0000000..a4a429f --- /dev/null +++ b/nixos/locale.nix @@ -0,0 +1,12 @@ +{pkgs, ...}: { + time.timeZone = "Europe/Athens"; + + i18n = { + defaultLocale = "en_US.UTF-8"; + + # inputMethod = { + # enable = true; + # type = "fcitx5"; + # }; + }; +} diff --git a/nixos/nix.nix b/nixos/nix.nix new file mode 100644 index 0000000..a2ec6b0 --- /dev/null +++ b/nixos/nix.nix @@ -0,0 +1,22 @@ +{ + inputs, + lib, + config, + ... +}: { + nix = { + settings = { + experimental-features = "nix-command flakes"; + auto-optimise-store = true; + allowed-users = ["@wheel"]; + }; + # gc = { + # automatic = true; + # dates = "weekly"; + # options = "--delete-older-than +3"; + # }; + + registry = lib.mapAttrs (_: value: {flake = value;}) inputs; + nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; + }; +} diff --git a/nixos/user.nix b/nixos/user.nix new file mode 100644 index 0000000..00d4efe --- /dev/null +++ b/nixos/user.nix @@ -0,0 +1,25 @@ +{pkgs, ...}: { + users.users = { + root = { + # inherit initialHashedPassword; + hashedPasswordFile = "/persist/passwordFiles/root"; + }; + + grm = { + # inherit initialHashedPassword; + hashedPasswordFile = "/persist/passwordFiles/grm"; + description = "grm"; + isNormalUser = true; + extraGroups = ["wheel" "audio" "docker" "networkmanager"]; + }; + }; + + # Don't allow mutation of users outside of the config. + users.mutableUsers = false; + + # programs.steam = { + # enable = true; + # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + # }; +} diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..e1445f8 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,16 @@ +# This file defines overlays +{inputs, ...}: { + # This one brings our custom packages from the 'pkgs' directory + additions = final: _prev: import ../pkgs {pkgs = final;}; + + # This one contains whatever you want to overlay + modifications = final: prev: { + }; + + master-packages = final: _prev: { + master = import inputs.nixpkgs-master { + system = final.system; + config.allowUnfree = true; + }; + }; +} diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..366af60 --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,6 @@ +# Custom packages, that can be defined similarly to ones from nixpkgs +# You can build them using 'nix build .#example' +# {pkgs, ...}: { +# marvin = pkgs.callPackage ./marvin.nix {}; +# quartz = pkgs.callPackage ./quartz.nix {}; +# } diff --git a/scripts/disko.nix b/scripts/disko.nix new file mode 100644 index 0000000..6f2cc6f --- /dev/null +++ b/scripts/disko.nix @@ -0,0 +1,74 @@ +{ + disko.devices = { + nodev."/" = { + fsType = "tmpfs"; + mountOptions = [ + "defaults" + "size=16G" + "mode=755" + ]; + }; + + disk.main = { + type = "disk"; + device = "/dev/vda"; + + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + settings = { + allowDiscards = true; + }; + content = { + type = "btrfs"; + extraArgs = ["-f"]; + subvolumes = { + nix = { + mountpoint = "/nix"; + mountOptions = ["compress=zstd" "noatime"]; + }; + persist = { + mountpoint = "/persist"; + mountOptions = ["compress=zstd" "noatime"]; + }; + log = { + mountpoint = "/var/log"; + mountOptions = ["compress=zstd" "noatime"]; + }; + tmp = { + mountpoint = "/tmp"; + mountOptions = ["noatime"]; + }; + swap = { + mountpoint = "/swap"; + mountOptions = ["noatime"]; + swap.swapfile.size = "32G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/scripts/install.sh b/scripts/install.sh new file mode 100755 index 0000000..c809cc9 --- /dev/null +++ b/scripts/install.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +sudo -i + +# Partitioning, formatting and mounting +sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode zap_create_mount ./disko.nix + +# Installing +nixos-install --flake https://github.com/cu1ch3n/nixbook#nixbook --no-root-passwd + +# Setting up password files +mkdir -p /mnt/persist/passwordFiles +mkpasswd -m SHA-512 -s > /mnt/persist/passwordFiles/root +mkpasswd -m SHA-512 -s > /mnt/persist/passwordFiles/chen |