diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9b42106 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.direnv/ diff --git a/class/desktop/default.nix b/class/desktop/default.nix index 2eaf79e..30765f5 100644 --- a/class/desktop/default.nix +++ b/class/desktop/default.nix @@ -14,6 +14,7 @@ ./plasma.nix ./printing.nix ./syncthing.nix + ./users.nix ./vm.nix ./wine.nix ]; diff --git a/class/desktop/fs.nix b/class/desktop/fs.nix index 02e66b8..c59c848 100644 --- a/class/desktop/fs.nix +++ b/class/desktop/fs.nix @@ -1,14 +1,5 @@ { boot.initrd.luks.devices.main.device = "/dev/disk/by-label/cryptmain"; - fileSystems = { - "/home" = { - device = "/dev/mapper/main"; - fsType = "btrfs"; - options = ["subvol=home" "compress=zstd" "noatime"]; - }; - "/nix".device = "/dev/mapper/main"; - "/persist".device = "/dev/mapper/main"; - "/var/log".device = "/dev/mapper/main"; - }; + fileSystems."/".device = "/dev/mapper/main"; } diff --git a/class/desktop/mullvad.nix b/class/desktop/mullvad.nix index 0190f98..31d3c05 100644 --- a/class/desktop/mullvad.nix +++ b/class/desktop/mullvad.nix @@ -1,6 +1,4 @@ {pkgs, ...}: { - environment.persistence."/persist".directories = ["/etc/mullvad-vpn"]; - services.mullvad-vpn = { enable = true; package = pkgs.mullvad-vpn; diff --git a/class/desktop/networking.nix b/class/desktop/networking.nix index 064d360..1844edb 100644 --- a/class/desktop/networking.nix +++ b/class/desktop/networking.nix @@ -1,6 +1,4 @@ { - environment.persistence."/persist".directories = ["/etc/NetworkManager"]; - services.resolved.enable = true; networking = { diff --git a/class/desktop/plasma.nix b/class/desktop/plasma.nix index ae3015b..41f2ecf 100644 --- a/class/desktop/plasma.nix +++ b/class/desktop/plasma.nix @@ -11,25 +11,15 @@ }; }; - environment = { - systemPackages = with pkgs.kdePackages; [discover kate]; - sessionVariables = { - SUDO_ASKPASS = pkgs.writeShellScript "kdialogaskpass" '' - exec ${lib.getExe' pkgs.kdialog "kdialog"} --password Askpass - ''; - MOZ_USE_XINPUT2 = "1"; - GDK_SCALE = "1"; - }; + environment.systemPackages = with pkgs.kdePackages; [sddm-kcm discover kate]; + + programs = { + kdeconnect.enable = true; + partition-manager.enable = true; }; xdg.portal = { xdgOpenUsePortal = true; extraPortals = [pkgs.xdg-desktop-portal-gtk]; }; - - programs = { - kdeconnect.enable = true; - partition-manager.enable = true; - dconf.enable = true; - }; } diff --git a/class/desktop/users.nix b/class/desktop/users.nix new file mode 100644 index 0000000..b52535d --- /dev/null +++ b/class/desktop/users.nix @@ -0,0 +1,3 @@ +{ + users.mutableUsers = true; +} diff --git a/class/server/fs.nix b/class/server/fs.nix index 0b5e429..78cbd80 100644 --- a/class/server/fs.nix +++ b/class/server/fs.nix @@ -1,12 +1,3 @@ { - fileSystems = { - "/home" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["size=4G" "mode=751"]; - }; - "/nix".device = "/dev/disk/by-label/main"; - "/persist".device = "/dev/disk/by-label/main"; - "/var/log".device = "/dev/disk/by-label/main"; - }; + fileSystems."/".device = "/dev/disk/by-label/main"; } diff --git a/class/server/users.nix b/class/server/users.nix new file mode 100644 index 0000000..23b7787 --- /dev/null +++ b/class/server/users.nix @@ -0,0 +1,3 @@ +{ + users.mutableUsers = false; +} diff --git a/common/fish.nix b/common/fish.nix index b54be6e..44effb3 100644 --- a/common/fish.nix +++ b/common/fish.nix @@ -2,4 +2,14 @@ programs.fish.enable = true; users.defaultUserShell = pkgs.fish; + + nixpkgs.overlays = [ + (final: prev: { + fish = prev.fish.overrideAttrs (oldAttrs: { + postInstall = '' + rm $out/share/applications/fish.desktop + ''; + }); + }) + ]; } diff --git a/common/fs.nix b/common/fs.nix index 82f96bc..c866aec 100644 --- a/common/fs.nix +++ b/common/fs.nix @@ -1,38 +1,14 @@ { + boot.tmp.cleanOnBoot = true; + fileSystems = { "/" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["size=4G" "mode=755"]; + fsType = "ext4"; + options = ["noatime"]; }; "/boot" = { device = "/dev/disk/by-label/BOOT"; fsType = "vfat"; }; - "/home".neededForBoot = true; - "/nix" = { - fsType = "btrfs"; - options = ["subvol=nix" "compress=zstd" "noatime"]; - }; - "/persist" = { - fsType = "btrfs"; - options = ["subvol=persist" "compress=zstd" "noatime"]; - neededForBoot = true; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["size=8G" "mode=777"]; - }; - "/var/log" = { - fsType = "btrfs"; - options = ["subvol=log" "compress=zstd" "noatime"]; - neededForBoot = true; - }; - }; - - environment.persistence."/persist" = { - directories = ["/var/lib" "/var/cache"]; - files = ["/etc/machine-id"]; }; } diff --git a/common/neovim.nix b/common/neovim.nix index 6b9940c..b79cb46 100644 --- a/common/neovim.nix +++ b/common/neovim.nix @@ -5,7 +5,11 @@ ... }: { environment = let - package = inputs.myvim.packages.${pkgs.system}.default; + package = inputs.myvim.packages.${pkgs.system}.default.overrideAttrs (oldAttrs: { + postInstall = '' + rm $out/share/applications/nvim.desktop + ''; + }); in { systemPackages = [package]; variables = lib.genAttrs ["EDITOR" "VISUAL"] (_: lib.getExe package); diff --git a/common/ssh.nix b/common/ssh.nix index f853451..636ec6f 100644 --- a/common/ssh.nix +++ b/common/ssh.nix @@ -3,12 +3,7 @@ pkgs, ... }: { - environment.persistence."/persist".files = [ - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - ]; - - age.identityPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; + age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"]; services.openssh = { enable = true; @@ -27,6 +22,7 @@ programs.ssh = { startAgent = true; + enableAskPassword = true; askPassword = lib.getExe' pkgs.ksshaskpass "ksshaskpass"; }; diff --git a/common/users.nix b/common/users.nix index b1fdbee..12ace5b 100644 --- a/common/users.nix +++ b/common/users.nix @@ -2,13 +2,12 @@ age.secrets.user-lukas.file = ../secrets/user-lukas.age; users = { - mutableUsers = false; - - groups.lukas = {}; + groups.lukas.gid = 1000; users = { root.hashedPassword = "!"; lukas = { + uid = 1000; isNormalUser = true; hashedPasswordFile = config.age.secrets.user-lukas.path; openssh.authorizedKeys.keys = builtins.attrValues (import ../pubkeys.nix).users; @@ -17,6 +16,4 @@ }; }; }; - - services.displayManager.sddm.settings.Autologin.User = "lukas"; } diff --git a/disk.sh b/disk.sh index f9e37a8..d4be5c4 100644 --- a/disk.sh +++ b/disk.sh @@ -91,37 +91,9 @@ while true; do esac done -mkfs.btrfs --force --quiet --label "$mainlbl" -- "$mainfs" +mkfs.ext4 -q -F -L "$mainlbl" -- "$mainfs" mkdir --parents -- "$root" -mount -- "$mainfs" "$root" - -declare -A vols -while true; do - read -r -p 'Add a subvolume: ' vol - if [[ "$vol" == '' ]]; then - break - fi - - read -r -p 'Add a subvolume path: ' path - if [[ "$path" == '' ]]; then - path="$vol" - fi - - vols["$vol"]="$path" -done - -for vol in "${!vols[@]}"; do - btrfs --quiet subvolume create -- "$root/$vol" -done - -umount -- "$root" - -mount -t tmpfs -o size=2G,mode=755 tmpfs -- "$root" - -for vol in "${!vols[@]}"; do - mkdir --parents -- "$root/${vols["$vol"]}" - mount --options "subvol=$vol,compress=zstd,noatime" -- "$mainfs" "$root/${vols["$vol"]}" -done +mount --options noatime -- "$mainfs" "$root" mkdir -- "$root/boot" mount -- "$bootfs" "$root/boot" diff --git a/flake.lock b/flake.lock index 8d2b90c..e0639c7 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1712079060, - "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=", + "lastModified": 1718371084, + "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=", "owner": "ryantm", "repo": "agenix", - "rev": "1381a759b205dff7a6818733118d02253340fd5e", + "rev": "3a56735779db467538fb2e577eda28a9daacaca6", "type": "github" }, "original": { @@ -101,11 +101,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "lastModified": 1719745305, + "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9", "type": "github" }, "original": { @@ -215,11 +215,11 @@ }, "hardware": { "locked": { - "lastModified": 1713521961, - "narHash": "sha256-EwR8wW9AqJhSIY+0oxWRybUZ32BVKuZ9bjlRh8SJvQ8=", + "lastModified": 1719681865, + "narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "5d48925b815fd202781bfae8fb6f45c07112fdb2", + "rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac", "type": "github" }, "original": { @@ -271,21 +271,6 @@ "type": "github" } }, - "impermanence": { - "locked": { - "lastModified": 1708968331, - "narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=", - "owner": "nix-community", - "repo": "impermanence", - "rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "impermanence", - "type": "github" - } - }, "myvim": { "inputs": { "flake-parts": "flake-parts_2", @@ -346,20 +331,14 @@ }, "nixpkgs-lib": { "locked": { - "dir": "lib", - "lastModified": 1711703276, - "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", - "type": "github" + "lastModified": 1717284937, + "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" }, "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" } }, "nixpkgs-lib_2": { @@ -414,11 +393,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1713537308, - "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=", + "lastModified": 1719690277, + "narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f", + "rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e", "type": "github" }, "original": { @@ -487,7 +466,6 @@ "agenix": "agenix", "flake-parts": "flake-parts", "hardware": "hardware", - "impermanence": "impermanence", "myvim": "myvim", "nixpkgs": "nixpkgs_4" } diff --git a/flake.nix b/flake.nix index 8475959..3ef8488 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,6 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-parts.url = "github:hercules-ci/flake-parts"; hardware.url = "github:NixOS/nixos-hardware"; - impermanence.url = "github:nix-community/impermanence"; agenix.url = "github:ryantm/agenix"; myvim.url = "github:lukaswrz/myvim"; }; @@ -26,7 +25,6 @@ attrName = name; }; modules = [ - inputs.impermanence.nixosModules.impermanence inputs.agenix.nixosModules.default ./common @@ -62,7 +60,7 @@ runtimeInputs = with pkgs; [ util-linux jq - btrfs-progs + e2fsprogs dosfstools ]; diff --git a/hosts/abacus/nginx.nix b/hosts/abacus/nginx.nix index 596d154..e7e0364 100644 --- a/hosts/abacus/nginx.nix +++ b/hosts/abacus/nginx.nix @@ -3,8 +3,6 @@ pkgs, ... }: { - environment.persistence."/persist".directories = ["/var/www"]; - services.nginx = { enable = true; package = pkgs.nginxQuic; diff --git a/hosts/glacier/default.nix b/hosts/glacier/default.nix index 779804e..e4f4f59 100644 --- a/hosts/glacier/default.nix +++ b/hosts/glacier/default.nix @@ -24,7 +24,9 @@ binfmt.emulatedSystems = ["aarch64-linux"]; }; - system.stateVersion = "24.05"; + system.stateVersion = "24.11"; powerManagement.cpuFreqGovernor = "performance"; + + networking.firewall.enable = false; } diff --git a/hosts/vessel/default.nix b/hosts/vessel/default.nix index cad1e91..2626c4a 100644 --- a/hosts/vessel/default.nix +++ b/hosts/vessel/default.nix @@ -24,6 +24,4 @@ system.stateVersion = "24.05"; powerManagement.cpuFreqGovernor = "powersave"; - - environment.persistence."/persist".directories = ["/srv/storage"]; }