Move some (all) files around

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

hosts/common/system/configs/bluetooth/default.nix

@@ -0,0 +1,11 @@
+{
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = true;
+    settings = {
+      General.Experimental = true;
+    };
+  };
+
+  environment.persistence."/persist".directories = [ "/var/lib/bluetooth" ];
+}

hosts/common/system/configs/boot/default.nix

@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+{
+  boot = {
+    loader = {
+      systemd-boot = {
+        enable = true;
+        editor = false;
+      };
+
+      timeout = 1;
+      efi.canTouchEfiVariables = true;
+    };
+
+    initrd.systemd.enable = true;
+    kernelPackages = pkgs.linuxPackages_latest;
+    supportedFilesystems = [
+      "btrfs"
+      "ntfs"
+    ];
+  };
+}

hosts/common/system/configs/brightnessctl/default.nix

@@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  environment.systemPackages = with pkgs; [ brightnessctl ];
+
+  services.udev.extraRules =
+    let
+      chgrp = "${pkgs.coreutils}/bin/chgrp";
+      chmod = "${pkgs.coreutils}/bin/chmod";
+    in
+    ''
+      ACTION=="add", SUBSYSTEM=="backlight", RUN+="${chgrp} video /sys/class/backlight/%k/brightness"
+      ACTION=="add", SUBSYSTEM=="backlight", RUN+="${chmod} g+w   /sys/class/backlight/%k/brightness"
+      ACTION=="add", SUBSYSTEM=="leds",      RUN+="${chgrp} input /sys/class/leds/%k/brightness"
+      ACTION=="add", SUBSYSTEM=="leds",      RUN+="${chmod} g+w   /sys/class/leds/%k/brightness"
+    '';
+
+  users.groups =
+    let
+      members = builtins.attrNames (
+        lib.attrsets.filterAttrs (_: config: config.isNormalUser) config.users.users
+      );
+    in
+    {
+      video.members = members;
+      input.members = members;
+    };
+}

hosts/common/system/configs/btop/default.nix

@@ -0,0 +1,4 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [ btop ];
+}

hosts/common/system/configs/fastfetch/default.nix

@@ -0,0 +1,4 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [ fastfetch ];
+}

hosts/common/system/configs/getty/default.nix

@@ -0,0 +1,9 @@
+{ config, lib, ... }:
+{
+  services.getty.extraArgs = lib.mkIf (config.services.getty.autologinUser != null) [
+    "--skip-login"
+    "--noissue"
+    "--nohints"
+    "--nohostname"
+  ];
+}

hosts/common/system/configs/git/default.nix

@@ -0,0 +1,6 @@
+{
+  programs.git = {
+    enable = true;
+    lfs.enable = true;
+  };
+}

hosts/common/system/configs/gpg-agent/default.nix

@@ -0,0 +1 @@
+{ programs.gnupg.agent.enable = true; }

hosts/common/system/configs/neovim/default.nix

@@ -0,0 +1,8 @@
+{
+  programs.neovim = {
+    enable = true;
+    defaultEditor = true;
+    viAlias = true;
+    vimAlias = true;
+  };
+}

hosts/common/system/configs/networking/default.nix

@@ -0,0 +1,5 @@
+{
+  networking.networkmanager.enable = true;
+
+  environment.persistence."/persist".directories = [ "/etc/NetworkManager/system-connections" ];
+}

hosts/common/system/configs/nix-ld/default.nix

@@ -0,0 +1,6 @@
+{
+  programs.nix-ld = {
+    enable = true;
+    libraries = [ ];
+  };
+}

hosts/common/system/configs/nix/default.nix

@@ -0,0 +1,18 @@
+{ inputs, ... }:
+{
+  nix = {
+    settings = {
+      use-xdg-base-directories = true;
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+    };
+
+    registry.self.flake = inputs.self;
+    gc.automatic = true;
+    optimise.automatic = true;
+  };
+
+  nixpkgs.config.allowUnfree = true;
+}

hosts/common/system/configs/persist/default.nix

@@ -0,0 +1,43 @@
+{ inputs, pkgs, ... }:
+{
+  imports = [ inputs.impermanence.nixosModules.impermanence ];
+
+  boot.initrd.systemd =
+    let
+      bins = with pkgs; [
+        coreutils
+        util-linux
+        findutils
+        btrfs-progs
+      ];
+    in
+    {
+      initrdBin = bins;
+
+      services.impermanence = {
+        description = "Rollback BTRFS subvolumes to a pristine state";
+
+        serviceConfig.Type = "oneshot";
+        wantedBy = [ "initrd.target" ];
+        before = [ "sysroot.mount" ];
+        after = [ "cryptsetup.target" ];
+        unitConfig.DefaultDependencies = "no";
+
+        path = bins;
+        script = builtins.readFile ./impermanence.sh;
+      };
+    };
+
+  fileSystems."/persist".neededForBoot = true;
+
+  environment.persistence."/persist" = {
+    hideMounts = true;
+    directories = [
+      "/etc/nixos"
+      "/var/lib/nixos"
+      "/var/lib/systemd/coredump"
+      "/var/log"
+    ];
+    files = [ "/etc/machine-id" ];
+  };
+}

hosts/common/system/configs/persist/impermanence.sh

@@ -0,0 +1,25 @@
+delete_subvolume_recursively() {
+  IFS=$'\n'
+  for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+    delete_subvolume_recursively "/mnt/btrfs/$i"
+  done
+  btrfs subvolume delete "$1"
+}
+
+mkdir -p /mnt/btrfs
+mount /dev/mapper/luks /mnt/btrfs
+
+if [[ -e /mnt/btrfs/@ ]]; then
+  mkdir -p /mnt/btrfs/@.bak
+  timestamp=$(date --date="@$(stat -c %Y /mnt/btrfs/@)" "+%Y-%m-%-d_%H:%M:%S")
+  mv /mnt/btrfs/@ "/mnt/btrfs/@.bak/$timestamp"
+fi
+
+find /mnt/btrfs/@.bak/ -maxdepth 1 -mtime +14 | while IFS= read -r i; do
+  delete_subvolume_recursively "$i"
+done
+
+btrfs subvolume create /mnt/btrfs/@
+
+umount /mnt/btrfs
+rmdir /mnt/btrfs

hosts/common/system/configs/pipewire/default.nix

@@ -0,0 +1,19 @@
+{
+  services.pipewire = {
+    enable = true;
+    alsa = {
+      enable = true;
+      support32Bit = true;
+    };
+    pulse.enable = true;
+    jack.enable = true;
+    extraConfig.pipewire-pulse = {
+      pulse.cmd = [
+        {
+          cmd = "load-module";
+          args = "module-switch-on-connect";
+        }
+      ];
+    };
+  };
+}

hosts/common/system/configs/plymouth/default.nix

@@ -0,0 +1,27 @@
+{ pkgs, ... }:
+{
+  boot = {
+    plymouth =
+      let
+        theme = "connect";
+      in
+      {
+        enable = true;
+        inherit theme;
+        themePackages = with pkgs; [ (adi1090x-plymouth-themes.override { selected_themes = [ theme ]; }) ];
+      };
+
+    initrd.verbose = false;
+    consoleLogLevel = 0;
+
+    kernelParams = [
+      "quiet"
+      "loglevel=3"
+      "splash"
+      "boot.shell_on_fail"
+      "rd.systemd.show_status=false"
+      "rd.udev.log_level=3"
+      "udev.log_priority=3"
+    ];
+  };
+}

hosts/common/system/configs/ranger/default.nix

@@ -0,0 +1,4 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [ ranger ];
+}

hosts/common/system/configs/sops/default.nix

@@ -0,0 +1,15 @@
+{ inputs, pkgs, ... }:
+{
+  imports = [ inputs.sops-nix.nixosModules.sops ];
+
+  environment = {
+    persistence."/persist".files = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    systemPackages = with pkgs; [ sops ];
+  };
+
+  sops.age = {
+    generateKey = true;
+    sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
+    keyFile = "/var/lib/sops-nix/key.txt";
+  };
+}

hosts/common/system/configs/ssh/default.nix

@@ -0,0 +1,7 @@
+{
+  programs.ssh = {
+    knownHosts = {
+      eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub;
+    };
+  };
+}

hosts/common/system/configs/system/default.nix

@@ -0,0 +1,17 @@
+{ inputs, ... }:
+{
+  system = {
+    autoUpgrade = {
+      enable = true;
+      flake = inputs.self.outPath;
+      flags = [
+        "--update-input"
+        "nixpkgs"
+        "-L"
+      ];
+      dates = "02:00";
+    };
+
+    stateVersion = "24.05";
+  };
+}

hosts/common/system/configs/tmux/default.nix

@@ -0,0 +1,9 @@
+{
+  programs.tmux = {
+    enable = true;
+    clock24 = true;
+    historyLimit = 10000;
+    keyMode = "vi";
+    newSession = true;
+  };
+}

hosts/common/system/configs/tree/default.nix

@@ -0,0 +1,4 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [ tree ];
+}

hosts/common/system/configs/users/default.nix

@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+  users = {
+    mutableUsers = false;
+    defaultUserShell = pkgs.zsh;
+  };
+
+  security.sudo.extraConfig = ''
+    Defaults lecture = never
+  '';
+}

hosts/common/system/configs/zsh/default.nix

@@ -0,0 +1,11 @@
+{
+  programs.zsh = {
+    enable = true;
+    histFile = "/var/lib/zsh/history";
+  };
+
+  environment = {
+    persistence."/persist".directories = [ "/var/lib/zsh" ];
+    pathsToLink = [ "/share/zsh" ];
+  };
+}

hosts/common/system/scripts/cleanup/cleanup.sh

@@ -0,0 +1,36 @@
+if [ "$(id -u)" -ne 0 ]; then
+  echo "This script must be run as root or with sudo privileges."
+  exit 1
+fi
+
+delete_subvolume_recursively() {
+  IFS=$'\n'
+  for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+    delete_subvolume_recursively "/mnt/btrfs/$i"
+  done
+  btrfs subvolume delete "$1"
+}
+
+if [[ -e /mnt/btrfs && $(mountpoint -q /mnt/btrfs) ]]; then
+  echo "/mnt/btrfs is already mounted. Exiting."
+  exit 1
+fi
+
+mkdir -p /mnt/btrfs
+mount /dev/mapper/luks /mnt/btrfs
+
+if [[ -e /mnt/btrfs/@.bak ]]; then
+  if [ "$(ls -A /mnt/btrfs/@.bak)" ]; then
+    for i in /mnt/btrfs/@.bak/*; do
+      delete_subvolume_recursively "$i"
+    done
+  else
+    echo "/mnt/btrfs/@.bak is empty. Nothing to delete."
+  fi
+fi
+
+umount /mnt/btrfs
+rmdir /mnt/btrfs
+
+nix-collect-garbage -d
+nix-store --gc -v

hosts/common/system/scripts/cleanup/default.nix

@@ -0,0 +1,16 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = [
+    (pkgs.writeShellApplication {
+      name = "nix-cleanup";
+      runtimeInputs = with pkgs; [
+        coreutils
+        util-linux
+        findutils
+        btrfs-progs
+        nix
+      ];
+      text = builtins.readFile ./cleanup.sh;
+    })
+  ];
+}