Add installer

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

hosts/installer/README.md

@@ -0,0 +1 @@
+# installer

hosts/installer/default.nix

@@ -0,0 +1,46 @@
+{ config, inputs, ... }:
+{
+  imports = [
+    ../../lib
+    inputs.disko.nixosModules.disko
+    (import ./format.nix {
+      device = "/dev/disk/by-id/usb-SanDisk_Ultra_Trek_050133f0afb69de86a475ee8d2ad97e4916cce11764cffba9ab262d42a7d0d2f66460000000000000000000039b7a3b8ff990a109f5581078ea6e86a-0:0";
+    })
+    ./hardware.nix
+    ../common/system/configs/boot
+    ../common/system/configs/btop
+    ../common/system/configs/btrfs
+    ../common/system/configs/fastfetch
+    ../common/system/configs/getty
+    ../common/system/configs/git
+    ../common/system/configs/gpg-agent
+    ../common/system/configs/impermanence
+    ../common/system/configs/lsof
+    ../common/system/configs/ncdu
+    ../common/system/configs/neovim
+    ../common/system/configs/networking
+    ../common/system/configs/nix
+    ../common/system/configs/nix-cleanup
+    ../common/system/configs/nix-ld
+    ../common/system/configs/nixpkgs
+    ../common/system/configs/ntp
+    ../common/system/configs/ranger
+    ../common/system/configs/sops
+    ../common/system/configs/ssh
+    ../common/system/configs/system
+    ../common/system/configs/timezone
+    ../common/system/configs/tmux
+    ../common/system/configs/tree
+    ../common/system/configs/users
+    ../common/system/configs/wget
+    ../common/system/configs/zsh
+    ./users/nick
+  ];
+
+  networking.hostName = "installer";
+  i18n.defaultLocale = "en_US.UTF-8";
+  sops.defaultSopsFile = ./secrets/secrets.yaml;
+
+  environment.impermanence.device =
+    config.disko.devices.disk.usb.content.partitions.root.content.name;
+}

hosts/installer/format.nix

@@ -0,0 +1,74 @@
+{
+  device ? throw "device argument is required",
+  ...
+}:
+{
+  disko.devices = {
+    disk.usb = {
+      inherit device;
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "esp";
+            size = "512M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+              mountOptions = [ "umask=0077" ];
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              name = "usb";
+              type = "luks";
+              settings = {
+                allowDiscards = true;
+              };
+              content = {
+                type = "btrfs";
+                extraArgs = [ "-f" ];
+                subvolumes = {
+                  "@" = {
+                    mountpoint = "/";
+                  };
+                  "@persist" = {
+                    mountpoint = "/persist";
+                    mountOptions = [
+                      "compress=zstd"
+                      "noatime"
+                    ];
+                  };
+                  "@nix" = {
+                    mountpoint = "/nix";
+                    mountOptions = [
+                      "compress=zstd"
+                      "noatime"
+                    ];
+                  };
+                  "@cache" = {
+                    mountpoint = "/cache";
+                    mountOptions = [
+                      "compress=zstd"
+                      "noatime"
+                    ];
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/installer/hardware.nix

@@ -0,0 +1,17 @@
+{ ... }:
+{
+  hardware.enableAllFirmware = true;
+
+  boot.initrd.kernelModules = [
+    "nvme"
+    "ahci"
+    "usbhid"
+    "xhci_pci"
+    "usb_storage"
+    "sd_mod"
+  ];
+
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  services.fstrim.enable = true;
+}

hosts/installer/secrets/ssh_host_ed25519_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEIK+JkxkC0E8w0IF59gtpG55JBS/osqs1B7VhsI0eI nick@eirene

hosts/installer/users/nick/default.nix

@@ -0,0 +1,88 @@
+{ config, lib, ... }:
+let
+  # FIXME: https://github.com/NixOS/nixpkgs/issues/24570
+  # FIXME: https://github.com/NixOS/nixpkgs/issues/305643
+  user = "nick";
+  home = "/home/nick";
+in
+{
+  imports = [
+    ../../../common/user/configs/options.nix
+    (import ../../../common/user/configs/console/bashmount { inherit user home; })
+    (import ../../../common/user/configs/console/btop { inherit user home; })
+    (import ../../../common/user/configs/console/fastfetch { inherit user home; })
+    (import ../../../common/user/configs/console/git { inherit user home; })
+    (import ../../../common/user/configs/console/gpg-agent { inherit user home; })
+    (import ../../../common/user/configs/console/home-manager { inherit user home; })
+    (import ../../../common/user/configs/console/ncdu { inherit user home; })
+    (import ../../../common/user/configs/console/neovim { inherit user home; })
+    (import ../../../common/user/configs/console/nix-develop { inherit user home; })
+    (import ../../../common/user/configs/console/nix-direnv { inherit user home; })
+    (import ../../../common/user/configs/console/nixpkgs { inherit user home; })
+    (import ../../../common/user/configs/console/ranger { inherit user home; })
+    (import ../../../common/user/configs/console/sops { inherit user home; })
+    (import ../../../common/user/configs/console/ssh { inherit user home; })
+    (import ../../../common/user/configs/console/tmux { inherit user home; })
+    (import ../../../common/user/configs/console/tree { inherit user home; })
+    (import ../../../common/user/configs/console/wget { inherit user home; })
+    (import ../../../common/user/configs/console/xdg { inherit user home; })
+    (import ../../../common/user/configs/console/zsh { inherit user home; })
+  ];
+
+  # echo "password" | mkpasswd -s
+  sops.secrets."${user}-password" = {
+    sopsFile = ../../../../secrets/personal/secrets.yaml;
+    key = "password";
+    neededForUsers = true;
+  };
+
+  users.users.${user} = {
+    inherit home;
+    isNormalUser = true;
+    email = "nick@karaolidis.com";
+    fullName = "Nikolaos Karaolidis";
+    description = "Nikolaos Karaolidis";
+    hashedPasswordFile = config.sops.secrets."${user}-password".path;
+    extraGroups = [ "wheel" ];
+    linger = true;
+    uid = lib.strings.toInt (builtins.readFile ./uid);
+  };
+
+  services.getty.autologinUser = user;
+
+  home-manager.users.${user} = {
+    home = {
+      username = user;
+      homeDirectory = home;
+    };
+
+    sops.secrets = {
+      "git/credentials" = {
+        sopsFile = ../../../../secrets/personal/secrets.yaml;
+        path = "${home}/.config/git/credentials";
+      };
+      "git/cookies" = {
+        sopsFile = ../../../../secrets/personal/secrets.yaml;
+        path = "${home}/.config/git/cookies";
+      };
+
+      "ssh/personal/git/key" = {
+        sopsFile = ../../../../secrets/personal/secrets.yaml;
+        path = "${home}/.ssh/ssh_git_personal_ed25519_key";
+      };
+      "ssh/personal/git/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
+
+      "gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml;
+      "gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
+    };
+
+    programs.ssh.matchBlocks = {
+      "github.com" = {
+        hostname = "github.com";
+        user = "git";
+        identityFile = "${home}/.ssh/ssh_git_personal_ed25519_key";
+        extraOptions.StrictHostKeyChecking = "accept-new";
+      };
+    };
+  };
+}

hosts/installer/users/nick/uid

@@ -0,0 +1 @@
+1000