diff --git a/README.md b/README.md new file mode 100644 index 0000000..0d28482 --- /dev/null +++ b/README.md @@ -0,0 +1,57 @@ +# Installation + +with disko-install + +```sh +sudo nixos-generate-config --root /tmp/config --no-filesystems +sudo nix run 'github:nix-community/disko/latest#disko-install' -- --flake '/tmp/config/etc/nixos#mymachine' --disk main /dev/sda +sudo nix run 'github:nix-community/disko/latest#disko-install' -- --flake "https://codeberg.org/muon/home#$(hostname)" --disk crypted /dev/disk/by-diskseq/1 +``` + + +without disko-install + +```sh +sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/$(hostname)/disk-config.nix +sudo mount -o subvol=/ /dev/mapper/crypted /mnt +sudo btrfs subvolume snapshot -r /mnt/root /mnt/root-blank +sudo nixos-generate-config --root /mnt +mkdir -p /mnt/home/muon/src +cd /mnt/home/muon/src +git clone https://codeberg.org/muon/home +cp /mnt/etc/nixos/hardware-configuration.nix /mnt/home/muon/src/home/hosts/$(hostname)/ +sudo nixos-install --root /mnt --no-root-passwd --flake /mnt/home/muon/src/home#$(hostname) +sudo umount -R /mnt +sudo cryptsetup close /dev/mapper/crypted +``` + +# Impermanence + +## Erasure + +```nix + boot.initrd.postResumeCommands = lib.mkAfter '' + mkdir /btrfs_tmp + mount /dev/mapper/crypted /btrfs_tmp + if [[ -e /btrfs_tmp/root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + umount /btrfs_tmp + ''; +``` diff --git a/flake.lock b/flake.lock index 6092dc1..fab5027 100644 --- a/flake.lock +++ b/flake.lock @@ -206,6 +206,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "nix-alien": { "inputs": { "flake-compat": "flake-compat", @@ -359,6 +374,7 @@ "root": { "inputs": { "home-manager": "home-manager", + "impermanence": "impermanence", "nix-alien": "nix-alien", "nix-minecraft": "nix-minecraft", "nixpkgs": "nixpkgs_3", diff --git a/flake.nix b/flake.nix index 777defa..44f293d 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,8 @@ sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + impermanence.url = "github:nix-community/impermanence"; + stylix.url = "github:danth/stylix"; nix-minecraft.url = "git+https://codeberg.org/nix-astral/nix-minecraft.git"; # nix-minecraft.url = "github:Infinidoge/nix-minecraft"; @@ -44,6 +46,9 @@ # vm muvm = utils.mkHost ./hosts/muvm/configuration.nix; + + # work + murk = utils.mkHost ./hosts/murk/configuration.nix; }; homeManagerModules.default = ./modules/home; diff --git a/hosts/muon/configuration.nix b/hosts/muon/configuration.nix index 81aa245..fc1f8f0 100644 --- a/hosts/muon/configuration.nix +++ b/hosts/muon/configuration.nix @@ -9,6 +9,7 @@ in { nix-alien pkgs.r2modman pkgs.lutris + pkgs.godot ]; # System diff --git a/hosts/murk/configuration.nix b/hosts/murk/configuration.nix new file mode 100644 index 0000000..a500b4a --- /dev/null +++ b/hosts/murk/configuration.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, inputs, system, sources, modulesPath, ... }: +let cfg = config.mods; + +in { + # Hardware + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + inputs.impermanence.nixosModules.impermanence + (inputs.nixpkgs + + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix") + ]; + + environment.systemPackages = with inputs.nix-alien.packages.${system}; + [ nix-alien ]; + + # System + mods.user.name = "muon"; + networking.hostName = "murk"; + networking.hostId = "a2309090"; + mods.home.file = ./home.nix; + + # Modules + mods.desktop.enable = true; + mods.boot.enable = false; + + mods.theme.enable = true; + mods.theme.scheme = "woodland"; + mods.theme.wallpaper = ./wallpaper.png; + + mods.impermanence.enable = false; + + services.xserver.windowManager.i3.enable = true; + + # Hardware preferences + + environment.variables = { + WINIT_HIDPI_FACTOR = "1"; + WINIT_X11_SCALE_FACTOR = "1"; + }; + + ## Mouse + services.libinput.mouse.accelProfile = "flat"; + + # Version of first install + system.stateVersion = "23.05"; +} diff --git a/hosts/murk/disk-config.nix b/hosts/murk/disk-config.nix new file mode 100644 index 0000000..1154668 --- /dev/null +++ b/hosts/murk/disk-config.nix @@ -0,0 +1,69 @@ +{ inputs }: { + inputs.disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/disk/by-diskseq/1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + # disable settings.keyFile if you want to use interactive password entry + #passwordFile = "/tmp/secret.key"; # Interactive + # settings = { + # allowDiscards = true; + # keyFile = "/tmp/secret.key"; + # }; + # additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/persist" = { + mountpoint = "/persist"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/log" = { + mountpoint = "/var/log"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/swap" = { + mountpoint = "/swap"; + swap.swapfile.size = "4G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/murk/hardware-configuration.nix b/hosts/murk/hardware-configuration.nix new file mode 100644 index 0000000..d986145 --- /dev/null +++ b/hosts/murk/hardware-configuration.nix @@ -0,0 +1,19 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.availableKernelModules = + [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + boot.supportedFilesystems = [ "zfs" "ntfs" "btrfs" ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/murk/home.nix b/hosts/murk/home.nix new file mode 100644 index 0000000..edd2dee --- /dev/null +++ b/hosts/murk/home.nix @@ -0,0 +1,32 @@ +{ pkgs, lib, osConfig, inputs, ... }: +let cfg = osConfig.mods; +in { + imports = [ inputs.impermanence.homeManagerModules.impermanence ]; + + # Modules + mods.xdg.enable = true; + mods.i3.enable = true; + mods.terminal.zsh.enable = true; + mods.terminal.emulator.enable = true; + mods.terminal.development.enable = true; + mods.terminal.tools.enable = true; + mods.desktop.development.enable = true; + mods.desktop.productivity.enable = false; + + # Hardware preferences + + ## Monitors + services.autorandr.enable = true; + programs.autorandr = { + enable = true; + hooks.postswitch = { + "notify-i3" = "${pkgs.i3}/bin/i3-msg restart"; + "set-wallpaper" = '' + ${lib.getExe pkgs.feh} --bg-fill --nofehbg ${./wallpaper.png} + ''; + }; + }; + + # Version of first install + home.stateVersion = "23.05"; +} diff --git a/hosts/murk/wallpaper.png b/hosts/murk/wallpaper.png new file mode 100644 index 0000000..9832948 Binary files /dev/null and b/hosts/murk/wallpaper.png differ diff --git a/modules/home/default.nix b/modules/home/default.nix index 3d311d6..e587fc2 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -8,6 +8,7 @@ in { ./sops ./xdg.nix + ./impermanence.nix ]; # Let Home Manager install and manage itself diff --git a/modules/home/desktop/development.nix b/modules/home/desktop/development.nix index a6b15c5..4e2bea7 100644 --- a/modules/home/desktop/development.nix +++ b/modules/home/desktop/development.nix @@ -3,7 +3,6 @@ lib.mkEnableOption "enables gui development tools"; config = lib.mkIf config.mods.desktop.development.enable { - home.packages = with pkgs; [ godot ]; programs.qutebrowser = { enable = true; diff --git a/modules/home/impermanence.nix b/modules/home/impermanence.nix new file mode 100644 index 0000000..db544ce --- /dev/null +++ b/modules/home/impermanence.nix @@ -0,0 +1,50 @@ +{ pkgs, lib, config, osConfig, ... }: +let + fs-diff = with pkgs; + writeShellApplication { + name = "fs-diff"; + runtimeInputs = [ flameshot curl xsel ]; + text = '' + #!/usr/bin/env bash + # fs-diff.sh + set -euo pipefail + + OLD_TRANSID=$(sudo btrfs subvolume find-new /mnt/root-blank 9999999) + OLD_TRANSID=${OLD_TRANSID} + + sudo mkdir /mnt + sudo mount -o subvol=/ /dev/mapper/crypted /mnt + sudo btrfs subvolume find-new "/mnt/root" "$OLD_TRANSID" | + sed \'$d\' | + cut -f17- -d' ' | + sort | + uniq | + while read path; do + path="/$path" + if [ -L "$path" ]; then + : # The path is a symbolic link, so is probably handled by NixOS already + elif [ -d "$path" ]; then + : # The path is a directory, ignore + else + echo "$path" + fi + done + sudo umount /mnt + ''; + }; +in with lib; { + config = mkIf osConfig.mods.impermanence.enable { + home.packages = [ fs-diff ]; + home.persistence."/persistent/home/muon" = { + directories = [ + "documents" + "downloads" + "src" + ".gnupg" + ".ssh" + ".config/sops" + ".local/share/direnv" + ]; + }; + }; +} diff --git a/modules/home/terminal/shell.nix b/modules/home/terminal/shell.nix index c279d04..6ad7b28 100644 --- a/modules/home/terminal/shell.nix +++ b/modules/home/terminal/shell.nix @@ -2,7 +2,10 @@ let cfg = config.mods.terminal; - aliases = { la = "ls -lah"; }; + aliases = with lib; { + la = "ls -lah"; + xc = "${getExe pkgs.xclip} -selection clipboard"; + }; in { options.mods.terminal = { zsh.enable = lib.mkEnableOption "enables zsh"; }; diff --git a/modules/home/terminal/tools.nix b/modules/home/terminal/tools.nix index 87c0fd2..9760b1e 100644 --- a/modules/home/terminal/tools.nix +++ b/modules/home/terminal/tools.nix @@ -28,6 +28,7 @@ in with lib; { "bottom" "htop" "vifm" + "rbw" ]); home.packages = with pkgs; [ @@ -40,10 +41,14 @@ in with lib; { dua fdupes vifm - - # programs - fend unzip + + # security + pinentry-tty + + # utilities + fend + xclip ]; }; } diff --git a/modules/nixos/core/boot.nix b/modules/nixos/core/boot.nix index 051e0d0..2c2e49d 100644 --- a/modules/nixos/core/boot.nix +++ b/modules/nixos/core/boot.nix @@ -11,10 +11,11 @@ timeout = 2; efi.canTouchEfiVariables = true; grub = { - enable = true; + enable = lib.mkDefault true; zfsSupport = true; efiSupport = true; device = "nodev"; + } // lib.optionalAttrs (config.mods.monitors != { }) { gfxmodeEfi = config.mods.monitors.primary.config.mode; }; }; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index bd18466..6e13f3a 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -7,6 +7,8 @@ ./server ./sops + ./impermanence.nix + #