muon/flake
1
0
Fork 0
mirror of https://codeberg.org/muon/home.git synced 2025-12-06 08:07:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add murk and impermanence

Browse source
This commit is contained in:
muon 2025-07-31 00:34:46 +00:00
parent a8668c1a44
commit b4f998d455
17 changed files with 354 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

57
README.md Normal file
View file

@ -0,0 +1,57 @@
# Installation
with disko-install
```sh
sudo nixos-generate-config --root /tmp/config --no-filesystems
sudo nix run 'github:nix-community/disko/latest#disko-install' -- --flake '/tmp/config/etc/nixos#mymachine' --disk main /dev/sda
sudo nix run 'github:nix-community/disko/latest#disko-install' -- --flake "https://codeberg.org/muon/home#$(hostname)" --disk crypted /dev/disk/by-diskseq/1
```
without disko-install
```sh
sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/$(hostname)/disk-config.nix
sudo mount -o subvol=/ /dev/mapper/crypted /mnt
sudo btrfs subvolume snapshot -r /mnt/root /mnt/root-blank
sudo nixos-generate-config --root /mnt
mkdir -p /mnt/home/muon/src
cd /mnt/home/muon/src
git clone https://codeberg.org/muon/home
cp /mnt/etc/nixos/hardware-configuration.nix /mnt/home/muon/src/home/hosts/$(hostname)/
sudo nixos-install --root /mnt --no-root-passwd --flake /mnt/home/muon/src/home#$(hostname)
sudo umount -R /mnt
sudo cryptsetup close /dev/mapper/crypted
```
# Impermanence
## Erasure
```nix
boot.initrd.postResumeCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount /dev/mapper/crypted /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
```

16
flake.lock generated
View file

@ -206,6 +206,21 @@
"type": "github" "type": "github"
} }
}, },
"impermanence": {
"locked": {
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"nix-alien": { "nix-alien": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@ -359,6 +374,7 @@
"root": { "root": {
"inputs": { "inputs": {
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence",
"nix-alien": "nix-alien", "nix-alien": "nix-alien",
"nix-minecraft": "nix-minecraft", "nix-minecraft": "nix-minecraft",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",

5
flake.nix
View file

@ -8,6 +8,8 @@
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.inputs.nixpkgs.follows = "nixpkgs";
impermanence.url = "github:nix-community/impermanence";
stylix.url = "github:danth/stylix"; stylix.url = "github:danth/stylix";
nix-minecraft.url = "git+https://codeberg.org/nix-astral/nix-minecraft.git"; nix-minecraft.url = "git+https://codeberg.org/nix-astral/nix-minecraft.git";
# nix-minecraft.url = "github:Infinidoge/nix-minecraft"; # nix-minecraft.url = "github:Infinidoge/nix-minecraft";
@ -44,6 +46,9 @@
# vm # vm
muvm = utils.mkHost ./hosts/muvm/configuration.nix; muvm = utils.mkHost ./hosts/muvm/configuration.nix;
# work
murk = utils.mkHost ./hosts/murk/configuration.nix;
}; };
homeManagerModules.default = ./modules/home; homeManagerModules.default = ./modules/home;

1
hosts/muon/configuration.nix
View file

@ -9,6 +9,7 @@ in {
nix-alien nix-alien
pkgs.r2modman pkgs.r2modman
pkgs.lutris pkgs.lutris
pkgs.godot
]; ];
# System # System

47
hosts/murk/configuration.nix Normal file
View file

@ -0,0 +1,47 @@
{ config, lib, pkgs, inputs, system, sources, modulesPath, ... }:
let cfg = config.mods;
in {
# Hardware
imports = [
./hardware-configuration.nix
./disk-config.nix
inputs.impermanence.nixosModules.impermanence
(inputs.nixpkgs
+ "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix")
];
environment.systemPackages = with inputs.nix-alien.packages.${system};
[ nix-alien ];
# System
mods.user.name = "muon";
networking.hostName = "murk";
networking.hostId = "a2309090";
mods.home.file = ./home.nix;
# Modules
mods.desktop.enable = true;
mods.boot.enable = false;
mods.theme.enable = true;
mods.theme.scheme = "woodland";
mods.theme.wallpaper = ./wallpaper.png;
mods.impermanence.enable = false;
services.xserver.windowManager.i3.enable = true;
# Hardware preferences
environment.variables = {
WINIT_HIDPI_FACTOR = "1";
WINIT_X11_SCALE_FACTOR = "1";
};
## Mouse
services.libinput.mouse.accelProfile = "flat";
# Version of first install
system.stateVersion = "23.05";
}

69
hosts/murk/disk-config.nix Normal file
View file

@ -0,0 +1,69 @@
{ inputs }: {
inputs.disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-diskseq/1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
# settings = {
# allowDiscards = true;
# keyFile = "/tmp/secret.key";
# };
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/persist" = {
mountpoint = "/persist";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/log" = {
mountpoint = "/var/log";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/swap" = {
mountpoint = "/swap";
swap.swapfile.size = "4G";
};
};
};
};
};
};
};
};
};
};
}

19
hosts/murk/hardware-configuration.nix Normal file
View file

@ -0,0 +1,19 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.supportedFilesystems = [ "zfs" "ntfs" "btrfs" ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

32
hosts/murk/home.nix Normal file
View file

@ -0,0 +1,32 @@
{ pkgs, lib, osConfig, inputs, ... }:
let cfg = osConfig.mods;
in {
imports = [ inputs.impermanence.homeManagerModules.impermanence ];
# Modules
mods.xdg.enable = true;
mods.i3.enable = true;
mods.terminal.zsh.enable = true;
mods.terminal.emulator.enable = true;
mods.terminal.development.enable = true;
mods.terminal.tools.enable = true;
mods.desktop.development.enable = true;
mods.desktop.productivity.enable = false;
# Hardware preferences
## Monitors
services.autorandr.enable = true;
programs.autorandr = {
enable = true;
hooks.postswitch = {
"notify-i3" = "${pkgs.i3}/bin/i3-msg restart";
"set-wallpaper" = ''
${lib.getExe pkgs.feh} --bg-fill --nofehbg ${./wallpaper.png}
'';
};
};
# Version of first install
home.stateVersion = "23.05";
}

BIN
hosts/murk/wallpaper.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 283 KiB

1
modules/home/default.nix
View file

@ -8,6 +8,7 @@ in {
./sops ./sops
./xdg.nix ./xdg.nix
./impermanence.nix
]; ];
# Let Home Manager install and manage itself # Let Home Manager install and manage itself

1
modules/home/desktop/development.nix
View file

@ -3,7 +3,6 @@
lib.mkEnableOption "enables gui development tools"; lib.mkEnableOption "enables gui development tools";
config = lib.mkIf config.mods.desktop.development.enable { config = lib.mkIf config.mods.desktop.development.enable {
home.packages = with pkgs; [ godot ];
programs.qutebrowser = { programs.qutebrowser = {
enable = true; enable = true;

50
modules/home/impermanence.nix Normal file
View file

@ -0,0 +1,50 @@
{ pkgs, lib, config, osConfig, ... }:
let
fs-diff = with pkgs;
writeShellApplication {
name = "fs-diff";
runtimeInputs = [ flameshot curl xsel ];
text = ''
#!/usr/bin/env bash
# fs-diff.sh
set -euo pipefail
OLD_TRANSID=$(sudo btrfs subvolume find-new /mnt/root-blank 9999999)
OLD_TRANSID=${OLD_TRANSID}
sudo mkdir /mnt
sudo mount -o subvol=/ /dev/mapper/crypted /mnt
sudo btrfs subvolume find-new "/mnt/root" "$OLD_TRANSID" |
sed \'$d\' |
cut -f17- -d' ' |
sort |
uniq |
while read path; do
path="/$path"
if [ -L "$path" ]; then
: # The path is a symbolic link, so is probably handled by NixOS already
elif [ -d "$path" ]; then
: # The path is a directory, ignore
else
echo "$path"
fi
done
sudo umount /mnt
'';
};
in with lib; {
config = mkIf osConfig.mods.impermanence.enable {
home.packages = [ fs-diff ];
home.persistence."/persistent/home/muon" = {
directories = [
"documents"
"downloads"
"src"
".gnupg"
".ssh"
".config/sops"
".local/share/direnv"
];
};
};
}

5
modules/home/terminal/shell.nix
View file

@ -2,7 +2,10 @@
let let
cfg = config.mods.terminal; cfg = config.mods.terminal;
aliases = { la = "ls -lah"; }; aliases = with lib; {
la = "ls -lah";
xc = "${getExe pkgs.xclip} -selection clipboard";
};
in { in {
options.mods.terminal = { zsh.enable = lib.mkEnableOption "enables zsh"; }; options.mods.terminal = { zsh.enable = lib.mkEnableOption "enables zsh"; };

11
modules/home/terminal/tools.nix
View file

@ -28,6 +28,7 @@ in with lib; {
"bottom" "bottom"
"htop" "htop"
"vifm" "vifm"
"rbw"
]); ]);
home.packages = with pkgs; [ home.packages = with pkgs; [
@ -40,10 +41,14 @@ in with lib; {
dua dua
fdupes fdupes
vifm vifm
# programs
fend
unzip unzip
# security
pinentry-tty
# utilities
fend
xclip
]; ];
}; };
} }

3
modules/nixos/core/boot.nix
View file

@ -11,10 +11,11 @@
timeout = 2; timeout = 2;
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
grub = { grub = {
enable = true; enable = lib.mkDefault true;
zfsSupport = true; zfsSupport = true;
efiSupport = true; efiSupport = true;
device = "nodev"; device = "nodev";
} // lib.optionalAttrs (config.mods.monitors != { }) {
gfxmodeEfi = config.mods.monitors.primary.config.mode; gfxmodeEfi = config.mods.monitors.primary.config.mode;
}; };
}; };

2
modules/nixos/default.nix
View file

@ -7,6 +7,8 @@
./server ./server
./sops ./sops
./impermanence.nix
# </3 # </3
./unfree ./unfree
]; ];

41
modules/nixos/impermanence.nix Normal file
View file

@ -0,0 +1,41 @@
{ pkgs, lib, config, ... }:
with lib; {
options.mods.impermanence.enable = mkEnableOption "enables impermanence";
config = mkIf config.mods.impermanence.enable {
environment.persistence."/persistent" = {
directories = [
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
];
files = [ "/etc/machine-id" ];
};
boot.initrd.postResumeCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount /dev/mapper/crypted /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
};
}