Add muin install host

flake.nix

@@ -24,73 +24,84 @@
     valheim-server.inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = inputs@{ nixpkgs, home-manager, stylix, ... }:
-    let
-      system = "x86_64-linux";
+  outputs = inputs @ {
+    nixpkgs,
+    home-manager,
+    stylix,
+    ...
+  }: let
+    system = "x86_64-linux";
 
-      pkgs = import inputs.nixpkgs { inherit system; };
+    pkgs = import inputs.nixpkgs {inherit system;};
 
-      sources = import ./_sources/generated.nix {
-        inherit (pkgs) fetchurl fetchgit fetchFromGitHub dockerTools;
-      };
-
-      utils = import ./utils.nix { inherit inputs system sources; };
-    in {
-      nixosConfigurations = {
-        # desktop
-        muon = utils.mkHost ./hosts/muon/configuration.nix;
-
-        # laptop
-        muop = utils.mkHost ./hosts/muop/configuration.nix;
-
-        # vps
-        muho = utils.mkHost ./hosts/muho/configuration.nix;
-
-        # vps
-        mups = utils.mkHost ./hosts/mups/configuration.nix;
-
-        # vm
-        muvm = utils.mkHost ./hosts/muvm/configuration.nix;
-
-        # work
-        murk = utils.mkHost ./hosts/murk/configuration.nix;
-      };
-
-      homeManagerModules.default = ./modules/home;
-
-      colmena = {
-        meta = {
-          nixpkgs = import inputs.nixpkgs { inherit system; };
-
-          specialArgs = { inherit nixpkgs inputs system sources; };
-        };
-
-        # Remote host name
-        "mups" = { name, nodes, ... }: {
-          deployment.targetHost = "muon.host"; # SSH IP
-          deployment.targetUser = "root"; # SSH username
-
-          # modules
-          imports = [
-            ./hosts/mups/configuration.nix
-            ./modules/nixos
-            inputs.home-manager.nixosModules.default
-            inputs.stylix.nixosModules.stylix
-          ];
-        };
-
-        # "muho" = { name, nodes, ... }: {
-        #   deployment.targetHost = "muho"; # SSH IP
-        #   deployment.targetUser = "muon"; # SSH username
-
-        #   # modules
-        #   imports = [
-        #     ./hosts/muho/configuration.nix
-        #     ./modules/nixos
-        #     inputs.home-manager.nixosModules.default
-        #     inputs.stylix.nixosModules.stylix
-        #   ];
-        # };
-      };
+    sources = import ./_sources/generated.nix {
+      inherit (pkgs) fetchurl fetchgit fetchFromGitHub dockerTools;
     };
+
+    utils = import ./utils.nix {inherit inputs system sources;};
+  in {
+    nixosConfigurations = {
+      # desktop
+      muon = utils.mkHost ./hosts/muon/configuration.nix;
+
+      # laptop
+      muop = utils.mkHost ./hosts/muop/configuration.nix;
+
+      # vps
+      muho = utils.mkHost ./hosts/muho/configuration.nix;
+
+      # vps
+      mups = utils.mkHost ./hosts/mups/configuration.nix;
+
+      # vm
+      muvm = utils.mkHost ./hosts/muvm/configuration.nix;
+
+      # work
+      murk = utils.mkHost ./hosts/murk/configuration.nix;
+
+      # installer
+      muin = utils.mkHost ./hosts/muin/configuration.nix;
+    };
+
+    homeManagerModules.default = ./modules/home;
+
+    colmena = {
+      meta = {
+        nixpkgs = import inputs.nixpkgs {inherit system;};
+
+        specialArgs = {inherit nixpkgs inputs system sources;};
+      };
+
+      # Remote host name
+      "mups" = {
+        name,
+        nodes,
+        ...
+      }: {
+        deployment.targetHost = "muon.host"; # SSH IP
+        deployment.targetUser = "root"; # SSH username
+
+        # modules
+        imports = [
+          ./hosts/mups/configuration.nix
+          ./modules/nixos
+          inputs.home-manager.nixosModules.default
+          inputs.stylix.nixosModules.stylix
+        ];
+      };
+
+      # "muho" = { name, nodes, ... }: {
+      #   deployment.targetHost = "muho"; # SSH IP
+      #   deployment.targetUser = "muon"; # SSH username
+
+      #   # modules
+      #   imports = [
+      #     ./hosts/muho/configuration.nix
+      #     ./modules/nixos
+      #     inputs.home-manager.nixosModules.default
+      #     inputs.stylix.nixosModules.stylix
+      #   ];
+      # };
+    };
+  };
 }

hosts/muin/configuration.nix

@@ -0,0 +1,40 @@
+{
+  inputs,
+  system,
+  ...
+}: {
+  # Hardware
+  imports = [
+    ./hardware-configuration.nix
+    (inputs.nixpkgs
+      + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix")
+  ];
+
+  # System
+  mods.user.name = "muon";
+  networking.hostName = "murk";
+  networking.hostId = "a2309090";
+  mods.home.file = ./home.nix;
+
+  # Modules
+  mods.desktop.enable = true;
+  mods.boot.enable = false;
+
+  mods.theme.enable = true;
+  mods.theme.scheme = "woodland";
+  mods.theme.wallpaper = ./wallpaper.png;
+
+  services.xserver.windowManager.i3.enable = true;
+
+  # Hardware preferences
+  environment.variables = {
+    WINIT_HIDPI_FACTOR = "1";
+    WINIT_X11_SCALE_FACTOR = "1";
+  };
+
+  ## Mouse
+  services.libinput.mouse.accelProfile = "flat";
+
+  # Version of first install
+  system.stateVersion = "23.05";
+}

hosts/muin/disk-config.nix

@@ -0,0 +1,72 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "crypted";
+                # disable settings.keyFile if you want to use interactive password entry
+                #passwordFile = "/tmp/secret.key"; # Interactive
+                # settings = {
+                #   allowDiscards = true;
+                #   keyFile = "/tmp/secret.key";
+                # };
+                # additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
+                content = {
+                  type = "btrfs";
+                  extraArgs = [ "-f" ];
+                  subvolumes = {
+                    "/root" = {
+                      mountpoint = "/";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/home" = {
+                      mountpoint = "/home";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/nix" = {
+                      mountpoint = "/nix";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/persist" = {
+                      mountpoint = "/persist";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/log" = {
+                      mountpoint = "/var/log";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
+                    "/swap" = {
+                      mountpoint = "/swap";
+                      swap.swapfile.size = "4G";
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  fileSystems."/persist".neededForBoot = true;
+  fileSystems."/var/log".neededForBoot = true;
+}

hosts/muin/hardware-configuration.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  # imports =
+  #   [ (modulesPath + "/installer/scan/not-detected.nix")
+  #   ];
+  #
+  # hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  networking.useDHCP = lib.mkForce true;
+
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  virtualisation.vmVariant = {
+    # following configuration is added only when building VM with build-vm
+    virtualisation = {
+      memorySize = 4096; # Use 2048MiB memory.
+      cores = 3;
+    };
+  };
+}

hosts/muin/home.nix

@@ -0,0 +1,114 @@
+{
+  pkgs,
+  lib,
+  config,
+  osConfig,
+  inputs,
+  ...
+}: let
+  cfg = osConfig.mods;
+  installScript = pkgs.writeShellApplication {
+    name = "install-flake";
+    text = ''
+      echo "Cloning config..."
+      git clone https://codeberg.org/muon/home
+      cd home
+      nvim hosts/"$(hostname)"/disk-config.nix
+
+      echo "Running disko..."
+      sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/"$(hostname)"/disk-config.nix
+
+      echo "Making blank root snapshot..."
+      sudo mkdir -p /tmp/mnt
+      sudo mount /dev/mapper/crypted /tmp/mnt
+      sudo btrfs subvolume snapshot -r /tmp/mnt/root /tmp/mnt/root-blank
+      sudo umount /tmp/mnt
+
+      echo "Retrieving sops key..."
+      rbw config set email admin@muon.host
+      rbw config set base_url https://vault.muon.host
+      rbw login
+
+      sudo mkdir -p /persist/var/lib/sops-nix
+      rbw get sops > /mnt/persist/var/lib/sops-nix/key.txt
+      sudo chown muon:users /mnt/persist/var/lib/sops-nix -R
+
+      echo "Setting hardware config..."
+      sudo nixos-generate-config --no-filesystems --root /mnt
+      cp /mnt/etc/nixos/hardware-configuration.nix hosts/"$(hostname)"/hardware-configuration.nix
+
+      echo "Installing NixOS config..."
+      sudo nixos-install --root /mnt --no-root-passwd --flake .#"$(hostname)"
+
+      echo "Edit persistent filesystem..."
+      PERSIST="$HOME/persist"
+      nvim "$PERSIST"
+
+      echo "Copying persistent filesystem..."
+      make_persist() {
+        F="/mnt$1"
+        P="/mnt/persist$1"
+        if [[ -d "$F" ]]; then
+          mkdir -p "$F" "$P"
+        elif [[ -f "$F" ]]; then
+          mkdir -p "$(dirname "$F")" "$(dirname "$P")"
+        else
+          echo "Error: $F does not exist!"
+          return 1
+        fi
+        cp -r "$F" "$P"
+      }
+      grep -v '^#' "$PERSIST" | while read -r file ; do
+        make_persist "$file"
+      done
+    '';
+  };
+in {
+  # Install
+  home.file.persist = {
+    target = "persist.txt";
+    text = ''
+      /var/lib/nixos
+      /var/lib/systemd/coredump
+      /etc/NetworkManager
+      /var/lib/NetworkManager
+      /etc/machine-id
+    '';
+  };
+  home.packages = with pkgs;
+    [
+      installScript
+    ]
+    # Modules
+    ++ [
+      pulseaudio
+      pavucontrol
+      alsa-utils
+    ];
+
+  mods.xdg.enable = true;
+  mods.i3.enable = true;
+  mods.battery.enable = true;
+  mods.terminal.zsh.enable = true;
+  mods.terminal.emulator.enable = true;
+  mods.terminal.development.enable = true;
+  mods.terminal.tools.enable = true;
+  mods.desktop.development.enable = true;
+  mods.desktop.productivity.enable = false;
+
+  # Hardware preferences
+  ## Monitors
+  services.autorandr.enable = true;
+  programs.autorandr = {
+    enable = true;
+    hooks.postswitch = {
+      "notify-i3" = "${pkgs.i3}/bin/i3-msg restart";
+      "set-wallpaper" = ''
+        ${lib.getExe pkgs.feh} --bg-fill --nofehbg ${./wallpaper.png}
+      '';
+    };
+  };
+
+  # Version of first install
+  home.stateVersion = "23.05";
+}

hosts/muon/hardware-configuration.nix

@@ -1,17 +1,21 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
 {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
 
-  boot.initrd.availableKernelModules =
-    [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-  boot.supportedFilesystems = [ "zfs" "ntfs" "btrfs" ];
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  virtualisation.libvirtd.enable = true;
+  boot.extraModulePackages = [];
+  boot.supportedFilesystems = ["zfs" "ntfs" "btrfs"];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/03e49688-cc62-49c9-a906-e2ea87a38891";
@@ -19,10 +23,8 @@
   };
 
   boot.initrd.luks.devices = {
-    "luks-root".device =
-      "/dev/disk/by-uuid/86769693-b61c-4712-852d-e0fba612d260";
-    "luks-swap".device =
-      "/dev/disk/by-uuid/0418acfc-792c-43f4-a887-cc8bb51fa7c3";
+    "luks-root".device = "/dev/disk/by-uuid/86769693-b61c-4712-852d-e0fba612d260";
+    "luks-swap".device = "/dev/disk/by-uuid/0418acfc-792c-43f4-a887-cc8bb51fa7c3";
   };
 
   fileSystems."/mnt/bulk" = {
@@ -33,11 +35,11 @@
   fileSystems."/boot" = {
     device = "/dev/disk/by-uuid/CCCC-449E";
     fsType = "vfat";
-    options = [ "fmask=0022" "dmask=0022" ];
+    options = ["fmask=0022" "dmask=0022"];
   };
 
   swapDevices = [
-    { device = "/dev/disk/by-uuid/e7cf209d-386d-41db-8a35-6c9fff014722"; }
+    {device = "/dev/disk/by-uuid/e7cf209d-386d-41db-8a35-6c9fff014722";}
     {
       device = "/var/lib/swapfile";
       size = 8 * 1024;

modules/home/sops/default.nix

@@ -1,12 +1,21 @@
-{ pkgs, lib, config, inputs, system, ... }:
-let cfg = config.mods;
-in with lib; {
-  imports = [ inputs.sops-nix.homeManagerModules.sops ];
-  sops = {
-    age.keyFile = "/persist/var/lib/sops-nix/key.txt";
-    defaultSopsFile = ./secrets.yaml;
-    secrets.zipline-auth = { };
-    secrets.atuin-auth = { };
-    secrets.hr-password = { };
-  };
-}
+{
+  pkgs,
+  lib,
+  config,
+  inputs,
+  system,
+  ...
+}: let
+  cfg = config.mods;
+in
+  with lib; {
+    imports = [inputs.sops-nix.homeManagerModules.sops];
+    sops = {
+      age.keyFile = "/persist/var/lib/sops-nix/key.txt";
+      defaultSopsFile = ./secrets.yaml;
+      secrets.zipline-auth = {};
+      secrets.atuin-auth = {};
+      secrets.hr-password = {};
+      secrets.sops-key = {};
+    };
+  }

modules/home/sops/secrets.yaml

@@ -1,6 +1,7 @@
 zipline-auth: ENC[AES256_GCM,data:RkJI6GuH7RzdcSlKn32gMGojjB6rkdDcnNUvsi/BTfJk2slzoktAaJPzQA==,iv:LIiB3tyqXf/D64aIDSo0AyG3imvI6ZE893KBPlYFr28=,tag:wl8spMBwzfvuKA+Y6JnVyQ==,type:str]
 atuin-auth: ENC[AES256_GCM,data:LDkiXWIwxor8Ro383gonJCyqu+nyxS7DrI2J8uo4Cqu2X61rBUlnpNR6YirUZS/lYAnWYJhZM7sR0G7ZNh9EgQ==,iv:UEs2KW8ImMnaQrSLrIGbVXEq86QiVPAPNIXBZpa3jFI=,tag:N0rhnPbasFzkoI3CJ9CV+Q==,type:str]
 hr-password: ENC[AES256_GCM,data:QZuzAnTJ2KgPnffHvdCWrJEM5d/FXxhX3dA1,iv:FgDw6aXDY0jCpJiYc9WOobR96TXNtnvN7neJu8drxMM=,tag:YT82wryVy3V+41w0YbMOrA==,type:str]
+sops-key: ENC[AES256_GCM,data:msX0EJqJauteOBICUsLcVgqNxqGcqvD+Xi/B2EhUX2OAoyBH5oDae8XWlQCi2RdOm4NtnrSTnG8FRQXfkXO+tne0VEfYTCjeVtU=,iv:qxpvofr56Ey17xcPpju/mQgiz+0cOYED5caAHs3myXw=,tag:oDFXh0rlc0tmV2IUJ1ezBQ==,type:str]
 sops:
     age:
         - recipient: age1m97a3eptxwpdd7h5kkqe9gkmhg6rquc64qjmlsfqfhfqv8q72crqrylhgc
@@ -39,7 +40,7 @@ sops:
             a0V1N2VjUDE4Z3R5MGxMQVNmOVp0bVUK9cppJW33tKFOSvbIn/2Dga8k7/McaTpK
             m7M+83guMzNoOlpJ/WYU1BaePcM974AgjVR0WD/v+xGBvGKubKHqtw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-02T21:23:43Z"
-    mac: ENC[AES256_GCM,data:zj7n2RO4MsF6yDDKn7WtOrXsmUT/A9/agUd+ErXrdaVm74KENGg84si72OZiivvbYxsf166BMZmLuWnZzJ7kjqNEWulrdhSj44ycLAjbijV1IVUTZy2YcoEaozSCWDwJvCtcSY4EtftLiOMnG9IItl29LVI7GCX5bnY0+mlrWTY=,iv:ABHf6vvAnqpIGRfW0BoqUlWbpMxS8YsQpPgVdzdxPYs=,tag:elkVdV6Gr61fraUKJXIsjA==,type:str]
+    lastmodified: "2025-08-04T07:58:56Z"
+    mac: ENC[AES256_GCM,data:aJw3KK4GMj5/Q06v1C5rdSerdO21cNxpTIJYoxmfhBKudzD7lSL6l+d47kWoB0U4J5jtbs9obWz2MH3CvyPBapjJaSFnYEXk1JuGihf8GK3QrqLAt+dmF2ZD1FBLpQELripueneyHkzT32180hpXGnppNlgOuATlIMSPosvlpVI=,iv:SpGAyTqqbpuxcLkMq7VnLQUoR6oW0ERgnyPaqVHpaN8=,tag:OSNGT8/5E+PRhoR8dIyaSA==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2