diff --git a/config/default.nix b/config/default.nix index 163b2c1c..be83f5ee 100644 --- a/config/default.nix +++ b/config/default.nix @@ -6,6 +6,7 @@ "${nixos-config}/users" "${nixos-config}/programs" ./systemd-boot.nix + ./i18n.nix ]; boot.initrd.systemd.enable = true; } diff --git a/config/graphical.nix b/config/graphical.nix new file mode 100644 index 00000000..8b5e7cf7 --- /dev/null +++ b/config/graphical.nix @@ -0,0 +1,7 @@ +{config, ...}: { + time.timeZone = "Etc/GMT-1"; + isGraphical = true; + imports = [ + ./kde + ]; +} diff --git a/config/i18n.nix b/config/i18n.nix new file mode 100644 index 00000000..b432bb77 --- /dev/null +++ b/config/i18n.nix @@ -0,0 +1,3 @@ +{config, ...}: { + console.keyMap = "neo"; +} diff --git a/config/kde/default.nix b/config/kde/default.nix new file mode 100644 index 00000000..9cf0a139 --- /dev/null +++ b/config/kde/default.nix @@ -0,0 +1,9 @@ +{...}: { + services.xserver.enable = true; + services.displayManager.sddm.enable = true; + services.desktopManager.plasma6.enable = true; + + imports = [ + ./i18n.nix + ]; +} diff --git a/config/kde/i18n.nix b/config/kde/i18n.nix new file mode 100644 index 00000000..4da40528 --- /dev/null +++ b/config/kde/i18n.nix @@ -0,0 +1,7 @@ +{...}: { + services.libinput.enable = true; + services.xserver.xkb = { + layout = "de"; + variant = "neo"; + }; +} diff --git a/config/systemd-boot.nix b/config/systemd-boot.nix index 856c64ac..c72885fe 100644 --- a/config/systemd-boot.nix +++ b/config/systemd-boot.nix @@ -1,5 +1,12 @@ -_: { - boot.loader.systemd-boot.enable = true; +{system, ...}: let + isx86 = system == "x86_64-linux"; +in { + boot.loader.systemd-boot = { + enable = true; + memtest86.enable = isx86; + netbootxyz.enable = isx86; + edk2-uefi-shell.enable = isx86; + }; boot.loader.generic-extlinux-compatible.enable = false; boot.loader.efi.canTouchEfiVariables = true; } diff --git a/flake.nix b/flake.nix index 7d817503..d4c95b5b 100644 --- a/flake.nix +++ b/flake.nix @@ -152,6 +152,10 @@ config = ./machine/not522/installer; system = "riscv64-linux"; }; + pc-installer = { + config = ./machine/pc-installer; + system = "x86_64-linux"; + }; }; containers = mapAttrs (_: container: mkSystem { diff --git a/machine/pc-installer/default.nix b/machine/pc-installer/default.nix new file mode 100644 index 00000000..73938e7f --- /dev/null +++ b/machine/pc-installer/default.nix @@ -0,0 +1,18 @@ +{ + config, + nixos-config, + ... +}: { + networking.hostName = "pc-installer"; + imports = [ + "${nixos-config}/config" + ./disko.nix + ./grub.nix + ]; + system.stateVersion = config.system.nixos.version; + specialisation.graphical = { + configuration.imports = [ + ./graphical.nix + ]; + }; +} diff --git a/machine/pc-installer/disko.nix b/machine/pc-installer/disko.nix new file mode 100644 index 00000000..73bf2605 --- /dev/null +++ b/machine/pc-installer/disko.nix @@ -0,0 +1,56 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + root = { + end = "100%"; + content = { + type = "btrfs"; + extraArgs = ["-f"]; # Override existing partition + # Subvolumes must set a mountpoint in order to be mounted, + # unless their parent is mounted + subvolumes = { + # Subvolume name is different from mountpoint + "/root" = { + mountOptions = ["compress=zstd"]; + mountpoint = "/"; + }; + # Subvolume name is the same as the mountpoint + "/persistent" = { + mountOptions = ["compress=zstd"]; + mountpoint = "/persistent"; + }; + # Parent is not mounted so the mountpoint must be set + "/nix" = { + mountOptions = ["compress=zstd" "noatime"]; + mountpoint = "/nix"; + }; + }; + mountpoint = "/partition-root"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/machine/pc-installer/graphical.nix b/machine/pc-installer/graphical.nix new file mode 100644 index 00000000..cc8dbf97 --- /dev/null +++ b/machine/pc-installer/graphical.nix @@ -0,0 +1,10 @@ +{ + config, + nixos-config, + ... +}: { + nix.auto-update.specialisation = "graphical"; + imports = [ + "${nixos-config}/config/graphical.nix" + ]; +} diff --git a/machine/pc-installer/grub.nix b/machine/pc-installer/grub.nix new file mode 100644 index 00000000..6ebba457 --- /dev/null +++ b/machine/pc-installer/grub.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + ... +}: { + # For legacy pc reason, this needs to be grub + boot.loader.systemd-boot.enable = lib.mkForce false; + boot.loader.grub = { + enable = true; + devices = [config.disko.devices.disk.main.device]; + efiInstallAsRemovable = true; + efiSupport = true; + memtest86.enable = true; + }; + boot.loader.efi.canTouchEfiVariables = lib.mkForce false; +} diff --git a/modules/default.nix b/modules/default.nix index 97d07d65..3ea4c757 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,8 +1,10 @@ { disko, home-manager, + lib, ... -}: { +}: +with lib; { imports = [ ./riscv.nix ./containers/autoconfig.nix @@ -13,4 +15,5 @@ ./hydra/build-server.nix "${home-manager}/nixos" ]; + options.isGraphical = mkEnableOption "Whether or not this configuration is a graphical install"; } diff --git a/modules/nix/autoupdater.nix b/modules/nix/autoupdater.nix index 859ab5af..ef18e324 100644 --- a/modules/nix/autoupdater.nix +++ b/modules/nix/autoupdater.nix @@ -30,6 +30,11 @@ in description = "Job name to use"; default = "nixosConfigurations.${config.networking.hostName}"; }; + specialisation = mkOption { + type = types.nullOr types.str; + description = "specialisation to switch into"; + default = null; + }; }; config.nix.auto-update.enable = mkDefault config.nix.enable; @@ -48,32 +53,44 @@ in #!${pkgs.bash}/bin/bash set -euxo pipefail build=$(${pkgs.curl}/bin/curl -H "accept: application/json" -G ${cfg.hydraServer}/api/latestbuilds -d "nr=10" -d "project=${cfg.project}" -d "jobset=${cfg.jobset}" -d "job=${cfg.job}" | ${pkgs.jq}/bin/jq -r '[.[]|select(.buildstatus==0)][0].id') - doc=$(${pkgs.curl}/bin/curl -H "accept: application/json" ${config.nix.auto-update.hydraServer}/build/$build) + doc=$(${pkgs.curl}/bin/curl -H "accept: application/json" ${cfg.hydraServer}/build/$build) drvname=$(echo $doc | ${pkgs.jq}/bin/jq -r '.drvpath') output=$(${pkgs.nix}/bin/nix-store -r $drvname) ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $output ${ - if config.nix.auto-update.reboot + if cfg.reboot then '' $output/bin/switch-to-configuration boot booted="$(${pkgs.coreutils}/bin/readlink /run/booted-system/{initrd,kernel,kernel-modules})" built="$(${pkgs.coreutils}/bin/readlink $output/{initrd,kernel,kernel-modules})" if [ "$booted" = "$built" ]; then - $output/bin/switch-to-configuration switch + ${ + if cfg.specialisation == null + then "$output/bin/switch-to-configuration switch" + else '' + $output/specialisations/${cfg.specialisation}/bin/switch-to-configuration switch + '' + } else ${pkgs.systemd}/bin/shutdown -r +1 fi exit '' else '' - $output/bin/switch-to-configuration switch + ${ + if cfg.specialisation == null + then "$output/bin/switch-to-configuration switch" + else '' + $output/specialisations/${cfg.specialisation}/bin/switch-to-configuration switch + '' + } '' } ''; }; config.systemd.timers.nixos-upgrade = { - enable = config.nix.auto-update.enable; + enable = cfg.enable; description = "Automatically update nixos"; requires = ["nixos-upgrade.service"]; wants = ["network-online.target"]; @@ -86,8 +103,16 @@ in }; config.assertions = [ { - assertion = config.nix.auto-update.enable -> config.nix.enable; + assertion = cfg.enable -> config.nix.enable; message = "Auto updating will only work when nix itself is enabled."; } + { + assertion = (cfg.specialisation != null) -> config.isSpecialisation; + message = "Automatic update switching to specialisation is only allowed in specialisations"; + } + { + assertion = config.isSpecialisation -> (cfg.specialisation != null); + message = "Specifying the specialization name is required for autoupdate to work!"; + } ]; } diff --git a/programs/default.nix b/programs/default.nix index 5e320816..1cab434c 100644 --- a/programs/default.nix +++ b/programs/default.nix @@ -6,4 +6,7 @@ _: { home-manager.users.root.imports = [ ./home-manager.nix ]; + home-manager.users.darkkirb.imports = [ + ./home-manager.nix + ]; } diff --git a/programs/editors/nvim/default.nix b/programs/editors/nvim/default.nix index 64590cfb..d4f71c4c 100644 --- a/programs/editors/nvim/default.nix +++ b/programs/editors/nvim/default.nix @@ -2,4 +2,7 @@ _: { home-manager.users.root.imports = [ ./home-manager.nix ]; + home-manager.users.darkkirb.imports = [ + ./home-manager.nix + ]; } diff --git a/programs/shell/fish/default.nix b/programs/shell/fish/default.nix index deddb5f1..d5102015 100644 --- a/programs/shell/fish/default.nix +++ b/programs/shell/fish/default.nix @@ -3,8 +3,11 @@ home-manager.users.root.imports = [ ./home-manager.nix ]; + home-manager.users.darkkirb.imports = [ + ./home-manager.nix + ]; programs.bash.interactiveShellInit = '' - for user in root; do + for user in root darkkirb; do if [[ $USER == $user ]]; then if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] then diff --git a/programs/shell/tmux/default.nix b/programs/shell/tmux/default.nix index c8dccac1..10d817f4 100644 --- a/programs/shell/tmux/default.nix +++ b/programs/shell/tmux/default.nix @@ -2,4 +2,7 @@ home-manager.users.root.imports = [ ./home-manager.nix ]; + home-manager.users.darkkirb.imports = [ + ./home-manager.nix + ]; } diff --git a/users/darkkirb/default.nix b/users/darkkirb/default.nix new file mode 100644 index 00000000..5a807e4f --- /dev/null +++ b/users/darkkirb/default.nix @@ -0,0 +1,14 @@ +{config, ...}: { + users.users.darkkirb = { + createHome = true; + openssh.authorizedKeys.keys = [ + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDXQlfvRUm/z6eP1EjsajIbMibkq9n+ymlbBi7NFiOuaAAAABHNzaDo= ssh:" + ]; + hashedPasswordFile = config.sops.secrets."users/users/darkkirb/hashedPassword".path; + }; + sops.secrets."users/users/darkkirb/hashedPassword" = { + neededForUsers = true; + sopsFile = ./password.yaml; + }; + environment.impermanence.users = ["darkkirb"]; +} diff --git a/users/darkkirb/password.yaml b/users/darkkirb/password.yaml new file mode 100644 index 00000000..0f53fd8f --- /dev/null +++ b/users/darkkirb/password.yaml @@ -0,0 +1,33 @@ +users: + users: + darkkirb: + hashedPassword: ENC[AES256_GCM,data:mDfXEfKTORaTOKubl1To093Hd4elXfGih69RX8LKsKsVZjQ01gT9vCLZMbdo9k7A7fonQWunxcpla9mMPo6DFeJrF4rzhJfLJgp3/EODtG9RAKKzy3X/E0nsygrvK8BxErryJG026wrL5g==,iv:VyyMIUqv6TDl+Gm7P9gEJbnsxHHcgJsn+Gh7SD2SeT8=,tag:mH4PNVSCv4fc9MLtlvIaVQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZGNFN09lSXhxODNjUmNu + U1R5NVM3RFUycWxSQ3JtMDlTUEZuTUQ3NVI0ClorNm1FbnZhMkJOQnRZcE1UWU15 + YVREczVsbE9tcFYrWFlySnorbitPb1kKLS0tIGE5NFFlVFJmUDZBRlVJdkNlVzJH + VU9hREUxdEVKRkNjTGhucmI2SzNpQlkKjnbgQRvX9PAUztcfDnOikU2tVYO6TAru + pLYj+nZiCAzdrSDsL17XOtasuMV77DGSFOXFCLqM4RIzJXnBWtMVWw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzOXdOejhwVkc3cFF1bm9F + Wmh5Y3RzU3ZrUDBreUFYaDE1dlI3K3orS1dZCnZMR3ZSdWpab0NrUEtjTjl4aUlw + S2ZGQm1ZRExkcmVtbXF0T3VVb2NmNGcKLS0tIFQrbnVWdHViV0Y0UGUyeXhwV1Z3 + VFVDamhueUszendibXV1T081MDQ4OFUKFImWYe239QD8SRHNGevPh8iOZZPlpblL + HfU3uw7nPcRyttmrel0glJOzdL+FTBTp1oOGSBcIYDdb6z3/Sr21VA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-05T08:08:48Z" + mac: ENC[AES256_GCM,data:ZBP0CQTG8Wojh368lX9jNziuOIe9M/1MUjDvH30G96w+mCMa3fp4nmXOPV8DbsATgphJ5To+pZjk+heX72aaTx47jF03vGq2jAMp2gndG4N6R9Zb+UcoHVnyE+Q24PtvRmqcBkQS/Hz1vFUPlpEwKLw8h6ct0DDqalrZ18Ra5HQ=,iv:yIznbjO4o/M+tNcUeSsjHJrky6k+1xVbMwA6/Pngq1I=,tag:p60YYm2QJ+NBhQ/DOhJZzQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/users/default.nix b/users/default.nix index 2a2f998d..c41b121d 100644 --- a/users/default.nix +++ b/users/default.nix @@ -2,6 +2,7 @@ imports = [ ./home-manager.nix ./root + ./darkkirb ]; users.mutableUsers = false; }