diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..e2d122d --- /dev/null +++ b/build.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env sh + +nix build .#nixosConfigurations.puter.config.system.build.toplevel "$@" diff --git a/flake.lock b/flake.lock index 2cedd24..506ba46 100644 --- a/flake.lock +++ b/flake.lock @@ -126,7 +126,28 @@ "home-manager": "home-manager", "impermanence": "impermanence", "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs-unstable": "nixpkgs-unstable", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736515725, + "narHash": "sha256-4P99yL8vGehwzytkpP87eklBePt6aqeEC5JFsIzhfUs=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "f214c1b76c347a4e9c8fb68c73d4293a6820d125", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index fa406a7..3c33eb3 100644 --- a/flake.nix +++ b/flake.nix @@ -18,6 +18,11 @@ url = "github:nix-community/disko/latest"; inputs.nixpkgs.follows = "nixpkgs"; }; + + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { @@ -27,6 +32,7 @@ impermanence, home-manager, disko, + sops-nix, ... } @ inputs: let lib = nixpkgs.lib.extend (final: prev: @@ -36,8 +42,21 @@ nixosConfigurations = lib.mkHosts { nixpkgs = nixpkgs; inputs = inputs; + user = "caem"; modules = [ + home-manager.nixosModules.home-manager { + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = { + inherit inputs; + }; + }; + } + + impermanence.nixosModules.impermanence disko.nixosModules.disko + sops-nix.nixosModules.sops ]; }; }; diff --git a/hosts/puter/default.nix b/hosts/puter/default.nix index 8ec2a05..872a6c8 100644 --- a/hosts/puter/default.nix +++ b/hosts/puter/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: { imports = [ @@ -11,12 +11,12 @@ networking = { hostName = "puter"; - useDHCP = true; + useDHCP = lib.mkDefault true; }; boot = { loader = { - canTouchEfiVariables = true; + efi.canTouchEfiVariables = true; grub = { enable = true; efiSupport = true; diff --git a/hosts/puter/disko.nix b/hosts/puter/disko.nix index e6b3f5e..2b42347 100644 --- a/hosts/puter/disko.nix +++ b/hosts/puter/disko.nix @@ -2,55 +2,57 @@ { disko.devices = { - master = { - type = "disk"; - device = ""; # [managed by install.sh] { device } - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "efi"; - start = "1M"; - end = "1024M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "umask=0077" - "noatime" - ]; + disk = { + master = { + type = "disk"; + device = ""; # [managed by install.sh] { device } + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "efi"; + start = "1M"; + end = "1024M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "umask=0077" + "noatime" + ]; + }; }; - }; - root = { - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" "-L nixos" ]; - postCreateHook = '' - TMP_MNT=$(mktemp -d) - MNT_PART="" # [managed by install.sh] { root partition } - mount "$MNT_PART" "$TMP_MNT" -o subvol=/ - trap 'umount "$TMP_MNT"; rm -rf "$TMP_MNT"' EXIT - btrfs subvolume snapshot "$TMP_MNT/root" "$TMP_MNT/blank" - ''; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" "-L nixos" ]; + postCreateHook = '' + TMP_MNT=$(mktemp -d) + MNT_PART="" # [managed by install.sh] { root partition } + mount "$MNT_PART" "$TMP_MNT" -o subvol=/ + trap 'umount "$TMP_MNT"; rm -rf "$TMP_MNT"' EXIT + btrfs subvolume snapshot "$TMP_MNT/root" "$TMP_MNT/blank" + ''; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; }; }; }; diff --git a/hosts/puter/packages.nix b/hosts/puter/packages.nix index 4a0ebf5..bae4137 100644 --- a/hosts/puter/packages.nix +++ b/hosts/puter/packages.nix @@ -9,6 +9,7 @@ "${modules}/hardware/gpu/nvidia" "${modules}/hardware/cpu/amd" "${modules}/multimedia" + "${modules}/desktop/gnome" ]; } diff --git a/hosts/puter/persist.nix b/hosts/puter/persist.nix index e69de29..d8147ea 100644 --- a/hosts/puter/persist.nix +++ b/hosts/puter/persist.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + +} diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..d0fe41b --- /dev/null +++ b/install.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env sh + +# Author: caem - https://caem.dev + +# install.sh - Installation script for my NixOS configuration +# +# This script aims to automate the deployment of my configuration +# on a new machine. diff --git a/lib/fs.nix b/lib/fs.nix index fdf12f8..8021d94 100644 --- a/lib/fs.nix +++ b/lib/fs.nix @@ -7,6 +7,10 @@ in builtins.filter (name: dirs.${name} == "directory") (builtins.attrNames dirs); - getModuleImports = builtins.attrNames (builtins.removeAttrs (builtins.readDir ./.) ["default.nix"]); + getModuleImports = + path: let + files = builtins.attrNames (builtins.removeAttrs (builtins.readDir path) ["default.nix"]); + in + map (file: "${path}/${file}") files; } diff --git a/lib/hosts.nix b/lib/hosts.nix index 0f367cb..c565acf 100644 --- a/lib/hosts.nix +++ b/lib/hosts.nix @@ -5,12 +5,19 @@ nixpkgs, inputs, modules, + user, }: builtins.listToAttrs (builtins.map (host: { name = host; value = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = modules ++ [ ../hosts/${host} ]; - specialArgs = { inherit inputs; }; + modules = modules ++ [ + ../hosts/${host} + ../modules/nixos/user/${user}.nix + ]; + specialArgs = { + inherit inputs; + inherit lib; + }; }; }) (lib.getDirsInDir ../hosts)); } diff --git a/modules/home/caem/default.nix b/modules/home/caem/default.nix new file mode 100644 index 0000000..626b4d7 --- /dev/null +++ b/modules/home/caem/default.nix @@ -0,0 +1,42 @@ +{ inputs, lib, config, ... }: + +{ + imports = [ + inputs.impermanence.homeManagerModules.impermanence + ] ++ lib.getModuleImports ./.; + + home = { + username = "caem"; + homeDirectory = "/home/caem"; + stateVersion = "24.11"; + }; + + xdg = { + enable = true; + userDirs = { + enable = true; + + documents = "${config.home.homeDirectory}/documents"; + download = "${config.home.homeDirectory}/download"; + music = "${config.home.homeDirectory}/music"; + pictures = "${config.home.homeDirectory}/images"; + videos = "${config.home.homeDirectory}/videos"; + + /* I do not use these */ + desktop = "${config.xdg.dataHome}/xdg/desktop"; + publicShare = "${config.xdg.dataHome}/xdg/publicShare"; + templates = "${config.xdg.dataHome}/xdg/templates"; + }; + }; + + home.persistence."/nix/persist/home/caem" = { + directories = [ + "documents" + "download" + "music" + "pictures" + "videos" + "programming" + ]; + }; +} diff --git a/modules/nixos/core/default.nix b/modules/nixos/core/default.nix index 9d4837a..99b31f4 100644 --- a/modules/nixos/core/default.nix +++ b/modules/nixos/core/default.nix @@ -1,6 +1,6 @@ -{ lib }: +{ lib, ... }: { - imports = lib.getModuleImports; + imports = lib.getModuleImports ./.; } diff --git a/modules/nixos/core/impermanence.nix b/modules/nixos/core/impermanence.nix index 013c280..2d8a384 100644 --- a/modules/nixos/core/impermanence.nix +++ b/modules/nixos/core/impermanence.nix @@ -25,4 +25,16 @@ btrfs subvolume create /btrfs_tmp/root umount /btrfs_tmp ''; + + environment.persistence."/nix/persist" = { + hideMounts = true; + directories = [ + "/var/log" + "/var/lib/nixos" + "/var/lib/AccountsService" + ]; + files = [ + "/etc/machine-id" + ]; + }; } diff --git a/modules/nixos/core/security.nix b/modules/nixos/core/security.nix index 6d0f9ff..f1de38c 100644 --- a/modules/nixos/core/security.nix +++ b/modules/nixos/core/security.nix @@ -1,7 +1,7 @@ { ... }: { - programs.gnupg = { + programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome/default.nix new file mode 100644 index 0000000..05b6595 --- /dev/null +++ b/modules/nixos/desktop/gnome/default.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: + +{ + services.xserver = { + enable = true; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + }; + + environment.gnome.excludePackages = with pkgs; [ + orca + evince + geary + gnome-disk-utility + gnome-backgrounds + gnome-user-docs + epiphany + yelp + gnome-software + totem + snapshot + simple-scan + gnome-console + gnome-text-editor + gnome-tour + gnome-bluetooth + ]; +} diff --git a/modules/nixos/multimedia/default.nix b/modules/nixos/multimedia/default.nix index d325261..e4fb51f 100644 --- a/modules/nixos/multimedia/default.nix +++ b/modules/nixos/multimedia/default.nix @@ -1,5 +1,5 @@ -{ lib }: +{ lib, ... }: { - imports = lib.getModuleImports; + imports = lib.getModuleImports ./.; } diff --git a/modules/nixos/user/caem.nix b/modules/nixos/user/caem.nix index 6384bdb..3cb4d29 100644 --- a/modules/nixos/user/caem.nix +++ b/modules/nixos/user/caem.nix @@ -8,4 +8,6 @@ "wheel" ]; }; + + home-manager.users.caem = import ../../home/caem; }