diff --git a/flake.nix b/flake.nix index 3e8fa6f..c0b5a1e 100644 --- a/flake.nix +++ b/flake.nix @@ -24,73 +24,84 @@ valheim-server.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = inputs@{ nixpkgs, home-manager, stylix, ... }: - let - system = "x86_64-linux"; + outputs = inputs @ { + nixpkgs, + home-manager, + stylix, + ... + }: let + system = "x86_64-linux"; - pkgs = import inputs.nixpkgs { inherit system; }; + pkgs = import inputs.nixpkgs {inherit system;}; - sources = import ./_sources/generated.nix { - inherit (pkgs) fetchurl fetchgit fetchFromGitHub dockerTools; - }; - - utils = import ./utils.nix { inherit inputs system sources; }; - in { - nixosConfigurations = { - # desktop - muon = utils.mkHost ./hosts/muon/configuration.nix; - - # laptop - muop = utils.mkHost ./hosts/muop/configuration.nix; - - # vps - muho = utils.mkHost ./hosts/muho/configuration.nix; - - # vps - mups = utils.mkHost ./hosts/mups/configuration.nix; - - # vm - muvm = utils.mkHost ./hosts/muvm/configuration.nix; - - # work - murk = utils.mkHost ./hosts/murk/configuration.nix; - }; - - homeManagerModules.default = ./modules/home; - - colmena = { - meta = { - nixpkgs = import inputs.nixpkgs { inherit system; }; - - specialArgs = { inherit nixpkgs inputs system sources; }; - }; - - # Remote host name - "mups" = { name, nodes, ... }: { - deployment.targetHost = "muon.host"; # SSH IP - deployment.targetUser = "root"; # SSH username - - # modules - imports = [ - ./hosts/mups/configuration.nix - ./modules/nixos - inputs.home-manager.nixosModules.default - inputs.stylix.nixosModules.stylix - ]; - }; - - # "muho" = { name, nodes, ... }: { - # deployment.targetHost = "muho"; # SSH IP - # deployment.targetUser = "muon"; # SSH username - - # # modules - # imports = [ - # ./hosts/muho/configuration.nix - # ./modules/nixos - # inputs.home-manager.nixosModules.default - # inputs.stylix.nixosModules.stylix - # ]; - # }; - }; + sources = import ./_sources/generated.nix { + inherit (pkgs) fetchurl fetchgit fetchFromGitHub dockerTools; }; + + utils = import ./utils.nix {inherit inputs system sources;}; + in { + nixosConfigurations = { + # desktop + muon = utils.mkHost ./hosts/muon/configuration.nix; + + # laptop + muop = utils.mkHost ./hosts/muop/configuration.nix; + + # vps + muho = utils.mkHost ./hosts/muho/configuration.nix; + + # vps + mups = utils.mkHost ./hosts/mups/configuration.nix; + + # vm + muvm = utils.mkHost ./hosts/muvm/configuration.nix; + + # work + murk = utils.mkHost ./hosts/murk/configuration.nix; + + # installer + muin = utils.mkHost ./hosts/muin/configuration.nix; + }; + + homeManagerModules.default = ./modules/home; + + colmena = { + meta = { + nixpkgs = import inputs.nixpkgs {inherit system;}; + + specialArgs = {inherit nixpkgs inputs system sources;}; + }; + + # Remote host name + "mups" = { + name, + nodes, + ... + }: { + deployment.targetHost = "muon.host"; # SSH IP + deployment.targetUser = "root"; # SSH username + + # modules + imports = [ + ./hosts/mups/configuration.nix + ./modules/nixos + inputs.home-manager.nixosModules.default + inputs.stylix.nixosModules.stylix + ]; + }; + + # "muho" = { name, nodes, ... }: { + # deployment.targetHost = "muho"; # SSH IP + # deployment.targetUser = "muon"; # SSH username + + # # modules + # imports = [ + # ./hosts/muho/configuration.nix + # ./modules/nixos + # inputs.home-manager.nixosModules.default + # inputs.stylix.nixosModules.stylix + # ]; + # }; + }; + }; } diff --git a/hosts/muin/configuration.nix b/hosts/muin/configuration.nix new file mode 100644 index 0000000..dc20c2e --- /dev/null +++ b/hosts/muin/configuration.nix @@ -0,0 +1,40 @@ +{ + inputs, + system, + ... +}: { + # Hardware + imports = [ + ./hardware-configuration.nix + (inputs.nixpkgs + + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix") + ]; + + # System + mods.user.name = "muon"; + networking.hostName = "murk"; + networking.hostId = "a2309090"; + mods.home.file = ./home.nix; + + # Modules + mods.desktop.enable = true; + mods.boot.enable = false; + + mods.theme.enable = true; + mods.theme.scheme = "woodland"; + mods.theme.wallpaper = ./wallpaper.png; + + services.xserver.windowManager.i3.enable = true; + + # Hardware preferences + environment.variables = { + WINIT_HIDPI_FACTOR = "1"; + WINIT_X11_SCALE_FACTOR = "1"; + }; + + ## Mouse + services.libinput.mouse.accelProfile = "flat"; + + # Version of first install + system.stateVersion = "23.05"; +} diff --git a/hosts/muin/disk-config.nix b/hosts/muin/disk-config.nix new file mode 100644 index 0000000..05a9f01 --- /dev/null +++ b/hosts/muin/disk-config.nix @@ -0,0 +1,72 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + # disable settings.keyFile if you want to use interactive password entry + #passwordFile = "/tmp/secret.key"; # Interactive + # settings = { + # allowDiscards = true; + # keyFile = "/tmp/secret.key"; + # }; + # additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/persist" = { + mountpoint = "/persist"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/log" = { + mountpoint = "/var/log"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/swap" = { + mountpoint = "/swap"; + swap.swapfile.size = "4G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/persist".neededForBoot = true; + fileSystems."/var/log".neededForBoot = true; +} diff --git a/hosts/muin/hardware-configuration.nix b/hosts/muin/hardware-configuration.nix new file mode 100644 index 0000000..54d8a67 --- /dev/null +++ b/hosts/muin/hardware-configuration.nix @@ -0,0 +1,31 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + # imports = + # [ (modulesPath + "/installer/scan/not-detected.nix") + # ]; + # + # hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + networking.useDHCP = lib.mkForce true; + + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + virtualisation.vmVariant = { + # following configuration is added only when building VM with build-vm + virtualisation = { + memorySize = 4096; # Use 2048MiB memory. + cores = 3; + }; + }; +} diff --git a/hosts/muin/home.nix b/hosts/muin/home.nix new file mode 100644 index 0000000..0c1400a --- /dev/null +++ b/hosts/muin/home.nix @@ -0,0 +1,114 @@ +{ + pkgs, + lib, + config, + osConfig, + inputs, + ... +}: let + cfg = osConfig.mods; + installScript = pkgs.writeShellApplication { + name = "install-flake"; + text = '' + echo "Cloning config..." + git clone https://codeberg.org/muon/home + cd home + nvim hosts/"$(hostname)"/disk-config.nix + + echo "Running disko..." + sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/"$(hostname)"/disk-config.nix + + echo "Making blank root snapshot..." + sudo mkdir -p /tmp/mnt + sudo mount /dev/mapper/crypted /tmp/mnt + sudo btrfs subvolume snapshot -r /tmp/mnt/root /tmp/mnt/root-blank + sudo umount /tmp/mnt + + echo "Retrieving sops key..." + rbw config set email admin@muon.host + rbw config set base_url https://vault.muon.host + rbw login + + sudo mkdir -p /persist/var/lib/sops-nix + rbw get sops > /mnt/persist/var/lib/sops-nix/key.txt + sudo chown muon:users /mnt/persist/var/lib/sops-nix -R + + echo "Setting hardware config..." + sudo nixos-generate-config --no-filesystems --root /mnt + cp /mnt/etc/nixos/hardware-configuration.nix hosts/"$(hostname)"/hardware-configuration.nix + + echo "Installing NixOS config..." + sudo nixos-install --root /mnt --no-root-passwd --flake .#"$(hostname)" + + echo "Edit persistent filesystem..." + PERSIST="$HOME/persist" + nvim "$PERSIST" + + echo "Copying persistent filesystem..." + make_persist() { + F="/mnt$1" + P="/mnt/persist$1" + if [[ -d "$F" ]]; then + mkdir -p "$F" "$P" + elif [[ -f "$F" ]]; then + mkdir -p "$(dirname "$F")" "$(dirname "$P")" + else + echo "Error: $F does not exist!" + return 1 + fi + cp -r "$F" "$P" + } + grep -v '^#' "$PERSIST" | while read -r file ; do + make_persist "$file" + done + ''; + }; +in { + # Install + home.file.persist = { + target = "persist.txt"; + text = '' + /var/lib/nixos + /var/lib/systemd/coredump + /etc/NetworkManager + /var/lib/NetworkManager + /etc/machine-id + ''; + }; + home.packages = with pkgs; + [ + installScript + ] + # Modules + ++ [ + pulseaudio + pavucontrol + alsa-utils + ]; + + mods.xdg.enable = true; + mods.i3.enable = true; + mods.battery.enable = true; + mods.terminal.zsh.enable = true; + mods.terminal.emulator.enable = true; + mods.terminal.development.enable = true; + mods.terminal.tools.enable = true; + mods.desktop.development.enable = true; + mods.desktop.productivity.enable = false; + + # Hardware preferences + ## Monitors + services.autorandr.enable = true; + programs.autorandr = { + enable = true; + hooks.postswitch = { + "notify-i3" = "${pkgs.i3}/bin/i3-msg restart"; + "set-wallpaper" = '' + ${lib.getExe pkgs.feh} --bg-fill --nofehbg ${./wallpaper.png} + ''; + }; + }; + + # Version of first install + home.stateVersion = "23.05"; +} diff --git a/hosts/muin/wallpaper.png b/hosts/muin/wallpaper.png new file mode 100644 index 0000000..9832948 Binary files /dev/null and b/hosts/muin/wallpaper.png differ diff --git a/hosts/muon/hardware-configuration.nix b/hosts/muon/hardware-configuration.nix index d2d796d..72613d9 100644 --- a/hosts/muon/hardware-configuration.nix +++ b/hosts/muon/hardware-configuration.nix @@ -1,17 +1,21 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [(modulesPath + "/installer/scan/not-detected.nix")]; - boot.initrd.availableKernelModules = - [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - boot.supportedFilesystems = [ "zfs" "ntfs" "btrfs" ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + virtualisation.libvirtd.enable = true; + boot.extraModulePackages = []; + boot.supportedFilesystems = ["zfs" "ntfs" "btrfs"]; fileSystems."/" = { device = "/dev/disk/by-uuid/03e49688-cc62-49c9-a906-e2ea87a38891"; @@ -19,10 +23,8 @@ }; boot.initrd.luks.devices = { - "luks-root".device = - "/dev/disk/by-uuid/86769693-b61c-4712-852d-e0fba612d260"; - "luks-swap".device = - "/dev/disk/by-uuid/0418acfc-792c-43f4-a887-cc8bb51fa7c3"; + "luks-root".device = "/dev/disk/by-uuid/86769693-b61c-4712-852d-e0fba612d260"; + "luks-swap".device = "/dev/disk/by-uuid/0418acfc-792c-43f4-a887-cc8bb51fa7c3"; }; fileSystems."/mnt/bulk" = { @@ -33,11 +35,11 @@ fileSystems."/boot" = { device = "/dev/disk/by-uuid/CCCC-449E"; fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; + options = ["fmask=0022" "dmask=0022"]; }; swapDevices = [ - { device = "/dev/disk/by-uuid/e7cf209d-386d-41db-8a35-6c9fff014722"; } + {device = "/dev/disk/by-uuid/e7cf209d-386d-41db-8a35-6c9fff014722";} { device = "/var/lib/swapfile"; size = 8 * 1024; diff --git a/modules/home/sops/default.nix b/modules/home/sops/default.nix index 2732df3..01b2b21 100644 --- a/modules/home/sops/default.nix +++ b/modules/home/sops/default.nix @@ -1,12 +1,21 @@ -{ pkgs, lib, config, inputs, system, ... }: -let cfg = config.mods; -in with lib; { - imports = [ inputs.sops-nix.homeManagerModules.sops ]; - sops = { - age.keyFile = "/persist/var/lib/sops-nix/key.txt"; - defaultSopsFile = ./secrets.yaml; - secrets.zipline-auth = { }; - secrets.atuin-auth = { }; - secrets.hr-password = { }; - }; -} +{ + pkgs, + lib, + config, + inputs, + system, + ... +}: let + cfg = config.mods; +in + with lib; { + imports = [inputs.sops-nix.homeManagerModules.sops]; + sops = { + age.keyFile = "/persist/var/lib/sops-nix/key.txt"; + defaultSopsFile = ./secrets.yaml; + secrets.zipline-auth = {}; + secrets.atuin-auth = {}; + secrets.hr-password = {}; + secrets.sops-key = {}; + }; + } diff --git a/modules/home/sops/secrets.yaml b/modules/home/sops/secrets.yaml index 87387fc..81d63e7 100644 --- a/modules/home/sops/secrets.yaml +++ b/modules/home/sops/secrets.yaml @@ -1,6 +1,7 @@ zipline-auth: ENC[AES256_GCM,data:RkJI6GuH7RzdcSlKn32gMGojjB6rkdDcnNUvsi/BTfJk2slzoktAaJPzQA==,iv:LIiB3tyqXf/D64aIDSo0AyG3imvI6ZE893KBPlYFr28=,tag:wl8spMBwzfvuKA+Y6JnVyQ==,type:str] atuin-auth: ENC[AES256_GCM,data:LDkiXWIwxor8Ro383gonJCyqu+nyxS7DrI2J8uo4Cqu2X61rBUlnpNR6YirUZS/lYAnWYJhZM7sR0G7ZNh9EgQ==,iv:UEs2KW8ImMnaQrSLrIGbVXEq86QiVPAPNIXBZpa3jFI=,tag:N0rhnPbasFzkoI3CJ9CV+Q==,type:str] hr-password: ENC[AES256_GCM,data:QZuzAnTJ2KgPnffHvdCWrJEM5d/FXxhX3dA1,iv:FgDw6aXDY0jCpJiYc9WOobR96TXNtnvN7neJu8drxMM=,tag:YT82wryVy3V+41w0YbMOrA==,type:str] +sops-key: ENC[AES256_GCM,data:msX0EJqJauteOBICUsLcVgqNxqGcqvD+Xi/B2EhUX2OAoyBH5oDae8XWlQCi2RdOm4NtnrSTnG8FRQXfkXO+tne0VEfYTCjeVtU=,iv:qxpvofr56Ey17xcPpju/mQgiz+0cOYED5caAHs3myXw=,tag:oDFXh0rlc0tmV2IUJ1ezBQ==,type:str] sops: age: - recipient: age1m97a3eptxwpdd7h5kkqe9gkmhg6rquc64qjmlsfqfhfqv8q72crqrylhgc @@ -39,7 +40,7 @@ sops: a0V1N2VjUDE4Z3R5MGxMQVNmOVp0bVUK9cppJW33tKFOSvbIn/2Dga8k7/McaTpK m7M+83guMzNoOlpJ/WYU1BaePcM974AgjVR0WD/v+xGBvGKubKHqtw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-02T21:23:43Z" - mac: ENC[AES256_GCM,data:zj7n2RO4MsF6yDDKn7WtOrXsmUT/A9/agUd+ErXrdaVm74KENGg84si72OZiivvbYxsf166BMZmLuWnZzJ7kjqNEWulrdhSj44ycLAjbijV1IVUTZy2YcoEaozSCWDwJvCtcSY4EtftLiOMnG9IItl29LVI7GCX5bnY0+mlrWTY=,iv:ABHf6vvAnqpIGRfW0BoqUlWbpMxS8YsQpPgVdzdxPYs=,tag:elkVdV6Gr61fraUKJXIsjA==,type:str] + lastmodified: "2025-08-04T07:58:56Z" + mac: ENC[AES256_GCM,data:aJw3KK4GMj5/Q06v1C5rdSerdO21cNxpTIJYoxmfhBKudzD7lSL6l+d47kWoB0U4J5jtbs9obWz2MH3CvyPBapjJaSFnYEXk1JuGihf8GK3QrqLAt+dmF2ZD1FBLpQELripueneyHkzT32180hpXGnppNlgOuATlIMSPosvlpVI=,iv:SpGAyTqqbpuxcLkMq7VnLQUoR6oW0ERgnyPaqVHpaN8=,tag:OSNGT8/5E+PRhoR8dIyaSA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2