karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Housekeeping

Browse Source 
- Update README
- Run shellcheck on .sh files
- Add helper scripts
- Remove eirene vm variant
- Add post-install checklist

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2024-08-23 01:22:08 +02:00
parent a048be5c51
commit 78a862bd2e
29 changed files with 582 additions and 434 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
README.md
View File

@@ -1,81 +1,46 @@
# nix
NixOS dotfiles and configuration.
NixOS dotfiles and configuration for various hosts and users.
## Installation
## Structure
The below installation example is for a fresh `eirene-vm` virtual machine.
- [`flake.lock`](./flake.lock) and [`flake.nix`](./flake.nix): Core Nix flake files defining the repository's dependencies and entry points.
1. Mount NixOS Configuration
- [`hosts/`](./hosts): All host-specific configurations.
- [`common/`](./hosts/common): Shared configuration definitions.
- [`system/`](./hosts/common/system): System-level configurations and scripts.
- [`configs/`](./hosts/common/system/configs): System configurations applicable to all hosts.
- [`scripts/`](./hosts/common/system/scripts): Utility scripts, such as `nix-cleanup`.
- [`user/`](./hosts/common/user): Per-user options.
- [`configs/`](./hosts/common/user/configs): User configurations, split into:
- [`console/`](./hosts/common/user/configs/console): Console-related settings.
- [`gui/`](./hosts/common/user/configs/gui): GUI-related settings.
- [`scripts/`](./hosts/common/user/scripts): User-specific scripts and utilities.
- `<name>/`: Individual host configurations.
- `scripts/`: Host-specific scripts.
- `secrets/`: Host-specific secrets, such as `machineId`.
- `users/`: User-specific settings for the host.
- `format.nix`: Disk layout definition using [`disko`](https://github.com/nix-community/disko).
```sh
sudo -i
mkdir /host
mount -t virtiofs host /host
```
- `users/<name>/`: Global configurations for individual users that apply across all hosts. This includes secrets (like GPG keys and third-party service passwords), wallpapers, and more.
2. Format Disks
- [`scripts/`](./scripts): Utility scripts for managing the repository.
- [`add-host.sh`](./scripts/add-host.sh): Instantiate the keys for a new host configuration.
- [`remove-host.sh`](./scripts/remove-host.sh): Remove references to a host.
- [`add-user.sh`](./scripts/add-user.sh): Instantiate the keys for a new user configuration.
- [`remove-user.sh`](./scripts/remove-user.sh): Remove references to a user.
- [`update-keys.sh`](./scripts/update-keys.sh): Update the encryption keys in all relevant files using `sops.yaml` configurations.
- [`update.sh`](./scripts/update.sh): Update flake and all git submodules.
- [`install.sh`](./scripts/install.sh): Install or repair a selected NixOS host.
```sh
nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko /host/hosts/eirene/format.nix --arg device '"/dev/vda"'
```
- [`submodules/`](./submodules): Flake forks used in the repository, such as [`nixpkgs`](https://github.com/NixOS/nixpkgs) and [`home-manager`](https://github.com/nix-community/home-manager).
3. Generate Host SSH Key
Any `options.nix` files create custom option definitions when present.
```sh
mkdir -p /mnt/persist/etc/ssh
ssh-keygen -t ed25519 -f /mnt/persist/etc/ssh/ssh_host_ed25519_key
cp /mnt/persist/etc/ssh/ssh_host_ed25519_key /host/hosts/eirene/secrets/ssh_host_ed25519_key
## Hosts
# Optional - Copy user keys
mkdir -p /mnt/persist/home/nick/.local/share/sops-nix
cp /host/users/nick/secrets/key.txt /mnt/persist/home/nick/.local/share/sops-nix/key.txt
```
Below is a table of all hosts, with links to their respective README files, which may provide further details and/or post-installation checklists.
4. Update `sops` Configuration
```sh
nix-shell -p ssh-to-age --run 'cat /mnt/persist/etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
find . -type f -name 'sops.yaml' -exec nano {} \;
export SOPS_AGE_KEY_FILE=/host/users/nick/secrets/key.txt
find . -type f -name 'sops.yaml' | while read -r sops_file; do
dir=$(dirname "$sops_file")
find "$dir" -maxdepth 1 -type f -regextype posix-extended -regex '.+\.(yaml|yml|json|env|ini|bin)' | while read -r file; do
nix-shell -p sops --run 'sops --config $sops_file updatekeys $file'
done
done
```
5. Update Nix Configuration Keys
- Known Hosts
```sh
# Add to hosts/common/default.nix.programs.ssh.knownHosts
cp /mnt/persist/etc/ssh/ssh_host_ed25519_key.pub /host/hosts/eirene/secrets/ssh_host_ed25519_key.pub
```
- SSH Keys
```sh
# Generate a new SSH key pair for every user that will connect to the newly added user@host combinations
# Add to hosts/eirene/default.nix.users.users.nick.openssh.authorizedKeys.keyFiles
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_eirene_nick
```
6. Install NixOS
```sh
mkdir -p /mnt/persist/etc/nixos
cp -r /host/* /mnt/persist/etc/nixos
nixos-install --root /mnt --flake /mnt/persist/etc/nixos#eirene-vm
```
7. Reboot
```sh
reboot
```
| Host | README |
|----------|----------------------------------------------------|
| `eirene` | [hosts/eirene/README.md](./hosts/eirene/README.md) |

10
flake.nix
View File

@@ -60,20 +60,12 @@
{ self, nixpkgs, ... }@inputs:
{
nixosConfigurations = {
eirene-vm = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs;
};
system = "x86_64-linux";
modules = [ ./hosts/eirene/vm ];
};
eirene = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs;
};
system = "x86_64-linux";
modules = [ ./hosts/eirene/base ];
modules = [ ./hosts/eirene ];
};
};

18
hosts/common/system/configs/impermanence/scripts/start.sh
View File

@@ -1,19 +1,19 @@
echo "Starting impermanence mount with source: $source, target: $target, path: $path."
echo "Starting impermanence mount with source: ${source}, target: ${target}, path: ${path}."
source_current="$source"
target_current="$target"
source_current="${source}"
target_current="${target}"
IFS='/' read -ra path_parts <<< "$path"
IFS='/' read -ra path_parts <<< "${path}"
unset "path_parts[-1]"
for part in "${path_parts[@]}"; do
source_current="$source_current/$part"
target_current="$target_current/$part"
source_current="${source_current}/${part}"
target_current="${target_current}/${part}"
if [ ! -d "$source_current" ]; then
if [[ ! -d "${source_current}" ]]; then
break
fi
read -r mode owner group <<< "$(stat -c '%a %u %g' "$source_current")"
install -d -m "$mode" -o "$owner" -g "$group" "$target_current"
read -r mode owner group <<< "$(stat -c '%a %u %g' "${source_current}")"
install -d -m "${mode}" -o "${owner}" -g "${group}" "${target_current}"
done

34
hosts/common/system/configs/impermanence/scripts/stop.sh
View File

@@ -1,38 +1,38 @@
echo "Stopping impermanence mount with source: $source, target: $target, path: $path."
echo "Stopping impermanence mount with source: ${source}, target: ${target}, path: ${path}."
source_current="$source"
target_current="$target"
source_current="${source}"
target_current="${target}"
IFS='/' read -ra path_parts <<< "$path"
IFS='/' read -ra path_parts <<< "${path}"
unset "path_parts[-1]"
for part in "${path_parts[@]}"; do
source_current="$source_current/$part"
target_current="$target_current/$part"
source_current="${source_current}/${part}"
target_current="${target_current}/${part}"
if [ ! -d "$target_current" ]; then
if [[ ! -d "${target_current}" ]]; then
break
fi
if [ -d "$source_current" ]; then
if [[ -d "${source_current}" ]]; then
continue
fi
read -r mode owner group <<< "$(stat -c '%a %u %g' "$target_current")"
install -d -m "$mode" -o "$owner" -g "$group" "$source_current"
read -r mode owner group <<< "$(stat -c '%a %u %g' "${target_current}")"
install -d -m "${mode}" -o "${owner}" -g "${group}" "${source_current}"
done
source=$(realpath -m "$source/$path")
target=$(realpath -m "$target/$path")
source=$(realpath -m "${source}/${path}")
target=$(realpath -m "${target}/${path}")
if [ ! -e "$target" ] || { [ -d "$target" ] && [ -z "$(ls -A "$target")" ]; } || { [ -f "$target" ] && [ ! -s "$target" ]; }; then
if [[ ! -e "${target}" ]] || { [[ -d "${target}" ]] && [[ -z "$(ls -A "${target}")" ]]; } || { [[ -f "${target}" ]] && [[ ! -s "${target}" ]]; }; then
exit 0
fi
if [ -e "$source" ]; then
>&2 echo "Error: Source $source already exists. Cannot move $target to $source."
if [[ -e "${source}" ]]; then
>&2 echo "Error: Source ${source} already exists. Cannot move ${target} to ${source}."
exit 1
fi
echo "Moving target $target to source $source."
mv "$target" "$source"
echo "Moving target ${target} to source ${source}."
mv "${target}" "${source}"

6
hosts/common/system/configs/impermanence/scripts/wipe.sh
View File

@@ -1,7 +1,7 @@
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/mnt/btrfs/$i"
delete_subvolume_recursively "/mnt/btrfs/${i}"
done
btrfs subvolume delete "$1"
}
@@ -12,11 +12,11 @@ mount /dev/mapper/luks /mnt/btrfs
if [[ -e /mnt/btrfs/@ ]]; then
mkdir -p /mnt/btrfs/@.bak
timestamp=$(date --date="@$(stat -c %Y /mnt/btrfs/@)" "+%Y-%m-%d_%H:%M:%S")
mv /mnt/btrfs/@ "/mnt/btrfs/@.bak/$timestamp"
mv /mnt/btrfs/@ "/mnt/btrfs/@.bak/${timestamp}"
fi
find /mnt/btrfs/@.bak/ -maxdepth 1 -mtime +14 | while IFS= read -r i; do
delete_subvolume_recursively "$i"
delete_subvolume_recursively "${i}"
done
btrfs subvolume create /mnt/btrfs/@

2
hosts/common/system/configs/timezone/timezone.sh
View File

@@ -1,7 +1,7 @@
case "$2" in
connectivity-change)
if timezone=$(curl --fail https://ipapi.co/timezone); then
timedatectl set-timezone "$timezone"
timedatectl set-timezone "${timezone}"
fi
;;
esac

10
hosts/common/system/scripts/cleanup/cleanup.sh
View File

@@ -1,4 +1,4 @@
if [ "$(id -u)" -ne 0 ]; then
if [[ "$(id -u)" -ne 0 ]]; then
echo "This script must be run as root or with sudo privileges."
exit 1
fi
@@ -6,12 +6,12 @@ fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/mnt/btrfs/$i"
delete_subvolume_recursively "/mnt/btrfs/${i}"
done
btrfs subvolume delete "$1"
}
if [[ -e /mnt/btrfs && $(mountpoint -q /mnt/btrfs) ]]; then
if [[ -e /mnt/btrfs && -n $(mountpoint -q /mnt/btrfs) ]]; then
echo "/mnt/btrfs is already mounted. Exiting."
exit 1
fi
@@ -20,9 +20,9 @@ mkdir -p /mnt/btrfs
mount /dev/mapper/luks /mnt/btrfs
if [[ -e /mnt/btrfs/@.bak ]]; then
if [ "$(ls -A /mnt/btrfs/@.bak)" ]; then
if [[ -n "$(ls -A /mnt/btrfs/@.bak)" ]]; then
for i in /mnt/btrfs/@.bak/*; do
delete_subvolume_recursively "$i"
delete_subvolume_recursively "${i}"
done
else
echo "/mnt/btrfs/@.bak is empty. Nothing to delete."

22
hosts/common/user/configs/console/gpg-agent/import-gpg-keys.sh
View File

@@ -1,21 +1,21 @@
for dir in "$HOME"/.config/sops-nix/secrets/gpg-agent/*; do
keyfile="$dir/key"
passfile="$dir/pass"
for dir in "${HOME}"/.config/sops-nix/secrets/gpg-agent/*; do
keyfile="${dir}/key"
passfile="${dir}/pass"
if [ ! -f "$keyfile" ]; then
if [[ ! -f "${keyfile}" ]]; then
continue
fi
if [ -f "$passfile" ]; then
gpg2 --batch --yes --pinentry-mode loopback --passphrase-file "$passfile" --import "$keyfile"
if [[ -f "${passfile}" ]]; then
gpg2 --batch --yes --pinentry-mode loopback --passphrase-file "${passfile}" --import "${keyfile}"
else
gpg2 --batch --yes --import "$keyfile"
gpg2 --batch --yes --import "${keyfile}"
fi
gpg2 --with-colons --import-options show-only --import "$keyfile" | grep '^fpr' | cut -d: -f10 | while read -r KEY_ID; do
echo "$KEY_ID:6:" >> "$GNUPGHOME"/otrust.txt
gpg2 --with-colons --import-options show-only --import "${keyfile}" | grep '^fpr' | cut -d: -f10 | while read -r KEY_ID; do
echo "${KEY_ID}:6:" >> "${GNUPGHOME}"/otrust.txt
done
done
gpg2 --import-ownertrust "$GNUPGHOME"/otrust.txt
rm "$GNUPGHOME"/otrust.txt
gpg2 --import-ownertrust "${GNUPGHOME}"/otrust.txt
rm "${GNUPGHOME}"/otrust.txt

2
hosts/common/user/configs/gui/cliphist/scripts/copy.sh
View File

@@ -7,7 +7,7 @@ handle() {
cliphist decode <<< "$1" | wl-copy
}
case $ROFI_RETV in
case ${ROFI_RETV} in
0) list ;;
1) handle "$@" ;;
esac

2
hosts/common/user/configs/gui/cliphist/scripts/delete.sh
View File

@@ -7,7 +7,7 @@ handle() {
cliphist delete <<< "$1"
}
case $ROFI_RETV in
case ${ROFI_RETV} in
0) list ;;
1) handle "$@" && list ;;
esac

16
hosts/common/user/configs/gui/spicetify/config/merge.sh
View File

@@ -1,19 +1,19 @@
SOURCE_FILE=$(realpath -m "$1")
TARGET_FILE=$(realpath -m "$2")
mkdir -p "$(dirname "$TARGET_FILE")"
mkdir -p "$(dirname "${TARGET_FILE}")"
TEMP_FILE=$(mktemp)
cat "$SOURCE_FILE" > "$TEMP_FILE"
cat "${SOURCE_FILE}" > "${TEMP_FILE}"
if [ -f "$TARGET_FILE" ]; then
if [[ -f "${TARGET_FILE}" ]]; then
while IFS='=' read -r key value; do
if ! grep -q "^${key}=" "$TEMP_FILE"; then
echo "${key}=${value}" >> "$TEMP_FILE"
if ! grep -q "^${key}=" "${TEMP_FILE}"; then
echo "${key}=${value}" >> "${TEMP_FILE}"
fi
done < "$TARGET_FILE"
done < "${TARGET_FILE}"
fi
mv "$TEMP_FILE" "$TARGET_FILE"
mv "${TEMP_FILE}" "${TARGET_FILE}"
echo "Configuration file $TARGET_FILE has been updated."
echo "Configuration file ${TARGET_FILE} has been updated."

30
hosts/common/user/configs/gui/theme/theme.sh
View File

@@ -1,11 +1,11 @@
[ ! -L "$CONFIG"/wallpaper ] && ln -sf "$DEFAULT_WALLPAPER" "$CONFIG"/wallpaper
[ ! -f "$CONFIG"/mode ] && echo "$DEFAULT_MODE" > "$CONFIG"/mode
[[ ! -L "${CONFIG}"/wallpaper ]] && ln -sf "${DEFAULT_WALLPAPER}" "${CONFIG}"/wallpaper
[[ ! -f "${CONFIG}"/mode ]] && echo "${DEFAULT_MODE}" > "${CONFIG}"/mode
WALLPAPER=""
MODE=""
set_wallpaper() {
if [ -f "$1" ]; then
if [[ -f "$1" ]]; then
WALLPAPER="$1"
else
echo "Invalid wallpaper path: $1"
@@ -14,7 +14,7 @@ set_wallpaper() {
}
set_mode() {
if [ "$1" = "light" ] || [ "$1" = "dark" ]; then
if [[ "$1" = "light" ]] || [[ "$1" = "dark" ]]; then
MODE="$1"
else
echo "Invalid mode: $1. Use 'light' or 'dark'."
@@ -23,7 +23,7 @@ set_mode() {
}
toggle_mode() {
if [ "$(cat "$CONFIG"/mode)" = "light" ]; then
if [[ "$(cat "${CONFIG}"/mode)" = "light" ]]; then
MODE="dark"
else
MODE="light"
@@ -35,18 +35,18 @@ show_usage() {
}
finish() {
[ -n "$WALLPAPER" ] && ln -sf "$WALLPAPER" "$CONFIG"/wallpaper
[ -n "$MODE" ] && echo "$MODE" > "$CONFIG"/mode
[[ -n "${WALLPAPER}" ]] && ln -sf "${WALLPAPER}" "${CONFIG}"/wallpaper
[[ -n "${MODE}" ]] && echo "${MODE}" > "${CONFIG}"/mode
"$ACTIVATION" > /dev/null
"${ACTIVATION}" > /dev/null
}
if [ $# -eq 0 ]; then
if [[ $# -eq 0 ]]; then
finish
else
case "$1" in
toggle)
if [ $# -eq 1 ]; then
if [[ $# -eq 1 ]]; then
toggle_mode
else
show_usage
@@ -54,7 +54,7 @@ else
fi
;;
light)
if [ $# -eq 1 ]; then
if [[ $# -eq 1 ]]; then
set_mode "light"
else
show_usage
@@ -62,7 +62,7 @@ else
fi
;;
dark)
if [ $# -eq 1 ]; then
if [[ $# -eq 1 ]]; then
set_mode "dark"
else
show_usage
@@ -70,7 +70,7 @@ else
fi
;;
mode)
if [ $# -eq 2 ]; then
if [[ $# -eq 2 ]]; then
set_mode "$2"
else
show_usage
@@ -78,9 +78,9 @@ else
fi
;;
wallpaper)
if [ $# -ge 2 ] && [ $# -le 3 ]; then
if [[ $# -ge 2 ]] && [[ $# -le 3 ]]; then
set_wallpaper "$2"
[ $# -eq 3 ] && set_mode "$3"
[[ $# -eq 3 ]] && set_mode "$3"
else
show_usage
exit 1

14
hosts/eirene/README.md Normal file
View File

@@ -0,0 +1,14 @@
# eirene
## Post-Install Checklist
### Networking
- [ ] Add NetworkManager connections
- [ ] Connect Bluetooth devices
- [ ] Add printers
### Third-party Services
- [ ] Firefox
- [ ] Spotify

10
hosts/eirene/base/card.sh
View File

@@ -1,10 +0,0 @@
AMD=/dev/dri/by-path/pci-0000:06:00.0-card
NVIDIA=/dev/dri/by-path/pci-0000:01:00.0-card
if [ -e $AMD ]; then
CARD=$AMD
else
CARD=$NVIDIA
fi
ln -sf $CARD $HOME/.config/hypr/card

101
hosts/eirene/base/default.nix
View File

@@ -1,101 +0,0 @@
{
config,
inputs,
lib,
pkgs,
...
}:
{
imports = [
inputs.disko.nixosModules.disko
(import ../format.nix {
device = "/dev/disk/by-id/nvme-SAMSUNG_MZVL22T0HBLB-00BL2_S64RNE0R602762";
})
./hardware-configuration.nix
../../common/system/configs/tlp
../.
];
networking.hostName = "eirene";
# https://github.com/NixOS/nixos-hardware/tree/master/lenovo/legion/16achg6
hardware = {
enableAllFirmware = true;
cpu = {
cores = 8;
threads = 16;
amd.updateMicrocode = true;
};
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
open = false;
prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
nvidiaBusId = "PCI:1:0:0";
amdgpuBusId = "PCI:6:0:0";
};
};
graphics = {
enable32Bit = true;
extraPackages = with pkgs; [
amdvlk
driversi686Linux.amdvlk
rocmPackages.clr
rocmPackages.clr.icd
];
};
};
services = {
xserver.videoDrivers = [ "nvidia" ];
fstrim.enable = true;
tlp.settings.DISK_DEVICES = "nvme0n1 nvme1n1";
};
boot = {
kernelParams = [
"amd_pstate=active"
"video=eDP-1:2560x1600@165"
];
initrd.kernelModules = [ "amdgpu" ];
};
home-manager.sharedModules = lib.mkIf config.programs.hyprland.enable [
{
wayland.windowManager.hyprland.settings = {
monitor = "eDP-1, 2560x1600@165, 0x0, 1.25";
env = [ "WLR_DRM_DEVICES,$HOME/.config/hypr/card" ];
device = [
{
name = "syna2ba6:00-06cb:ce44-touchpad";
sensitivity = 0.5;
}
];
gestures.workspace_swipe_distance = 600;
};
programs = {
zsh.loginExtra = lib.mkBefore (builtins.readFile ./card.sh);
# VSCode does not play well with fractional scaling
vscode.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2;
};
theme = {
cursor.size = 24;
};
}
];
nixpkgs.config = {
cudaSupport = true;
rocmSupport = true;
};
}

94
hosts/eirene/default.nix
View File

@@ -1,5 +1,14 @@
{
inputs,
lib,
pkgs,
...
}:
{
imports = [
inputs.disko.nixosModules.disko
(import ./format.nix { device = "/dev/disk/by-id/nvme-SAMSUNG_MZVL22T0HBLB-00BL2_S64RNE0R602762"; })
./hardware-configuration.nix
../common/system/configs/bluetooth
../common/system/configs/boot
../common/system/configs/brightnessctl
@@ -27,15 +36,98 @@
../common/system/configs/ssh
../common/system/configs/system
../common/system/configs/timezone
../common/system/configs/tlp
../common/system/configs/tmux
../common/system/configs/tree
../common/system/configs/users
../common/system/configs/wget
../common/system/configs/zsh
../common/system/scripts/cleanup
./nick.nix
./users/nick.nix
];
# https://github.com/NixOS/nixos-hardware/tree/master/lenovo/legion/16achg6
hardware = {
enableAllFirmware = true;
cpu = {
cores = 8;
threads = 16;
amd.updateMicrocode = true;
};
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
open = false;
prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
nvidiaBusId = "PCI:1:0:0";
amdgpuBusId = "PCI:6:0:0";
};
};
graphics = {
enable32Bit = true;
extraPackages = with pkgs; [
amdvlk
driversi686Linux.amdvlk
rocmPackages.clr
rocmPackages.clr.icd
];
};
};
networking.hostName = "eirene";
i18n.defaultLocale = "en_US.UTF-8";
sops.defaultSopsFile = ./secrets/secrets.yaml;
services = {
xserver.videoDrivers = [ "nvidia" ];
fstrim.enable = true;
tlp.settings.DISK_DEVICES = "nvme0n1 nvme1n1";
};
boot = {
kernelParams = [
"amd_pstate=active"
"video=eDP-1:2560x1600@165"
];
initrd.kernelModules = [ "amdgpu" ];
};
nixpkgs.config = {
cudaSupport = true;
rocmSupport = true;
};
home-manager.sharedModules = [
{
wayland.windowManager.hyprland.settings = {
monitor = "eDP-1, 2560x1600@165, 0x0, 1.25";
env = [ "WLR_DRM_DEVICES,$HOME/.config/hypr/card" ];
device = [
{
name = "syna2ba6:00-06cb:ce44-touchpad";
sensitivity = 0.5;
}
];
gestures.workspace_swipe_distance = 600;
};
programs = {
zsh.loginExtra = lib.mkBefore (builtins.readFile ./scripts/card.sh);
# VSCode does not play well with fractional scaling
vscode.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2;
};
theme = {
cursor.size = 24;
};
}
];
}

0
hosts/eirene/base/hardware-configuration.nix → hosts/eirene/hardware-configuration.nix
View File

115
hosts/eirene/nick.nix
View File

@@ -1,115 +0,0 @@
{ config, ... }:
let
# https://github.com/NixOS/nixpkgs/issues/24570
# https://github.com/NixOS/nixpkgs/issues/305643
user = "nick";
home = "/home/nick";
in
{
imports = [
../common/user/configs/options.nix
(import ../common/user/configs/console/android { inherit user home; })
(import ../common/user/configs/console/bluetooth { inherit user home; })
(import ../common/user/configs/console/brightnessctl { inherit user home; })
(import ../common/user/configs/console/btop { inherit user home; })
(import ../common/user/configs/console/docker { inherit user home; })
(import ../common/user/configs/console/fastfetch { inherit user home; })
(import ../common/user/configs/console/ffmpeg { inherit user home; })
(import ../common/user/configs/console/git { inherit user home; })
(import ../common/user/configs/console/gpg-agent { inherit user home; })
(import ../common/user/configs/console/home-manager { inherit user home; })
(import ../common/user/configs/console/imagemagick { inherit user home; })
(import ../common/user/configs/console/ncdu { inherit user home; })
(import ../common/user/configs/console/neovim { inherit user home; })
(import ../common/user/configs/console/nixpkgs { inherit user home; })
(import ../common/user/configs/console/pipewire { inherit user home; })
(import ../common/user/configs/console/ranger { inherit user home; })
(import ../common/user/configs/console/sops { inherit user home; })
(import ../common/user/configs/console/syncthing { inherit user home; })
(import ../common/user/configs/console/tmux { inherit user home; })
(import ../common/user/configs/console/tree { inherit user home; })
(import ../common/user/configs/console/wget { inherit user home; })
(import ../common/user/configs/console/xdg { inherit user home; })
(import ../common/user/configs/console/yt-dlp { inherit user home; })
(import ../common/user/configs/console/zsh { inherit user home; })
(import ../common/user/configs/gui/ags { inherit user home; })
(import ../common/user/configs/gui/bluetooth { inherit user home; })
(import ../common/user/configs/gui/brightnessctl { inherit user home; })
(import ../common/user/configs/gui/btop { inherit user home; })
(import ../common/user/configs/gui/chromium { inherit user home; })
(import ../common/user/configs/gui/cliphist { inherit user home; })
(import ../common/user/configs/gui/emoji { inherit user home; })
(import ../common/user/configs/gui/firefox { inherit user home; })
(import ../common/user/configs/gui/gtk { inherit user home; })
(import ../common/user/configs/gui/hyprland { inherit user home; })
(import ../common/user/configs/gui/hyprshot { inherit user home; })
(import ../common/user/configs/gui/kitty { inherit user home; })
(import ../common/user/configs/gui/libreoffice { inherit user home; })
(import ../common/user/configs/gui/networking { inherit user home; })
(import ../common/user/configs/gui/obsidian { inherit user home; })
(import ../common/user/configs/gui/pipewire { inherit user home; })
(import ../common/user/configs/gui/qalculate { inherit user home; })
(import ../common/user/configs/gui/qt { inherit user home; })
(import ../common/user/configs/gui/rofi { inherit user home; })
(import ../common/user/configs/gui/spicetify { inherit user home; })
(import ../common/user/configs/gui/swww { inherit user home; })
(import ../common/user/configs/gui/theme { inherit user home; })
(import ../common/user/configs/gui/transmission { inherit user home; })
(import ../common/user/configs/gui/vscode { inherit user home; })
(import ../common/user/configs/gui/wev { inherit user home; })
(import ../common/user/configs/gui/x11 { inherit user home; })
];
sops.secrets."${user}-password" = {
sopsFile = ../../users/${user}/secrets/secrets.yaml;
key = "password";
neededForUsers = true;
};
users.users.${user} = {
inherit home;
isNormalUser = true;
email = "nick@karaolidis.com";
fullName = "Nikolaos Karaolidis";
description = "Nikolaos Karaolidis";
hashedPasswordFile = config.sops.secrets."${user}-password".path;
extraGroups = [ "wheel" ];
linger = true;
uid = 1000;
};
services.getty.autologinUser = user;
home-manager.users.${user} = {
home = {
username = user;
homeDirectory = home;
};
sops.defaultSopsFile = ../../users/${user}/secrets/secrets.yaml;
theme.wallpaper = ../../users/${user}/secrets/wallpapers/clouds.png;
programs.obsidian.vaults."Documents/Obsidian/master".enable = true;
services.syncthing.settings.folders = {
obsidian = {
label = "Obsidian";
path = "Documents/Obsidian";
devices = [
"amalthea"
"ganymede"
];
};
official = {
label = "Official";
path = "Documents/Official";
devices = [
"amalthea"
"ganymede"
];
};
};
home.file."Documents/Obsidian/.stignore".source = ../common/user/configs/gui/obsidian/config/.stignore;
};
}

10
hosts/eirene/scripts/card.sh Normal file
View File

@@ -0,0 +1,10 @@
AMD=/dev/dri/by-path/pci-0000:06:00.0-card
NVIDIA=/dev/dri/by-path/pci-0000:01:00.0-card
if [[ -e "${AMD}" ]]; then
CARD=${AMD}
else
CARD=${NVIDIA}
fi
ln -sf "${CARD}" "${HOME}"/.config/hypr/card

115
hosts/eirene/users/nick.nix Normal file
View File

@@ -0,0 +1,115 @@
{ config, ... }:
let
# https://github.com/NixOS/nixpkgs/issues/24570
# https://github.com/NixOS/nixpkgs/issues/305643
user = "nick";
home = "/home/nick";
in
{
imports = [
../../common/user/configs/options.nix
(import ../../common/user/configs/console/android { inherit user home; })
(import ../../common/user/configs/console/bluetooth { inherit user home; })
(import ../../common/user/configs/console/brightnessctl { inherit user home; })
(import ../../common/user/configs/console/btop { inherit user home; })
(import ../../common/user/configs/console/docker { inherit user home; })
(import ../../common/user/configs/console/fastfetch { inherit user home; })
(import ../../common/user/configs/console/ffmpeg { inherit user home; })
(import ../../common/user/configs/console/git { inherit user home; })
(import ../../common/user/configs/console/gpg-agent { inherit user home; })
(import ../../common/user/configs/console/home-manager { inherit user home; })
(import ../../common/user/configs/console/imagemagick { inherit user home; })
(import ../../common/user/configs/console/ncdu { inherit user home; })
(import ../../common/user/configs/console/neovim { inherit user home; })
(import ../../common/user/configs/console/nixpkgs { inherit user home; })
(import ../../common/user/configs/console/pipewire { inherit user home; })
(import ../../common/user/configs/console/ranger { inherit user home; })
(import ../../common/user/configs/console/sops { inherit user home; })
(import ../../common/user/configs/console/syncthing { inherit user home; })
(import ../../common/user/configs/console/tmux { inherit user home; })
(import ../../common/user/configs/console/tree { inherit user home; })
(import ../../common/user/configs/console/wget { inherit user home; })
(import ../../common/user/configs/console/xdg { inherit user home; })
(import ../../common/user/configs/console/yt-dlp { inherit user home; })
(import ../../common/user/configs/console/zsh { inherit user home; })
(import ../../common/user/configs/gui/ags { inherit user home; })
(import ../../common/user/configs/gui/bluetooth { inherit user home; })
(import ../../common/user/configs/gui/brightnessctl { inherit user home; })
(import ../../common/user/configs/gui/btop { inherit user home; })
(import ../../common/user/configs/gui/chromium { inherit user home; })
(import ../../common/user/configs/gui/cliphist { inherit user home; })
(import ../../common/user/configs/gui/emoji { inherit user home; })
(import ../../common/user/configs/gui/firefox { inherit user home; })
(import ../../common/user/configs/gui/gtk { inherit user home; })
(import ../../common/user/configs/gui/hyprland { inherit user home; })
(import ../../common/user/configs/gui/hyprshot { inherit user home; })
(import ../../common/user/configs/gui/kitty { inherit user home; })
(import ../../common/user/configs/gui/libreoffice { inherit user home; })
(import ../../common/user/configs/gui/networking { inherit user home; })
(import ../../common/user/configs/gui/obsidian { inherit user home; })
(import ../../common/user/configs/gui/pipewire { inherit user home; })
(import ../../common/user/configs/gui/qalculate { inherit user home; })
(import ../../common/user/configs/gui/qt { inherit user home; })
(import ../../common/user/configs/gui/rofi { inherit user home; })
(import ../../common/user/configs/gui/spicetify { inherit user home; })
(import ../../common/user/configs/gui/swww { inherit user home; })
(import ../../common/user/configs/gui/theme { inherit user home; })
(import ../../common/user/configs/gui/transmission { inherit user home; })
(import ../../common/user/configs/gui/vscode { inherit user home; })
(import ../../common/user/configs/gui/wev { inherit user home; })
(import ../../common/user/configs/gui/x11 { inherit user home; })
];
sops.secrets."${user}-password" = {
sopsFile = ../../../users/${user}/secrets/secrets.yaml;
key = "password";
neededForUsers = true;
};
users.users.${user} = {
inherit home;
isNormalUser = true;
email = "nick@karaolidis.com";
fullName = "Nikolaos Karaolidis";
description = "Nikolaos Karaolidis";
hashedPasswordFile = config.sops.secrets."${user}-password".path;
extraGroups = [ "wheel" ];
linger = true;
uid = 1000;
};
services.getty.autologinUser = user;
home-manager.users.${user} = {
home = {
username = user;
homeDirectory = home;
};
sops.defaultSopsFile = ../../../users/${user}/secrets/secrets.yaml;
theme.wallpaper = ../../../users/${user}/secrets/wallpapers/clouds.png;
programs.obsidian.vaults."Documents/Obsidian/master".enable = true;
services.syncthing.settings.folders = {
obsidian = {
label = "Obsidian";
path = "Documents/Obsidian";
devices = [
"amalthea"
"ganymede"
];
};
official = {
label = "Official";
path = "Documents/Official";
devices = [
"amalthea"
"ganymede"
];
};
};
home.file."Documents/Obsidian/.stignore".source = ../../common/user/configs/gui/obsidian/config/.stignore;
};
}

27
hosts/eirene/vm/default.nix
View File

@@ -1,27 +0,0 @@
{
config,
inputs,
lib,
...
}:
{
imports = [
inputs.disko.nixosModules.disko
(import ../format.nix { device = "/dev/vda"; })
./hardware-configuration.nix
../.
];
networking.hostName = "eirene-vm";
boot.kernelParams = [ "video=Virtual-1:2560x1600@60" ];
fileSystems."/host" = {
device = "host";
fsType = "virtiofs";
};
home-manager.sharedModules = lib.mkIf config.programs.hyprland.enable [
{ wayland.windowManager.hyprland.settings.monitor = "Virtual-1, 2560x1600@60, 0x0, 1"; }
];
}

18
hosts/eirene/vm/hardware-configuration.nix
View File

@@ -1,18 +0,0 @@
{ lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sr_mod"
"virtio_blk"
];
kernelModules = [ "kvm-amd" ];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

28
scripts/add-host.sh Executable file
View File

@@ -0,0 +1,28 @@
#!/usr/bin/env bash
if [[ "$#" -ne 2 ]]; then
echo "Usage: $0 <host> <sops-master-key>"
exit 1
fi
HOST="$1"
mkdir -p "./hosts/${HOST}/secrets"
ssh-keygen -t ed25519 -f "./hosts/${HOST}/secrets/ssh_host_ed25519_key" -N ""
AGE_KEY=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/${HOST}/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")
for SOPS_FILE in $(find . -type f -name "sops.yaml"); do
sed -i "/- hosts:/a\ - &${HOST} ${AGE_KEY}" "${SOPS_FILE}"
sed -i "/- age:/a\ - *${HOST}" "${SOPS_FILE}"
done
sed -i "/knownHosts = {/a\ ${HOST}.publicKeyFile = ../../../../${HOST}/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/system/configs/ssh/default.nix
"$(dirname "$0")/update-keys.sh" "$2"
echo "Host ${HOST} has been successfully added."
echo "Please generate SSH key pairs for any users that need to connect to user@host."
echo "Use the following command:"
echo "ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_${HOST}_<user>"

23
scripts/add-user.sh Executable file
View File

@@ -0,0 +1,23 @@
#!/usr/bin/env bash
if [[ "$#" -ne 2 ]]; then
echo "Usage: $0 <user> <sops-master-key>"
exit 1
fi
USER="$1"
mkdir -p "./users/${USER}/secrets"
nix shell nixpkgs#age --command age-keygen -o "./users/${USER}/secrets/key.txt"
AGE_KEY=$(grep "^# public key: " "./users/${USER}/secrets/key.txt" | sed "s/# public key: //")
for SOPS_FILE in $(find . -type f -name "sops.yaml"); do
sed -i "/- users:/a\ - &${USER} ${AGE_KEY}" "${SOPS_FILE}"
sed -i "/- age:/a\ - *${USER}" "${SOPS_FILE}"
done
"$(dirname "$0")/update-keys.sh" "$2"
echo "User ${USER} has been successfully added."

122
scripts/install.sh Executable file
View File

@@ -0,0 +1,122 @@
#!/usr/bin/env bash
check_root() {
if [[ "${EUID}" -ne 0 ]]; then
echo "Please run the script as root."
exit 1
fi
}
check_network() {
if ping -c 1 google.com &>/dev/null; then
echo "Network connection detected, skipping Wi-Fi setup."
return
fi
echo "No network connection detected."
echo "Would you like to connect to a Wi-Fi network? [y/N]"
read -r connect_wifi
if ! [[ "${connect_wifi}" =~ ^([yY][eE][sS]|[yY])$ ]]; then
echo "Please connect to a network before proceeding."
exit 1
fi
setup_wifi
}
setup_wifi() {
echo "Available network interfaces:"
ip link show | grep -E '^[0-9]+:' | awk '{print $2}' | tr -d ':'
echo "Enter the network interface you want to use:"
read -r interface
echo "Do you want to connect to an open network? [y/N]"
read -r open_network
if [[ "${open_network}" =~ ^([yY][eE][sS]|[yY])$ ]]; then
echo "Enter the SSID of the open network:"
read -r ssid
wpa_supplicant -i "${interface}" -c <(wpa_passphrase "${ssid}") -B
else
echo "Enter the SSID:"
read -r ssid
echo "Enter the passphrase:"
read -rs passphrase
wpa_passphrase "${ssid}" "${passphrase}" > wifi.conf
wpa_supplicant -i "${interface}" -c wifi.conf -B
rm wifi.conf
fi
dhcpcd
}
select_host() {
echo "Available hosts:"
echo $(nix flake show --json | nix shell nixpkgs#jq --command jq -r '.nixosConfigurations | keys[]')
echo "Enter host:"
read -r host
}
select_users() {
echo "Available users:"
ls users/
echo "Enter the users to copy keys for (space-separated):"
read -r -a users
}
prepare_disk() {
local mode="$1"
device=$(grep -oP '(?<=device = ")[^"]+' "./hosts/${host}/default.nix")
nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode "${mode}" "./hosts/${host}/format.nix" --arg device "\"${device}\""
}
copy_keys() {
mkdir -p /mnt/persist/etc/ssh
cp "./hosts/${host}/secrets/ssh_host_ed25519_key" /mnt/persist/etc/ssh/ssh_host_ed25519_key
for user in "${users[@]}"; do
mkdir -p "/mnt/persist/home/${user}/.local/share/sops-nix"
cp "./users/${user}/secrets/key.txt" "/mnt/persist/home/${user}/.local/share/sops-nix/key.txt"
done
}
install() {
nixos-install --root /mnt --flake ".#${host}"
}
main() {
check_root
check_network
select_host
echo "What would you like to do with ${host}?"
echo "1) Install"
echo "2) Repair"
read -r choice
case ${choice} in
1)
select_users
prepare_disk "disko"
copy_keys
install
echo "Installation complete. Please reboot your system."
;;
2)
prepare_disk "mount"
install
echo "Repair complete. Please reboot your system."
;;
*)
echo "Invalid choice."
;;
esac
}
main

24
scripts/remove-host.sh Executable file
View File

@@ -0,0 +1,24 @@
#!/usr/bin/env bash
if [[ "$#" -ne 2 ]]; then
echo "Usage: $0 <host> <sops-master-key>"
exit 1
fi
HOST="$1"
AGE_KEY=$(nix shell nixpkgs#ssh-to-age --command bash -c "cat './hosts/${HOST}/secrets/ssh_host_ed25519_key.pub' | ssh-to-age")
for SOPS_FILE in $(find . -type f -name "sops.yaml"); do
sed -i "/ - &${HOST} ${AGE_KEY}/d" "${SOPS_FILE}"
sed -i "/ - \*${HOST}/d" "${SOPS_FILE}"
done
sed -i "/${HOST}.publicKeyFile/d" ./hosts/common/system/configs/ssh/default.nix
"$(dirname "$0")/update-keys.sh" "$2"
rm -rf "./hosts/${HOST}"
echo "Host ${HOST} has been successfully removed."
echo "Please remove SSH key pairs for any users that used to connect to this host."

21
scripts/remove-user.sh Executable file
View File

@@ -0,0 +1,21 @@
#!/usr/bin/env bash
if [[ "$#" -ne 2 ]]; then
echo "Usage: $0 <user> <sops-master-key>"
exit 1
fi
USER="$1"
AGE_KEY=$(grep "^# public key: " "./users/${USER}/secrets/key.txt" | sed "s/# public key: //")
for SOPS_FILE in $(find . -type f -name "sops.yaml"); do
sed -i "/ - &${USER} ${AGE_KEY}/d" "${SOPS_FILE}"
sed -i "/ - \*${USER}/d" "${SOPS_FILE}"
done
"$(dirname "$0")/update-keys.sh" "$2"
rm -rf ./users/"${USER}"
echo "User ${USER} has been successfully removed."

17
scripts/update-keys.sh Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env bash
if [[ "$#" -ne 1 ]]; then
echo "Usage: $0 <sops-master-key>"
exit 1
fi
export SOPS_AGE_KEY_FILE="$1"
for SOPS_FILE in $(find . -type f -name 'sops.yaml'); do
dir=$(dirname "${SOPS_FILE}")
echo "${dir}"
find "${dir}" -maxdepth 1 -type f -regextype posix-extended -regex '.+\.(yaml|yml|json|env|ini|bin)' | while read -r file; do
echo "${file}"
nix shell nixpkgs#sops --command sops --config "${SOPS_FILE}" updatekeys "${file}" -y
done
done

22
update-submodules.sh → scripts/update.sh
View File

@@ -1,28 +1,24 @@
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
paths=$(git config --file .gitmodules --name-only --get-regexp path | while read -r line; do
path=$(git config --file .gitmodules --get "$line")
path=$(git config --file .gitmodules --get "${line}")
url=$(git config --file .gitmodules --get "${line%.*}.url")
if [[ $url == *"karaolidis"* ]]; then
echo "$path"
if [[ ${url} == *"karaolidis"* ]]; then
echo "${path}"
fi
done)
for path in $paths; do
echo "Processing submodule: $path"
for path in ${paths}; do
echo "Processing submodule: ${path}"
cd "$path"
cd "${path}" || exit
git checkout master
git fetch upstream
git merge upstream/master
branches=$(git for-each-ref --format='%(refname:short)' refs/heads/ | grep -v '^master$')
for branch in $branches; do
git checkout "$branch"
for branch in ${branches}; do
git checkout "${branch}"
git rebase master
done
@@ -30,7 +26,7 @@ for path in $paths; do
git push origin --all --force-with-lease
git push origin --tags --force-with-lease
cd - > /dev/null
cd - > /dev/null || exit
done
echo "All submodules updated successfully."