From 7e8b57b1a961f75c8f3b7d82dbd8a76a55826c1a Mon Sep 17 00:00:00 2001 From: caem Date: Sun, 26 Jan 2025 23:54:54 +0100 Subject: [PATCH] Add changes made since installation --- README.md | 8 ++ flake.lock | 91 ++++++++++++++++--- flake.nix | 2 +- hosts/puter/default.nix | 2 + hosts/puter/disko.nix | 4 +- hosts/puter/packages.nix | 1 + install.sh | 8 +- modules/home/caem/core/security.nix | 2 +- modules/home/caem/core/zsh/default.nix | 24 +++++ modules/nixos/core/security.nix | 16 +++- modules/nixos/desktop/gnome/default.nix | 3 + modules/nixos/hardware/gpu/nvidia/default.nix | 4 +- .../nixos/multimedia/web/firefox/default.nix | 2 +- 13 files changed, 142 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index e671ff7..4d6ad0b 100644 --- a/README.md +++ b/README.md @@ -127,6 +127,12 @@ For your ssh key, place it in `~/.ssh` and create a symlink for the root user. sudo ln -sf /home/nixos/.ssh /root/.ssh ``` +And start a instance of ssh-agent. +```sh +eval $(ssh-agent -s) +ssh-add ~/.ssh/[your key] +``` + #### 3. Update the flake input for your secret In `flake.nix`, replace @@ -141,6 +147,8 @@ with your url. ``` #### 4. Update flake.lock (optional) +This is very useful and will also tell you if cloning your secrets work, +rather than only telling you after already having partitioned the drive. ```sh nix --extra-experimental-features 'nix-command flakes' flake update ``` diff --git a/flake.lock b/flake.lock index c976491..683cc05 100644 --- a/flake.lock +++ b/flake.lock @@ -39,6 +39,52 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "nixpak", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "hercules-ci-effects": { + "inputs": { + "flake-parts": [ + "nixpak", + "flake-parts" + ], + "nixpkgs": [ + "nixpak", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736917206, + "narHash": "sha256-JTBWmyGf8K1Rwb+gviHIUzRJk/sITtT+72HXFkTZUjo=", + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "rev": "afd0a42e8c61ebb56899315ee4084a8b2e4ff425", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -62,11 +108,11 @@ }, "impermanence": { "locked": { - "lastModified": 1736688610, - "narHash": "sha256-1Zl9xahw399UiZSJ9Vxs1W4WRFjO1SsNdVZQD4nghz0=", + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "owner": "nix-community", "repo": "impermanence", - "rev": "c64bed13b562fc3bb454b48773d4155023ac31b7", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "type": "github" }, "original": { @@ -75,13 +121,35 @@ "type": "github" } }, + "nixpak": { + "inputs": { + "flake-parts": "flake-parts_2", + "hercules-ci-effects": "hercules-ci-effects", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737599681, + "narHash": "sha256-sFzfMxH7c9UWyrFsC2wsPRJqTCHchz7q2zd04+9/yvw=", + "owner": "nixpak", + "repo": "nixpak", + "rev": "68beced51b937d506187431bec4847e78fd34911", + "type": "github" + }, + "original": { + "owner": "nixpak", + "repo": "nixpak", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1737569578, - "narHash": "sha256-6qY0pk2QmUtBT9Mywdvif0i/CLVgpCjMUn6g9vB+f3M=", + "lastModified": 1737672001, + "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", "owner": "nixos", "repo": "nixpkgs", - "rev": "47addd76727f42d351590c905d9d1905ca895b82", + "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", "type": "github" }, "original": { @@ -105,11 +173,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1737469691, - "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=", + "lastModified": 1737746512, + "narHash": "sha256-nU6AezEX4EuahTO1YopzueAXfjFfmCHylYEFCagduHU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab", + "rev": "825479c345a7f806485b7f00dbe3abb50641b083", "type": "github" }, "original": { @@ -125,6 +193,7 @@ "flake-parts": "flake-parts", "home-manager": "home-manager", "impermanence": "impermanence", + "nixpak": "nixpak", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", "secrets": "secrets", @@ -139,11 +208,11 @@ "rev": "2cfed436d84594b4d4a73843095c75c644628dfe", "revCount": 4, "type": "git", - "url": "ssh://git@git.caem.dev/caem/secrets" + "url": "ssh://git@git.caem.dev/caem/secrets.git" }, "original": { "type": "git", - "url": "ssh://git@git.caem.dev/caem/secrets" + "url": "ssh://git@git.caem.dev/caem/secrets.git" } }, "sops-nix": { diff --git a/flake.nix b/flake.nix index 9c95a54..b05629e 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "My NixOS configuration files."; inputs = { - secrets.url = "git+ssh://git@git.caem.dev/caem/secrets"; + secrets.url = "git+ssh://git@git.caem.dev/caem/secrets.git"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; diff --git a/hosts/puter/default.nix b/hosts/puter/default.nix index 53d57ca..929164b 100644 --- a/hosts/puter/default.nix +++ b/hosts/puter/default.nix @@ -18,6 +18,8 @@ efi.canTouchEfiVariables = true; grub = { enable = true; + # Keep "nodev" for efi systems + device = "nodev"; efiSupport = true; gfxmodeEfi = "1920x1080"; }; diff --git a/hosts/puter/disko.nix b/hosts/puter/disko.nix index ed5a9da..cc83a35 100644 --- a/hosts/puter/disko.nix +++ b/hosts/puter/disko.nix @@ -5,11 +5,11 @@ disk = { master = { type = "disk"; - device = ""; # [managed by install.sh] + device = "/dev/nvme0n1"; # [managed by install.sh] content = { type = "gpt"; partitions = { - ESP = { + efi = { priority = 1; name = "efi"; start = "1M"; diff --git a/hosts/puter/packages.nix b/hosts/puter/packages.nix index bae4137..aeb971a 100644 --- a/hosts/puter/packages.nix +++ b/hosts/puter/packages.nix @@ -10,6 +10,7 @@ "${modules}/hardware/cpu/amd" "${modules}/multimedia" "${modules}/desktop/gnome" + "${modules}/communication" ]; } diff --git a/install.sh b/install.sh index a144389..0fd57f8 100755 --- a/install.sh +++ b/install.sh @@ -84,8 +84,8 @@ sed_safe () { } update_managed_values() { - sed -i 's/\( *device = \)".*"\(; #.*\)/\1"'"$(sed_safe "$CAENIX_INSTALL_DEVICE")"'"\2/' "./hosts/$DOTNIX_HOSTNAME/default.nix" - sed -i 's/\( *device = \)".*"\(; #.*\)/\1"'"$(sed_safe "$CAENIX_INSTALL_DEVICE")"'"\2/' "./hosts/$DOTNIX_HOSTNAME/disko.nix" + sed -i 's/\( *device = \)".*"\(; # [managed by install\.sh].*\)/\1"'"$(sed_safe "$CAENIX_INSTALL_DEVICE")"'"\2/' "./hosts/$CAENIX_HOSTNAME/default.nix" + sed -i 's/\( *device = \)".*"\(; #.*\)/\1"'"$(sed_safe "$CAENIX_INSTALL_DEVICE")"'"\2/' "./hosts/$CAENIX_HOSTNAME/disko.nix" sed -i 's/\( *system.stateVersion = \)".*"\(; #.*\)/\1"'"$(sed_safe "$(nixos-version | cut -f1,2 -d '.')")"'"\2/' "./hosts/$CAENIX_HOSTNAME/default.nix" } @@ -144,8 +144,8 @@ copy_files_to_new_install() { fi sudo cp -vr . /mnt/nix/config - sudo mkdir -p "/mnt/nix/persist/home/$username/programming" - sudo ln -svf /nix/config "/mnt/nix/persist/home/$username/programming/caenix" + sudo mkdir -p "/mnt/nix/persist/home/$username/programming/personal" + sudo ln -svf /nix/config "/mnt/nix/persist/home/$username/programming/personal/caenix" sudo chown -R 1000:100 "/mnt/nix/persist/home/$username" sudo chown -R 1000:100 "/mnt/nix/config" } diff --git a/modules/home/caem/core/security.nix b/modules/home/caem/core/security.nix index 86f15c3..1e9c42b 100644 --- a/modules/home/caem/core/security.nix +++ b/modules/home/caem/core/security.nix @@ -3,6 +3,6 @@ { programs.gpg = { enable = true; - homedir = "${config.xdg.dataHome}"; + homedir = "${config.xdg.dataHome}/gnupg"; }; } diff --git a/modules/home/caem/core/zsh/default.nix b/modules/home/caem/core/zsh/default.nix index c20cb51..ea4f6d4 100644 --- a/modules/home/caem/core/zsh/default.nix +++ b/modules/home/caem/core/zsh/default.nix @@ -30,6 +30,30 @@ }; }; + programs.fastfetch = { + enable = true; + settings = { + modules = [ + "title" + "separator" + "os" + "kernel" + "initsystem" + "uptime" + "datetime" + "packages" + "terminal" + "wm" + "shell" + "cpu" + "gpu" + "memory" + "break" + "colors" + ]; + }; + }; + home.file.".zshenv".enable = false; home.file.".config/zsh/conf.d" = { source = ./conf.d; diff --git a/modules/nixos/core/security.nix b/modules/nixos/core/security.nix index cab1271..41447b2 100644 --- a/modules/nixos/core/security.nix +++ b/modules/nixos/core/security.nix @@ -33,9 +33,19 @@ sops.age.keyFile = "/nix/config/keys.txt"; environment.persistence."/nix/persist" = { - users."${username}".directories = [ - ".ssh" - ".local/share/gnupg" + files = [ + "/root/.ssh/known_hosts" + ]; + users."${username}".directories = let + baseAttrs = { + user = "${username}"; + group = "users"; + mode = "u=rwx,g=,o="; + }; + in [ + (baseAttrs // { directory = ".ssh"; }) + (baseAttrs // { directory = ".local/share/gnupg"; }) + (baseAttrs // { directory = ".local/share/keyrings"; }) ]; }; } diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome/default.nix index e7e147f..5850d67 100644 --- a/modules/nixos/desktop/gnome/default.nix +++ b/modules/nixos/desktop/gnome/default.nix @@ -55,6 +55,9 @@ # of having them set imperatively and simply persisted. ".config/forge" ]; + files = [ + ".config/monitors.xml" + ]; }; }; } diff --git a/modules/nixos/hardware/gpu/nvidia/default.nix b/modules/nixos/hardware/gpu/nvidia/default.nix index 4269d62..7fa720a 100644 --- a/modules/nixos/hardware/gpu/nvidia/default.nix +++ b/modules/nixos/hardware/gpu/nvidia/default.nix @@ -32,10 +32,10 @@ nix = { settings = { substituters = [ - "https://cuda-maintainers.cachix.org" + "https://nix-community.cachix.org" ]; trusted-public-keys = [ - "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; }; }; diff --git a/modules/nixos/multimedia/web/firefox/default.nix b/modules/nixos/multimedia/web/firefox/default.nix index cdf2455..dc9c46e 100644 --- a/modules/nixos/multimedia/web/firefox/default.nix +++ b/modules/nixos/multimedia/web/firefox/default.nix @@ -6,7 +6,7 @@ firefox-esr ]; - environment.persistence."/nix/config" = { + environment.persistence."/nix/persist" = { users."${username}".directories = [ ".config/mozilla" ];