diff --git a/flake.lock b/flake.lock index defb876..34c8b7a 100644 --- a/flake.lock +++ b/flake.lock @@ -1,63 +1,63 @@ { "nodes": { - "home-manager": { + "disko": { "inputs": { "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1730837930, - "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", + "lastModified": 1730135292, + "narHash": "sha256-CI27qHAbc3/tIe8sb37kiHNaeCqGxNimckCMj0lW5kg=", "owner": "nix-community", - "repo": "home-manager", - "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", + "repo": "disko", + "rev": "ab58501b2341bc5e0fc88f2f5983a679b075ddf5", "type": "github" }, "original": { "owner": "nix-community", - "ref": "master", - "repo": "home-manager", + "ref": "latest", + "repo": "disko", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "lastModified": 1730983001, + "narHash": "sha256-YdFJZ/u9HnEfEPHYt9GEayi2dQhyBq0cmKhgAm8z1aE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "rev": "341fc858d538bc19c41d4743719a915474301642", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-24.05", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-unstable": { + "pkgsUnstable": { "locked": { - "lastModified": 1730785428, - "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", + "lastModified": 1730831018, + "narHash": "sha256-2S0HwIFRxYp+afuoFORcZA9TjryAf512GmE0MTfEOPU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", + "rev": "8c4dc69b9732f6bbe826b5fbb32184987520ff26", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "root": { "inputs": { - "home-manager": "home-manager", + "disko": "disko", "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable" + "pkgsUnstable": "pkgsUnstable" } } }, diff --git a/flake.nix b/flake.nix index 6bd16f7..58b997d 100755 --- a/flake.nix +++ b/flake.nix @@ -3,53 +3,46 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/release-24.05"; - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable"; + pkgsUnstable.url = "github:nixos/nixpkgs/nixpkgs-unstable"; + disko.url = "github:nix-community/disko/latest"; + disko.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, nixpkgs, ... }: + outputs = { self, nixpkgs, pkgsUnstable, disko, ... }: let system = "x86_64-linux"; - overlay-unstable = final: prev: { - unstable = import nixpkgs-unstable { - inherit system; - config.allowUnfree = true; - }; - }; - - pkgs = import nixpkgs { - inherit system; - config = { - allowUnfree = true; - }; - overlays = [ - overlay-unstable - ]; - }; + lib = nixpkgs.lib; + unstable = pkgsUnstable.legacyPackages.${system}; in { nixosConfigurations = { vincents-hp = lib.nixosSystem { inherit system; + specialArgs = { inherit unstable; }; modules = [ ./system/vincents-hp/configuration.nix ]; }; susans-hp = lib.nixosSystem { inherit system; + specialArgs = { inherit unstable; }; modules = [ ./system/susans-hp/configuration.nix ]; }; vincents-vm = lib.nixosSystem { inherit system; + specialArgs = { inherit unstable; }; modules = [ ./system/vincents-vm/configuration.nix ]; }; susans-vm = lib.nixosSystem { inherit system; + specialArgs = { inherit unstable; }; modules = [ ./system/susans-vm/configuration.nix + ./system/susans-vm/disk.nix ]; }; }; diff --git a/setup.sh b/setup.sh index fc53040..74be951 100755 --- a/setup.sh +++ b/setup.sh @@ -1,3 +1,3 @@ -sudo nixos-rebuild build --flake .# +sudo nixos-rebuild boot --flake .# echo "REBOOT YOUR COMPUTER" diff --git a/system/susans-hp/configuration.nix b/system/susans-hp/configuration.nix index ab37781..11eb7b8 100755 --- a/system/susans-hp/configuration.nix +++ b/system/susans-hp/configuration.nix @@ -2,12 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, lib, ... }: - -let - unstableTarball = import {}; -in - +{ config, pkgs, unstable, lib, ... }: { imports = @@ -131,14 +126,6 @@ in nixpkgs.config.allowUnfree = true; - nixpkgs.config = { - packageOverrides = pkgs: with pkgs; { - unstable = import unstableTarball { - config = config.nixpkgs.config; - }; - }; - }; - # List packages installed in system profile. To search, run: # $ nix search wget environment = { diff --git a/system/susans-hp/disk.nix b/system/susans-hp/disk.nix new file mode 100755 index 0000000..76f99c6 --- /dev/null +++ b/system/susans-hp/disk.nix @@ -0,0 +1,73 @@ +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + label = "boot"; + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + label = "luks"; + content = { + type = "luks"; + name = "cryptroot"; + extraOpenArgs = [ + "--allow-discards" + "--perf-no_read_workqueue" + "--perf-no_write_workqueue" + ]; + # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html + settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];}; + content = { + type = "btrfs"; + extraArgs = ["-L" "nixos" "-f"]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = ["subvol=root" "compress=zstd" "noatime"]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = ["subvol=home" "compress=zstd" "noatime"]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = ["subvol=nix" "compress=zstd" "noatime"]; + }; + "/persist" = { + mountpoint = "/persist"; + mountOptions = ["subvol=persist" "compress=zstd" "noatime"]; + }; + "/log" = { + mountpoint = "/var/log"; + mountOptions = ["subvol=log" "compress=zstd" "noatime"]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/persist".neededForBoot = true; + fileSystems."/var/log".neededForBoot = true; +} diff --git a/system/susans-vm/configuration.nix b/system/susans-vm/configuration.nix index 4d1d15c..3589937 100755 --- a/system/susans-vm/configuration.nix +++ b/system/susans-vm/configuration.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, lib, ... }: +{ config, pkgs, unstable, lib, ... }: #let #unstableTarball = @@ -133,14 +133,6 @@ nixpkgs.config.allowUnfree = true; - nixpkgs.config = { - packageOverrides = pkgs: with pkgs; { - unstable = import unstableTarball { - config = config.nixpkgs.config; - }; - }; - }; - # List packages installed in system profile. To search, run: # $ nix search wget environment = { diff --git a/system/susans-vm/disk.nix b/system/susans-vm/disk.nix new file mode 100755 index 0000000..ca91082 --- /dev/null +++ b/system/susans-vm/disk.nix @@ -0,0 +1,74 @@ +{ config, pkgs, disko, ... }: +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/vda"; + content = { + type = "gpt"; + partitions = { + ESP = { + label = "boot"; + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + label = "luks"; + content = { + type = "luks"; + name = "cryptroot"; + extraOpenArgs = [ + "--allow-discards" + "--perf-no_read_workqueue" + "--perf-no_write_workqueue" + ]; + # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html + settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];}; + content = { + type = "btrfs"; + extraArgs = ["-L" "nixos" "-f"]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = ["subvol=root" "compress=zstd" "noatime"]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = ["subvol=home" "compress=zstd" "noatime"]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = ["subvol=nix" "compress=zstd" "noatime"]; + }; + "/persist" = { + mountpoint = "/persist"; + mountOptions = ["subvol=persist" "compress=zstd" "noatime"]; + }; + "/log" = { + mountpoint = "/var/log"; + mountOptions = ["subvol=log" "compress=zstd" "noatime"]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/persist".neededForBoot = true; + fileSystems."/var/log".neededForBoot = true; +} diff --git a/system/susans-vm/hardware-configuration.nix b/system/susans-vm/hardware-configuration.nix index c7ee088..a6a7c1b 100644 --- a/system/susans-vm/hardware-configuration.nix +++ b/system/susans-vm/hardware-configuration.nix @@ -13,24 +13,12 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/vda2"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/vda1"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; + # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true; # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/system/vincents-hp/configuration.nix b/system/vincents-hp/configuration.nix index a2d79a7..a7aafb9 100755 --- a/system/vincents-hp/configuration.nix +++ b/system/vincents-hp/configuration.nix @@ -2,13 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, lib, ... }: - -let - unstableTarball = - fetchTarball - https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz; -in +{ config, pkgs, unstable, lib, ... }: { @@ -133,14 +127,6 @@ in nixpkgs.config.allowUnfree = true; - nixpkgs.config = { - packageOverrides = pkgs: with pkgs; { - unstable = import unstableTarball { - config = config.nixpkgs.config; - }; - }; - }; - # List packages installed in system profile. To search, run: # $ nix search wget environment = { diff --git a/system/vincents-hp/disk.nix b/system/vincents-hp/disk.nix new file mode 100755 index 0000000..76f99c6 --- /dev/null +++ b/system/vincents-hp/disk.nix @@ -0,0 +1,73 @@ +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + label = "boot"; + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + label = "luks"; + content = { + type = "luks"; + name = "cryptroot"; + extraOpenArgs = [ + "--allow-discards" + "--perf-no_read_workqueue" + "--perf-no_write_workqueue" + ]; + # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html + settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];}; + content = { + type = "btrfs"; + extraArgs = ["-L" "nixos" "-f"]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = ["subvol=root" "compress=zstd" "noatime"]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = ["subvol=home" "compress=zstd" "noatime"]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = ["subvol=nix" "compress=zstd" "noatime"]; + }; + "/persist" = { + mountpoint = "/persist"; + mountOptions = ["subvol=persist" "compress=zstd" "noatime"]; + }; + "/log" = { + mountpoint = "/var/log"; + mountOptions = ["subvol=log" "compress=zstd" "noatime"]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/persist".neededForBoot = true; + fileSystems."/var/log".neededForBoot = true; +} diff --git a/system/vincents-vm/configuration.nix b/system/vincents-vm/configuration.nix index 7ea2a26..b576587 100755 --- a/system/vincents-vm/configuration.nix +++ b/system/vincents-vm/configuration.nix @@ -2,13 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, lib, ... }: - -let - unstableTarball = - fetchTarball - https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz; -in +{ config, pkgs, unstable, lib, ... }: { @@ -133,14 +127,6 @@ in nixpkgs.config.allowUnfree = true; - nixpkgs.config = { - packageOverrides = pkgs: with pkgs; { - unstable = import unstableTarball { - config = config.nixpkgs.config; - }; - }; - }; - # List packages installed in system profile. To search, run: # $ nix search wget environment = { diff --git a/users/vincent/home.nix b/users/vincent/home.nix deleted file mode 100755 index abdde9a..0000000 --- a/users/vincent/home.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ pkgs, ...}: { - targets.genericLinux.enable = true; - - programs.git = { - enable = true; - userName = "batvin123"; - userEmail = "batvin123@protonmail.com"; - }; - -# programs.plasma = { -# shortcuts.kwin = { -# "Switch One Desktop Down" = "Meta+Ctrl+Down"; -# "Switch One Desktop to the Left" = "Meta+Ctrl+Left"; -# "Switch One Desktop to the Right" = "Meta+Ctrl+Right"; -# "Switch One Desktop Up" = "Meta+Ctrl+Up"; -# }; -# }; - - programs.home-manager.enable = true; - -}