diff --git a/flake.nix b/flake.nix index 625a875..66fdbc4 100644 --- a/flake.nix +++ b/flake.nix @@ -2,24 +2,24 @@ description = "A simple NixOS flake"; inputs = { + # NixOS official package source, using the nixos-23.11 branch here nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; hardware.url = "github:nixos/nixos-hardware"; + # Declarative dotfile management home-manager = { url = "github:nix-community/home-manager/"; inputs.nixpkgs.follows = "nixpkgs"; }; + # Declarative partitioning and formatting + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - -# # Declarative partitioning and formatting -# disko = { -# url = "github:nix-community/disko"; -# inputs.nixpkgs.follows = "nixpkgs"; -# }; -# # # Secrets management. See ./docs/secretsmgmt.md # sops-nix = { # url = "github:mic92/sops-nix"; diff --git a/hosts/Puenktchen/disko.nix b/hosts/Puenktchen/disko.nix index 4785364..0c36348 100644 --- a/hosts/Puenktchen/disko.nix +++ b/hosts/Puenktchen/disko.nix @@ -8,53 +8,43 @@ type = "gpt"; partitions = { ESP = { + priority = 1; + name = "ESP"; size = "512M"; type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; }; }; - luks = { + root = { size = "100%"; content = { - type = "luks"; - name = "crypted"; - # disable settings.keyFile if you want to use interactive password entry - #passwordFile = "/tmp/secret.key"; # Interactive - settings = { - allowDiscards = true; - keyFile = "/tmp/secret.key"; - }; - additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/home" = { - mountpoint = "/home"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/mnt/data" = { - mountpoint = "/mnt/data"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/swap" = { - mountpoint = "/.swapvol"; - swap.swapfile.size = "20M"; - }; + type = "btrfs"; + extraArgs = [ "-f" ]; # Override existing partition + # Subvolumes must set a mountpoint in order to be mounted, + # unless their parent is mounted + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountOptions = [ "compress=zstd" "noatime" ]; + mountpoint = "/"; + }; + # Subvolume name is the same as the mountpoint + "/home" = { + mountOptions = [ "compress=zstd" "noatime" ]; + mountpoint = "/home"; + }; + # Parent is not mounted so the mountpoint must be set + "/nix" = { + mountOptions = [ "compress=zstd" "noatime" ]; + mountpoint = "/nix"; + }; + # Subvolume for the swapfile + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "40G"; }; }; }; @@ -64,4 +54,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/hosts/common/configuration.nix b/hosts/common/configuration.nix deleted file mode 100644 index dc4765b..0000000 --- a/hosts/common/configuration.nix +++ /dev/null @@ -1,294 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). -# -{ config, pkgs, ... }: - -#TODO: Bootloader, plymouth, import hardware, hostname, network, locale, unfree, thunderbolt -# auto-cpufreq, fprintd, console keymap, udev, XDG vars, programs, syncthing, rkit/pipewire, nix-ld - -# home: user, electron wayland, polkit - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - # - ]; - - # Bootloader. - boot = { - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - initrd.systemd.enable = true; - plymouth = { - enable = true; - theme = "bgrt"; - logo = "${pkgs.nixos-icons}/share/icons/hicolor/48x48/apps/nix-snowflake-white.png"; - font = "${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf"; - }; - - consoleLogLevel = 0; - initrd.verbose = false; - kernelParams = [ - "quiet" - "splash" - "boot.shell_on_fail" - "loglevel=3" - "rd.systemd.show_status=false" - "rd.udev.log_level=3" - "udev.log_priority=3" - ]; - # Hide the OS choice for bootloaders. - # It's still possible to open the bootloader list by pressing any key - # It will just not appear on screen unless a key is pressed - loader.timeout = 0; - - }; - networking.hostName = "Lenni"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "de_DE.UTF-8"; - LC_IDENTIFICATION = "de_DE.UTF-8"; - LC_MEASUREMENT = "de_DE.UTF-8"; - LC_MONETARY = "de_DE.UTF-8"; - LC_NAME = "de_DE.UTF-8"; - LC_NUMERIC = "de_DE.UTF-8"; - LC_PAPER = "de_DE.UTF-8"; - LC_TELEPHONE = "de_DE.UTF-8"; - LC_TIME = "de_DE.UTF-8"; - }; - - #Allow unfree and unstable packages - nixpkgs.config.allowUnfree = true; - - - systemd = { - user.services.polkit-gnome-authentication-agent-1 = { - description = "polkit-gnome-authentication-agent-1"; - wantedBy = [ "graphical-session.target" ]; - wants = [ "graphical-session.target" ]; - after = [ "graphical-session.target" ]; - serviceConfig = { - Type = "simple"; - ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; - Restart = "on-failure"; - RestartSec = 1; - TimeoutStopSec = 10; - }; - }; - }; - - # rtkit is optional but recommended - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - wireplumber.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - }; - - services.hardware.bolt.enable = true; - - programs.hyprland.enable = true; - - environment.sessionVariables.NIXOS_OZONE_WL = "1"; - - services.auto-cpufreq = { - enable = true; - settings = { - battery = { - governor = "powersave"; - turbo = "never"; - }; - charger = { - governor = "powersave"; - turbo = "never"; - }; - }; - }; - - services.fprintd.enable = true; - - services.syncthing = { - enable = true; - user = "willifan"; - dataDir = "/home/willifan/temp"; - configDir = "/home/willifan/temp/.config/syncthing"; - overrideDevices = true; - overrideFolders = true; - settings = { - gui = { - user = "willifan"; - password = "temppassword"; - }; - devices = { - Anton = { id = "SGKTC3I-6IQZ5Z5-VAB76N6-L7DJ3TH-BMSZGKZ-MZPZHLO-KOVMZ2W-V5GQTA6"; }; - }; - folders = { - "Documents" = { - id = "jtl6g-qjmwo"; - path = "/home/willifan/temp/Documents"; - devices = [ "Anton" ]; - }; - "Pictures" = { - id = "po4qj-q9t0t"; - path = "/home/willifan/temp/Pictures"; - devices = [ "Anton" ]; - }; - "Videos" = { - id = "4wqf5-xasng"; - path = "/home/willifan/temp/Videos"; - devices = [ "Anton" ]; - }; - "Notes" = { - id = "oc61n-iewgj"; - path = "/home/willifan/temp/Notes"; - devices = [ "Anton" ]; - }; - "Music" = { - id = "xxh8a-3y2tq"; - path = "/home/willifan/temp/Music"; - devices = [ "Anton" ]; - }; - }; - }; - }; - - security.polkit.enable = true; - - # Configure console keymap - console.keyMap = "de"; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.willifan = { - isNormalUser = true; - description = "willifan"; - extraGroups = [ "networkmanager" "wheel" ]; - packages = with pkgs; []; - }; - - environment.sessionVariables = rec { - XDG_CACHE_HOME = "$HOME/.cache"; - XDG_CONFIG_HOME = "$HOME/.config"; - XDG_DATA_HOME = "$HOME/.local/share"; - XDG_STATE_HOME = "$HOME/.local/state"; - - # Not officially in the specification - #XDG_BIN_HOME = "$HOME/.local/bin"; - #PATH = [ - # "${XDG_BIN_HOME}" - #]; - SCRIPTS = "$XDG_CONFIG_HOME/scripts"; - }; - - - - services.udev.extraRules = '' - ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", MODE="0666", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/backlight/%k/brightness" - ''; - - - # List packages installed in system profile. To search, run: - # $ nix search wget - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - environment.systemPackages = with pkgs; [ - - hyprlock - hypridle - hyprpaper - hyprcursor - grim - slurp - wl-clipboard - kanshi - jq - bc - xorg.xrandr - pulseaudio - inotify-tools - papirus-icon-theme - eww - mako - polkit_gnome - - python3 - usbutils - unzip - - btop - - feh - - kitty - dolphin - hyfetch - wofi - enpass - firefox - thunderbird - webcord - obsidian - kicad - gnome.nautilus - cinnamon.nemo-with-extensions - - - ]; - - programs.nix-ld.enable = true; - - programs.nix-ld.libraries = with pkgs; [ - - # Add any missing dynamic libraries for unpackaged programs - - # here, NOT in environment.systemPackages - - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? - -} -