From 2b0e8f4306b8580f54531da1b4e6e5c1e891e02b Mon Sep 17 00:00:00 2001
From: Preston Pan <ret2pop@gmail.com>
Date: Wed, 8 Jan 2025 23:55:09 -0800
Subject: iso.nix

---
 README.org        |  16 ++---
 configuration.nix |   1 -
 disk-config.nix   |   6 --
 flake.nix         |  29 ++-------
 home.nix          |   7 +--
 install.sh        |  15 +++++
 iso.nix           | 177 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 7 files changed, 204 insertions(+), 47 deletions(-)
 create mode 100644 install.sh
 create mode 100644 iso.nix

diff --git a/README.org b/README.org
index 0d502c2..b14291e 100644
--- a/README.org
+++ b/README.org
@@ -8,18 +8,12 @@ much less cruft.
 Install NixOS, get internet with ~nmtui~ or ethernet, install git (and maybe vim) on your NixOS system,
 and then on your NixOS system, run:
 #+begin_src shell
-  mkdir -p ~/src
-  git clone https://git.nullring.xyz/toughnix.git ~/src/
-
-  # Change any system variables that are hardware or person-dependent (do this before inital-deploy)
-  nano ~/src/toughnix/vars.nix
-  bash ~/src/toughnix/initial-deploy.sh
-
-  # remove the single CHANGEME line
-  nano ~/src/toughnix/configuration.nix
-  bash ~/src/toughnix/stg2.sh
-  bash ~/src/toughnix/stg3.sh
+  git clone https://git.nullring.xyz/toughnix.git
+  # change values as you see fit
+  vim toughnix/vars.nix
+  sudo nix run 'github:nix-community/disko/latest#disko-install' -- --flake 'toughnix#continuity-dell' --disk main /dev/[disk]
 #+end_src
+
 Note the line where we run ~nano~; during this period you should change any hardware or
 person-specific settings, and also alter ~configuration.nix~ more if you are using an encrypted drive.
 
diff --git a/configuration.nix b/configuration.nix
index 47d6140..2790b66 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -234,7 +234,6 @@ in
         options = "caps:escape";
       };
 
-      # CHANGEME if using nvidia
       videoDrivers = vars.videoDrivers;
       enable = true;
     };
diff --git a/disk-config.nix b/disk-config.nix
index 115f2cd..ca67b19 100644
--- a/disk-config.nix
+++ b/disk-config.nix
@@ -1,9 +1,3 @@
-# USAGE in your configuration.nix.
-# Update devices to match your hardware.
-# {
-#  imports = [ ./disko-config.nix ];
-#  disko.devices.disk.main.device = "/dev/sda";
-# }
 {
   disko.devices = {
     disk = {
diff --git a/flake.nix b/flake.nix
index 6ce5656..5595eb0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -30,31 +30,11 @@
     nixosConfigurations = {
       live = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
-        specialArgs = attrs;
         modules = [
-          { nixpkgs.overlays = [ nur.overlays.default ]; }
-          ({ pkgs, ... }:
-            let
-              nur-no-pkgs = import nur {
-                inherit pkgs;
-                nurpkgs = import nixpkgs { system = "x86_64-linux"; };
-              };
-            in
-              {
-                imports = [ ];
-              })
-          (nixpkgs + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix")
-          ./configuration.nix
-          disko.nixosModules.disko
-          home-manager.nixosModules.home-manager
-          {
-            home-manager = {
-              useGlobalPkgs = true;
-              extraSpecialArgs = attrs;
-              useUserPackages = true;
-              users.preston = import ./home.nix;
-            };
-          }
+          ({pkgs, modulesPath, ...}: {
+            imports = [(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")];
+          })
+          ./iso.nix
         ];
       };
 
@@ -76,6 +56,7 @@
           lanzaboote.nixosModules.lanzaboote
           ./configuration.nix
           disko.nixosModules.disko
+          ./disk-config.nix
           home-manager.nixosModules.home-manager
           {
             home-manager = {
diff --git a/home.nix b/home.nix
index 5ae8987..c3c48b4 100644
--- a/home.nix
+++ b/home.nix
@@ -44,6 +44,7 @@ in
       acpilight
       alsa-utils
       autobuild
+      bash-language-server
       bear
       bitcoin
       bun
@@ -63,6 +64,7 @@ in
       gnupg
       graphviz
       grim
+      gum
       helvum
       imagemagick
       inkscape
@@ -1118,7 +1120,6 @@ on-notify=exec mpv /home/${vars.userName}/sounds/notification.wav --no-config --
 
     mbsync = {
       enable = true;
-      # CHANGEME different email server and account
       extraConfig = ''
       IMAPAccount ret2pop
       Host ${vars.imapsServer}
@@ -1150,7 +1151,6 @@ on-notify=exec mpv /home/${vars.userName}/sounds/notification.wav --no-config --
 
     msmtp = {
       enable = true;
-      # CHANGEME different email server and account
       extraConfig = ''
       # Set default values for all following accounts.
       defaults
@@ -1180,11 +1180,9 @@ on-notify=exec mpv /home/${vars.userName}/sounds/notification.wav --no-config --
 
     git = {
       enable = true;
-      # CHANGEME name and email
       userName = vars.fullName;
       userEmail = vars.email;
       signing = {
-        # CHANGEME GIT SIGNING KEY
         key = vars.gpgKey;
         signByDefault = true;
       };
@@ -1356,4 +1354,3 @@ on-notify=exec mpv /home/${vars.userName}/sounds/notification.wav --no-config --
   fonts.fontconfig.enable = true;
   nixpkgs.config.cudaSupport = false;
 }
-
diff --git a/install.sh b/install.sh
new file mode 100644
index 0000000..5e9dbf0
--- /dev/null
+++ b/install.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+gum input --placeholder "Host Name"
+clear;
+gum input --placeholder "Host Name"
+clear;
+gum input --placeholder "Full Name"
+clear;
+gum input --placeholder "Website Remote (rsync)"
+clear;
+echo ""
+gum input --placeholder "email"
+gum input --placeholder "Username"
+gum input --placeholder "Username"
+gum input --placeholder "Username"
diff --git a/iso.nix b/iso.nix
new file mode 100644
index 0000000..40c1b70
--- /dev/null
+++ b/iso.nix
@@ -0,0 +1,177 @@
+{ pkgs, ... }:
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+    ];
+
+  documentation = {
+    enable = true;
+    man.enable = true;
+    dev.enable = true;
+  };
+
+  environment = {
+    etc = {
+      securetty.text = ''
+          # /etc/securetty: list of terminals on which root is allowed to login.
+          # See securetty(5) and login(1).
+          '';
+    };
+  };
+
+  networking = {
+    hostName = "iso";
+    networkmanager = {
+      enable = true;
+      # wifi.macAddress = "";
+    };
+    firewall = {
+      allowedTCPPorts = [ ];
+      allowedUDPPorts = [ ];
+    };
+  };
+
+  hardware = {
+    cpu.intel.updateMicrocode = true;
+    graphics = {
+      enable = true;
+    };
+    pulseaudio.enable = false;
+  };
+
+  services = {
+    qemuGuest.enable = true;
+    chrony = {
+      enable = true;
+      enableNTS = true;
+      servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ];
+    };
+
+    jitterentropy-rngd.enable = true;
+    resolved.dnssec = true;
+    dbus = {
+      apparmor = "enabled";
+    };
+
+    pipewire = {
+      enable = true;
+      alsa = {
+        enable = true;
+        support32Bit = true;
+      };
+      pulse.enable = true;
+      jack.enable = true;
+      wireplumber.enable = true;
+      extraConfig.pipewire-pulse."92-low-latency" = {
+        "context.properties" = [
+          {
+            name = "libpipewire-module-protocol-pulse";
+            args = { };
+          }
+        ];
+        "pulse.properties" = {
+          "pulse.min.req" = "32/48000";
+          "pulse.default.req" = "32/48000";
+          "pulse.max.req" = "32/48000";
+          "pulse.min.quantum" = "32/48000";
+          "pulse.max.quantum" = "32/48000";
+        };
+        "stream.properties" = {
+          "node.latency" = "32/48000";
+          "resample.quality" = 1;
+        };
+      };
+    };
+
+    openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = true;
+        AllowUsers = [ ];
+        PermitRootLogin = "no";
+        KbdInteractiveAuthentication = false;
+      };
+    };
+  };
+
+  programs = {
+    zsh.enable = true;
+    ssh.enableAskPassword = false;
+  };
+
+  nixpkgs.config = {
+    allowUnfree = true;
+    cudaSupport = false;
+  };
+
+  environment.systemPackages = with pkgs; [
+    cryptsetup
+    restic
+    sbctl
+    linux-manual
+    man-pages
+    man-pages-posix
+  ];
+
+  users.extraUsers.root.password = "nixos";
+  users.extraUsers.nixos.password = "nixos";
+  users.users = {
+    nixos = {
+      isNormalUser = true;
+      description = "NixOS";
+      extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" ];
+      shell = pkgs.zsh;
+      packages = with pkgs; [
+        git
+        curl
+        gum
+        (writeShellScriptBin "nix_installer"
+          ''#!/usr/bin/env bash
+set -euo pipefail
+if [ "$(id -u)" -eq 0 ]; then
+  echo "ERROR! $(basename "$0") should be run as a regular user"
+  exit 1
+fi
+if [ ! -d "$HOME/toughnix/" ]; then
+  cd $HOME
+  git clone https://git.nullring.xyz/toughnix.git
+fi
+
+gum confirm  --default=false \
+"🔥 🔥 🔥 WARNING!!!! This will ERASE ALL DATA on the disk $TARGET_HOST. Are you sure you want to continue?"
+
+echo "Partitioning Disks"
+sudo nix run github:nix-community/disko \
+  --extra-experimental-features "nix-command flakes" \
+  --no-write-lock-file \
+  -- \
+  --mode zap_create_mount \
+  "$HOME/toughnix/disk-config.nix"
+
+sudo nixos-install --flake "$HOME/toughnix#.continuity-dell
+          ''
+        )
+      ];
+    };
+  };
+
+
+  nix.settings.experimental-features = "nix-command flakes";
+  time.timeZone = "America/Vancouver";
+  i18n.defaultLocale = "en_CA.UTF-8";
+
+  systemd = {
+    services.sshd.wantedBy = pkgs.lib.mkForce ["multi-user.target"];
+    targets = {
+      sleep.enable = false;
+      suspend.enable = false;
+      hibernate.enable = false;
+      hybrid-sleep.enable = false;
+    };
+  };
+
+  system = {
+    stateVersion = "24.11";
+  };
+}
-- 
cgit