More configuration progression

build.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+nix build .#nixosConfigurations.puter.config.system.build.toplevel "$@"

flake.lock

@@ -126,7 +126,28 @@
         "home-manager": "home-manager",
         "impermanence": "impermanence",
         "nixpkgs": "nixpkgs",
-        "nixpkgs-unstable": "nixpkgs-unstable"
+        "nixpkgs-unstable": "nixpkgs-unstable",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1736515725,
+        "narHash": "sha256-4P99yL8vGehwzytkpP87eklBePt6aqeEC5JFsIzhfUs=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "f214c1b76c347a4e9c8fb68c73d4293a6820d125",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
       }
     }
   },

flake.nix

@@ -18,6 +18,11 @@
       url = "github:nix-community/disko/latest";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = { 
@@ -27,6 +32,7 @@
     impermanence,
     home-manager,
     disko,
+    sops-nix,
     ...
   } @ inputs: let
     lib = nixpkgs.lib.extend (final: prev: 
@@ -36,8 +42,21 @@
     nixosConfigurations = lib.mkHosts {
       nixpkgs = nixpkgs;
       inputs = inputs;
+      user = "caem";
       modules = [
+        home-manager.nixosModules.home-manager {
+          home-manager = {
+            useGlobalPkgs = true;
+            useUserPackages = true;
+            extraSpecialArgs = {
+              inherit inputs;
+            };
+          };
+        }
+
+        impermanence.nixosModules.impermanence
         disko.nixosModules.disko
+        sops-nix.nixosModules.sops
       ];
     };
   };

hosts/puter/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 
 {
   imports = [
@@ -11,12 +11,12 @@
 
   networking = {
     hostName = "puter";
-    useDHCP = true;
+    useDHCP = lib.mkDefault true;
   };
 
   boot = {
     loader = {
-      canTouchEfiVariables = true;
+      efi.canTouchEfiVariables = true;
       grub = {
         enable = true;
         efiSupport = true;

hosts/puter/disko.nix

@@ -2,55 +2,57 @@
 
 {
   disko.devices = {
-    master = {
+    disk = {
-      type = "disk";
+      master = {
-      device = ""; # [managed by install.sh] { device }
+        type = "disk";
-      content = {
+        device = ""; # [managed by install.sh] { device }
-        type = "gpt";
+        content = {
-        partitions = {
+          type = "gpt";
-          ESP = {
+          partitions = {
-            priority = 1;
+            ESP = {
-            name = "efi";
+              priority = 1;
-            start = "1M";
+              name = "efi";
-            end = "1024M";
+              start = "1M";
-            type = "EF00";
+              end = "1024M";
-            content = {
+              type = "EF00";
-              type = "filesystem";
+              content = {
-              format = "vfat";
+                type = "filesystem";
-              mountpoint = "/boot";
+                format = "vfat";
-              mountOptions = [
+                mountpoint = "/boot";
-                "umask=0077"
+                mountOptions = [
-                "noatime"
+                  "umask=0077"
-              ];
+                  "noatime"
+                ];
+              };
             };
-          };
+            root = {
-          root = {
+              size = "100%";
-            size = "100%";
+              content = {
-            content = {
+                type = "btrfs";
-              type = "btrfs";
+                extraArgs = [ "-f" "-L nixos" ];
-              extraArgs = [ "-f" "-L nixos" ];
+                postCreateHook = ''
-              postCreateHook = ''
+                  TMP_MNT=$(mktemp -d)
-                TMP_MNT=$(mktemp -d)
+                  MNT_PART="" # [managed by install.sh] { root partition }
-                MNT_PART="" # [managed by install.sh] { root partition }
+                  mount "$MNT_PART" "$TMP_MNT" -o subvol=/
-                mount "$MNT_PART" "$TMP_MNT" -o subvol=/
+                  trap 'umount "$TMP_MNT"; rm -rf "$TMP_MNT"' EXIT
-                trap 'umount "$TMP_MNT"; rm -rf "$TMP_MNT"' EXIT
+                  btrfs subvolume snapshot "$TMP_MNT/root" "$TMP_MNT/blank"
-                btrfs subvolume snapshot "$TMP_MNT/root" "$TMP_MNT/blank"
+                '';
-              '';
+                subvolumes = {
-              subvolumes = {
+                  "/root" = {
-                "/root" = {
+                    mountpoint = "/";
-                  mountpoint = "/";
+                    mountOptions = [
-                  mountOptions = [
+                      "noatime"
-                    "noatime"
+                      "compress=zstd"
-                    "compress=zstd"
+                    ];
-                  ];
+                  };
-                };
 
-                "/nix" = {
+                  "/nix" = {
-                  mountpoint = "/nix";
+                    mountpoint = "/nix";
-                  mountOptions = [
+                    mountOptions = [
-                    "noatime"
+                      "noatime"
-                    "compress=zstd"
+                      "compress=zstd"
-                  ];
+                    ];
+                  };
                 };
               };
             };

hosts/puter/packages.nix

@@ -9,6 +9,7 @@
     "${modules}/hardware/gpu/nvidia"
     "${modules}/hardware/cpu/amd"
     "${modules}/multimedia"
+    "${modules}/desktop/gnome"
   ];
 }
 

hosts/puter/persist.nix

@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+
+}

install.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env sh
+
+# Author: caem - https://caem.dev
+
+# install.sh - Installation script for my NixOS configuration
+#
+# This script aims to automate the deployment of my configuration
+# on a new machine. 

lib/fs.nix

@@ -7,6 +7,10 @@
     in
       builtins.filter (name: dirs.${name} == "directory") (builtins.attrNames dirs);
 
-  getModuleImports = builtins.attrNames (builtins.removeAttrs (builtins.readDir ./.) ["default.nix"]);
+  getModuleImports =
+    path: let
+      files = builtins.attrNames (builtins.removeAttrs (builtins.readDir path) ["default.nix"]);
+    in
+      map (file: "${path}/${file}") files;
 }
 

lib/hosts.nix

@@ -5,12 +5,19 @@
     nixpkgs,
     inputs,
     modules,
+    user,
   }: builtins.listToAttrs (builtins.map (host: {
       name = host;
       value = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
-        modules = modules ++ [ ../hosts/${host} ];
+        modules = modules ++ [
-        specialArgs = { inherit inputs; };
+          ../hosts/${host}
+          ../modules/nixos/user/${user}.nix
+        ];
+        specialArgs = { 
+          inherit inputs;
+          inherit lib;
+        };
       };
     }) (lib.getDirsInDir ../hosts));
 }

modules/home/caem/default.nix

@@ -0,0 +1,42 @@
+{ inputs, lib, config, ... }:
+
+{
+  imports = [
+    inputs.impermanence.homeManagerModules.impermanence
+  ] ++ lib.getModuleImports ./.;
+
+  home = {
+    username = "caem";
+    homeDirectory = "/home/caem";
+    stateVersion = "24.11";
+  };
+
+  xdg = {
+    enable = true;
+    userDirs = {
+      enable = true;
+      
+      documents = "${config.home.homeDirectory}/documents";
+      download = "${config.home.homeDirectory}/download";
+      music = "${config.home.homeDirectory}/music";
+      pictures = "${config.home.homeDirectory}/images";
+      videos = "${config.home.homeDirectory}/videos";
+
+      /* I do not use these */
+      desktop = "${config.xdg.dataHome}/xdg/desktop";
+      publicShare = "${config.xdg.dataHome}/xdg/publicShare";
+      templates = "${config.xdg.dataHome}/xdg/templates";
+    };
+  };
+
+  home.persistence."/nix/persist/home/caem" = {
+    directories = [
+      "documents"
+      "download"
+      "music"
+      "pictures"
+      "videos"
+      "programming"
+    ];
+  };
+}

modules/nixos/core/default.nix

@@ -1,6 +1,6 @@
-{ lib }:
+{ lib, ... }:
 
 {
-  imports = lib.getModuleImports;
+  imports = lib.getModuleImports ./.;
 }
 

modules/nixos/core/impermanence.nix

@@ -25,4 +25,16 @@
     btrfs subvolume create /btrfs_tmp/root
     umount /btrfs_tmp
   '';
+
+  environment.persistence."/nix/persist" = {
+    hideMounts = true;
+    directories = [
+      "/var/log" 
+      "/var/lib/nixos"
+      "/var/lib/AccountsService"
+    ];
+    files = [
+      "/etc/machine-id"
+    ];
+  };
 }

modules/nixos/core/security.nix

@@ -1,7 +1,7 @@
 { ... }:
 
 {
-  programs.gnupg = {
+  programs.gnupg.agent = {
     enable = true;
     enableSSHSupport = true;
   };

modules/nixos/desktop/gnome/default.nix

@@ -0,0 +1,28 @@
+{ pkgs, ... }:
+
+{
+  services.xserver = {
+    enable = true;
+    displayManager.gdm.enable = true;
+    desktopManager.gnome.enable = true;
+  };
+
+  environment.gnome.excludePackages = with pkgs; [
+    orca
+    evince
+    geary
+    gnome-disk-utility
+    gnome-backgrounds
+    gnome-user-docs
+    epiphany
+    yelp
+    gnome-software
+    totem
+    snapshot
+    simple-scan
+    gnome-console
+    gnome-text-editor
+    gnome-tour
+    gnome-bluetooth
+  ];
+}

modules/nixos/multimedia/default.nix

@@ -1,5 +1,5 @@
-{ lib }:
+{ lib, ... }:
 
 {
-  imports = lib.getModuleImports;
+  imports = lib.getModuleImports ./.;
 }

modules/nixos/user/caem.nix

@@ -8,4 +8,6 @@
       "wheel"
     ];
   };
+
+  home-manager.users.caem = import ../../home/caem;
 }