revamp

2024-07-02 00:06:05 +02:00 · 2024-07-02 00:06:05 +02:00 · f59e1af4bd
parent d23c039131
commit f59e1af4bd
20 changed files with 62 additions and 157 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.direnv/
--- a/class/desktop/default.nix
+++ b/class/desktop/default.nix
@ -14,6 +14,7 @@
    ./plasma.nix
    ./printing.nix
    ./syncthing.nix
+    ./users.nix
    ./vm.nix
    ./wine.nix
  ];
--- a/class/desktop/fs.nix
+++ b/class/desktop/fs.nix
@ -1,14 +1,5 @@
 {
  boot.initrd.luks.devices.main.device = "/dev/disk/by-label/cryptmain";

-  fileSystems = {
-    "/home" = {
-      device = "/dev/mapper/main";
-      fsType = "btrfs";
-      options = ["subvol=home" "compress=zstd" "noatime"];
-    };
-    "/nix".device = "/dev/mapper/main";
-    "/persist".device = "/dev/mapper/main";
-    "/var/log".device = "/dev/mapper/main";
-  };
+  fileSystems."/".device = "/dev/mapper/main";
 }
--- a/class/desktop/mullvad.nix
+++ b/class/desktop/mullvad.nix
@ -1,6 +1,4 @@
 {pkgs, ...}: {
-  environment.persistence."/persist".directories = ["/etc/mullvad-vpn"];
-
  services.mullvad-vpn = {
    enable = true;
    package = pkgs.mullvad-vpn;
--- a/class/desktop/networking.nix
+++ b/class/desktop/networking.nix
@ -1,6 +1,4 @@
 {
-  environment.persistence."/persist".directories = ["/etc/NetworkManager"];
-
  services.resolved.enable = true;

  networking = {
--- a/class/desktop/plasma.nix
+++ b/class/desktop/plasma.nix
@ -11,25 +11,15 @@
    };
  };

-  environment = {
-    systemPackages = with pkgs.kdePackages; [discover kate];
-    sessionVariables = {
-      SUDO_ASKPASS = pkgs.writeShellScript "kdialogaskpass" ''
-        exec ${lib.getExe' pkgs.kdialog "kdialog"} --password Askpass
-      '';
-      MOZ_USE_XINPUT2 = "1";
-      GDK_SCALE = "1";
-    };
+  environment.systemPackages = with pkgs.kdePackages; [sddm-kcm discover kate];
+
+  programs = {
+    kdeconnect.enable = true;
+    partition-manager.enable = true;
  };

  xdg.portal = {
    xdgOpenUsePortal = true;
    extraPortals = [pkgs.xdg-desktop-portal-gtk];
  };
-
-  programs = {
-    kdeconnect.enable = true;
-    partition-manager.enable = true;
-    dconf.enable = true;
-  };
 }
--- a/class/desktop/users.nix
+++ b/class/desktop/users.nix
@ -0,0 +1,3 @@
+{
+  users.mutableUsers = true;
+}
--- a/class/server/fs.nix
+++ b/class/server/fs.nix
@ -1,12 +1,3 @@
 {
-  fileSystems = {
-    "/home" = {
-      device = "tmpfs";
-      fsType = "tmpfs";
-      options = ["size=4G" "mode=751"];
-    };
-    "/nix".device = "/dev/disk/by-label/main";
-    "/persist".device = "/dev/disk/by-label/main";
-    "/var/log".device = "/dev/disk/by-label/main";
-  };
+  fileSystems."/".device = "/dev/disk/by-label/main";
 }
--- a/class/server/users.nix
+++ b/class/server/users.nix
@ -0,0 +1,3 @@
+{
+  users.mutableUsers = false;
+}
--- a/common/fish.nix
+++ b/common/fish.nix
@ -2,4 +2,14 @@
  programs.fish.enable = true;

  users.defaultUserShell = pkgs.fish;
+
+  nixpkgs.overlays = [
+    (final: prev: {
+      fish = prev.fish.overrideAttrs (oldAttrs: {
+        postInstall = ''
+          rm $out/share/applications/fish.desktop
+        '';
+      });
+    })
+  ];
 }
--- a/common/fs.nix
+++ b/common/fs.nix
@ -1,38 +1,14 @@
 {
+  boot.tmp.cleanOnBoot = true;
+
  fileSystems = {
    "/" = {
-      device = "tmpfs";
-      fsType = "tmpfs";
-      options = ["size=4G" "mode=755"];
+      fsType = "ext4";
+      options = ["noatime"];
    };
    "/boot" = {
      device = "/dev/disk/by-label/BOOT";
      fsType = "vfat";
    };
-    "/home".neededForBoot = true;
-    "/nix" = {
-      fsType = "btrfs";
-      options = ["subvol=nix" "compress=zstd" "noatime"];
-    };
-    "/persist" = {
-      fsType = "btrfs";
-      options = ["subvol=persist" "compress=zstd" "noatime"];
-      neededForBoot = true;
-    };
-    "/tmp" = {
-      device = "tmpfs";
-      fsType = "tmpfs";
-      options = ["size=8G" "mode=777"];
-    };
-    "/var/log" = {
-      fsType = "btrfs";
-      options = ["subvol=log" "compress=zstd" "noatime"];
-      neededForBoot = true;
-    };
-  };
-
-  environment.persistence."/persist" = {
-    directories = ["/var/lib" "/var/cache"];
-    files = ["/etc/machine-id"];
  };
 }
--- a/common/neovim.nix
+++ b/common/neovim.nix
@ -5,7 +5,11 @@
  ...
 }: {
  environment = let
-    package = inputs.myvim.packages.${pkgs.system}.default;
+    package = inputs.myvim.packages.${pkgs.system}.default.overrideAttrs (oldAttrs: {
+      postInstall = ''
+        rm $out/share/applications/nvim.desktop
+      '';
+    });
  in {
    systemPackages = [package];
    variables = lib.genAttrs ["EDITOR" "VISUAL"] (_: lib.getExe package);
--- a/common/ssh.nix
+++ b/common/ssh.nix
@ -3,12 +3,7 @@
  pkgs,
  ...
 }: {
-  environment.persistence."/persist".files = [
-    "/etc/ssh/ssh_host_ed25519_key"
-    "/etc/ssh/ssh_host_ed25519_key.pub"
-  ];
-
-  age.identityPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
+  age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"];

  services.openssh = {
    enable = true;
@ -27,6 +22,7 @@

  programs.ssh = {
    startAgent = true;
+    enableAskPassword = true;
    askPassword = lib.getExe' pkgs.ksshaskpass "ksshaskpass";
  };

--- a/common/users.nix
+++ b/common/users.nix
@ -2,13 +2,12 @@
  age.secrets.user-lukas.file = ../secrets/user-lukas.age;

  users = {
-    mutableUsers = false;
-
-    groups.lukas = {};
+    groups.lukas.gid = 1000;

    users = {
      root.hashedPassword = "!";
      lukas = {
+        uid = 1000;
        isNormalUser = true;
        hashedPasswordFile = config.age.secrets.user-lukas.path;
        openssh.authorizedKeys.keys = builtins.attrValues (import ../pubkeys.nix).users;
@ -17,6 +16,4 @@
      };
    };
  };
-
-  services.displayManager.sddm.settings.Autologin.User = "lukas";
 }
--- a/disk.sh
+++ b/disk.sh
@ -91,37 +91,9 @@ while true; do
  esac
 done

-mkfs.btrfs --force --quiet --label "$mainlbl" -- "$mainfs"
+mkfs.ext4 -q -F -L "$mainlbl" -- "$mainfs"
 mkdir --parents -- "$root"
-mount -- "$mainfs" "$root"
-
-declare -A vols
-while true; do
-  read -r -p 'Add a subvolume: ' vol
-  if [[ "$vol" == '' ]]; then
-    break
-  fi
-
-  read -r -p 'Add a subvolume path: ' path
-  if [[ "$path" == '' ]]; then
-    path="$vol"
-  fi
-
-  vols["$vol"]="$path"
-done
-
-for vol in "${!vols[@]}"; do
-  btrfs --quiet subvolume create -- "$root/$vol"
-done
-
-umount -- "$root"
-
-mount -t tmpfs -o size=2G,mode=755 tmpfs -- "$root"
-
-for vol in "${!vols[@]}"; do
-  mkdir --parents -- "$root/${vols["$vol"]}"
-  mount --options "subvol=$vol,compress=zstd,noatime" -- "$mainfs" "$root/${vols["$vol"]}"
-done
+mount --options noatime -- "$mainfs" "$root"

 mkdir -- "$root/boot"
 mount -- "$bootfs" "$root/boot"
--- a/flake.lock
+++ b/flake.lock
@ -8,11 +8,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1712079060,
-        "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
+        "lastModified": 1718371084,
+        "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "1381a759b205dff7a6818733118d02253340fd5e",
+        "rev": "3a56735779db467538fb2e577eda28a9daacaca6",
        "type": "github"
      },
      "original": {
@ -101,11 +101,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1712014858,
-        "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
+        "lastModified": 1719745305,
+        "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
+        "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
        "type": "github"
      },
      "original": {
@ -215,11 +215,11 @@
    },
    "hardware": {
      "locked": {
-        "lastModified": 1713521961,
-        "narHash": "sha256-EwR8wW9AqJhSIY+0oxWRybUZ32BVKuZ9bjlRh8SJvQ8=",
+        "lastModified": 1719681865,
+        "narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "5d48925b815fd202781bfae8fb6f45c07112fdb2",
+        "rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac",
        "type": "github"
      },
      "original": {
@ -271,21 +271,6 @@
        "type": "github"
      }
    },
-    "impermanence": {
-      "locked": {
-        "lastModified": 1708968331,
-        "narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
-        "owner": "nix-community",
-        "repo": "impermanence",
-        "rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "impermanence",
-        "type": "github"
-      }
-    },
    "myvim": {
      "inputs": {
        "flake-parts": "flake-parts_2",
@ -346,20 +331,14 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "dir": "lib",
-        "lastModified": 1711703276,
-        "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
-        "type": "github"
+        "lastModified": 1717284937,
+        "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
      },
      "original": {
-        "dir": "lib",
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
      }
    },
    "nixpkgs-lib_2": {
@ -414,11 +393,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1713537308,
-        "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=",
+        "lastModified": 1719690277,
+        "narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f",
+        "rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e",
        "type": "github"
      },
      "original": {
@ -487,7 +466,6 @@
        "agenix": "agenix",
        "flake-parts": "flake-parts",
        "hardware": "hardware",
-        "impermanence": "impermanence",
        "myvim": "myvim",
        "nixpkgs": "nixpkgs_4"
      }
--- a/flake.nix
+++ b/flake.nix
@ -5,7 +5,6 @@
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    flake-parts.url = "github:hercules-ci/flake-parts";
    hardware.url = "github:NixOS/nixos-hardware";
-    impermanence.url = "github:nix-community/impermanence";
    agenix.url = "github:ryantm/agenix";
    myvim.url = "github:lukaswrz/myvim";
  };
@ -26,7 +25,6 @@
              attrName = name;
            };
            modules = [
-              inputs.impermanence.nixosModules.impermanence
              inputs.agenix.nixosModules.default

              ./common
@ -62,7 +60,7 @@
          runtimeInputs = with pkgs; [
            util-linux
            jq
-            btrfs-progs
+            e2fsprogs
            dosfstools
          ];

--- a/hosts/abacus/nginx.nix
+++ b/hosts/abacus/nginx.nix
@ -3,8 +3,6 @@
  pkgs,
  ...
 }: {
-  environment.persistence."/persist".directories = ["/var/www"];
-
  services.nginx = {
    enable = true;
    package = pkgs.nginxQuic;
--- a/hosts/glacier/default.nix
+++ b/hosts/glacier/default.nix
@ -24,7 +24,9 @@
    binfmt.emulatedSystems = ["aarch64-linux"];
  };

-  system.stateVersion = "24.05";
+  system.stateVersion = "24.11";

  powerManagement.cpuFreqGovernor = "performance";
+
+  networking.firewall.enable = false;
 }
--- a/hosts/vessel/default.nix
+++ b/hosts/vessel/default.nix
@ -24,6 +24,4 @@
  system.stateVersion = "24.05";

  powerManagement.cpuFreqGovernor = "powersave";
-
-  environment.persistence."/persist".directories = ["/srv/storage"];
 }