From f43b9938694974b67ab015435e8c1049bbd9ab55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20B=C3=B6hme?= Date: Mon, 25 Sep 2023 18:29:29 +0200 Subject: [PATCH] feat: make nixos-laptop empheral --- flake.lock | 249 +++++++++++------- flake.nix | 5 + hosts/nixos-laptop/default.nix | 20 +- hosts/nixos-laptop/disko.nix | 94 +++++++ hosts/nixos-laptop/hardware-configuration.nix | 41 --- hosts/nixos-laptop/impermanence.nix | 70 +++++ modules/profiles/base.nix | 6 +- modules/programs/hyprland/default.nix | 31 +-- modules/programs/nvim/options.lua | 8 +- secrets/moritz-password.age | 11 + secrets/root-password.age | Bin 0 -> 625 bytes secrets/secrets.nix | 2 + 12 files changed, 355 insertions(+), 182 deletions(-) create mode 100644 hosts/nixos-laptop/disko.nix create mode 100644 hosts/nixos-laptop/impermanence.nix create mode 100644 secrets/moritz-password.age create mode 100644 secrets/root-password.age diff --git a/flake.lock b/flake.lock index 7ff13b1..a3e2659 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1690228878, - "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=", + "lastModified": 1695384796, + "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=", "owner": "ryantm", "repo": "agenix", - "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792", + "rev": "1f677b3e161d3bdbfd08a939e8f25de2568e0ef4", "type": "github" }, "original": { @@ -41,11 +41,11 @@ "arkenfox-userjs": { "flake": false, "locked": { - "lastModified": 1693196107, - "narHash": "sha256-t6qvPFJIF+De2KqMfCI5DEA40BwWeu4AFRWOzKeEVE0=", + "lastModified": 1695299795, + "narHash": "sha256-rl6WSgyXTbSLXL3ItpbfToSPAS4+rftojSzFWxNuHU4=", "owner": "arkenfox", "repo": "user.js", - "rev": "ba173d49205ee927ed62e81e606569d98f531d38", + "rev": "56f51203bf4fea8aa778b792269205d275a62665", "type": "github" }, "original": { @@ -93,6 +93,24 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1695380190, + "narHash": "sha256-v1TwBU/mKroZZPWYXujAfOHfIaQw44swa50Jgdkr7OE=", + "owner": "nix-community", + "repo": "disko", + "rev": "98a6ab9b52f8b06db9c3116b1761bbeaf9484408", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -207,11 +225,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1692799911, - "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -297,7 +315,7 @@ "inputs": { "flake-parts": "flake-parts_3", "haskell-flake": "haskell-flake", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1688568579, @@ -379,11 +397,11 @@ ] }, "locked": { - "lastModified": 1693972774, - "narHash": "sha256-Dt9UZs0/DaIex598quYRYFuGabUbvFdNrHuvGc6HjBc=", + "lastModified": 1695550077, + "narHash": "sha256-xoxR/iY69/3lTnnZDP6gf3J46DUKPcf+Y1jH03tfZXE=", "owner": "nix-community", "repo": "home-manager", - "rev": "b22d7bab30076bbb73744867d6c5bf7d6380570c", + "rev": "a88df2fb101778bfd98a17556b3a2618c6c66091", "type": "github" }, "original": { @@ -394,14 +412,14 @@ }, "hypr-contrib": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1693839821, - "narHash": "sha256-ha9Cxqb81Yni217SoM/zFxE0nNz8IMtreTw4SlXw/D4=", + "lastModified": 1695455081, + "narHash": "sha256-AtAMze2J5Maol28OLQoCFgppRWEy06Mn9RhduXNmhiI=", "owner": "hyprwm", "repo": "contrib", - "rev": "74aa6b02ff4bd48aaee4da461a16c4cbaaa0ca7e", + "rev": "33663f663e07b4ca52c9165f74e3d793f08b15e7", "type": "github" }, "original": { @@ -413,17 +431,17 @@ "hyprland": { "inputs": { "hyprland-protocols": "hyprland-protocols", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "systems": "systems_2", "wlroots": "wlroots", "xdph": "xdph" }, "locked": { - "lastModified": 1693944974, - "narHash": "sha256-kWa86ahIQvQIgo3GYFJShlBuKTXfggVbrZjkbdjct7U=", + "lastModified": 1695558936, + "narHash": "sha256-KcSkwSDlrt3Xwtit+NTu2aToiRm5Aho9joj2r6nb19w=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "c3a83daa1e61285a418c39a1d9f29427c2c9a2c3", + "rev": "352ceb1117b79cd0bc3fa86ebe435b6909512ddb", "type": "github" }, "original": { @@ -459,14 +477,14 @@ }, "hyprpaper": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1692480535, - "narHash": "sha256-3Q0Uz/JPW9USHyAmrzRl6KhZLqMYTWkmtL3RA+oAeVY=", + "lastModified": 1694600309, + "narHash": "sha256-d9LcB+D0bfMu+8UhnUVJ/DX5OVTX6o5dIntdVqEeQDA=", "owner": "hyprwm", "repo": "hyprpaper", - "rev": "5e73eb60552d48d55541c60f9a8da2b666003fe6", + "rev": "e5a18a171d5d6e7c6b9ffdfb9e86fb09055964a1", "type": "github" }, "original": { @@ -475,6 +493,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1694622745, + "narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "lowdown-src": { "flake": false, "locked": { @@ -493,11 +526,11 @@ }, "master": { "locked": { - "lastModified": 1693980916, - "narHash": "sha256-J7JJCpNiHbXb3D7pb1JkeOTUEpJJXiGI6BngfbnhiIM=", + "lastModified": 1695566498, + "narHash": "sha256-pitC2KSFFQr0VVWTWrhOYM3JkHMTGJ+n2f3swZNRjq8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6485865ec300c7baf9e51ad5d64c30355ee511e7", + "rev": "46338210c41bbb92502517cccbb2223973a17a62", "type": "github" }, "original": { @@ -538,11 +571,11 @@ }, "locked": { "dir": "contrib", - "lastModified": 1693954768, - "narHash": "sha256-DIyHgdfhmftTN2aHVEmJ1q/W2o0Slild0McAf4sEa8U=", + "lastModified": 1695509205, + "narHash": "sha256-nV3opNLzLMfzL0yI+xnIeNIOnvOI467CiABxHTQUrwY=", "owner": "neovim", "repo": "neovim", - "rev": "2ef7b6a433c61837bcef0fca297a665551835423", + "rev": "bc0bf9d030bbcb01db69c44cf88b95ca41dd3065", "type": "github" }, "original": { @@ -558,14 +591,14 @@ "flake-parts": "flake-parts", "hercules-ci-effects": "hercules-ci-effects", "neovim-flake": "neovim-flake", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1693958686, - "narHash": "sha256-UgdB+EXYbi90vm2fam4tYgY9hYGwxSk0sxG96jIyeg4=", + "lastModified": 1695513850, + "narHash": "sha256-tzhm05TH22eI+ePzuPHrMgq2sjLkEW1q1E515+VRVuw=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "14defe836200c45acf14f3616d7ba20959028cf8", + "rev": "07c3b00574cb6645d92786c5a5531cb20426785d", "type": "github" }, "original": { @@ -585,11 +618,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1693724255, - "narHash": "sha256-+Ucv/aBN9wwRE62sUJEBocI+9no7PV4KRDNuFQgygzU=", + "lastModified": 1695485017, + "narHash": "sha256-aQyRBJnT4tftexM/Y3etfOk8tfMFZzt+vSVtL2J0KLY=", "owner": "oxalica", "repo": "nil", - "rev": "4bdcfcfe38cfcb386142e043392afbfa542665dd", + "rev": "510bc6e9b41d39c81b9c815065cb5b7e23a2428c", "type": "github" }, "original": { @@ -623,11 +656,11 @@ "nixpkgs-regression": "nixpkgs-regression" }, "locked": { - "lastModified": 1692913762, - "narHash": "sha256-WIz/rGYBUdRtkZx5BPbE9DXHfUCKlYuKkPzDsP4u77w=", + "lastModified": 1695405275, + "narHash": "sha256-R4TX73TAzrW03Rdsa4HNz5ASKx5S1AKa/3SAntUHglg=", "owner": "privatevoid-net", "repo": "nix-super", - "rev": "0007178284d0247631af40931b7039d42bfc0da5", + "rev": "cae2c834f2a19db35cd46d233f5b59086b24a6f1", "type": "github" }, "original": { @@ -638,16 +671,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1658161305, - "narHash": "sha256-X/nhnMCa1Wx4YapsspyAs6QYz6T/85FofrI6NpdPDHg=", + "lastModified": 1694948089, + "narHash": "sha256-d2B282GmQ9o8klc22/Rbbbj6r99EnELQpOQjWMyv0rU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4d49de45a3b5dbcb881656b4e3986e666141ea9", + "rev": "5148520bfab61f99fd25fb9ff7bfbb50dad3c9db", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -704,11 +737,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1693158576, - "narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=", + "lastModified": 1658161305, + "narHash": "sha256-X/nhnMCa1Wx4YapsspyAs6QYz6T/85FofrI6NpdPDHg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a999c1cc0c9eb2095729d5aa03e0d8f7ed256780", + "rev": "e4d49de45a3b5dbcb881656b4e3986e666141ea9", "type": "github" }, "original": { @@ -719,6 +752,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1694767346, + "narHash": "sha256-5uH27SiVFUwsTsqC5rs3kS7pBoNhtoy9QfTP9BmknGk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ace5093e36ab1e95cb9463863491bee90d5a4183", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1683014792, "narHash": "sha256-6Va9iVtmmsw4raBc3QKvQT2KT/NGRWlvUlJj46zN8B8=", @@ -734,7 +783,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1688322751, "narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=", @@ -750,39 +799,39 @@ "type": "github" } }, - "nixpkgs_5": { - "locked": { - "lastModified": 1693844670, - "narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3c15feef7770eb5500a4b8792623e2d6f598c9c1", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_6": { "locked": { - "lastModified": 1693844670, - "narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=", - "owner": "nixos", + "lastModified": 1695318763, + "narHash": "sha256-FHVPDRP2AfvsxAdc+AsgFJevMz5VBmnZglFUMlxBkcY=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "3c15feef7770eb5500a4b8792623e2d6f598c9c1", + "rev": "e12483116b3b51a185a33a272bf351e357ba9a99", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_7": { + "locked": { + "lastModified": 1695318763, + "narHash": "sha256-FHVPDRP2AfvsxAdc+AsgFJevMz5VBmnZglFUMlxBkcY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e12483116b3b51a185a33a272bf351e357ba9a99", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { "locked": { "lastModified": 1689261696, "narHash": "sha256-LzfUtFs9MQRvIoQ3MfgSuipBVMXslMPH/vZ+nM40LkA=", @@ -798,7 +847,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1692934111, "narHash": "sha256-9EEE59v/esKNMR5zKbLRV9NoRPYvERw5jHQOnfr47bk=", @@ -836,15 +885,15 @@ "flake-compat": "flake-compat_3", "flake-utils": "flake-utils_3", "gitignore": "gitignore", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1692274144, - "narHash": "sha256-BxTQuRUANQ81u8DJznQyPmRsg63t4Yc+0kcyq6OLz8s=", + "lastModified": 1694364351, + "narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "7e3517c03d46159fdbf8c0e5c97f82d5d4b0c8fa", + "rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7", "type": "github" }, "original": { @@ -856,11 +905,11 @@ "rofi-wayland": { "flake": false, "locked": { - "lastModified": 1690115482, - "narHash": "sha256-fUneGsSWpi8zYrTbF14e/fuf0vaXF8ckOo4OhL1tInM=", + "lastModified": 1695513431, + "narHash": "sha256-WG1EyBYTbDsK4RsPgp8K/PlscvRSNthQSyN3cqxuXcc=", "owner": "lbonn", "repo": "rofi", - "rev": "ff2338c38fbf6e7049563acf55f9055bcf882a4e", + "rev": "b8dedc8836b552a0bba5f4702be63dd8521c6fbb", "type": "github" }, "original": { @@ -876,18 +925,20 @@ "agenix": "agenix", "arkenfox-userjs": "arkenfox-userjs", "asus-touchpad-numpad-driver": "asus-touchpad-numpad-driver", + "disko": "disko", "flake-utils": "flake-utils", "hmts-nvim": "hmts-nvim", "home-manager": "home-manager_2", "hypr-contrib": "hypr-contrib", "hyprland": "hyprland", "hyprpaper": "hyprpaper", + "impermanence": "impermanence", "master": "master", "neovim-nightly-overlay": "neovim-nightly-overlay", "nil": "nil", "nix-lazy-nvim": "nix-lazy-nvim", "nix-super": "nix-super", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nvim-treesitter": "nvim-treesitter", "pre-commit-hooks": "pre-commit-hooks", "rofi-wayland": "rofi-wayland", @@ -926,11 +977,11 @@ "smartcolumn-nvim": { "flake": false, "locked": { - "lastModified": 1693669522, - "narHash": "sha256-SfIbbrAFv/md9EgsJvO0RfDnc6oP5RYz8C5Icual1bU=", + "lastModified": 1694526430, + "narHash": "sha256-O9lPx4WVtiH8tCXVGtNHpcNDDIC+IdcZl8ielDD+rcY=", "owner": "m4xshen", "repo": "smartcolumn.nvim", - "rev": "d01b99355c7fab13233f48d0f28dc097e68a03f7", + "rev": "c6abf3917fcec487c7475e208ae37f5788af5b04", "type": "github" }, "original": { @@ -941,11 +992,11 @@ }, "stable": { "locked": { - "lastModified": 1693771906, - "narHash": "sha256-32EnPCaVjOiEERZ+o/2Ir7JH9pkfwJZJ27SKHNvt4yk=", + "lastModified": 1695416179, + "narHash": "sha256-610o1+pwbSu+QuF3GE0NU5xQdTHM3t9wyYhB9l94Cd8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "da5adce0ffaff10f6d0fee72a02a5ed9d01b52fc", + "rev": "715d72e967ec1dd5ecc71290ee072bcaf5181ed6", "type": "github" }, "original": { @@ -1033,11 +1084,11 @@ "telekasten-nvim": { "flake": false, "locked": { - "lastModified": 1691743763, - "narHash": "sha256-zYBMUzanFtjnsUrwxjHLvhRODLj1uwGi18wMUWnrqRA=", + "lastModified": 1694166243, + "narHash": "sha256-DblFcMlXsiHJCFojjpcwqZdnRqGuk79yoNBJTR8p5S4=", "owner": "renerocksai", "repo": "telekasten.nvim", - "rev": "584783fdbdd13bb691a435f86ed10a3717fa9e9a", + "rev": "bd5d323581f24ee124b33688287e6a22244c6f2a", "type": "github" }, "original": { @@ -1049,11 +1100,11 @@ "telescope-nvim": { "flake": false, "locked": { - "lastModified": 1693850759, - "narHash": "sha256-309GezR93SVOD7/B8dDJIEidYziepc1s46CIRkhND1k=", + "lastModified": 1695500955, + "narHash": "sha256-Sy4cDVL9HdIj8/UkCnusxACuzA6PKQiuf5Otwtlf8HA=", "owner": "nvim-telescope", "repo": "telescope.nvim", - "rev": "20a37e43bb43c74c6091f9fea6551af0964ad45a", + "rev": "ed9574dd6dde143d009b2528ea6d79bd34bbe6c8", "type": "github" }, "original": { @@ -1065,7 +1116,7 @@ "timers": { "inputs": { "naersk": "naersk", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "utils": "utils" }, "locked": { @@ -1104,18 +1155,18 @@ "flake": false, "locked": { "host": "gitlab.freedesktop.org", - "lastModified": 1692976565, - "narHash": "sha256-eBKkG7tMxg92NskEn8dHRFY245JwjirWRoOZzW6DnUw=", + "lastModified": 1695277534, + "narHash": "sha256-LEIUGXvKR5DYFQUTavC3yifcObvG4XZUUHfxXmu8nEM=", "owner": "wlroots", "repo": "wlroots", - "rev": "717ded9bb0191ea31bf4368be32e7a15fe1b8294", + "rev": "98a745d926d8048bc30aef11b421df207a01c279", "type": "gitlab" }, "original": { "host": "gitlab.freedesktop.org", "owner": "wlroots", "repo": "wlroots", - "rev": "717ded9bb0191ea31bf4368be32e7a15fe1b8294", + "rev": "98a745d926d8048bc30aef11b421df207a01c279", "type": "gitlab" } }, @@ -1135,11 +1186,11 @@ ] }, "locked": { - "lastModified": 1691841170, - "narHash": "sha256-RCTm1/MVWYPnReMgyp7tr2ogGYo/pvw38jZaFwemgPU=", + "lastModified": 1694628480, + "narHash": "sha256-Qg9hstRw0pvjGu5hStkr2UX1D73RYcQ9Ns/KnZMIm9w=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "57a3a41ba6b358109e4fc25c6a4706b5f7d93c6b", + "rev": "8f45a6435069b9e24ebd3160eda736d7a391cbf2", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index cf501b2..fb57451 100644 --- a/flake.nix +++ b/flake.nix @@ -32,6 +32,9 @@ rofi-wayland.url = "github:lbonn/rofi/wayland"; rofi-wayland.flake = false; + disko.url = "github:nix-community/disko"; + impermanence.url = "github:nix-community/impermanence"; + # Neovim neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; @@ -130,6 +133,8 @@ }; } inputs.agenix.nixosModules.age + inputs.disko.nixosModules.default + inputs.impermanence.nixosModules.impermanence ]; hosts = self.lib.my.mapModules diff --git a/hosts/nixos-laptop/default.nix b/hosts/nixos-laptop/default.nix index 6011e4c..20c12bd 100644 --- a/hosts/nixos-laptop/default.nix +++ b/hosts/nixos-laptop/default.nix @@ -3,37 +3,35 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { pkgs , inputs +, lib , ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix + ./disko.nix + ./impermanence.nix ]; my = { virtualisation.libvirtd.enable = true; + yubikey.luksSupport.enable = false; profiles = { desktop.enable = true; personal.enable = true; - webis.enable = true; + # webis.enable = true; }; + shell.aliases.zfs-diff = "sudo zfs diff zroot/encrypted/root@blank | parallel --pipe cut -f2 | parallel 'test -e /persist/{} || echo {}' | ${lib.getExe pkgs.tree} --fromfile ."; }; home-manager.users.moritz.home.packages = with pkgs; [ - jetbrains.idea-ultimate + # jetbrains.idea-ultimate ]; # BOOT boot = { - supportedFilesystems = [ "btrfs" ]; - loader = { - grub = { - enable = true; - device = "nodev"; - efiSupport = true; - }; - efi.canTouchEfiVariables = true; - }; + supportedFilesystems = [ "zfs" ]; + loader.systemd-boot.enable = true; }; # SERVICES diff --git a/hosts/nixos-laptop/disko.nix b/hosts/nixos-laptop/disko.nix new file mode 100644 index 0000000..d93e34b --- /dev/null +++ b/hosts/nixos-laptop/disko.nix @@ -0,0 +1,94 @@ +{ lib, ... }: + +{ + # needed for zfs pool + networking.hostId = "9c85d185"; + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "64M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + rootFsOptions = { + compression = "zstd"; + "com.sun:auto-snapshot" = "false"; + }; + mountpoint = null; + + datasets = { + encrypted = { + type = "zfs_fs"; + options = { + mountpoint = "none"; + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + }; + # use this to read the key during boot + postCreateHook = '' + zfs set keylocation="prompt" "zroot/$name"; + ''; + }; + "encrypted/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + postCreateHook = "zfs snapshot zroot/encrypted/root@blank"; + }; + "encrypted/nix" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/nix"; + }; + "encrypted/persist" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/persist"; + options."com.sun:auto-snapshot" = "true"; + }; + }; + }; + }; + }; + # rollback to blank + boot.initrd.postDeviceCommands = lib.mkAfter '' + zfs rollback -r zroot/encrypted/root@blank + ''; + fileSystems."/persist".neededForBoot = true; + # HACK: to fix issue of agenix running before impermanence + age.identityPaths = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_rsa_key" + "/persist/etc/ssh/ssh_host_ed25519_key" + "/persist/etc/ssh/ssh_host_rsa_key" + ]; + services.zfs = { + autoScrub.enable = true; + trim.enable = true; + autoSnapshot.enable = true; + }; +} diff --git a/hosts/nixos-laptop/hardware-configuration.nix b/hosts/nixos-laptop/hardware-configuration.nix index 76defb8..25d25d4 100644 --- a/hosts/nixos-laptop/hardware-configuration.nix +++ b/hosts/nixos-laptop/hardware-configuration.nix @@ -10,45 +10,4 @@ boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - - - fileSystems."/" = { - device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154"; - fsType = "btrfs"; - options = [ "subvol=root" "compress=zstd" ]; - }; - - boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/078b81ba-238e-471d-9951-b743588532b8"; - - fileSystems."/log" = { - device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154"; - fsType = "btrfs"; - options = [ "subvol=log" "compress=zstd" ]; - neededForBoot = true; - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154"; - fsType = "btrfs"; - options = [ "subvol=nix" "compress=zstd" ]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/938D-F813"; - fsType = "vfat"; - }; - - fileSystems."/persist" = { - device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154"; - fsType = "btrfs"; - options = [ "subvol=persist" "compress=zstd" ]; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154"; - fsType = "btrfs"; - options = [ "subvol=home" "compress=zstd" ]; - }; - - swapDevices = [{ device = "/dev/disk/by-uuid/29ebf65f-e6ca-4625-9f72-a9321152be1b"; }]; } diff --git a/hosts/nixos-laptop/impermanence.nix b/hosts/nixos-laptop/impermanence.nix new file mode 100644 index 0000000..b5c697a --- /dev/null +++ b/hosts/nixos-laptop/impermanence.nix @@ -0,0 +1,70 @@ +{ config, ... }: + +{ + age.secrets = { + root-password.file = ../../secrets/root-password.age; + moritz-password.file = ../../secrets/moritz-password.age; + }; + users.users = { + root.hashedPasswordFile = config.age.secrets.root-password.path; + moritz.hashedPasswordFile = config.age.secrets.moritz-password.path; + }; + users.mutableUsers = false; + environment.persistence."/persist" = { + hideMounts = true; + directories = [ + "/etc/NetworkManager/system-connections" + "/var/db/dhcpcd/" + "/var/lib/NetworkManager/" + "/var/lib/bluetooth" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/var/log" + ]; + files = [ + "/etc/machine-id" + "/etc/nix/id_rsa" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + users.moritz = { + directories = [ + ".SynologyDrive/data" + ".SynologyDrive/log" + ".cache/keepassxc" + ".cache/nvim/luac" + ".config/Nextcloud" + ".config/keepassxc" + ".local/share/direnv" + ".local/share/zoxide" + ".local/state/nvim" + ".mozilla" + "Documents" + "Downloads" + "Music" + "Pictures" + "Videos" + { directory = ".gnupg"; mode = "0700"; } + { directory = ".local/share/keyrings"; mode = "0700"; } + { directory = ".ssh"; mode = "0700"; } + ]; + files = [ + ".local/share/fish/fish_history" + ".local/share/nix/trusted-settings.json" + ".parallel/will-cite" + ]; + }; + users.root = { + home = "/root"; + directories = [ + { directory = ".gnupg"; mode = "0700"; } + { directory = ".ssh"; mode = "0700"; } + ]; + files = [ + ".local/share/nix/trusted-settings.json" + ]; + }; + }; +} diff --git a/modules/profiles/base.nix b/modules/profiles/base.nix index 845d53f..bab1dd9 100644 --- a/modules/profiles/base.nix +++ b/modules/profiles/base.nix @@ -84,6 +84,9 @@ let }; in { + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGoAqa2m7hIzZ2LS96Z+RCIlRvhBM/j7h27tMBCwMT+a" # Moritz + ]; users.users.moritz = { isNormalUser = true; home = "/home/moritz"; @@ -109,7 +112,7 @@ in rj = "sudo journalctl"; }; aliases = { - ls = "exa -lh --icons --git"; + ls = "${getExe pkgs.eza} -lh --icons --git"; cat = "bat"; rm = "rm -i"; mv = "mv -i"; @@ -165,7 +168,6 @@ in # utils bat cht-sh - exa f fd gi diff --git a/modules/programs/hyprland/default.nix b/modules/programs/hyprland/default.nix index 8b5a2d4..6bbeff6 100644 --- a/modules/programs/hyprland/default.nix +++ b/modules/programs/hyprland/default.nix @@ -198,30 +198,17 @@ in alsa.support32Bit = true; pulse.enable = true; }; - greetd = { + xserver = { enable = true; - settings = - let - hyprlandCommand = getExe' hyprland "Hyprland"; - in - { - initial_session = { - command = hyprlandCommand; - user = "moritz"; - }; - default_session = { - command = '' - ${pkgs.greetd.tuigreet}/bin/tuigreet \ - --time \ - --asterisks \ - --user-menu \ - --remember \ - --power-shutdown 'systemctl poweroff' \ - --power-reboot 'systemctl reboot' \ - --cmd ${hyprlandCommand} - ''; - }; + displayManager = { + lightdm.enable = true; + autoLogin = { + enable = true; + user = "moritz"; }; + defaultSession = "hyprland"; + sessionPackages = [ hyprland ]; # can't set the defaultSession otherwise + }; }; }; security.rtkit.enable = true; diff --git a/modules/programs/nvim/options.lua b/modules/programs/nvim/options.lua index 8fa8a70..891b09c 100644 --- a/modules/programs/nvim/options.lua +++ b/modules/programs/nvim/options.lua @@ -1,14 +1,8 @@ vim.g.mapleader = " " vim.g.maplocalleader = "," --- FIX to create spell dir if not existent -local spelldir = vim.fn.stdpath("config") .. "/spell" -if not vim.loop.fs_stat(spelldir) then - vim.fn.mkdir(spelldir, "p") -end - vim.opt.autoindent = true -vim.opt.backupdir = { vim.fn.stdpath("state") .. "/nvim/backup/" } -- don't store backup in files dir +vim.opt.backupdir = { vim.fn.stdpath("state") .. "/backup/" } -- don't store backup in files dir vim.opt.clipboard = "unnamedplus" -- sync with system clipboard vim.opt.conceallevel = 2 vim.opt.expandtab = true -- spaces instead of tabs diff --git a/secrets/moritz-password.age b/secrets/moritz-password.age new file mode 100644 index 0000000..739e7ee --- /dev/null +++ b/secrets/moritz-password.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 wG6LYg LK0u1kmnMlRkk3s1nqpHREr0pbtQwc+Or9XFGSk5Syo +HLc3gWskZTeWfMPgR+EBn3R3ycn+7rWKgheZuP4o9Tg +-> ssh-ed25519 ZYd7Zg w8wh8buUNQcPdihFgWVyZfCg74x01YTSbnj8Sw5dhBQ +i8/rwKnUn2QIuTpLayg1+SzUnHbpOu7CdhAnO3u3/VU +-> ssh-ed25519 CjuqfA FPR6pGls0nRXB7lFUagHCcY39iuoSBab+T40aMuD8hQ +pyrcWA0Knw0iZf8CpfvmP5hsJf0Gba9LBKSQO1yGfbQ +-> CQVJ}-grease pf }&% +7Q +--- Mn5qor9GWHRU52zTv+kCqQljCZYsG1tO6ekZSH/p1yc +JODa0CcrX*F\uAFO sKt<(5JMTDvR?Me \ No newline at end of file diff --git a/secrets/root-password.age b/secrets/root-password.age new file mode 100644 index 0000000000000000000000000000000000000000..bf61174b5536fe050aa726fa95fd56fcfefdceec GIT binary patch literal 625 zcmZ9{J&V&|003acEvtv1pk{Hg#->TrG@wF~Cb=|kn_k;AO#~rrzAw#ZlYWfCxhQfc zy6EC^i#QyJ=z)XNIrt9_JP8adii^7{x>XeHLgxrC% z%tb5{BZvwG&x9J#92gf&RhK#_?>6hX(gUCsC*dH=C-wEdB9n2~Q~Z4F;|}XUpb>-4 z#5cRS+3qD0qvR%?30O@AQ6uH+v8zi(lBJv=h^IAOGfCZn^>M46PR7GDwD?eOo5RX1 zA1Jn8D5i?`(ps!?HZCrz?LG>rGhAOXOWNnq#F`Nz6SVCB2>P;9pljVg;3gwOQwLM2 zKR&IoexBGg?23NF^)RMJT}9&uTW6@p4ETJWGZsX0Rift3_oM*NAzMOJJI~C6&N5K8-rU!a`jyfs#cAsI{Ii z+w*1%h#spX)pZ7xAp}8S1)~NesSxZ!)NF-zyFtyN9m-YHRA@H?FR^9b@N>}&B51y~ za@>8idG+&)jrsZaA9hDij+4i){e!0)(ygQ6jpsY}&Ry9)TA{ z_!?e(`R#)H>+I^^?C?bYvK?JI(f{nddZS)gn)fe%{IR+3ZXFVG^V5U3(a-qZ-OZhU D&i~(P literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d2a471e..e81aeef 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -23,4 +23,6 @@ in "wireguard-private-key.age".publicKeys = personal; "webis.age".publicKeys = hosts-personal ++ [ scadspc25 moritz ]; "webis-ssh.age".publicKeys = hosts-personal ++ [ scadspc25 moritz ]; + "root-password.age".publicKeys = hosts-personal ++ [ moritz ]; + "moritz-password.age".publicKeys = hosts-personal ++ [ moritz ]; }