muon/flake
1
0
Fork 0
mirror of https://codeberg.org/muon/home.git synced 2025-12-06 08:07:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix install script

Browse source
This commit is contained in:
muon 2025-08-04 20:11:49 +00:00
parent 4750f4ea9d
commit 0b2342ff13
5 changed files with 121 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

9
hosts/muin/configuration.nix
View file

@ -1,6 +1,8 @@
{ {
inputs, inputs,
system, system,
config,
lib,
... ...
}: { }: {
# Hardware # Hardware
@ -10,6 +12,13 @@
+ "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix") + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix")
]; ];
# Install
environment.etc.sops-key = {
source = "/home/muon/.config/sops-nix/secrets/sops-key";
target = "sops-nix/key.txt";
};
sops.age.keyFile = lib.mkForce "/etc/sops-nix/key.txt";
# System # System
mods.user.name = "muon"; mods.user.name = "muon";
networking.hostName = "murk"; networking.hostName = "murk";

33
hosts/muin/hardware-configuration.nix
View file

@ -8,24 +8,25 @@
modulesPath, modulesPath,
... ...
}: { }: {
# imports = imports = [
# [ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
# ]; ];
#
# hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
boot.supportedFilesystems = ["btrfs"];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
networking.useDHCP = lib.mkForce true; networking.useDHCP = lib.mkForce true;
imports = [ # imports = [
(modulesPath + "/profiles/qemu-guest.nix") # (modulesPath + "/profiles/qemu-guest.nix")
]; # ];
#
virtualisation.vmVariant = { # virtualisation.vmVariant = {
# following configuration is added only when building VM with build-vm # # following configuration is added only when building VM with build-vm
virtualisation = { # virtualisation = {
memorySize = 4096; # Use 2048MiB memory. # memorySize = 4096; # Use 2048MiB memory.
cores = 3; # cores = 3;
}; # };
}; # };
} }

82
hosts/muin/home.nix
View file

@ -10,53 +10,85 @@
installScript = pkgs.writeShellApplication { installScript = pkgs.writeShellApplication {
name = "install-flake"; name = "install-flake";
text = '' text = ''
echo "Cloning config..." msg() {
printf "\033[01;32minstall-flake: \033[0m%s\n" "$1"
}
msg "Cloning config..."
if [[ ! "$PWD" == "$HOME" ]]; then
cd
fi
if [[ ! -d "home" ]]; then
git clone https://codeberg.org/muon/home git clone https://codeberg.org/muon/home
else
msg "Already cloned!"
fi
cd home cd home
nvim hosts/"$(hostname)"/disk-config.nix nvim hosts/"$(hostname)"/disk-config.nix
echo "Running disko..." msg "Running disko..."
if ! mount | grep "on /mnt" ; then
sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/"$(hostname)"/disk-config.nix sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/"$(hostname)"/disk-config.nix
else
msg "Already mounted!"
fi
echo "Making blank root snapshot..." msg "Making blank root snapshot..."
sudo mkdir -p /tmp/mnt sudo mkdir -p /tmp/mnt
sudo mount /dev/mapper/crypted /tmp/mnt sudo mount /dev/mapper/crypted /tmp/mnt
if [[ ! -e /tmp/mnt/root-blank ]]; then
sudo btrfs subvolume snapshot -r /tmp/mnt/root /tmp/mnt/root-blank sudo btrfs subvolume snapshot -r /tmp/mnt/root /tmp/mnt/root-blank
else
msg "Already snapshotted!"
fi
sudo umount /tmp/mnt sudo umount /tmp/mnt
echo "Retrieving sops key..." msg "Retrieving sops key..."
sudo mkdir -p /mnt/persist/var/lib/sops-nix
if [[ ! -e /mnt/persist/var/lib/sops-nix/key.txt ]]; then
rbw config set email admin@muon.host rbw config set email admin@muon.host
rbw config set base_url https://vault.muon.host rbw config set base_url https://vault.muon.host
rbw login rbw login
rbw get sops | sudo tee /mnt/persist/var/lib/sops-nix/key.txt
sudo mkdir -p /persist/var/lib/sops-nix # sudo cp /etc/sops-nix/key.txt /mnt/persist/var/lib/sops-nix/key.txt
rbw get sops > /mnt/persist/var/lib/sops-nix/key.txt
sudo chown muon:users /mnt/persist/var/lib/sops-nix -R sudo chown muon:users /mnt/persist/var/lib/sops-nix -R
else
msg "Already retrieved!"
fi
echo "Setting hardware config..." msg "Setting hardware config..."
sudo nixos-generate-config --no-filesystems --root /mnt sudo nixos-generate-config --no-filesystems --root /mnt
cp /mnt/etc/nixos/hardware-configuration.nix hosts/"$(hostname)"/hardware-configuration.nix cp /mnt/etc/nixos/hardware-configuration.nix hosts/"$(hostname)"/hardware-configuration.nix
echo "Installing NixOS config..." msg "Installing NixOS config..."
sudo nixos-install --root /mnt --no-root-passwd --flake .#"$(hostname)" sudo nixos-install --root /mnt --no-root-passwd --flake .#"$(hostname)"
echo "Edit persistent filesystem..." msg "Edit persistent filesystem..."
PERSIST="$HOME/persist" PERSIST="$HOME/persist.sh"
if [[ ! -e $PERSIST ]]; then
sudo cp "$HOME/persist.txt" "$PERSIST"
sudo chmod +w "$PERSIST"
fi
nvim "$PERSIST" nvim "$PERSIST"
echo "Copying persistent filesystem..." msg "Copying persistent filesystem..."
make_persist() { make_persist() {
F="/mnt$1" F="$1"
P="/mnt/persist$1" P="/mnt/persist''${1#/mnt}"
if [[ -d "$F" ]]; then echo "$P"
mkdir -p "$F" "$P" if [[ -e "$F" ]]; then
elif [[ -f "$F" ]]; then sudo mkdir -p "$(dirname "$P")"
mkdir -p "$(dirname "$F")" "$(dirname "$P")"
else else
echo "Error: $F does not exist!" msg "Error: $F does not exist!"
return 1 return 0
fi
if [[ -d "$F" ]]; then
if [[ -n "$( ls -A "$F")" ]]; then
sudo cp -r "$F/"* "$P"
fi
elif [[ -f "$F" ]]; then
sudo cp "$F" "$P"
fi fi
cp -r "$F" "$P"
} }
grep -v '^#' "$PERSIST" | while read -r file ; do grep -v '^#' "$PERSIST" | while read -r file ; do
make_persist "$file" make_persist "$file"
@ -65,14 +97,16 @@
}; };
in { in {
# Install # Install
# sops.age.keyFile = lib.mkForce "/etc/sops-nix/key.txt";
programs.atuin.enable = lib.mkForce false;
home.file.persist = { home.file.persist = {
target = "persist.txt"; target = "persist.txt";
text = '' text = ''
/var/lib/nixos /mnt/var/lib/nixos
/var/lib/systemd/coredump /mnt/var/lib/systemd/coredump
/mnt/etc/machine-id
/etc/NetworkManager /etc/NetworkManager
/var/lib/NetworkManager /var/lib/NetworkManager
/etc/machine-id
''; '';
}; };
home.packages = with pkgs; home.packages = with pkgs;

23
modules/nixos/sops/default.nix
View file

@ -1,7 +1,15 @@
{ pkgs, lib, config, inputs, system, ... }: {
let cfg = config.mods; pkgs,
in with lib; { lib,
imports = [ inputs.sops-nix.nixosModules.sops ]; config,
inputs,
system,
...
}: let
cfg = config.mods;
in
with lib; {
imports = [inputs.sops-nix.nixosModules.sops];
sops = { sops = {
age.keyFile = "/persist/var/lib/sops-nix/key.txt"; age.keyFile = "/persist/var/lib/sops-nix/key.txt";
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
@ -14,8 +22,7 @@ in with lib; {
owner = "radicale"; owner = "radicale";
group = "radicale"; group = "radicale";
}; };
secrets.lemmy-password = mkIf cfg.server.lemmy.enable { secrets.lemmy-password = mkIf cfg.server.lemmy.enable {};
secrets.sops-key = {};
}; };
}; }
}

5
modules/nixos/sops/secrets.yaml
View file

@ -2,6 +2,7 @@ muon-password: ENC[AES256_GCM,data:K2ifHvs8hQXK4//FXf3vfDliiklx0dTn8gpirTBT07Q1X
zipline-secret: ENC[AES256_GCM,data:cdqPWBUg6FZkBrUYNkm7imntc2hXUAxDjd1Ymr3j9y763cbXDYEu44wJF0W1Ng==,iv:sdjV4SkRCTO04AvXqtoPOPyASlitrS4nS+M0Z2lZURA=,tag:gNcOdJvg9PtrRlm84CdbsQ==,type:str] zipline-secret: ENC[AES256_GCM,data:cdqPWBUg6FZkBrUYNkm7imntc2hXUAxDjd1Ymr3j9y763cbXDYEu44wJF0W1Ng==,iv:sdjV4SkRCTO04AvXqtoPOPyASlitrS4nS+M0Z2lZURA=,tag:gNcOdJvg9PtrRlm84CdbsQ==,type:str]
htpasswd: ENC[AES256_GCM,data:YbDNElLsvRtC1ezgxIYI6U+ZZES1Lr6BXamNdbxQibj0NfC9oobP7ed8MQpFTlhhJZx5I5Xa6XtFrvjdo13NtdU=,iv:P98P1XxtdCp7+TuAwKybzjcWGF1OQtnAuQs4ObZct7o=,tag:gXrQaBxUvuVSB5yYhWcihA==,type:str] htpasswd: ENC[AES256_GCM,data:YbDNElLsvRtC1ezgxIYI6U+ZZES1Lr6BXamNdbxQibj0NfC9oobP7ed8MQpFTlhhJZx5I5Xa6XtFrvjdo13NtdU=,iv:P98P1XxtdCp7+TuAwKybzjcWGF1OQtnAuQs4ObZct7o=,tag:gXrQaBxUvuVSB5yYhWcihA==,type:str]
lemmy-password: ENC[AES256_GCM,data:VVPbhW6l+VYSUfmlySPSwITwonKQHaIY,iv:XcwM7Sz2novn3cHt4EK5HAZkYVPfPqwIcGtTWMQPByg=,tag:0b8epk98eTcx7b57yGcjpw==,type:str] lemmy-password: ENC[AES256_GCM,data:VVPbhW6l+VYSUfmlySPSwITwonKQHaIY,iv:XcwM7Sz2novn3cHt4EK5HAZkYVPfPqwIcGtTWMQPByg=,tag:0b8epk98eTcx7b57yGcjpw==,type:str]
sops-key: ENC[AES256_GCM,data:CT2FJnxRV0nVccCS+bofjIDqoVnJKMs63BVdmC4KEXEJAdsiyINTNJ+19aMqIkr2eosvXX1+nvV6oeBvNv1uN9xCrrzu4Qj0yRA=,iv:w9Fp68KK8hnUirlDGOYKSQwlfp3OBWU4XWqliZn/apc=,tag:XZdhC65WpcazSol1mbdp5A==,type:str]
sops: sops:
age: age:
- recipient: age1m97a3eptxwpdd7h5kkqe9gkmhg6rquc64qjmlsfqfhfqv8q72crqrylhgc - recipient: age1m97a3eptxwpdd7h5kkqe9gkmhg6rquc64qjmlsfqfhfqv8q72crqrylhgc
@ -40,7 +41,7 @@ sops:
VFdIbUg1WjlldFFNbGx3dytQNXBsMDgKuU/86fojKVJ5X8+9OIf3k7ud6bujjyFI VFdIbUg1WjlldFFNbGx3dytQNXBsMDgKuU/86fojKVJ5X8+9OIf3k7ud6bujjyFI
HQoONJgXGoQJtkPsmJbMUuMjo/znK+tdCd/uAwxK1Nk670NVxGmJYA== HQoONJgXGoQJtkPsmJbMUuMjo/znK+tdCd/uAwxK1Nk670NVxGmJYA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-17T09:59:07Z" lastmodified: "2025-08-04T09:14:07Z"
mac: ENC[AES256_GCM,data:ewURL+W/C0XnEJiXipeSXr5F5hItD3LPMdThjBg1ObY/N7Tb28Tm18vCOpbr37H0gDWnDjNu2rzVN3+XjrbVzXe7n4YUzN2sZa2zZEJhHDTyQWdiPtMpApXeu1Va621EQymDyTm7N2hJz3MvadiWYIv/ft685FPY7qRX7pluUFc=,iv:FIoClE4hX8+PBHY5LOFeSowxSrAHIaDPFblD6Pkakes=,tag:FepKajXRusCbLTlJGPKm6g==,type:str] mac: ENC[AES256_GCM,data:Qu5kuhV2c31S9l01e7IWCrjLKU8eBepK42eR1nEvPpoHqXxbIT3vcDbxJdcn2Ay6Z4pARYqmHctVDOCiilxFyYfzF8mP91u6NhsZC5kHMdP7GI5Pl5FXSCMxQbbBWgXxJXruq/NkrlrLnFTWyzBRLa4wTBZdDMZ2CGo6jLi7G0o=,iv:q3WG536FkLpYEp8AAcW0agYq6rDIhzzt47l7grDvGyo=,tag:T5msy2cSZ/bZ9HvbxTw0Rg==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2