From e23e71560fce87bc485251969e9576036921172e Mon Sep 17 00:00:00 2001 From: Nikolaos Karaolidis Date: Wed, 18 Dec 2024 20:57:26 +0000 Subject: [PATCH] Add elara Signed-off-by: Nikolaos Karaolidis --- .gitignore | 8 - README.md | 5 +- flake.lock | 36 ++-- flake.nix | 8 + hosts/.gitignore | 1 + .../common/system/configs/libvirt/default.nix | 6 +- .../nix-cleanup}/cleanup.sh | 4 +- .../nix-cleanup}/default.nix | 0 hosts/common/system/configs/nix/default.nix | 5 +- hosts/common/system/configs/ssh/default.nix | 1 + .../user/configs/console/git/default.nix | 5 - .../configs/console/gpg-agent/default.nix | 5 - .../user/configs/gui/obsidian/default.nix | 2 +- .../user/configs/gui/spicetify/default.nix | 2 +- .../common/user/configs/gui/theme/options.nix | 4 + hosts/common/user/configs/gui/theme/theme.sh | 4 - .../user/configs/gui/vscode/default.nix | 3 + hosts/eirene/default.nix | 12 +- hosts/eirene/{ => system}/scripts/card.sh | 0 hosts/eirene/{ => system}/scripts/mouse.sh | 0 hosts/eirene/users/nick.nix | 125 ------------- hosts/eirene/users/nick/default.nix | 138 ++++++++++++++ {users => hosts/eirene/users}/nick/uid | 0 hosts/elara/README.md | 18 ++ hosts/elara/default.nix | 168 ++++++++++++++++++ hosts/elara/format.nix | 74 ++++++++ hosts/elara/secrets/ssh_host_ed25519_key.pub | 1 + hosts/elara/system/scripts/card.sh | 10 ++ hosts/elara/system/scripts/mouse.sh | 14 ++ hosts/elara/users/nikara/default.nix | 116 ++++++++++++ hosts/elara/users/nikara/uid | 1 + scripts/add-host.sh | 4 + scripts/add-user.sh | 23 --- scripts/install.sh | 60 +++++-- scripts/remove-host.sh | 4 + scripts/remove-user.sh | 21 --- scripts/update-keys.sh | 4 + scripts/update.sh | 4 + secrets/.gitignore | 1 + {users/nick => static}/wallpapers/car.jpg | 0 {users/nick => static}/wallpapers/cats.jpg | 0 {users/nick => static}/wallpapers/clouds.png | 0 {users/nick => static}/wallpapers/girl.png | 0 .../nick => static}/wallpapers/mountain.jpg | 0 {users/nick => static}/wallpapers/plane.jpg | 0 {users/nick => static}/wallpapers/snow.jpg | 0 submodules/home-manager | 2 +- submodules/nixpkgs | 2 +- 48 files changed, 655 insertions(+), 246 deletions(-) delete mode 100644 .gitignore create mode 100644 hosts/.gitignore rename hosts/common/system/{scripts/cleanup => configs/nix-cleanup}/cleanup.sh (90%) rename hosts/common/system/{scripts/cleanup => configs/nix-cleanup}/default.nix (100%) rename hosts/eirene/{ => system}/scripts/card.sh (100%) rename hosts/eirene/{ => system}/scripts/mouse.sh (100%) delete mode 100644 hosts/eirene/users/nick.nix create mode 100644 hosts/eirene/users/nick/default.nix rename {users => hosts/eirene/users}/nick/uid (100%) create mode 100644 hosts/elara/README.md create mode 100644 hosts/elara/default.nix create mode 100644 hosts/elara/format.nix create mode 100644 hosts/elara/secrets/ssh_host_ed25519_key.pub create mode 100644 hosts/elara/system/scripts/card.sh create mode 100644 hosts/elara/system/scripts/mouse.sh create mode 100644 hosts/elara/users/nikara/default.nix create mode 100644 hosts/elara/users/nikara/uid delete mode 100755 scripts/add-user.sh delete mode 100755 scripts/remove-user.sh create mode 100644 secrets/.gitignore rename {users/nick => static}/wallpapers/car.jpg (100%) rename {users/nick => static}/wallpapers/cats.jpg (100%) rename {users/nick => static}/wallpapers/clouds.png (100%) rename {users/nick => static}/wallpapers/girl.png (100%) rename {users/nick => static}/wallpapers/mountain.jpg (100%) rename {users/nick => static}/wallpapers/plane.jpg (100%) rename {users/nick => static}/wallpapers/snow.jpg (100%) diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 43980b5..0000000 --- a/.gitignore +++ /dev/null @@ -1,8 +0,0 @@ -**/secrets/key.txt -!**/secrets/key.txt.pub - -**/secrets/ssh_host_*_key -!**/secrets/ssh_host_*_key.pub - -**/secrets/ssh/id_*_*_* -!**/secrets/ssh/id_*_*_*.pub diff --git a/README.md b/README.md index e7d8a73..bbc27f3 100644 --- a/README.md +++ b/README.md @@ -23,15 +23,13 @@ NixOS dotfiles and configuration for various hosts and users. - `users/`: User-specific settings for the host. - `format.nix`: Disk layout definition using [`disko`](https://github.com/nix-community/disko). -- `users//`: Global configurations for individual users that apply across all hosts. This includes secrets (like GPG keys and third-party service passwords), wallpapers, and more. +- `secrets//`: Global secrets for individual namespaces that apply across all hosts. - [`lib/`](./lib): Nix library function definitions and utilities. - [`scripts/`](./scripts): Utility scripts for managing the repository. - [`add-host.sh`](./scripts/add-host.sh): Instantiate the keys for a new host configuration. - [`remove-host.sh`](./scripts/remove-host.sh): Remove references to a host. - - [`add-user.sh`](./scripts/add-user.sh): Instantiate the keys for a new user configuration. - - [`remove-user.sh`](./scripts/remove-user.sh): Remove references to a user. - [`update-keys.sh`](./scripts/update-keys.sh): Update the encryption keys in all relevant files using `sops.yaml` configurations. - [`update.sh`](./scripts/update.sh): Update flake and all git submodules. - [`install.sh`](./scripts/install.sh): Install or repair a selected NixOS host. @@ -47,3 +45,4 @@ Below is a table of all hosts, with links to their respective README files, whic | Host | README | |----------|----------------------------------------------------| | `eirene` | [hosts/eirene/README.md](./hosts/eirene/README.md) | +| `elara` | [hosts/elara/README.md](./hosts/elara/README.md) | diff --git a/flake.lock b/flake.lock index 8eacfe2..a899e32 100644 --- a/flake.lock +++ b/flake.lock @@ -69,11 +69,11 @@ ] }, "locked": { - "lastModified": 1734088167, - "narHash": "sha256-OIitVU+IstPbX/NWn2jLF+/sT9dVKcO2FKeRAzlyX6c=", + "lastModified": 1734343412, + "narHash": "sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU=", "owner": "nix-community", "repo": "disko", - "rev": "d32f2d1750d61a476a236526b725ec5a32e16342", + "rev": "a08bfe06b39e94eec98dd089a2c1b18af01fef19", "type": "github" }, "original": { @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1734267456, - "narHash": "sha256-gUE1Pj5bxRlOSph00IU4Y5i06lIKAclc1YcynQLXTOQ=", + "lastModified": 1734529492, + "narHash": "sha256-U+8snNnPq87a0SkqRqvX3X4hHL//nbHnvtN1Th6Xja4=", "owner": "karaolidis", "repo": "home-manager", - "rev": "b27691db93b0348b9b0bf151ae952a6f9f95089d", + "rev": "24d660ebd62d3fee4578777efb4f38b042ac6f84", "type": "github" }, "original": { @@ -160,11 +160,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734267453, - "narHash": "sha256-dgFTPB2ER5akiAWRJbSpPbWar5D6n0BGD5Wcmhkt6pE=", + "lastModified": 1734529489, + "narHash": "sha256-HmUlOWpBp62kr/hFPObhbIXjDPuo915OiUBbL/4CkD8=", "owner": "karaolidis", "repo": "nixpkgs", - "rev": "59f98681ef21402ef93ccf43ae6c52547dee168e", + "rev": "9d03f3a891c104cdf1de7c76900642614a929ce5", "type": "github" }, "original": { @@ -176,11 +176,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1733940404, - "narHash": "sha256-Pj39hSoUA86ZePPF/UXiYHHM7hMIkios8TYG29kQT4g=", + "lastModified": 1734424634, + "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5d67ea6b4b63378b9c13be21e2ec9d1afc921713", + "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", "type": "github" }, "original": { @@ -197,11 +197,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1734263230, - "narHash": "sha256-S5N87tEKOEqsQvZ874e5aMhh2r8K51Q0530I8eh5uC0=", + "lastModified": 1734526336, + "narHash": "sha256-qI+dxxvmYNLhus/4CCE6QjjjPOjTz2olmnc5nZv0SE8=", "owner": "nix-community", "repo": "NUR", - "rev": "2562c7e526c1e66c837106dbb99623efb88f32ce", + "rev": "409fe7866b2171633d7be0b7de262d861c61a726", "type": "github" }, "original": { @@ -251,11 +251,11 @@ ] }, "locked": { - "lastModified": 1734236158, - "narHash": "sha256-PlzILP+aSuxXyaI9zuZs9T4QSFn+/c5/eImYBxThLbg=", + "lastModified": 1734495402, + "narHash": "sha256-NicfWsazv+LpZk2Xny9pzCd26IJttnzuou3yGZ5/1AA=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "6a83f1889a56760dedb93539360424b64766bc81", + "rev": "5b15daf10de2ce488771e6aabf72a7400b8500fc", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 2d48369..0afd00e 100644 --- a/flake.nix +++ b/flake.nix @@ -76,6 +76,14 @@ system = "x86_64-linux"; modules = [ ./hosts/eirene ]; }; + + elara = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs; + }; + system = "x86_64-linux"; + modules = [ ./hosts/elara ]; + }; }; } // inputs.flake-utils.lib.eachDefaultSystem ( diff --git a/hosts/.gitignore b/hosts/.gitignore new file mode 100644 index 0000000..69eb66b --- /dev/null +++ b/hosts/.gitignore @@ -0,0 +1 @@ +*/secrets/ssh_host_ed25519_key diff --git a/hosts/common/system/configs/libvirt/default.nix b/hosts/common/system/configs/libvirt/default.nix index 286fcb8..e1b2afc 100644 --- a/hosts/common/system/configs/libvirt/default.nix +++ b/hosts/common/system/configs/libvirt/default.nix @@ -24,8 +24,10 @@ environment = { systemPackages = [ config.virtualisation.libvirtd.qemu.swtpm.package ]; etc = { - "ovmf/edk2-x86_64-secure-code.fd".source = "${config.virtualisation.libvirtd.qemu.package}/share/qemu/edk2-x86_64-secure-code.fd"; - "ovmf/edk2-i386-vars.fd".source = "${config.virtualisation.libvirtd.qemu.package}/share/qemu/edk2-i386-vars.fd"; + "ovmf/edk2-x86_64-secure-code.fd".source = + "${config.virtualisation.libvirtd.qemu.package}/share/qemu/edk2-x86_64-secure-code.fd"; + "ovmf/edk2-i386-vars.fd".source = + "${config.virtualisation.libvirtd.qemu.package}/share/qemu/edk2-i386-vars.fd"; }; persistence."/persist"."/var/lib/libvirt" = { }; }; diff --git a/hosts/common/system/scripts/cleanup/cleanup.sh b/hosts/common/system/configs/nix-cleanup/cleanup.sh similarity index 90% rename from hosts/common/system/scripts/cleanup/cleanup.sh rename to hosts/common/system/configs/nix-cleanup/cleanup.sh index 69acb12..e238235 100644 --- a/hosts/common/system/scripts/cleanup/cleanup.sh +++ b/hosts/common/system/configs/nix-cleanup/cleanup.sh @@ -1,5 +1,5 @@ -if [[ "$(id -u)" -ne 0 ]]; then - echo "This script must be run as root." +if [[ "${EUID}" -ne 0 ]]; then + echo "Please run the script as root." exit 1 fi diff --git a/hosts/common/system/scripts/cleanup/default.nix b/hosts/common/system/configs/nix-cleanup/default.nix similarity index 100% rename from hosts/common/system/scripts/cleanup/default.nix rename to hosts/common/system/configs/nix-cleanup/default.nix diff --git a/hosts/common/system/configs/nix/default.nix b/hosts/common/system/configs/nix/default.nix index 7e4243e..6ce8ba3 100644 --- a/hosts/common/system/configs/nix/default.nix +++ b/hosts/common/system/configs/nix/default.nix @@ -1,6 +1,9 @@ { config, inputs, ... }: { - sops.secrets."nix/accessTokens/github".group = "users"; + sops.secrets."nix/accessTokens/github" = { + sopsFile = ../../../../../secrets/personal/secrets.yaml; + group = "users"; + }; nix = { settings = { diff --git a/hosts/common/system/configs/ssh/default.nix b/hosts/common/system/configs/ssh/default.nix index 0a66fe1..5744346 100644 --- a/hosts/common/system/configs/ssh/default.nix +++ b/hosts/common/system/configs/ssh/default.nix @@ -3,6 +3,7 @@ programs.ssh = { knownHosts = { eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub; + elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub; }; }; } diff --git a/hosts/common/user/configs/console/git/default.nix b/hosts/common/user/configs/console/git/default.nix index eda0952..55f11ad 100644 --- a/hosts/common/user/configs/console/git/default.nix +++ b/hosts/common/user/configs/console/git/default.nix @@ -43,10 +43,5 @@ in ); }; }; - - sops.secrets = { - "git/credentials".path = "${home}/.config/git/credentials"; - "git/cookies".path = "${home}/.config/git/cookies"; - }; }; } diff --git a/hosts/common/user/configs/console/gpg-agent/default.nix b/hosts/common/user/configs/console/gpg-agent/default.nix index 53e66f9..58373d2 100644 --- a/hosts/common/user/configs/console/gpg-agent/default.nix +++ b/hosts/common/user/configs/console/gpg-agent/default.nix @@ -61,10 +61,5 @@ Install.WantedBy = [ "default.target" ]; }; }; - - sops.secrets = { - "gpg-agent/pgp/key" = { }; - "gpg-agent/pgp/pass" = { }; - }; }; } diff --git a/hosts/common/user/configs/gui/obsidian/default.nix b/hosts/common/user/configs/gui/obsidian/default.nix index 8aa113e..77f1136 100644 --- a/hosts/common/user/configs/gui/obsidian/default.nix +++ b/hosts/common/user/configs/gui/obsidian/default.nix @@ -713,7 +713,7 @@ in } ) hmConfig.programs.obsidian.vaults; - sops.secrets."google/geocoding" = { }; + sops.secrets."google/geocoding".sopsFile = ../../../../../../secrets/personal/secrets.yaml; wayland.windowManager.hyprland.settings.bind = [ "$mod, o, exec, ${pkgs.obsidian}/bin/obsidian" ]; }; diff --git a/hosts/common/user/configs/gui/spicetify/default.nix b/hosts/common/user/configs/gui/spicetify/default.nix index 54999fb..3f1a016 100644 --- a/hosts/common/user/configs/gui/spicetify/default.nix +++ b/hosts/common/user/configs/gui/spicetify/default.nix @@ -62,7 +62,7 @@ in ]; }; - sops.secrets."spotify/username" = { }; + sops.secrets."spotify/username".sopsFile = ../../../../../../secrets/personal/secrets.yaml; xdg.configFile = { "spotify/prefs.init" = { diff --git a/hosts/common/user/configs/gui/theme/options.nix b/hosts/common/user/configs/gui/theme/options.nix index 85ab061..9cb87cd 100644 --- a/hosts/common/user/configs/gui/theme/options.nix +++ b/hosts/common/user/configs/gui/theme/options.nix @@ -12,6 +12,10 @@ let name = "theme-init"; runtimeInputs = with pkgs; [ matugen ]; text = '' + [[ ! -d "${cfg.configDir}" ]] && mkdir -p "${cfg.configDir}" + [[ ! -L "${cfg.configDir}"/wallpaper ]] && ln -sf "${cfg.wallpaper}" "${cfg.configDir}"/wallpaper + [[ ! -f "${cfg.configDir}"/mode ]] && echo "${cfg.mode}" > "${cfg.configDir}"/mode + matugen image "${cfg.configDir}/wallpaper" \ --type scheme-${cfg.flavour} \ --mode "$(cat "${cfg.configDir}/mode")" \ diff --git a/hosts/common/user/configs/gui/theme/theme.sh b/hosts/common/user/configs/gui/theme/theme.sh index 7a7037c..c407a8e 100644 --- a/hosts/common/user/configs/gui/theme/theme.sh +++ b/hosts/common/user/configs/gui/theme/theme.sh @@ -1,7 +1,3 @@ -[[ ! -d "${CONFIG}" ]] && mkdir -p "${CONFIG}" -[[ ! -L "${CONFIG}"/wallpaper ]] && ln -sf "${DEFAULT_WALLPAPER}" "${CONFIG}"/wallpaper -[[ ! -f "${CONFIG}"/mode ]] && echo "${DEFAULT_MODE}" > "${CONFIG}"/mode - WALLPAPER="" MODE="" diff --git a/hosts/common/user/configs/gui/vscode/default.nix b/hosts/common/user/configs/gui/vscode/default.nix index 90a6544..8553347 100644 --- a/hosts/common/user/configs/gui/vscode/default.nix +++ b/hosts/common/user/configs/gui/vscode/default.nix @@ -43,6 +43,7 @@ in ms-vsliveshare.vsliveshare github.copilot naumovs.color-highlight + signageos.signageos-vscode-sops ]; userSettings = { @@ -117,5 +118,7 @@ in ./langs/python ./langs/svelte ]; + + wayland.windowManager.hyprland.settings.bind = [ "$mod, c, exec, ${lib.meta.getExe pkgs.vscode}" ]; }; } diff --git a/hosts/eirene/default.nix b/hosts/eirene/default.nix index 1fe8c3c..b8e73e8 100644 --- a/hosts/eirene/default.nix +++ b/hosts/eirene/default.nix @@ -27,6 +27,7 @@ ../common/system/configs/neovim ../common/system/configs/networking ../common/system/configs/nix + ../common/system/configs/nix-cleanup ../common/system/configs/nix-ld ../common/system/configs/nixpkgs ../common/system/configs/ntp @@ -45,8 +46,7 @@ ../common/system/configs/users ../common/system/configs/wget ../common/system/configs/zsh - ../common/system/scripts/cleanup - ./users/nick.nix + ./users/nick ]; networking.hostName = "eirene"; @@ -128,7 +128,7 @@ powerManagement.enable = true; - systemd.services.powertop.postStart = builtins.readFile ./scripts/mouse.sh; + systemd.services.powertop.postStart = builtins.readFile ./system/scripts/mouse.sh; services = { xserver.videoDrivers = [ "nvidia" ]; @@ -170,7 +170,7 @@ }; programs = { - zsh.loginExtra = lib.mkBefore (builtins.readFile ./scripts/card.sh); + zsh.loginExtra = lib.mkBefore (builtins.readFile ./system/scripts/card.sh); # VSCode does not play well with fractional scaling vscode.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2; @@ -188,9 +188,7 @@ }; }; - theme = { - cursor.size = 24; - }; + theme.cursor.size = 24; } ]; } diff --git a/hosts/eirene/scripts/card.sh b/hosts/eirene/system/scripts/card.sh similarity index 100% rename from hosts/eirene/scripts/card.sh rename to hosts/eirene/system/scripts/card.sh diff --git a/hosts/eirene/scripts/mouse.sh b/hosts/eirene/system/scripts/mouse.sh similarity index 100% rename from hosts/eirene/scripts/mouse.sh rename to hosts/eirene/system/scripts/mouse.sh diff --git a/hosts/eirene/users/nick.nix b/hosts/eirene/users/nick.nix deleted file mode 100644 index 2c37749..0000000 --- a/hosts/eirene/users/nick.nix +++ /dev/null @@ -1,125 +0,0 @@ -{ config, lib, ... }: -let - # FIXME: https://github.com/NixOS/nixpkgs/issues/24570 - # FIXME: https://github.com/NixOS/nixpkgs/issues/305643 - user = "nick"; - home = "/home/nick"; -in -{ - imports = [ - ../../common/user/configs/options.nix - (import ../../common/user/configs/console/android { inherit user home; }) - (import ../../common/user/configs/console/bashmount { inherit user home; }) - (import ../../common/user/configs/console/bluetooth { inherit user home; }) - (import ../../common/user/configs/console/brightnessctl { inherit user home; }) - (import ../../common/user/configs/console/btop { inherit user home; }) - (import ../../common/user/configs/console/docker { inherit user home; }) - (import ../../common/user/configs/console/fastfetch { inherit user home; }) - (import ../../common/user/configs/console/ffmpeg { inherit user home; }) - (import ../../common/user/configs/console/git { inherit user home; }) - (import ../../common/user/configs/console/gpg-agent { inherit user home; }) - (import ../../common/user/configs/console/home-manager { inherit user home; }) - (import ../../common/user/configs/console/imagemagick { inherit user home; }) - (import ../../common/user/configs/console/libvirt { inherit user home; }) - (import ../../common/user/configs/console/ncdu { inherit user home; }) - (import ../../common/user/configs/console/neovim { inherit user home; }) - (import ../../common/user/configs/console/nix-develop { inherit user home; }) - (import ../../common/user/configs/console/nix-direnv { inherit user home; }) - (import ../../common/user/configs/console/nixpkgs { inherit user home; }) - (import ../../common/user/configs/console/pipewire { inherit user home; }) - (import ../../common/user/configs/console/ranger { inherit user home; }) - (import ../../common/user/configs/console/sops { inherit user home; }) - (import ../../common/user/configs/console/syncthing { inherit user home; }) - (import ../../common/user/configs/console/tmux { inherit user home; }) - (import ../../common/user/configs/console/tree { inherit user home; }) - (import ../../common/user/configs/console/wget { inherit user home; }) - (import ../../common/user/configs/console/xdg { inherit user home; }) - (import ../../common/user/configs/console/yt-dlp { inherit user home; }) - (import ../../common/user/configs/console/zsh { inherit user home; }) - (import ../../common/user/configs/gui/astal { inherit user home; }) - (import ../../common/user/configs/gui/bluetooth { inherit user home; }) - (import ../../common/user/configs/gui/brightnessctl { inherit user home; }) - (import ../../common/user/configs/gui/btop { inherit user home; }) - (import ../../common/user/configs/gui/chromium { inherit user home; }) - (import ../../common/user/configs/gui/cliphist { inherit user home; }) - (import ../../common/user/configs/gui/darktable { inherit user home; }) - (import ../../common/user/configs/gui/discord { inherit user home; }) - (import ../../common/user/configs/gui/emoji { inherit user home; }) - (import ../../common/user/configs/gui/firefox { inherit user home; }) - (import ../../common/user/configs/gui/gaming { inherit user home; }) - (import ../../common/user/configs/gui/gtk { inherit user home; }) - (import ../../common/user/configs/gui/hyprland { inherit user home; }) - (import ../../common/user/configs/gui/hyprshot { inherit user home; }) - (import ../../common/user/configs/gui/kitty { inherit user home; }) - (import ../../common/user/configs/gui/libreoffice { inherit user home; }) - (import ../../common/user/configs/gui/networking { inherit user home; }) - (import ../../common/user/configs/gui/obs { inherit user home; }) - (import ../../common/user/configs/gui/obsidian { inherit user home; }) - (import ../../common/user/configs/gui/pipewire { inherit user home; }) - (import ../../common/user/configs/gui/qalculate { inherit user home; }) - (import ../../common/user/configs/gui/qt { inherit user home; }) - (import ../../common/user/configs/gui/rofi { inherit user home; }) - (import ../../common/user/configs/gui/spicetify { inherit user home; }) - (import ../../common/user/configs/gui/swww { inherit user home; }) - (import ../../common/user/configs/gui/theme { inherit user home; }) - (import ../../common/user/configs/gui/transmission { inherit user home; }) - (import ../../common/user/configs/gui/vscode { inherit user home; }) - (import ../../common/user/configs/gui/wev { inherit user home; }) - (import ../../common/user/configs/gui/x11 { inherit user home; }) - (import ../../common/user/configs/gui/xdg { inherit user home; }) - ]; - - sops.secrets."${user}-password" = { - sopsFile = ../../../users/${user}/secrets/secrets.yaml; - key = "password"; - neededForUsers = true; - }; - - users.users.${user} = { - inherit home; - isNormalUser = true; - email = "nick@karaolidis.com"; - fullName = "Nikolaos Karaolidis"; - description = "Nikolaos Karaolidis"; - hashedPasswordFile = config.sops.secrets."${user}-password".path; - extraGroups = [ "wheel" ]; - linger = true; - uid = lib.strings.toInt (builtins.readFile ../../../users/${user}/uid); - }; - - services.getty.autologinUser = user; - - home-manager.users.${user} = { - home = { - username = user; - homeDirectory = home; - }; - - sops.defaultSopsFile = ../../../users/${user}/secrets/secrets.yaml; - theme.wallpaper = ../../../users/${user}/secrets/wallpapers/clouds.png; - - programs.obsidian.vaults."Documents/Obsidian/master".enable = true; - - services.syncthing.settings.folders = { - obsidian = { - label = "Obsidian"; - path = "${home}/Documents/Obsidian"; - devices = [ - "amalthea" - "ganymede" - ]; - }; - official = { - label = "Official"; - path = "${home}/Documents/Official"; - devices = [ - "amalthea" - "ganymede" - ]; - }; - }; - - home.file."Documents/Obsidian/.stignore".source = - ../../common/user/configs/gui/obsidian/config/.stignore; - }; -} diff --git a/hosts/eirene/users/nick/default.nix b/hosts/eirene/users/nick/default.nix new file mode 100644 index 0000000..a9aba97 --- /dev/null +++ b/hosts/eirene/users/nick/default.nix @@ -0,0 +1,138 @@ +{ config, lib, ... }: +let + # FIXME: https://github.com/NixOS/nixpkgs/issues/24570 + # FIXME: https://github.com/NixOS/nixpkgs/issues/305643 + user = "nick"; + home = "/home/nick"; +in +{ + imports = [ + ../../../common/user/configs/options.nix + (import ../../../common/user/configs/console/android { inherit user home; }) + (import ../../../common/user/configs/console/bashmount { inherit user home; }) + (import ../../../common/user/configs/console/bluetooth { inherit user home; }) + (import ../../../common/user/configs/console/brightnessctl { inherit user home; }) + (import ../../../common/user/configs/console/btop { inherit user home; }) + (import ../../../common/user/configs/console/docker { inherit user home; }) + (import ../../../common/user/configs/console/fastfetch { inherit user home; }) + (import ../../../common/user/configs/console/ffmpeg { inherit user home; }) + (import ../../../common/user/configs/console/git { inherit user home; }) + (import ../../../common/user/configs/console/gpg-agent { inherit user home; }) + (import ../../../common/user/configs/console/home-manager { inherit user home; }) + (import ../../../common/user/configs/console/imagemagick { inherit user home; }) + (import ../../../common/user/configs/console/libvirt { inherit user home; }) + (import ../../../common/user/configs/console/ncdu { inherit user home; }) + (import ../../../common/user/configs/console/neovim { inherit user home; }) + (import ../../../common/user/configs/console/nix-develop { inherit user home; }) + (import ../../../common/user/configs/console/nix-direnv { inherit user home; }) + (import ../../../common/user/configs/console/nixpkgs { inherit user home; }) + (import ../../../common/user/configs/console/pipewire { inherit user home; }) + (import ../../../common/user/configs/console/ranger { inherit user home; }) + (import ../../../common/user/configs/console/sops { inherit user home; }) + (import ../../../common/user/configs/console/syncthing { inherit user home; }) + (import ../../../common/user/configs/console/tmux { inherit user home; }) + (import ../../../common/user/configs/console/tree { inherit user home; }) + (import ../../../common/user/configs/console/wget { inherit user home; }) + (import ../../../common/user/configs/console/xdg { inherit user home; }) + (import ../../../common/user/configs/console/yt-dlp { inherit user home; }) + (import ../../../common/user/configs/console/zsh { inherit user home; }) + (import ../../../common/user/configs/gui/astal { inherit user home; }) + (import ../../../common/user/configs/gui/bluetooth { inherit user home; }) + (import ../../../common/user/configs/gui/brightnessctl { inherit user home; }) + (import ../../../common/user/configs/gui/btop { inherit user home; }) + (import ../../../common/user/configs/gui/chromium { inherit user home; }) + (import ../../../common/user/configs/gui/cliphist { inherit user home; }) + (import ../../../common/user/configs/gui/darktable { inherit user home; }) + (import ../../../common/user/configs/gui/discord { inherit user home; }) + (import ../../../common/user/configs/gui/emoji { inherit user home; }) + (import ../../../common/user/configs/gui/firefox { inherit user home; }) + (import ../../../common/user/configs/gui/gaming { inherit user home; }) + (import ../../../common/user/configs/gui/gtk { inherit user home; }) + (import ../../../common/user/configs/gui/hyprland { inherit user home; }) + (import ../../../common/user/configs/gui/hyprshot { inherit user home; }) + (import ../../../common/user/configs/gui/kitty { inherit user home; }) + (import ../../../common/user/configs/gui/libreoffice { inherit user home; }) + (import ../../../common/user/configs/gui/networking { inherit user home; }) + (import ../../../common/user/configs/gui/obs { inherit user home; }) + (import ../../../common/user/configs/gui/obsidian { inherit user home; }) + (import ../../../common/user/configs/gui/pipewire { inherit user home; }) + (import ../../../common/user/configs/gui/qalculate { inherit user home; }) + (import ../../../common/user/configs/gui/qt { inherit user home; }) + (import ../../../common/user/configs/gui/rofi { inherit user home; }) + (import ../../../common/user/configs/gui/spicetify { inherit user home; }) + (import ../../../common/user/configs/gui/swww { inherit user home; }) + (import ../../../common/user/configs/gui/theme { inherit user home; }) + (import ../../../common/user/configs/gui/transmission { inherit user home; }) + (import ../../../common/user/configs/gui/vscode { inherit user home; }) + (import ../../../common/user/configs/gui/wev { inherit user home; }) + (import ../../../common/user/configs/gui/x11 { inherit user home; }) + (import ../../../common/user/configs/gui/xdg { inherit user home; }) + ]; + + # echo "password" | mkpasswd -s + sops.secrets."${user}-password" = { + sopsFile = ../../../../secrets/personal/secrets.yaml; + key = "password"; + neededForUsers = true; + }; + + users.users.${user} = { + inherit home; + isNormalUser = true; + email = "nick@karaolidis.com"; + fullName = "Nikolaos Karaolidis"; + description = "Nikolaos Karaolidis"; + hashedPasswordFile = config.sops.secrets."${user}-password".path; + extraGroups = [ "wheel" ]; + linger = true; + uid = lib.strings.toInt (builtins.readFile ./uid); + }; + + services.getty.autologinUser = user; + + home-manager.users.${user} = { + home = { + username = user; + homeDirectory = home; + }; + + sops.secrets = { + "git/credentials" = { + sopsFile = ../../../../secrets/personal/secrets.yaml; + path = "${home}/.config/git/credentials"; + }; + "git/cookies" = { + sopsFile = ../../../../secrets/personal/secrets.yaml; + path = "${home}/.config/git/cookies"; + }; + "gpg-agent/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml; + "gpg-agent/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; + }; + + theme.wallpaper = ../../../../static/wallpapers/clouds.png; + + programs.obsidian.vaults."Documents/Obsidian/master".enable = true; + + services.syncthing.settings.folders = { + obsidian = { + label = "Obsidian"; + path = "${home}/Documents/Obsidian"; + devices = [ + "amalthea" + "ganymede" + ]; + }; + official = { + label = "Official"; + path = "${home}/Documents/Official"; + devices = [ + "amalthea" + "ganymede" + ]; + }; + }; + + home.file."Documents/Obsidian/.stignore".source = + ../../../common/user/configs/gui/obsidian/config/.stignore; + }; +} diff --git a/users/nick/uid b/hosts/eirene/users/nick/uid similarity index 100% rename from users/nick/uid rename to hosts/eirene/users/nick/uid diff --git a/hosts/elara/README.md b/hosts/elara/README.md new file mode 100644 index 0000000..ca83c6c --- /dev/null +++ b/hosts/elara/README.md @@ -0,0 +1,18 @@ +# sas + +## Post-Install Checklist + +### Networking + +- [ ] Add NetworkManager connections +- [ ] Connect Bluetooth devices +- [ ] Add printers + +### Third-party Services + +- [ ] Firefox + - [ ] Authenticate + +- [ ] Spotify + - [ ] Authenticate + - [ ] Local Files diff --git a/hosts/elara/default.nix b/hosts/elara/default.nix new file mode 100644 index 0000000..6758c34 --- /dev/null +++ b/hosts/elara/default.nix @@ -0,0 +1,168 @@ +{ + inputs, + lib, + pkgs, + ... +}: +{ + imports = [ + ../../lib + inputs.disko.nixosModules.disko + (import ./format.nix { + device = "/dev/disk/by-id/usb-SanDisk_Ultra_Trek_0501990ddf7236633373ea7dd2e6715f954e2dbb35cadae343333f0562cda6aa7ec80000000000000000000042c100baff1e08109f5581078ea6d9c3-0:0"; + }) + ../common/system/configs/bluetooth + ../common/system/configs/boot + ../common/system/configs/brightnessctl + ../common/system/configs/btop + ../common/system/configs/btrfs + ../common/system/configs/cpu + ../common/system/configs/docker + ../common/system/configs/fastfetch + ../common/system/configs/getty + ../common/system/configs/git + ../common/system/configs/gpg-agent + ../common/system/configs/impermanence + ../common/system/configs/libvirt + ../common/system/configs/lsof + ../common/system/configs/ncdu + ../common/system/configs/neovim + ../common/system/configs/networking + ../common/system/configs/nix + ../common/system/configs/nix-cleanup + ../common/system/configs/nix-ld + ../common/system/configs/nixpkgs + ../common/system/configs/ntp + ../common/system/configs/pipewire + ../common/system/configs/plymouth + ../common/system/configs/powertop + ../common/system/configs/printing + ../common/system/configs/ranger + ../common/system/configs/sops + ../common/system/configs/ssh + ../common/system/configs/system + ../common/system/configs/timezone + ../common/system/configs/tlp + ../common/system/configs/tmux + ../common/system/configs/tree + ../common/system/configs/users + ../common/system/configs/wget + ../common/system/configs/zsh + ./users/nikara + ]; + + networking.hostName = "sas"; + i18n.defaultLocale = "en_US.UTF-8"; + sops.defaultSopsFile = ./secrets/secrets.yaml; + + # https://github.com/NixOS/nixos-hardware/tree/master/lenovo/legion/16achg6 + hardware = { + enableAllFirmware = true; + + cpu = { + cores = 8; + threads = 16; + amd.updateMicrocode = true; + }; + + nvidia = { + modesetting.enable = true; + powerManagement.enable = true; + open = false; + + prime = { + offload = { + enable = true; + enableOffloadCmd = true; + }; + nvidiaBusId = "PCI:1:0:0"; + amdgpuBusId = "PCI:6:0:0"; + }; + }; + + graphics = { + enable32Bit = true; + extraPackages = with pkgs; [ + amdvlk + driversi686Linux.amdvlk + rocmPackages.clr + rocmPackages.clr.icd + ]; + }; + }; + + boot = { + kernelParams = [ + "amd_pstate=active" + "video=eDP-1:2560x1600@165" + ]; + + kernelModules = [ "kvm-amd" ]; + + initrd.kernelModules = [ + "nvme" + "ahci" + "usbhid" + "amdgpu" + "xhci_pci" + "usb_storage" + "sd_mod" + ]; + }; + + nixpkgs = { + hostPlatform = "x86_64-linux"; + + config = { + cudaSupport = true; + rocmSupport = true; + }; + }; + + powerManagement.enable = true; + + systemd.services.powertop.postStart = builtins.readFile ./system/scripts/mouse.sh; + + services = { + xserver.videoDrivers = [ "nvidia" ]; + fstrim.enable = true; + tlp.settings.DISK_DEVICES = "nvme0n1 nvme1n1"; + }; + + home-manager.sharedModules = [ + { + wayland.windowManager.hyprland.settings = { + monitor = "eDP-1, 2560x1600@165, 0x0, 1.25"; + env = [ "WLR_DRM_DEVICES,$HOME/.config/hypr/card" ]; + device = [ + { + name = "syna2ba6:00-06cb:ce44-touchpad"; + sensitivity = 0.5; + } + ]; + gestures.workspace_swipe_distance = 600; + }; + + programs = { + zsh.loginExtra = lib.mkBefore (builtins.readFile ./system/scripts/card.sh); + + # VSCode does not play well with fractional scaling + vscode.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2; + + obs-studio.resolution = { + base = { + x = 4096; + y = 2560; + }; + + output = { + x = 2048; + y = 1280; + }; + }; + }; + + theme.cursor.size = 24; + } + ]; +} diff --git a/hosts/elara/format.nix b/hosts/elara/format.nix new file mode 100644 index 0000000..cda3b82 --- /dev/null +++ b/hosts/elara/format.nix @@ -0,0 +1,74 @@ +{ + device ? throw "device argument is required", + ... +}: +{ + disko.devices = { + disk.main = { + inherit device; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "esp"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + name = "luks"; + type = "luks"; + settings = { + allowDiscards = true; + }; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@" = { + mountpoint = "/"; + }; + "@persist" = { + mountpoint = "/persist"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "@cache" = { + mountpoint = "/cache"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/elara/secrets/ssh_host_ed25519_key.pub b/hosts/elara/secrets/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..d763e62 --- /dev/null +++ b/hosts/elara/secrets/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB2sVagJ2CqpitBK4izlfKWIe2n2xkfV95F0VNkAc3FD nick@eirene diff --git a/hosts/elara/system/scripts/card.sh b/hosts/elara/system/scripts/card.sh new file mode 100644 index 0000000..e053556 --- /dev/null +++ b/hosts/elara/system/scripts/card.sh @@ -0,0 +1,10 @@ +AMD=/dev/dri/by-path/pci-0000:06:00.0-card +NVIDIA=/dev/dri/by-path/pci-0000:01:00.0-card + +if [[ -e "${AMD}" ]]; then + CARD=${AMD} +else + CARD=${NVIDIA} +fi + +ln -sf "${CARD}" "${HOME}"/.config/hypr/card diff --git a/hosts/elara/system/scripts/mouse.sh b/hosts/elara/system/scripts/mouse.sh new file mode 100644 index 0000000..7f35a46 --- /dev/null +++ b/hosts/elara/system/scripts/mouse.sh @@ -0,0 +1,14 @@ +SEARCH_STRINGS=( + "Mouse" + "Razer DeathAdder Elite" + "Razer DeathAdder V3 HyperSpeed" +) + +for search_string in "${SEARCH_STRINGS[@]}"; do + echo "Searching for devices matching: ${search_string}" + + for f in $(grep -l "${search_string}" /sys/bus/usb/devices/*/product 2>/dev/null | sed "s/product/power\\/control/"); do + echo "Setting power control to 'on' for: ${f}" + echo on >| "${f}" + done +done diff --git a/hosts/elara/users/nikara/default.nix b/hosts/elara/users/nikara/default.nix new file mode 100644 index 0000000..50cea12 --- /dev/null +++ b/hosts/elara/users/nikara/default.nix @@ -0,0 +1,116 @@ +{ config, lib, ... }: +let + # FIXME: https://github.com/NixOS/nixpkgs/issues/24570 + # FIXME: https://github.com/NixOS/nixpkgs/issues/305643 + user = "nikara"; + home = "/home/nikara"; +in +{ + imports = [ + ../../../common/user/configs/options.nix + (import ../../../common/user/configs/console/bashmount { inherit user home; }) + (import ../../../common/user/configs/console/bluetooth { inherit user home; }) + (import ../../../common/user/configs/console/brightnessctl { inherit user home; }) + (import ../../../common/user/configs/console/btop { inherit user home; }) + (import ../../../common/user/configs/console/docker { inherit user home; }) + (import ../../../common/user/configs/console/fastfetch { inherit user home; }) + (import ../../../common/user/configs/console/git { inherit user home; }) + (import ../../../common/user/configs/console/gpg-agent { inherit user home; }) + (import ../../../common/user/configs/console/home-manager { inherit user home; }) + (import ../../../common/user/configs/console/imagemagick { inherit user home; }) + (import ../../../common/user/configs/console/libvirt { inherit user home; }) + (import ../../../common/user/configs/console/ncdu { inherit user home; }) + (import ../../../common/user/configs/console/neovim { inherit user home; }) + (import ../../../common/user/configs/console/nix-develop { inherit user home; }) + (import ../../../common/user/configs/console/nix-direnv { inherit user home; }) + (import ../../../common/user/configs/console/nixpkgs { inherit user home; }) + (import ../../../common/user/configs/console/pipewire { inherit user home; }) + (import ../../../common/user/configs/console/ranger { inherit user home; }) + (import ../../../common/user/configs/console/sops { inherit user home; }) + (import ../../../common/user/configs/console/tmux { inherit user home; }) + (import ../../../common/user/configs/console/tree { inherit user home; }) + (import ../../../common/user/configs/console/wget { inherit user home; }) + (import ../../../common/user/configs/console/xdg { inherit user home; }) + (import ../../../common/user/configs/console/zsh { inherit user home; }) + (import ../../../common/user/configs/gui/astal { inherit user home; }) + (import ../../../common/user/configs/gui/bluetooth { inherit user home; }) + (import ../../../common/user/configs/gui/brightnessctl { inherit user home; }) + (import ../../../common/user/configs/gui/btop { inherit user home; }) + (import ../../../common/user/configs/gui/chromium { inherit user home; }) + (import ../../../common/user/configs/gui/cliphist { inherit user home; }) + (import ../../../common/user/configs/gui/emoji { inherit user home; }) + (import ../../../common/user/configs/gui/firefox { inherit user home; }) + (import ../../../common/user/configs/gui/gtk { inherit user home; }) + (import ../../../common/user/configs/gui/hyprland { inherit user home; }) + (import ../../../common/user/configs/gui/hyprshot { inherit user home; }) + (import ../../../common/user/configs/gui/kitty { inherit user home; }) + (import ../../../common/user/configs/gui/libreoffice { inherit user home; }) + (import ../../../common/user/configs/gui/networking { inherit user home; }) + (import ../../../common/user/configs/gui/obs { inherit user home; }) + (import ../../../common/user/configs/gui/obsidian { inherit user home; }) + (import ../../../common/user/configs/gui/pipewire { inherit user home; }) + (import ../../../common/user/configs/gui/qalculate { inherit user home; }) + (import ../../../common/user/configs/gui/qt { inherit user home; }) + (import ../../../common/user/configs/gui/rofi { inherit user home; }) + (import ../../../common/user/configs/gui/spicetify { inherit user home; }) + (import ../../../common/user/configs/gui/swww { inherit user home; }) + (import ../../../common/user/configs/gui/theme { inherit user home; }) + (import ../../../common/user/configs/gui/vscode { inherit user home; }) + (import ../../../common/user/configs/gui/wev { inherit user home; }) + (import ../../../common/user/configs/gui/x11 { inherit user home; }) + (import ../../../common/user/configs/gui/xdg { inherit user home; }) + (import ../../user/configs/console/globalprotect-remote-connect { inherit user home; }) + ]; + + # echo "password" | mkpasswd -s + sops.secrets."${user}-password" = { + sopsFile = ../../../../secrets/sas/secrets.yaml; + key = "password"; + neededForUsers = true; + }; + + users.users.${user} = { + inherit home; + isNormalUser = true; + email = "Nick.Karaolidis@sas.com"; + fullName = "Nick Karaolidis"; + description = "Nick Karaolidis"; + hashedPasswordFile = config.sops.secrets."${user}-password".path; + extraGroups = [ "wheel" ]; + linger = true; + uid = lib.strings.toInt (builtins.readFile ./uid); + }; + + services.getty.autologinUser = user; + + home-manager.users.${user} = { + home = { + username = user; + homeDirectory = home; + }; + + sops.secrets = { + # Personal + "git/credentials" = { + sopsFile = ../../../../secrets/personal/secrets.yaml; + path = "${home}/.config/git/credentials"; + }; + "git/cookies" = { + sopsFile = ../../../../secrets/personal/secrets.yaml; + path = "${home}/.config/git/cookies"; + }; + "gpg-agent/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml; + "gpg-agent/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; + + # SAS + "globalprotect/server".sopsFile = ../../../../secrets/sas/secrets.yaml; + "globalprotect/email".sopsFile = ../../../../secrets/sas/secrets.yaml; + "globalprotect/password".sopsFile = ../../../../secrets/sas/secrets.yaml; + "globalprotect/gateway".sopsFile = ../../../../secrets/sas/secrets.yaml; + }; + + theme.wallpaper = ../../../../static/wallpapers/clouds.png; + + programs.obsidian.vaults."Documents/Obsidian/master".enable = true; + }; +} diff --git a/hosts/elara/users/nikara/uid b/hosts/elara/users/nikara/uid new file mode 100644 index 0000000..83b33d2 --- /dev/null +++ b/hosts/elara/users/nikara/uid @@ -0,0 +1 @@ +1000 diff --git a/scripts/add-host.sh b/scripts/add-host.sh index 0fb5fbc..12101de 100755 --- a/scripts/add-host.sh +++ b/scripts/add-host.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail + if [[ "$#" -ne 2 ]]; then echo "Usage: $0 " exit 1 diff --git a/scripts/add-user.sh b/scripts/add-user.sh deleted file mode 100755 index dfd2abb..0000000 --- a/scripts/add-user.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/env bash - -if [[ "$#" -ne 2 ]]; then - echo "Usage: $0 " - exit 1 -fi - -USER="$1" - -mkdir -p "./users/${USER}/secrets" - -nix shell nixpkgs#age --command age-keygen -o "./users/${USER}/secrets/key.txt" - -AGE_KEY=$(grep "^# public key: " "./users/${USER}/secrets/key.txt" | sed "s/# public key: //") - -for SOPS_FILE in $(find . -type f -name "sops.yaml"); do - sed -i "/- users:/a\ - &${USER} ${AGE_KEY}" "${SOPS_FILE}" - sed -i "/- age:/a\ - *${USER}" "${SOPS_FILE}" -done - -"$(dirname "$0")/update-keys.sh" "$2" - -echo "User ${USER} has been successfully added." diff --git a/scripts/install.sh b/scripts/install.sh index ff396d4..ae76193 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail + check_root() { if [[ "${EUID}" -ne 0 ]]; then echo "Please run the script as root." @@ -8,6 +12,8 @@ check_root() { } check_network() { + rfkill unblock all + if ping -c 1 google.com &>/dev/null; then echo "Network connection detected, skipping Wi-Fi setup." return @@ -33,16 +39,15 @@ setup_wifi() { echo "Enter the network interface you want to use:" read -r interface + echo "Enter the SSID of the open network:" + read -r ssid + echo "Do you want to connect to an open network? [y/N]" read -r open_network if [[ "${open_network}" =~ ^([yY][eE][sS]|[yY])$ ]]; then - echo "Enter the SSID of the open network:" - read -r ssid wpa_supplicant -i "${interface}" -c <(wpa_passphrase "${ssid}") -B else - echo "Enter the SSID:" - read -r ssid echo "Enter the passphrase:" read -rs passphrase @@ -52,24 +57,30 @@ setup_wifi() { fi dhcpcd + + echo "Waiting for a network connection..." + + for i in {1..10}; do + if ping -c 1 google.com &>/dev/null; then + echo "Connected to the network successfully." + return + fi + sleep 1 + done + + echo "Failed to establish a connection within the timeout period." + exit 1 } select_host() { echo "Available hosts:" - echo $(nix --experimental-features "nix-command flakes" flake show --json | nix --experimental-features "nix-command flakes" shell nixpkgs#jq --command jq -r '.nixosConfigurations | keys[]') + echo $(nix --experimental-features "nix-command flakes" flake show --json | + nix --experimental-features "nix-command flakes" shell nixpkgs#jq --command jq -r '.nixosConfigurations | keys[]') echo "Enter host:" read -r host } -select_users() { - echo "Available users:" - ls users/ - - echo "Enter the users to copy keys for (space-separated):" - read -r -a users -} - prepare_disk() { local mode="$1" device=$(grep -oP '(?<=device = ")[^"]+' "./hosts/${host}/default.nix") @@ -80,11 +91,25 @@ copy_keys() { mkdir -p /mnt/persist/etc/ssh cp "./hosts/${host}/secrets/ssh_host_ed25519_key" /mnt/persist/etc/ssh/ssh_host_ed25519_key - for user in "${users[@]}"; do - mkdir -p "/mnt/persist/home/${user}/.config/sops-nix" - cp "./users/${user}/secrets/key.txt" "/mnt/persist/home/${user}/.config/sops-nix/key.txt" + for path in "./hosts/${host}/users"/*; do + user=$(basename "${path}") + echo "User detected: ${user}" - uid=$(cat "./users/${user}/uid") + echo "Available keys for ${user}:" + ls ./secrets/*/key.txt + + echo "Enter the key file to copy (or press Enter to skip this user):" + read -r key + + if [[ -z "${key}" ]]; then + echo "Skipping ${user}" + continue + fi + + mkdir -p "/mnt/persist/home/${user}/.config/sops-nix" + cp "${key}" "/mnt/persist/home/${user}/.config/sops-nix/key.txt" + + uid=$(cat "./hosts/${host}/users/${user}/uid") gid=100 chown -R "${uid}:${gid}" "/mnt/persist/home/${user}" @@ -107,7 +132,6 @@ main() { case ${choice} in 1) - select_users prepare_disk "disko" copy_keys install diff --git a/scripts/remove-host.sh b/scripts/remove-host.sh index c9ac255..b861753 100755 --- a/scripts/remove-host.sh +++ b/scripts/remove-host.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail + if [[ "$#" -ne 2 ]]; then echo "Usage: $0 " exit 1 diff --git a/scripts/remove-user.sh b/scripts/remove-user.sh deleted file mode 100755 index fc077f0..0000000 --- a/scripts/remove-user.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -if [[ "$#" -ne 2 ]]; then - echo "Usage: $0 " - exit 1 -fi - -USER="$1" - -AGE_KEY=$(grep "^# public key: " "./users/${USER}/secrets/key.txt" | sed "s/# public key: //") - -for SOPS_FILE in $(find . -type f -name "sops.yaml"); do - sed -i "/ - &${USER} ${AGE_KEY}/d" "${SOPS_FILE}" - sed -i "/ - \*${USER}/d" "${SOPS_FILE}" -done - -"$(dirname "$0")/update-keys.sh" "$2" - -rm -rf ./users/"${USER}" - -echo "User ${USER} has been successfully removed." diff --git a/scripts/update-keys.sh b/scripts/update-keys.sh index 96d1365..24e432a 100755 --- a/scripts/update-keys.sh +++ b/scripts/update-keys.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail + if [[ "$#" -ne 1 ]]; then echo "Usage: $0 " exit 1 diff --git a/scripts/update.sh b/scripts/update.sh index 7481a66..4bd680a 100755 --- a/scripts/update.sh +++ b/scripts/update.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail + paths=$(git config --file .gitmodules --name-only --get-regexp path | while read -r line; do path=$(git config --file .gitmodules --get "${line}") url=$(git config --file .gitmodules --get "${line%.*}.url") diff --git a/secrets/.gitignore b/secrets/.gitignore new file mode 100644 index 0000000..3c53e63 --- /dev/null +++ b/secrets/.gitignore @@ -0,0 +1 @@ +*/key.txt diff --git a/users/nick/wallpapers/car.jpg b/static/wallpapers/car.jpg similarity index 100% rename from users/nick/wallpapers/car.jpg rename to static/wallpapers/car.jpg diff --git a/users/nick/wallpapers/cats.jpg b/static/wallpapers/cats.jpg similarity index 100% rename from users/nick/wallpapers/cats.jpg rename to static/wallpapers/cats.jpg diff --git a/users/nick/wallpapers/clouds.png b/static/wallpapers/clouds.png similarity index 100% rename from users/nick/wallpapers/clouds.png rename to static/wallpapers/clouds.png diff --git a/users/nick/wallpapers/girl.png b/static/wallpapers/girl.png similarity index 100% rename from users/nick/wallpapers/girl.png rename to static/wallpapers/girl.png diff --git a/users/nick/wallpapers/mountain.jpg b/static/wallpapers/mountain.jpg similarity index 100% rename from users/nick/wallpapers/mountain.jpg rename to static/wallpapers/mountain.jpg diff --git a/users/nick/wallpapers/plane.jpg b/static/wallpapers/plane.jpg similarity index 100% rename from users/nick/wallpapers/plane.jpg rename to static/wallpapers/plane.jpg diff --git a/users/nick/wallpapers/snow.jpg b/static/wallpapers/snow.jpg similarity index 100% rename from users/nick/wallpapers/snow.jpg rename to static/wallpapers/snow.jpg diff --git a/submodules/home-manager b/submodules/home-manager index b27691d..24d660e 160000 --- a/submodules/home-manager +++ b/submodules/home-manager @@ -1 +1 @@ -Subproject commit b27691db93b0348b9b0bf151ae952a6f9f95089d +Subproject commit 24d660ebd62d3fee4578777efb4f38b042ac6f84 diff --git a/submodules/nixpkgs b/submodules/nixpkgs index 59f9868..9d03f3a 160000 --- a/submodules/nixpkgs +++ b/submodules/nixpkgs @@ -1 +1 @@ -Subproject commit 59f98681ef21402ef93ccf43ae6c52547dee168e +Subproject commit 9d03f3a891c104cdf1de7c76900642614a929ce5