aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.org16
-rw-r--r--configuration.nix1
-rw-r--r--disk-config.nix6
-rw-r--r--flake.nix29
-rw-r--r--home.nix7
-rw-r--r--install.sh15
-rw-r--r--iso.nix177
7 files changed, 204 insertions, 47 deletions
diff --git a/README.org b/README.org
index 0d502c2..b14291e 100644
--- a/README.org
+++ b/README.org
@@ -8,18 +8,12 @@ much less cruft.
Install NixOS, get internet with ~nmtui~ or ethernet, install git (and maybe vim) on your NixOS system,
and then on your NixOS system, run:
#+begin_src shell
- mkdir -p ~/src
- git clone https://git.nullring.xyz/toughnix.git ~/src/
-
- # Change any system variables that are hardware or person-dependent (do this before inital-deploy)
- nano ~/src/toughnix/vars.nix
- bash ~/src/toughnix/initial-deploy.sh
-
- # remove the single CHANGEME line
- nano ~/src/toughnix/configuration.nix
- bash ~/src/toughnix/stg2.sh
- bash ~/src/toughnix/stg3.sh
+ git clone https://git.nullring.xyz/toughnix.git
+ # change values as you see fit
+ vim toughnix/vars.nix
+ sudo nix run 'github:nix-community/disko/latest#disko-install' -- --flake 'toughnix#continuity-dell' --disk main /dev/[disk]
#+end_src
+
Note the line where we run ~nano~; during this period you should change any hardware or
person-specific settings, and also alter ~configuration.nix~ more if you are using an encrypted drive.
diff --git a/configuration.nix b/configuration.nix
index 47d6140..2790b66 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -234,7 +234,6 @@ in
options = "caps:escape";
};
- # CHANGEME if using nvidia
videoDrivers = vars.videoDrivers;
enable = true;
};
diff --git a/disk-config.nix b/disk-config.nix
index 115f2cd..ca67b19 100644
--- a/disk-config.nix
+++ b/disk-config.nix
@@ -1,9 +1,3 @@
-# USAGE in your configuration.nix.
-# Update devices to match your hardware.
-# {
-# imports = [ ./disko-config.nix ];
-# disko.devices.disk.main.device = "/dev/sda";
-# }
{
disko.devices = {
disk = {
diff --git a/flake.nix b/flake.nix
index 6ce5656..5595eb0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -30,31 +30,11 @@
nixosConfigurations = {
live = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
- specialArgs = attrs;
modules = [
- { nixpkgs.overlays = [ nur.overlays.default ]; }
- ({ pkgs, ... }:
- let
- nur-no-pkgs = import nur {
- inherit pkgs;
- nurpkgs = import nixpkgs { system = "x86_64-linux"; };
- };
- in
- {
- imports = [ ];
- })
- (nixpkgs + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix")
- ./configuration.nix
- disko.nixosModules.disko
- home-manager.nixosModules.home-manager
- {
- home-manager = {
- useGlobalPkgs = true;
- extraSpecialArgs = attrs;
- useUserPackages = true;
- users.preston = import ./home.nix;
- };
- }
+ ({pkgs, modulesPath, ...}: {
+ imports = [(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")];
+ })
+ ./iso.nix
];
};
@@ -76,6 +56,7 @@
lanzaboote.nixosModules.lanzaboote
./configuration.nix
disko.nixosModules.disko
+ ./disk-config.nix
home-manager.nixosModules.home-manager
{
home-manager = {
diff --git a/home.nix b/home.nix
index 5ae8987..c3c48b4 100644
--- a/home.nix
+++ b/home.nix
@@ -44,6 +44,7 @@ in
acpilight
alsa-utils
autobuild
+ bash-language-server
bear
bitcoin
bun
@@ -63,6 +64,7 @@ in
gnupg
graphviz
grim
+ gum
helvum
imagemagick
inkscape
@@ -1118,7 +1120,6 @@ on-notify=exec mpv /home/${vars.userName}/sounds/notification.wav --no-config --
mbsync = {
enable = true;
- # CHANGEME different email server and account
extraConfig = ''
IMAPAccount ret2pop
Host ${vars.imapsServer}
@@ -1150,7 +1151,6 @@ on-notify=exec mpv /home/${vars.userName}/sounds/notification.wav --no-config --
msmtp = {
enable = true;
- # CHANGEME different email server and account
extraConfig = ''
# Set default values for all following accounts.
defaults
@@ -1180,11 +1180,9 @@ on-notify=exec mpv /home/${vars.userName}/sounds/notification.wav --no-config --
git = {
enable = true;
- # CHANGEME name and email
userName = vars.fullName;
userEmail = vars.email;
signing = {
- # CHANGEME GIT SIGNING KEY
key = vars.gpgKey;
signByDefault = true;
};
@@ -1356,4 +1354,3 @@ on-notify=exec mpv /home/${vars.userName}/sounds/notification.wav --no-config --
fonts.fontconfig.enable = true;
nixpkgs.config.cudaSupport = false;
}
-
diff --git a/install.sh b/install.sh
new file mode 100644
index 0000000..5e9dbf0
--- /dev/null
+++ b/install.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+gum input --placeholder "Host Name"
+clear;
+gum input --placeholder "Host Name"
+clear;
+gum input --placeholder "Full Name"
+clear;
+gum input --placeholder "Website Remote (rsync)"
+clear;
+echo ""
+gum input --placeholder "email"
+gum input --placeholder "Username"
+gum input --placeholder "Username"
+gum input --placeholder "Username"
diff --git a/iso.nix b/iso.nix
new file mode 100644
index 0000000..40c1b70
--- /dev/null
+++ b/iso.nix
@@ -0,0 +1,177 @@
+{ pkgs, ... }:
+{
+ imports =
+ [
+ ./hardware-configuration.nix
+ ];
+
+ documentation = {
+ enable = true;
+ man.enable = true;
+ dev.enable = true;
+ };
+
+ environment = {
+ etc = {
+ securetty.text = ''
+ # /etc/securetty: list of terminals on which root is allowed to login.
+ # See securetty(5) and login(1).
+ '';
+ };
+ };
+
+ networking = {
+ hostName = "iso";
+ networkmanager = {
+ enable = true;
+ # wifi.macAddress = "";
+ };
+ firewall = {
+ allowedTCPPorts = [ ];
+ allowedUDPPorts = [ ];
+ };
+ };
+
+ hardware = {
+ cpu.intel.updateMicrocode = true;
+ graphics = {
+ enable = true;
+ };
+ pulseaudio.enable = false;
+ };
+
+ services = {
+ qemuGuest.enable = true;
+ chrony = {
+ enable = true;
+ enableNTS = true;
+ servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ];
+ };
+
+ jitterentropy-rngd.enable = true;
+ resolved.dnssec = true;
+ dbus = {
+ apparmor = "enabled";
+ };
+
+ pipewire = {
+ enable = true;
+ alsa = {
+ enable = true;
+ support32Bit = true;
+ };
+ pulse.enable = true;
+ jack.enable = true;
+ wireplumber.enable = true;
+ extraConfig.pipewire-pulse."92-low-latency" = {
+ "context.properties" = [
+ {
+ name = "libpipewire-module-protocol-pulse";
+ args = { };
+ }
+ ];
+ "pulse.properties" = {
+ "pulse.min.req" = "32/48000";
+ "pulse.default.req" = "32/48000";
+ "pulse.max.req" = "32/48000";
+ "pulse.min.quantum" = "32/48000";
+ "pulse.max.quantum" = "32/48000";
+ };
+ "stream.properties" = {
+ "node.latency" = "32/48000";
+ "resample.quality" = 1;
+ };
+ };
+ };
+
+ openssh = {
+ enable = true;
+ settings = {
+ PasswordAuthentication = true;
+ AllowUsers = [ ];
+ PermitRootLogin = "no";
+ KbdInteractiveAuthentication = false;
+ };
+ };
+ };
+
+ programs = {
+ zsh.enable = true;
+ ssh.enableAskPassword = false;
+ };
+
+ nixpkgs.config = {
+ allowUnfree = true;
+ cudaSupport = false;
+ };
+
+ environment.systemPackages = with pkgs; [
+ cryptsetup
+ restic
+ sbctl
+ linux-manual
+ man-pages
+ man-pages-posix
+ ];
+
+ users.extraUsers.root.password = "nixos";
+ users.extraUsers.nixos.password = "nixos";
+ users.users = {
+ nixos = {
+ isNormalUser = true;
+ description = "NixOS";
+ extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" ];
+ shell = pkgs.zsh;
+ packages = with pkgs; [
+ git
+ curl
+ gum
+ (writeShellScriptBin "nix_installer"
+ ''#!/usr/bin/env bash
+set -euo pipefail
+if [ "$(id -u)" -eq 0 ]; then
+ echo "ERROR! $(basename "$0") should be run as a regular user"
+ exit 1
+fi
+if [ ! -d "$HOME/toughnix/" ]; then
+ cd $HOME
+ git clone https://git.nullring.xyz/toughnix.git
+fi
+
+gum confirm --default=false \
+"🔥 🔥 🔥 WARNING!!!! This will ERASE ALL DATA on the disk $TARGET_HOST. Are you sure you want to continue?"
+
+echo "Partitioning Disks"
+sudo nix run github:nix-community/disko \
+ --extra-experimental-features "nix-command flakes" \
+ --no-write-lock-file \
+ -- \
+ --mode zap_create_mount \
+ "$HOME/toughnix/disk-config.nix"
+
+sudo nixos-install --flake "$HOME/toughnix#.continuity-dell
+ ''
+ )
+ ];
+ };
+ };
+
+
+ nix.settings.experimental-features = "nix-command flakes";
+ time.timeZone = "America/Vancouver";
+ i18n.defaultLocale = "en_CA.UTF-8";
+
+ systemd = {
+ services.sshd.wantedBy = pkgs.lib.mkForce ["multi-user.target"];
+ targets = {
+ sleep.enable = false;
+ suspend.enable = false;
+ hibernate.enable = false;
+ hybrid-sleep.enable = false;
+ };
+ };
+
+ system = {
+ stateVersion = "24.11";
+ };
+}