diff --git a/hosts/deertopia.net/configuration.nix b/hosts/deertopia.net/configuration.nix new file mode 100644 index 0000000..e55193f --- /dev/null +++ b/hosts/deertopia.net/configuration.nix @@ -0,0 +1,88 @@ +{ config, pkgs, lib, disko, sydnix-cli, ... }: +{ + imports = [ + ./hardware-configuration.nix + ./disko-config.nix + ]; + + sydnix = { + filesystemType = "btrfs"; + + users.users = [ + "hause" + ]; + + impermanence = { + # enable = true; + directories = [ + # "Warning: Neither /var/lib/nixos nor any of its parents are persisted. + # This means all users/groups without specified uids/gids will have them + # reassigned on reboot." + "/var/lib/nixos" + # We don't want to have different ssh keys on reboot, because ssh keys + # are expected to consistently identify machines... I think. I mostly + # just think it's annoying to edit ~/.ssh/known_hosts all the time. + "/etc/ssh" + ]; + rollback = { + # enable = true; + device = "/dev/sda2"; + subvolume = "rootfs"; + }; + }; + }; + + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = false; + }; + }; + + time.timeZone = "America/Denver"; + + i18n.defaultLocale = "en_US.UTF-8"; + + console = { + font = "Lat2-Terminus16"; + # keyMap = "us"; + useXkbConfig = true; # use xkb.options in tty. + }; + + services.xserver.xkb.layout = "us"; + services.xserver.xkb.options = "caps:escape"; + + environment.systemPackages = with pkgs; [ + neovim + git + sydnix-cli.packages.x86_64-linux.default + ]; + + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + + # TODO: Move to defaults. + users.mutableUsers = false; + + # This option defines the first version of NixOS you have installed on this + # particular machine, and is used to maintain compatibility with application + # data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any + # reason, even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are + # pulled from, so changing it will NOT upgrade your system - see + # https://nixos.org/manual/nixos/stable/#sec-upgrading for how to actually do + # that. + # + # This value being lower than the current NixOS release does NOT mean your + # system is out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes + # it would make to your configuration, and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or + # https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.05"; # Did you read the comment? +} diff --git a/hosts/deertopia.net/disko-config.nix b/hosts/deertopia.net/disko-config.nix new file mode 100644 index 0000000..e1480aa --- /dev/null +++ b/hosts/deertopia.net/disko-config.nix @@ -0,0 +1,73 @@ +# sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode disko /persist/dots/hosts/nixos-testbed/disko-config.nix +# time sudo nixos-install --flake /persist/dots#nixos-testbed +{ lib, ... }: +{ + # imports = [ disko.nixosModules.disko ]; + boot.initrd.supportedFilesystems.btrfs = true; + boot.supportedFilesystems.btrfs = true; + + # From Impermanence's README: "Important note: Make sure your persistent + # volumes are marked with neededForBoot, otherwise you will run into + # problems." + fileSystems."/persist".neededForBoot = true; + + disko.devices = { + disk = { + bootroot = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + + mountpoint = "/root-partition"; + swap.swapfile.size = "4G"; + + # Override existing partitions. + extraArgs = [ "-f" ]; + + # Subvolumes must set a mountpoint in order to be mounted, + # *unless their parent is mounted*. + subvolumes = { + # Subvolume names do not necessarily correspond to + # mountpoints, despite the structural resemblance to a file + # path. + "/rootfs" = { + mountpoint = "/"; + }; + "/nix" = { + mountpoint = "/nix"; + }; + "/persist" = { + mountpoint = "/persist"; + }; + "/persist/home" = { + mountpoint = "/persist/home"; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "4G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/users/hause/default.nix b/users/hause/default.nix new file mode 100644 index 0000000..a56ee45 --- /dev/null +++ b/users/hause/default.nix @@ -0,0 +1,25 @@ +{ + systemConfiguration = { config, ... }: { + isNormalUser = true; + # TODO: Don't hard-code `persist`. Use + # config.sydnix.impermanence.persistGroupName. + extraGroups = [ "wheel" "persist" ]; + initialHashedPassword = + "$y$j9T$aEFDDwdTZbAc6VQRXrkBJ0$K8wxTGTWDihyX1wxJ.ZMH//wmQFfrGGUkLkxIU0Lyq8"; + }; + + homeConfiguration = { config, lib, pkgs, ... }: { + imports = [ + ]; + + sydnix = { + sops = { + # enable = true; + keyFile = "/persist/vault/${config.home.username}/keys/primary"; + }; + }; + + # Don't touch! + home.stateVersion = "18.09"; + }; +}