revamp

.gitignore

@@ -0,0 +1 @@
+.direnv/

class/desktop/default.nix

@@ -14,6 +14,7 @@
     ./plasma.nix
     ./printing.nix
     ./syncthing.nix
+    ./users.nix
     ./vm.nix
     ./wine.nix
   ];

class/desktop/fs.nix

@@ -1,14 +1,5 @@
 {
   boot.initrd.luks.devices.main.device = "/dev/disk/by-label/cryptmain";
 
-  fileSystems = {
+  fileSystems."/".device = "/dev/mapper/main";
-    "/home" = {
-      device = "/dev/mapper/main";
-      fsType = "btrfs";
-      options = ["subvol=home" "compress=zstd" "noatime"];
-    };
-    "/nix".device = "/dev/mapper/main";
-    "/persist".device = "/dev/mapper/main";
-    "/var/log".device = "/dev/mapper/main";
-  };
 }

class/desktop/mullvad.nix

@@ -1,6 +1,4 @@
 {pkgs, ...}: {
-  environment.persistence."/persist".directories = ["/etc/mullvad-vpn"];
-
   services.mullvad-vpn = {
     enable = true;
     package = pkgs.mullvad-vpn;

class/desktop/networking.nix

@@ -1,6 +1,4 @@
 {
-  environment.persistence."/persist".directories = ["/etc/NetworkManager"];
-
   services.resolved.enable = true;
 
   networking = {

class/desktop/plasma.nix

@@ -11,25 +11,15 @@
     };
   };
 
-  environment = {
+  environment.systemPackages = with pkgs.kdePackages; [sddm-kcm discover kate];
-    systemPackages = with pkgs.kdePackages; [discover kate];
+
-    sessionVariables = {
+  programs = {
-      SUDO_ASKPASS = pkgs.writeShellScript "kdialogaskpass" ''
+    kdeconnect.enable = true;
-        exec ${lib.getExe' pkgs.kdialog "kdialog"} --password Askpass
+    partition-manager.enable = true;
-      '';
-      MOZ_USE_XINPUT2 = "1";
-      GDK_SCALE = "1";
-    };
   };
 
   xdg.portal = {
     xdgOpenUsePortal = true;
     extraPortals = [pkgs.xdg-desktop-portal-gtk];
   };
-
-  programs = {
-    kdeconnect.enable = true;
-    partition-manager.enable = true;
-    dconf.enable = true;
-  };
 }

class/desktop/users.nix

@@ -0,0 +1,3 @@
+{
+  users.mutableUsers = true;
+}

class/server/fs.nix

@@ -1,12 +1,3 @@
 {
-  fileSystems = {
+  fileSystems."/".device = "/dev/disk/by-label/main";
-    "/home" = {
-      device = "tmpfs";
-      fsType = "tmpfs";
-      options = ["size=4G" "mode=751"];
-    };
-    "/nix".device = "/dev/disk/by-label/main";
-    "/persist".device = "/dev/disk/by-label/main";
-    "/var/log".device = "/dev/disk/by-label/main";
-  };
 }

class/server/users.nix

@@ -0,0 +1,3 @@
+{
+  users.mutableUsers = false;
+}

common/fish.nix

@@ -2,4 +2,14 @@
   programs.fish.enable = true;
 
   users.defaultUserShell = pkgs.fish;
+
+  nixpkgs.overlays = [
+    (final: prev: {
+      fish = prev.fish.overrideAttrs (oldAttrs: {
+        postInstall = ''
+          rm $out/share/applications/fish.desktop
+        '';
+      });
+    })
+  ];
 }

common/fs.nix

@@ -1,38 +1,14 @@
 {
+  boot.tmp.cleanOnBoot = true;
+
   fileSystems = {
     "/" = {
-      device = "tmpfs";
+      fsType = "ext4";
-      fsType = "tmpfs";
+      options = ["noatime"];
-      options = ["size=4G" "mode=755"];
     };
     "/boot" = {
       device = "/dev/disk/by-label/BOOT";
       fsType = "vfat";
     };
-    "/home".neededForBoot = true;
-    "/nix" = {
-      fsType = "btrfs";
-      options = ["subvol=nix" "compress=zstd" "noatime"];
-    };
-    "/persist" = {
-      fsType = "btrfs";
-      options = ["subvol=persist" "compress=zstd" "noatime"];
-      neededForBoot = true;
-    };
-    "/tmp" = {
-      device = "tmpfs";
-      fsType = "tmpfs";
-      options = ["size=8G" "mode=777"];
-    };
-    "/var/log" = {
-      fsType = "btrfs";
-      options = ["subvol=log" "compress=zstd" "noatime"];
-      neededForBoot = true;
-    };
-  };
-
-  environment.persistence."/persist" = {
-    directories = ["/var/lib" "/var/cache"];
-    files = ["/etc/machine-id"];
   };
 }

common/neovim.nix

@@ -5,7 +5,11 @@
   ...
 }: {
   environment = let
-    package = inputs.myvim.packages.${pkgs.system}.default;
+    package = inputs.myvim.packages.${pkgs.system}.default.overrideAttrs (oldAttrs: {
+      postInstall = ''
+        rm $out/share/applications/nvim.desktop
+      '';
+    });
   in {
     systemPackages = [package];
     variables = lib.genAttrs ["EDITOR" "VISUAL"] (_: lib.getExe package);

common/ssh.nix

@@ -3,12 +3,7 @@
   pkgs,
   ...
 }: {
-  environment.persistence."/persist".files = [
+  age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"];
-    "/etc/ssh/ssh_host_ed25519_key"
-    "/etc/ssh/ssh_host_ed25519_key.pub"
-  ];
-
-  age.identityPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
 
   services.openssh = {
     enable = true;
@@ -27,6 +22,7 @@
 
   programs.ssh = {
     startAgent = true;
+    enableAskPassword = true;
     askPassword = lib.getExe' pkgs.ksshaskpass "ksshaskpass";
   };
 

common/users.nix

@@ -2,13 +2,12 @@
   age.secrets.user-lukas.file = ../secrets/user-lukas.age;
 
   users = {
-    mutableUsers = false;
+    groups.lukas.gid = 1000;
-
-    groups.lukas = {};
 
     users = {
       root.hashedPassword = "!";
       lukas = {
+        uid = 1000;
         isNormalUser = true;
         hashedPasswordFile = config.age.secrets.user-lukas.path;
         openssh.authorizedKeys.keys = builtins.attrValues (import ../pubkeys.nix).users;
@@ -17,6 +16,4 @@
       };
     };
   };
-
-  services.displayManager.sddm.settings.Autologin.User = "lukas";
 }

disk.sh

@@ -91,37 +91,9 @@ while true; do
   esac
 done
 
-mkfs.btrfs --force --quiet --label "$mainlbl" -- "$mainfs"
+mkfs.ext4 -q -F -L "$mainlbl" -- "$mainfs"
 mkdir --parents -- "$root"
-mount -- "$mainfs" "$root"
+mount --options noatime -- "$mainfs" "$root"
-
-declare -A vols
-while true; do
-  read -r -p 'Add a subvolume: ' vol
-  if [[ "$vol" == '' ]]; then
-    break
-  fi
-
-  read -r -p 'Add a subvolume path: ' path
-  if [[ "$path" == '' ]]; then
-    path="$vol"
-  fi
-
-  vols["$vol"]="$path"
-done
-
-for vol in "${!vols[@]}"; do
-  btrfs --quiet subvolume create -- "$root/$vol"
-done
-
-umount -- "$root"
-
-mount -t tmpfs -o size=2G,mode=755 tmpfs -- "$root"
-
-for vol in "${!vols[@]}"; do
-  mkdir --parents -- "$root/${vols["$vol"]}"
-  mount --options "subvol=$vol,compress=zstd,noatime" -- "$mainfs" "$root/${vols["$vol"]}"
-done
 
 mkdir -- "$root/boot"
 mount -- "$bootfs" "$root/boot"

flake.lock

@@ -8,11 +8,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1712079060,
+        "lastModified": 1718371084,
-        "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
+        "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "1381a759b205dff7a6818733118d02253340fd5e",
+        "rev": "3a56735779db467538fb2e577eda28a9daacaca6",
         "type": "github"
       },
       "original": {
@@ -101,11 +101,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1712014858,
+        "lastModified": 1719745305,
-        "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
+        "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
+        "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
         "type": "github"
       },
       "original": {
@@ -215,11 +215,11 @@
     },
     "hardware": {
       "locked": {
-        "lastModified": 1713521961,
+        "lastModified": 1719681865,
-        "narHash": "sha256-EwR8wW9AqJhSIY+0oxWRybUZ32BVKuZ9bjlRh8SJvQ8=",
+        "narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "5d48925b815fd202781bfae8fb6f45c07112fdb2",
+        "rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac",
         "type": "github"
       },
       "original": {
@@ -271,21 +271,6 @@
         "type": "github"
       }
     },
-    "impermanence": {
-      "locked": {
-        "lastModified": 1708968331,
-        "narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
-        "owner": "nix-community",
-        "repo": "impermanence",
-        "rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "impermanence",
-        "type": "github"
-      }
-    },
     "myvim": {
       "inputs": {
         "flake-parts": "flake-parts_2",
@@ -346,20 +331,14 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "dir": "lib",
+        "lastModified": 1717284937,
-        "lastModified": 1711703276,
+        "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=",
-        "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
+        "type": "tarball",
-        "owner": "NixOS",
+        "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
-        "repo": "nixpkgs",
-        "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
-        "type": "github"
       },
       "original": {
-        "dir": "lib",
+        "type": "tarball",
-        "owner": "NixOS",
+        "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
       }
     },
     "nixpkgs-lib_2": {
@@ -414,11 +393,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1713537308,
+        "lastModified": 1719690277,
-        "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=",
+        "narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f",
+        "rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e",
         "type": "github"
       },
       "original": {
@@ -487,7 +466,6 @@
         "agenix": "agenix",
         "flake-parts": "flake-parts",
         "hardware": "hardware",
-        "impermanence": "impermanence",
         "myvim": "myvim",
         "nixpkgs": "nixpkgs_4"
       }

flake.nix

@@ -5,7 +5,6 @@
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     flake-parts.url = "github:hercules-ci/flake-parts";
     hardware.url = "github:NixOS/nixos-hardware";
-    impermanence.url = "github:nix-community/impermanence";
     agenix.url = "github:ryantm/agenix";
     myvim.url = "github:lukaswrz/myvim";
   };
@@ -26,7 +25,6 @@
               attrName = name;
             };
             modules = [
-              inputs.impermanence.nixosModules.impermanence
               inputs.agenix.nixosModules.default
 
               ./common
@@ -62,7 +60,7 @@
           runtimeInputs = with pkgs; [
             util-linux
             jq
-            btrfs-progs
+            e2fsprogs
             dosfstools
           ];
 

hosts/abacus/nginx.nix

@@ -3,8 +3,6 @@
   pkgs,
   ...
 }: {
-  environment.persistence."/persist".directories = ["/var/www"];
-
   services.nginx = {
     enable = true;
     package = pkgs.nginxQuic;

hosts/glacier/default.nix

@@ -24,7 +24,9 @@
     binfmt.emulatedSystems = ["aarch64-linux"];
   };
 
-  system.stateVersion = "24.05";
+  system.stateVersion = "24.11";
 
   powerManagement.cpuFreqGovernor = "performance";
+
+  networking.firewall.enable = false;
 }

hosts/vessel/default.nix

@@ -24,6 +24,4 @@
   system.stateVersion = "24.05";
 
   powerManagement.cpuFreqGovernor = "powersave";
-
-  environment.persistence."/persist".directories = ["/srv/storage"];
 }