diff --git a/README.md b/README.md index ef859bf..5551187 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,8 @@ Any `options.nix` files create custom option definitions when present. Below is a table of all hosts, with links to their respective README files, which may provide further details and/or post-installation checklists. -| Host | README | -|----------|----------------------------------------------------| -| `eirene` | [hosts/eirene/README.md](./hosts/eirene/README.md) | -| `elara` | [hosts/elara/README.md](./hosts/elara/README.md) | +| Host | README | +|-------------|------------------------------------------------------| +| `installer` | [hosts/installer/README.md](./hosts/installer/README.md) | +| `eirene` | [hosts/eirene/README.md](./hosts/eirene/README.md) | +| `elara` | [hosts/elara/README.md](./hosts/elara/README.md) | diff --git a/flake.nix b/flake.nix index 0afd00e..787d775 100644 --- a/flake.nix +++ b/flake.nix @@ -69,6 +69,14 @@ { self, nixpkgs, ... }@inputs: { nixosConfigurations = { + installer = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs; + }; + system = "x86_64-linux"; + modules = [ ./hosts/installer ]; + }; + eirene = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; diff --git a/hosts/common/system/configs/ssh/default.nix b/hosts/common/system/configs/ssh/default.nix index 5744346..04dd3ff 100644 --- a/hosts/common/system/configs/ssh/default.nix +++ b/hosts/common/system/configs/ssh/default.nix @@ -2,6 +2,7 @@ { programs.ssh = { knownHosts = { + installer.publicKeyFile = ../../../../installer/secrets/ssh_host_ed25519_key.pub; eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub; elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub; }; diff --git a/hosts/common/user/configs/console/ssh/default.nix b/hosts/common/user/configs/console/ssh/default.nix index aaf9f62..d6aa172 100644 --- a/hosts/common/user/configs/console/ssh/default.nix +++ b/hosts/common/user/configs/console/ssh/default.nix @@ -14,6 +14,7 @@ enable = true; addKeysToAgent = "yes"; userKnownHostsFile = lib.strings.concatStringsSep " " [ + ../../../../../installer/secrets/ssh_host_ed25519_key.pub ../../../../../eirene/secrets/ssh_host_ed25519_key.pub ../../../../../elara/secrets/ssh_host_ed25519_key.pub ]; diff --git a/hosts/elara/README.md b/hosts/elara/README.md index ca83c6c..0dac3c2 100644 --- a/hosts/elara/README.md +++ b/hosts/elara/README.md @@ -1,4 +1,4 @@ -# sas +# elara ## Post-Install Checklist diff --git a/hosts/elara/default.nix b/hosts/elara/default.nix index 00241ec..080704e 100644 --- a/hosts/elara/default.nix +++ b/hosts/elara/default.nix @@ -6,6 +6,8 @@ (import ./format.nix { device = "/dev/disk/by-id/usb-SanDisk_Ultra_Trek_0501990ddf7236633373ea7dd2e6715f954e2dbb35cadae343333f0562cda6aa7ec80000000000000000000042c100baff1e08109f5581078ea6d9c3-0:0"; }) + ./hardware.nix + # elara runs on an external drive on eirene ../eirene/hardware.nix ../eirene/display.nix ../common/system/configs/bluetooth @@ -51,12 +53,6 @@ i18n.defaultLocale = "en_US.UTF-8"; sops.defaultSopsFile = ./secrets/secrets.yaml; - boot.initrd.kernelModules = [ - "xhci_pci" - "usb_storage" - "sd_mod" - ]; - environment.impermanence.device = config.disko.devices.disk.usb.content.partitions.root.content.name; } diff --git a/hosts/elara/hardware.nix b/hosts/elara/hardware.nix new file mode 100644 index 0000000..ebffc94 --- /dev/null +++ b/hosts/elara/hardware.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + boot.initrd.kernelModules = [ + "xhci_pci" + "usb_storage" + "sd_mod" + ]; +} diff --git a/hosts/installer/README.md b/hosts/installer/README.md new file mode 100644 index 0000000..a24c902 --- /dev/null +++ b/hosts/installer/README.md @@ -0,0 +1 @@ +# installer diff --git a/hosts/installer/default.nix b/hosts/installer/default.nix new file mode 100644 index 0000000..eeb0360 --- /dev/null +++ b/hosts/installer/default.nix @@ -0,0 +1,46 @@ +{ config, inputs, ... }: +{ + imports = [ + ../../lib + inputs.disko.nixosModules.disko + (import ./format.nix { + device = "/dev/disk/by-id/usb-SanDisk_Ultra_Trek_050133f0afb69de86a475ee8d2ad97e4916cce11764cffba9ab262d42a7d0d2f66460000000000000000000039b7a3b8ff990a109f5581078ea6e86a-0:0"; + }) + ./hardware.nix + ../common/system/configs/boot + ../common/system/configs/btop + ../common/system/configs/btrfs + ../common/system/configs/fastfetch + ../common/system/configs/getty + ../common/system/configs/git + ../common/system/configs/gpg-agent + ../common/system/configs/impermanence + ../common/system/configs/lsof + ../common/system/configs/ncdu + ../common/system/configs/neovim + ../common/system/configs/networking + ../common/system/configs/nix + ../common/system/configs/nix-cleanup + ../common/system/configs/nix-ld + ../common/system/configs/nixpkgs + ../common/system/configs/ntp + ../common/system/configs/ranger + ../common/system/configs/sops + ../common/system/configs/ssh + ../common/system/configs/system + ../common/system/configs/timezone + ../common/system/configs/tmux + ../common/system/configs/tree + ../common/system/configs/users + ../common/system/configs/wget + ../common/system/configs/zsh + ./users/nick + ]; + + networking.hostName = "installer"; + i18n.defaultLocale = "en_US.UTF-8"; + sops.defaultSopsFile = ./secrets/secrets.yaml; + + environment.impermanence.device = + config.disko.devices.disk.usb.content.partitions.root.content.name; +} diff --git a/hosts/installer/format.nix b/hosts/installer/format.nix new file mode 100644 index 0000000..3895ded --- /dev/null +++ b/hosts/installer/format.nix @@ -0,0 +1,74 @@ +{ + device ? throw "device argument is required", + ... +}: +{ + disko.devices = { + disk.usb = { + inherit device; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "esp"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + name = "usb"; + type = "luks"; + settings = { + allowDiscards = true; + }; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@" = { + mountpoint = "/"; + }; + "@persist" = { + mountpoint = "/persist"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "@cache" = { + mountpoint = "/cache"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/installer/hardware.nix b/hosts/installer/hardware.nix new file mode 100644 index 0000000..f49890e --- /dev/null +++ b/hosts/installer/hardware.nix @@ -0,0 +1,17 @@ +{ ... }: +{ + hardware.enableAllFirmware = true; + + boot.initrd.kernelModules = [ + "nvme" + "ahci" + "usbhid" + "xhci_pci" + "usb_storage" + "sd_mod" + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + + services.fstrim.enable = true; +} diff --git a/hosts/installer/secrets/ssh_host_ed25519_key.pub b/hosts/installer/secrets/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..079297d --- /dev/null +++ b/hosts/installer/secrets/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEIK+JkxkC0E8w0IF59gtpG55JBS/osqs1B7VhsI0eI nick@eirene diff --git a/hosts/installer/users/nick/default.nix b/hosts/installer/users/nick/default.nix new file mode 100644 index 0000000..c6135fa --- /dev/null +++ b/hosts/installer/users/nick/default.nix @@ -0,0 +1,88 @@ +{ config, lib, ... }: +let + # FIXME: https://github.com/NixOS/nixpkgs/issues/24570 + # FIXME: https://github.com/NixOS/nixpkgs/issues/305643 + user = "nick"; + home = "/home/nick"; +in +{ + imports = [ + ../../../common/user/configs/options.nix + (import ../../../common/user/configs/console/bashmount { inherit user home; }) + (import ../../../common/user/configs/console/btop { inherit user home; }) + (import ../../../common/user/configs/console/fastfetch { inherit user home; }) + (import ../../../common/user/configs/console/git { inherit user home; }) + (import ../../../common/user/configs/console/gpg-agent { inherit user home; }) + (import ../../../common/user/configs/console/home-manager { inherit user home; }) + (import ../../../common/user/configs/console/ncdu { inherit user home; }) + (import ../../../common/user/configs/console/neovim { inherit user home; }) + (import ../../../common/user/configs/console/nix-develop { inherit user home; }) + (import ../../../common/user/configs/console/nix-direnv { inherit user home; }) + (import ../../../common/user/configs/console/nixpkgs { inherit user home; }) + (import ../../../common/user/configs/console/ranger { inherit user home; }) + (import ../../../common/user/configs/console/sops { inherit user home; }) + (import ../../../common/user/configs/console/ssh { inherit user home; }) + (import ../../../common/user/configs/console/tmux { inherit user home; }) + (import ../../../common/user/configs/console/tree { inherit user home; }) + (import ../../../common/user/configs/console/wget { inherit user home; }) + (import ../../../common/user/configs/console/xdg { inherit user home; }) + (import ../../../common/user/configs/console/zsh { inherit user home; }) + ]; + + # echo "password" | mkpasswd -s + sops.secrets."${user}-password" = { + sopsFile = ../../../../secrets/personal/secrets.yaml; + key = "password"; + neededForUsers = true; + }; + + users.users.${user} = { + inherit home; + isNormalUser = true; + email = "nick@karaolidis.com"; + fullName = "Nikolaos Karaolidis"; + description = "Nikolaos Karaolidis"; + hashedPasswordFile = config.sops.secrets."${user}-password".path; + extraGroups = [ "wheel" ]; + linger = true; + uid = lib.strings.toInt (builtins.readFile ./uid); + }; + + services.getty.autologinUser = user; + + home-manager.users.${user} = { + home = { + username = user; + homeDirectory = home; + }; + + sops.secrets = { + "git/credentials" = { + sopsFile = ../../../../secrets/personal/secrets.yaml; + path = "${home}/.config/git/credentials"; + }; + "git/cookies" = { + sopsFile = ../../../../secrets/personal/secrets.yaml; + path = "${home}/.config/git/cookies"; + }; + + "ssh/personal/git/key" = { + sopsFile = ../../../../secrets/personal/secrets.yaml; + path = "${home}/.ssh/ssh_git_personal_ed25519_key"; + }; + "ssh/personal/git/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; + + "gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml; + "gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; + }; + + programs.ssh.matchBlocks = { + "github.com" = { + hostname = "github.com"; + user = "git"; + identityFile = "${home}/.ssh/ssh_git_personal_ed25519_key"; + extraOptions.StrictHostKeyChecking = "accept-new"; + }; + }; + }; +} diff --git a/hosts/installer/users/nick/uid b/hosts/installer/users/nick/uid new file mode 100644 index 0000000..83b33d2 --- /dev/null +++ b/hosts/installer/users/nick/uid @@ -0,0 +1 @@ +1000 diff --git a/lib/scripts/add-host.sh b/lib/scripts/add-host.sh index cc7788b..96c0b72 100755 --- a/lib/scripts/add-host.sh +++ b/lib/scripts/add-host.sh @@ -23,7 +23,7 @@ for SOPS_FILE in $(find . -type f -name "sops.yaml"); do done sed -i "/knownHosts = {/a\ ${HOST}.publicKeyFile = ../../../../${HOST}/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/system/configs/ssh/default.nix -sed -i "/userKnownHostsFile = lib.strings.concatStringsSep " " [/a\ \${../../../../../${HOST}/secrets/ssh_host_ed25519_key.pub}" ./hosts/common/user/configs/console/ssh/default.nix +sed -i "/userKnownHostsFile = lib.strings.concatStringsSep \" \" \[/a\ ../../../../../${HOST}/secrets/ssh_host_ed25519_key.pub" ./hosts/common/user/configs/console/ssh/default.nix "$(dirname "$0")/update-keys.sh" "$2" diff --git a/lib/scripts/install.sh b/lib/scripts/install.sh index 1e50098..6b4fe6c 100755 --- a/lib/scripts/install.sh +++ b/lib/scripts/install.sh @@ -3,7 +3,6 @@ set -o errexit set -o nounset set -o pipefail -set -x check_root() { if [[ "${EUID}" -ne 0 ]]; then @@ -22,11 +21,10 @@ check_network() { echo "No network connection detected." echo "Would you like to connect to a Wi-Fi network? [y/N]" - read -r connect_wifi if ! [[ "${connect_wifi}" =~ ^([yY][eE][sS]|[yY])$ ]]; then - echo "Please connect to a network before proceeding." + echo "Connect to a network before proceeding." exit 1 fi @@ -34,33 +32,33 @@ check_network() { } setup_wifi() { - echo "Available network interfaces:" - ip link show | grep -E '^[0-9]+:' | awk '{print $2}' | tr -d ':' + echo "Available Wi-Fi interfaces:" + nmcli device status | awk '$2 == "wifi" {print $1}' - echo "Enter the network interface you want to use:" + echo "Enter the Wi-Fi interface you want to use:" read -r interface - echo "Enter the SSID of the open network:" + echo "Scanning for Wi-Fi networks..." + nmcli device wifi rescan + + echo "Available Wi-Fi networks:" + nmcli device wifi list + + echo "Enter the SSID of the network:" read -r ssid - echo "Do you want to connect to an open network? [y/N]" + echo "Is this network open? [y/N]" read -r open_network if [[ "${open_network}" =~ ^([yY][eE][sS]|[yY])$ ]]; then - wpa_supplicant -i "${interface}" -c <(wpa_passphrase "${ssid}") -B + nmcli device wifi connect "${ssid}" ifname "${interface}" else echo "Enter the passphrase:" read -rs passphrase - - wpa_passphrase "${ssid}" "${passphrase}" > wifi.conf - wpa_supplicant -i "${interface}" -c wifi.conf -B - rm wifi.conf + nmcli device wifi connect "${ssid}" password "${passphrase}" ifname "${interface}" fi - dhcpcd - echo "Waiting for a network connection..." - for i in {1..10}; do if ping -c 1 google.com &>/dev/null; then echo "Connected to the network successfully." @@ -148,12 +146,12 @@ main() { copy_keys install copy_config - echo "Installation complete. Please reboot your system." + echo "Installation complete. Reboot your system." ;; 2) prepare_disk "mount" install - echo "Repair complete. Please reboot your system." + echo "Repair complete. Reboot your system." ;; *) echo "Invalid choice."