Add changes made since installation

README.md

@@ -127,6 +127,12 @@ For your ssh key, place it in `~/.ssh` and create a symlink for the root user.
 sudo ln -sf /home/nixos/.ssh /root/.ssh
 ```
 
+And start a instance of ssh-agent.
+```sh
+eval $(ssh-agent -s)
+ssh-add ~/.ssh/[your key]
+```
+
 #### 3. Update the flake input for your secret
 
 In `flake.nix`, replace
@@ -141,6 +147,8 @@ with your url.
 ```
 
 #### 4. Update flake.lock (optional)
+This is very useful and will also tell you if cloning your secrets work,
+rather than only telling you after already having partitioned the drive.
 ```sh
 nix --extra-experimental-features 'nix-command flakes' flake update
 ```

flake.lock

@@ -39,6 +39,52 @@
         "type": "github"
       }
     },
+    "flake-parts_2": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "nixpak",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1736143030,
+        "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "hercules-ci-effects": {
+      "inputs": {
+        "flake-parts": [
+          "nixpak",
+          "flake-parts"
+        ],
+        "nixpkgs": [
+          "nixpak",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1736917206,
+        "narHash": "sha256-JTBWmyGf8K1Rwb+gviHIUzRJk/sITtT+72HXFkTZUjo=",
+        "owner": "hercules-ci",
+        "repo": "hercules-ci-effects",
+        "rev": "afd0a42e8c61ebb56899315ee4084a8b2e4ff425",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "hercules-ci-effects",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -62,11 +108,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1736688610,
-        "narHash": "sha256-1Zl9xahw399UiZSJ9Vxs1W4WRFjO1SsNdVZQD4nghz0=",
+        "lastModified": 1737831083,
+        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "c64bed13b562fc3bb454b48773d4155023ac31b7",
+        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
         "type": "github"
       },
       "original": {
@@ -75,13 +121,35 @@
         "type": "github"
       }
     },
+    "nixpak": {
+      "inputs": {
+        "flake-parts": "flake-parts_2",
+        "hercules-ci-effects": "hercules-ci-effects",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1737599681,
+        "narHash": "sha256-sFzfMxH7c9UWyrFsC2wsPRJqTCHchz7q2zd04+9/yvw=",
+        "owner": "nixpak",
+        "repo": "nixpak",
+        "rev": "68beced51b937d506187431bec4847e78fd34911",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixpak",
+        "repo": "nixpak",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1737569578,
-        "narHash": "sha256-6qY0pk2QmUtBT9Mywdvif0i/CLVgpCjMUn6g9vB+f3M=",
+        "lastModified": 1737672001,
+        "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "47addd76727f42d351590c905d9d1905ca895b82",
+        "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8",
         "type": "github"
       },
       "original": {
@@ -105,11 +173,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1737469691,
-        "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=",
+        "lastModified": 1737746512,
+        "narHash": "sha256-nU6AezEX4EuahTO1YopzueAXfjFfmCHylYEFCagduHU=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab",
+        "rev": "825479c345a7f806485b7f00dbe3abb50641b083",
         "type": "github"
       },
       "original": {
@@ -125,6 +193,7 @@
         "flake-parts": "flake-parts",
         "home-manager": "home-manager",
         "impermanence": "impermanence",
+        "nixpak": "nixpak",
         "nixpkgs": "nixpkgs",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "secrets": "secrets",
@@ -139,11 +208,11 @@
         "rev": "2cfed436d84594b4d4a73843095c75c644628dfe",
         "revCount": 4,
         "type": "git",
-        "url": "ssh://git@git.caem.dev/caem/secrets"
+        "url": "ssh://git@git.caem.dev/caem/secrets.git"
       },
       "original": {
         "type": "git",
-        "url": "ssh://git@git.caem.dev/caem/secrets"
+        "url": "ssh://git@git.caem.dev/caem/secrets.git"
       }
     },
     "sops-nix": {

flake.nix

@@ -2,7 +2,7 @@
   description = "My NixOS configuration files.";
 
   inputs = {
-    secrets.url = "git+ssh://git@git.caem.dev/caem/secrets";
+    secrets.url = "git+ssh://git@git.caem.dev/caem/secrets.git";
 
     nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
     nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";

hosts/puter/default.nix

@@ -18,6 +18,8 @@
       efi.canTouchEfiVariables = true;
       grub = {
         enable = true;
+        # Keep "nodev" for efi systems
+        device = "nodev";
         efiSupport = true;
         gfxmodeEfi = "1920x1080";
       };

hosts/puter/disko.nix

@@ -5,11 +5,11 @@
     disk = {
       master = {
         type = "disk";
-        device = ""; # [managed by install.sh]
+        device = "/dev/nvme0n1"; # [managed by install.sh]
         content = {
           type = "gpt";
           partitions = {
-            ESP = {
+            efi = {
               priority = 1;
               name = "efi";
               start = "1M";

hosts/puter/packages.nix

@@ -10,6 +10,7 @@
     "${modules}/hardware/cpu/amd"
     "${modules}/multimedia"
     "${modules}/desktop/gnome"
+    "${modules}/communication"
   ];
 }
 

install.sh

@@ -84,8 +84,8 @@ sed_safe () {
 }
 
 update_managed_values() {
-    sed -i 's/\( *device = \)".*"\(; #.*\)/\1"'"$(sed_safe "$CAENIX_INSTALL_DEVICE")"'"\2/' "./hosts/$DOTNIX_HOSTNAME/default.nix"
-    sed -i 's/\( *device = \)".*"\(; #.*\)/\1"'"$(sed_safe "$CAENIX_INSTALL_DEVICE")"'"\2/' "./hosts/$DOTNIX_HOSTNAME/disko.nix"
+    sed -i 's/\( *device = \)".*"\(; # [managed by install\.sh].*\)/\1"'"$(sed_safe "$CAENIX_INSTALL_DEVICE")"'"\2/' "./hosts/$CAENIX_HOSTNAME/default.nix"
+    sed -i 's/\( *device = \)".*"\(; #.*\)/\1"'"$(sed_safe "$CAENIX_INSTALL_DEVICE")"'"\2/' "./hosts/$CAENIX_HOSTNAME/disko.nix"
     sed -i 's/\( *system.stateVersion = \)".*"\(; #.*\)/\1"'"$(sed_safe "$(nixos-version | cut -f1,2 -d '.')")"'"\2/' "./hosts/$CAENIX_HOSTNAME/default.nix"
 }
 
@@ -144,8 +144,8 @@ copy_files_to_new_install() {
     fi
 
     sudo cp -vr . /mnt/nix/config
-    sudo mkdir -p "/mnt/nix/persist/home/$username/programming"
-    sudo ln -svf /nix/config "/mnt/nix/persist/home/$username/programming/caenix"
+    sudo mkdir -p "/mnt/nix/persist/home/$username/programming/personal"
+    sudo ln -svf /nix/config "/mnt/nix/persist/home/$username/programming/personal/caenix"
     sudo chown -R 1000:100 "/mnt/nix/persist/home/$username"
     sudo chown -R 1000:100 "/mnt/nix/config"
 }

modules/home/caem/core/security.nix

@@ -3,6 +3,6 @@
 {
   programs.gpg = {
     enable = true;
-    homedir = "${config.xdg.dataHome}";
+    homedir = "${config.xdg.dataHome}/gnupg";
   };
 }

modules/home/caem/core/zsh/default.nix

@@ -30,6 +30,30 @@
     };
   };
 
+  programs.fastfetch = {
+    enable = true;
+    settings = {
+      modules = [
+        "title"
+        "separator"
+        "os"
+        "kernel"
+        "initsystem"
+        "uptime"
+        "datetime"
+        "packages"
+        "terminal"
+        "wm"
+        "shell"
+        "cpu"
+        "gpu"
+        "memory"
+        "break"
+        "colors"
+      ];
+    };
+  };
+
   home.file.".zshenv".enable = false;
   home.file.".config/zsh/conf.d" = {
     source = ./conf.d;

modules/nixos/core/security.nix

@@ -33,9 +33,19 @@
   sops.age.keyFile = "/nix/config/keys.txt";
 
   environment.persistence."/nix/persist" = {
-    users."${username}".directories = [
-      ".ssh"
-      ".local/share/gnupg"
+    files = [
+      "/root/.ssh/known_hosts"
+    ];
+    users."${username}".directories = let
+      baseAttrs = {
+        user = "${username}";
+        group = "users";
+        mode = "u=rwx,g=,o=";
+      };
+    in [
+      (baseAttrs // { directory = ".ssh"; })
+      (baseAttrs // { directory = ".local/share/gnupg"; })
+      (baseAttrs // { directory = ".local/share/keyrings"; })
     ];
   };
 }

modules/nixos/desktop/gnome/default.nix

@@ -55,6 +55,9 @@
         # of having them set imperatively and simply persisted.
         ".config/forge"
       ];
+      files = [
+        ".config/monitors.xml"
+      ];
     };
   };
 }

modules/nixos/hardware/gpu/nvidia/default.nix

@@ -32,10 +32,10 @@
   nix = {
     settings = {
       substituters = [
-        "https://cuda-maintainers.cachix.org"
+        "https://nix-community.cachix.org"
       ];
       trusted-public-keys = [
-        "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
       ];
     };
   };

modules/nixos/multimedia/web/firefox/default.nix

@@ -6,7 +6,7 @@
     firefox-esr
   ];
 
-  environment.persistence."/nix/config" = {
+  environment.persistence."/nix/persist" = {
     users."${username}".directories = [
       ".config/mozilla"
     ];