add wip pc installer/livecd

config/default.nix

@@ -6,6 +6,7 @@
     "${nixos-config}/users"
     "${nixos-config}/programs"
     ./systemd-boot.nix
+    ./i18n.nix
   ];
   boot.initrd.systemd.enable = true;
 }

config/graphical.nix

@@ -0,0 +1,7 @@
+{config, ...}: {
+  time.timeZone = "Etc/GMT-1";
+  isGraphical = true;
+  imports = [
+    ./kde
+  ];
+}

config/i18n.nix

@@ -0,0 +1,3 @@
+{config, ...}: {
+  console.keyMap = "neo";
+}

config/kde/default.nix

@@ -0,0 +1,9 @@
+{...}: {
+  services.xserver.enable = true;
+  services.displayManager.sddm.enable = true;
+  services.desktopManager.plasma6.enable = true;
+
+  imports = [
+    ./i18n.nix
+  ];
+}

config/kde/i18n.nix

@@ -0,0 +1,7 @@
+{...}: {
+  services.libinput.enable = true;
+  services.xserver.xkb = {
+    layout = "de";
+    variant = "neo";
+  };
+}

config/systemd-boot.nix

@@ -1,5 +1,12 @@
-_: {
-  boot.loader.systemd-boot.enable = true;
+{system, ...}: let
+  isx86 = system == "x86_64-linux";
+in {
+  boot.loader.systemd-boot = {
+    enable = true;
+    memtest86.enable = isx86;
+    netbootxyz.enable = isx86;
+    edk2-uefi-shell.enable = isx86;
+  };
   boot.loader.generic-extlinux-compatible.enable = false;
   boot.loader.efi.canTouchEfiVariables = true;
 }

flake.nix

@@ -152,6 +152,10 @@
           config = ./machine/not522/installer;
           system = "riscv64-linux";
         };
+        pc-installer = {
+          config = ./machine/pc-installer;
+          system = "x86_64-linux";
+        };
       };
       containers = mapAttrs (_: container:
         mkSystem {

machine/pc-installer/default.nix

@@ -0,0 +1,18 @@
+{
+  config,
+  nixos-config,
+  ...
+}: {
+  networking.hostName = "pc-installer";
+  imports = [
+    "${nixos-config}/config"
+    ./disko.nix
+    ./grub.nix
+  ];
+  system.stateVersion = config.system.nixos.version;
+  specialisation.graphical = {
+    configuration.imports = [
+      ./graphical.nix
+    ];
+  };
+}

machine/pc-installer/disko.nix

@@ -0,0 +1,56 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = ["umask=0077"];
+              };
+            };
+            root = {
+              end = "100%";
+              content = {
+                type = "btrfs";
+                extraArgs = ["-f"]; # Override existing partition
+                # Subvolumes must set a mountpoint in order to be mounted,
+                # unless their parent is mounted
+                subvolumes = {
+                  # Subvolume name is different from mountpoint
+                  "/root" = {
+                    mountOptions = ["compress=zstd"];
+                    mountpoint = "/";
+                  };
+                  # Subvolume name is the same as the mountpoint
+                  "/persistent" = {
+                    mountOptions = ["compress=zstd"];
+                    mountpoint = "/persistent";
+                  };
+                  # Parent is not mounted so the mountpoint must be set
+                  "/nix" = {
+                    mountOptions = ["compress=zstd" "noatime"];
+                    mountpoint = "/nix";
+                  };
+                };
+                mountpoint = "/partition-root";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

machine/pc-installer/graphical.nix

@@ -0,0 +1,10 @@
+{
+  config,
+  nixos-config,
+  ...
+}: {
+  nix.auto-update.specialisation = "graphical";
+  imports = [
+    "${nixos-config}/config/graphical.nix"
+  ];
+}

machine/pc-installer/grub.nix

@@ -0,0 +1,16 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  # For legacy pc reason, this needs to be grub
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+  boot.loader.grub = {
+    enable = true;
+    devices = [config.disko.devices.disk.main.device];
+    efiInstallAsRemovable = true;
+    efiSupport = true;
+    memtest86.enable = true;
+  };
+  boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
+}

modules/default.nix

@@ -1,8 +1,10 @@
 {
   disko,
   home-manager,
+  lib,
   ...
-}: {
+}:
+with lib; {
   imports = [
     ./riscv.nix
     ./containers/autoconfig.nix
@@ -13,4 +15,5 @@
     ./hydra/build-server.nix
     "${home-manager}/nixos"
   ];
+  options.isGraphical = mkEnableOption "Whether or not this configuration is a graphical install";
 }

modules/nix/autoupdater.nix

@@ -30,6 +30,11 @@ in
         description = "Job name to use";
         default = "nixosConfigurations.${config.networking.hostName}";
       };
+      specialisation = mkOption {
+        type = types.nullOr types.str;
+        description = "specialisation to switch into";
+        default = null;
+      };
     };
 
     config.nix.auto-update.enable = mkDefault config.nix.enable;
@@ -48,32 +53,44 @@ in
         #!${pkgs.bash}/bin/bash
         set -euxo pipefail
         build=$(${pkgs.curl}/bin/curl -H "accept: application/json" -G ${cfg.hydraServer}/api/latestbuilds -d "nr=10" -d "project=${cfg.project}" -d "jobset=${cfg.jobset}" -d "job=${cfg.job}" | ${pkgs.jq}/bin/jq -r '[.[]|select(.buildstatus==0)][0].id')
-        doc=$(${pkgs.curl}/bin/curl -H "accept: application/json" ${config.nix.auto-update.hydraServer}/build/$build)
+        doc=$(${pkgs.curl}/bin/curl -H "accept: application/json" ${cfg.hydraServer}/build/$build)
         drvname=$(echo $doc | ${pkgs.jq}/bin/jq -r '.drvpath')
         output=$(${pkgs.nix}/bin/nix-store -r $drvname)
         ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $output
         ${
-          if config.nix.auto-update.reboot
+          if cfg.reboot
           then ''
             $output/bin/switch-to-configuration boot
             booted="$(${pkgs.coreutils}/bin/readlink /run/booted-system/{initrd,kernel,kernel-modules})"
             built="$(${pkgs.coreutils}/bin/readlink $output/{initrd,kernel,kernel-modules})"
             if [ "$booted" = "$built" ]; then
-              $output/bin/switch-to-configuration switch
+              ${
+              if cfg.specialisation == null
+              then "$output/bin/switch-to-configuration switch"
+              else ''
+                $output/specialisations/${cfg.specialisation}/bin/switch-to-configuration switch
+              ''
+            }
             else
                 ${pkgs.systemd}/bin/shutdown -r +1
             fi
             exit
           ''
           else ''
-            $output/bin/switch-to-configuration switch
+            ${
+              if cfg.specialisation == null
+              then "$output/bin/switch-to-configuration switch"
+              else ''
+                $output/specialisations/${cfg.specialisation}/bin/switch-to-configuration switch
+              ''
+            }
           ''
         }
       '';
     };
 
     config.systemd.timers.nixos-upgrade = {
-      enable = config.nix.auto-update.enable;
+      enable = cfg.enable;
       description = "Automatically update nixos";
       requires = ["nixos-upgrade.service"];
       wants = ["network-online.target"];
@@ -86,8 +103,16 @@ in
     };
     config.assertions = [
       {
-        assertion = config.nix.auto-update.enable -> config.nix.enable;
+        assertion = cfg.enable -> config.nix.enable;
         message = "Auto updating will only work when nix itself is enabled.";
       }
+      {
+        assertion = (cfg.specialisation != null) -> config.isSpecialisation;
+        message = "Automatic update switching to specialisation is only allowed in specialisations";
+      }
+      {
+        assertion = config.isSpecialisation -> (cfg.specialisation != null);
+        message = "Specifying the specialization name is required for autoupdate to work!";
+      }
     ];
   }

programs/default.nix

@@ -6,4 +6,7 @@ _: {
   home-manager.users.root.imports = [
     ./home-manager.nix
   ];
+  home-manager.users.darkkirb.imports = [
+    ./home-manager.nix
+  ];
 }

programs/editors/nvim/default.nix

@@ -2,4 +2,7 @@ _: {
   home-manager.users.root.imports = [
     ./home-manager.nix
   ];
+  home-manager.users.darkkirb.imports = [
+    ./home-manager.nix
+  ];
 }

programs/shell/fish/default.nix

@@ -3,8 +3,11 @@
   home-manager.users.root.imports = [
     ./home-manager.nix
   ];
+  home-manager.users.darkkirb.imports = [
+    ./home-manager.nix
+  ];
   programs.bash.interactiveShellInit = ''
-    for user in root; do
+    for user in root darkkirb; do
       if [[ $USER == $user ]]; then
         if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
         then

programs/shell/tmux/default.nix

@@ -2,4 +2,7 @@
   home-manager.users.root.imports = [
     ./home-manager.nix
   ];
+  home-manager.users.darkkirb.imports = [
+    ./home-manager.nix
+  ];
 }

users/darkkirb/default.nix

@@ -0,0 +1,14 @@
+{config, ...}: {
+  users.users.darkkirb = {
+    createHome = true;
+    openssh.authorizedKeys.keys = [
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDXQlfvRUm/z6eP1EjsajIbMibkq9n+ymlbBi7NFiOuaAAAABHNzaDo= ssh:"
+    ];
+    hashedPasswordFile = config.sops.secrets."users/users/darkkirb/hashedPassword".path;
+  };
+  sops.secrets."users/users/darkkirb/hashedPassword" = {
+    neededForUsers = true;
+    sopsFile = ./password.yaml;
+  };
+  environment.impermanence.users = ["darkkirb"];
+}

users/darkkirb/password.yaml

@@ -0,0 +1,33 @@
+users:
+    users:
+        darkkirb:
+            hashedPassword: ENC[AES256_GCM,data:mDfXEfKTORaTOKubl1To093Hd4elXfGih69RX8LKsKsVZjQ01gT9vCLZMbdo9k7A7fonQWunxcpla9mMPo6DFeJrF4rzhJfLJgp3/EODtG9RAKKzy3X/E0nsygrvK8BxErryJG026wrL5g==,iv:VyyMIUqv6TDl+Gm7P9gEJbnsxHHcgJsn+Gh7SD2SeT8=,tag:mH4PNVSCv4fc9MLtlvIaVQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZGNFN09lSXhxODNjUmNu
+            U1R5NVM3RFUycWxSQ3JtMDlTUEZuTUQ3NVI0ClorNm1FbnZhMkJOQnRZcE1UWU15
+            YVREczVsbE9tcFYrWFlySnorbitPb1kKLS0tIGE5NFFlVFJmUDZBRlVJdkNlVzJH
+            VU9hREUxdEVKRkNjTGhucmI2SzNpQlkKjnbgQRvX9PAUztcfDnOikU2tVYO6TAru
+            pLYj+nZiCAzdrSDsL17XOtasuMV77DGSFOXFCLqM4RIzJXnBWtMVWw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzOXdOejhwVkc3cFF1bm9F
+            Wmh5Y3RzU3ZrUDBreUFYaDE1dlI3K3orS1dZCnZMR3ZSdWpab0NrUEtjTjl4aUlw
+            S2ZGQm1ZRExkcmVtbXF0T3VVb2NmNGcKLS0tIFQrbnVWdHViV0Y0UGUyeXhwV1Z3
+            VFVDamhueUszendibXV1T081MDQ4OFUKFImWYe239QD8SRHNGevPh8iOZZPlpblL
+            HfU3uw7nPcRyttmrel0glJOzdL+FTBTp1oOGSBcIYDdb6z3/Sr21VA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-05T08:08:48Z"
+    mac: ENC[AES256_GCM,data:ZBP0CQTG8Wojh368lX9jNziuOIe9M/1MUjDvH30G96w+mCMa3fp4nmXOPV8DbsATgphJ5To+pZjk+heX72aaTx47jF03vGq2jAMp2gndG4N6R9Zb+UcoHVnyE+Q24PtvRmqcBkQS/Hz1vFUPlpEwKLw8h6ct0DDqalrZ18Ra5HQ=,iv:yIznbjO4o/M+tNcUeSsjHJrky6k+1xVbMwA6/Pngq1I=,tag:p60YYm2QJ+NBhQ/DOhJZzQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1

users/default.nix

@@ -2,6 +2,7 @@
   imports = [
     ./home-manager.nix
     ./root
+    ./darkkirb
   ];
   users.mutableUsers = false;
 }