diff --git a/README.md b/README.md index 6c42222..2d4e85b 100644 --- a/README.md +++ b/README.md @@ -83,6 +83,11 @@ - Alternatively boot an official nixos image connect with password 3. Copy ISO to usb using dd 3. After booting copy the installer to the live system using `nix copy --to .#packages..installer-package.` +4. Run the installer script from the nix store of the live system + - you can get the path using `nix path-info .#packages..installer-package.` +4. Export all zpools and reboot into system +6. Retrieve hostkeys using `ssh-keyscan | grep -o 'ssh-ed25519.*' > host//secrets/host.pub +5. Deploy system using colmena ## Deploy diff --git a/hosts/common/core/net.nix b/hosts/common/core/net.nix index 665b2a8..2a54c7c 100644 --- a/hosts/common/core/net.nix +++ b/hosts/common/core/net.nix @@ -1,4 +1,4 @@ -{ +{lib, ...}: { networking = { useNetworkd = true; dhcpcd.enable = false; diff --git a/hosts/common/core/system.nix b/hosts/common/core/system.nix index 630350f..f247296 100644 --- a/hosts/common/core/system.nix +++ b/hosts/common/core/system.nix @@ -22,7 +22,7 @@ boot = { initrd.systemd.enable = true; initrd.systemd.emergencyAccess = true; - initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc"]; + initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc" "ahci" "uas"]; supportedFilesystems = ["ntfs"]; kernelModules = ["kvm-intel"]; tmp.useTmpfs = true; diff --git a/hosts/common/graphical/hyprland.nix b/hosts/common/graphical/hyprland.nix index 2673468..5a8b48f 100644 --- a/hosts/common/graphical/hyprland.nix +++ b/hosts/common/graphical/hyprland.nix @@ -1,5 +1,8 @@ {pkgs, ...}: { - programs.hyprland.enable = true; + programs.hyprland = { + enableNvidiaPatches = true; + enable = true; + }; services.dbus.enable = true; xdg.portal = { enable = true; diff --git a/hosts/common/hardware/nvidia.nix b/hosts/common/hardware/nvidia.nix index b03a07e..e75edb3 100644 --- a/hosts/common/hardware/nvidia.nix +++ b/hosts/common/hardware/nvidia.nix @@ -4,14 +4,13 @@ hardware = { opengl = { enable = true; + driSupport = true; driSupport32Bit = true; }; nvidia = { - powerManagement = { - enable = true; - finegrained = true; - }; + powerManagement.enable = true; modesetting.enable = true; + open = false; }; }; } diff --git a/hosts/desktopnix/default.nix b/hosts/desktopnix/default.nix index 8b5e19e..eb04366 100644 --- a/hosts/desktopnix/default.nix +++ b/hosts/desktopnix/default.nix @@ -13,6 +13,7 @@ ../common/hardware/bluetooth.nix ../common/hardware/intel.nix + ../common/hardware/nvidia.nix ../common/hardware/physical.nix ../common/hardware/pipewire.nix ../common/hardware/yubikey.nix diff --git a/hosts/desktopnix/fs.nix b/hosts/desktopnix/fs.nix index 3ec9d3a..586c365 100644 --- a/hosts/desktopnix/fs.nix +++ b/hosts/desktopnix/fs.nix @@ -47,4 +47,6 @@ panzer = defaultZpoolOptions // {datasets = {};}; }; }; + boot.initrd.luks.devices.enc-rpool.allowDiscards = true; + boot.initrd.luks.devices.enc-infantry-fighting-vehicle.allowDiscards = true; } diff --git a/hosts/desktopnix/net.nix b/hosts/desktopnix/net.nix index 07236d8..3ae045f 100644 --- a/hosts/desktopnix/net.nix +++ b/hosts/desktopnix/net.nix @@ -7,6 +7,10 @@ DHCP = "yes"; matchConfig.MACAddress = config.secrets.secrets.local.networking.lan1.mac; dns = ["192.168.178.2"]; + networkConfig = { + IPv6PrivacyExtensions = "yes"; + MulticastDNS = true; + }; }; }; } diff --git a/hosts/desktopnix/secrets/host.pub b/hosts/desktopnix/secrets/host.pub new file mode 100644 index 0000000..e69de29 diff --git a/hosts/desktopnix/secrets/secrets.nix.age b/hosts/desktopnix/secrets/secrets.nix.age index e35e5b3..2bb40d0 100644 Binary files a/hosts/desktopnix/secrets/secrets.nix.age and b/hosts/desktopnix/secrets/secrets.nix.age differ diff --git a/hosts/patricknix/fs.nix b/hosts/patricknix/fs.nix index 5c9e160..175d183 100644 --- a/hosts/patricknix/fs.nix +++ b/hosts/patricknix/fs.nix @@ -23,4 +23,5 @@ rpool = defaultZpoolOptions // {datasets = defaultZfsDatasets;}; }; }; + boot.initrd.luks.devices.enc-rpool.allowDiscards = true; } diff --git a/hosts/testienix/fs.nix b/hosts/testienix/fs.nix index a79ff2d..32a63d9 100644 --- a/hosts/testienix/fs.nix +++ b/hosts/testienix/fs.nix @@ -14,7 +14,7 @@ partitions = [ (partEfiBoot "boot" "0%" "1GiB") (partSwap "swap" "1GiB" "17GiB") - (partLuksZfs "rpool" "rpool" "17GiB" "100%") + (lib.attrsets.recursiveUpdate (partLuksZfs "rpool" "rpool" "17GiB" "100%") {content.extraFormatArgs = ["--pbkdf pbkdf2"];}) ]; }; }; @@ -25,7 +25,7 @@ type = "table"; format = "gpt"; partitions = [ - (partLuksZfs "panzer-1" "panzer" "0%" "100%") + (lib.attrsets.recursiveUpdate (partLuksZfs "panzer-1" "panzer" "0%" "100%") {content.extraFormatArgs = ["--pbkdf pbkdf2"];}) ]; }; }; @@ -36,7 +36,7 @@ type = "table"; format = "gpt"; partitions = [ - (partLuksZfs "panzer-2" "panzer" "0%" "100%") + (lib.attrsets.recursiveUpdate (partLuksZfs "panzer-2" "panzer" "0%" "100%") {content.extraFormatArgs = ["--pbkdf pbkdf2"];}) ]; }; }; @@ -54,4 +54,6 @@ }; }; }; + + boot.initrd.luks.devices.enc-rpool.allowDiscards = true; } diff --git a/hosts/testienix/net.nix b/hosts/testienix/net.nix index 07236d8..3ae045f 100644 --- a/hosts/testienix/net.nix +++ b/hosts/testienix/net.nix @@ -7,6 +7,10 @@ DHCP = "yes"; matchConfig.MACAddress = config.secrets.secrets.local.networking.lan1.mac; dns = ["192.168.178.2"]; + networkConfig = { + IPv6PrivacyExtensions = "yes"; + MulticastDNS = true; + }; }; }; } diff --git a/hosts/testienix/secrets/host.pub b/hosts/testienix/secrets/host.pub new file mode 100644 index 0000000..975164b --- /dev/null +++ b/hosts/testienix/secrets/host.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB9g6E+f7XMSE4V2YDdw5kZjWpV9o1G4JPKb6f3SHjO4 diff --git a/lib/disko.nix b/lib/disko.nix index ef9f76f..e1348e2 100644 --- a/lib/disko.nix +++ b/lib/disko.nix @@ -28,7 +28,7 @@ inputs: self: super: { content = { type = "luks"; name = "enc-${name}"; - extraOpenArgs = ["--allow-discard"]; + extraOpenArgs = ["--allow-discards"]; content = { type = "zfs"; inherit pool; diff --git a/users/common/graphical.nix b/users/common/graphical/default.nix similarity index 75% rename from users/common/graphical.nix rename to users/common/graphical/default.nix index 445a8d1..7e5082e 100644 --- a/users/common/graphical.nix +++ b/users/common/graphical/default.nix @@ -1,9 +1,9 @@ {pkgs, ...}: { imports = [ - ./graphical/kitty.nix - ./graphical/hyprland - ./graphical/rofi.nix - ./graphical/firefox.nix + ./kitty.nix + ./sway + ./rofi.nix + ./firefox.nix ]; home = { packages = with pkgs; [ diff --git a/users/common/graphical/hyprland/hyprland.conf.nix b/users/common/graphical/hyprland/hyprland.conf.nix index 0fc3f68..fcfe0c4 100644 --- a/users/common/graphical/hyprland/hyprland.conf.nix +++ b/users/common/graphical/hyprland/hyprland.conf.nix @@ -1,88 +1,94 @@ MOD: TAGS: pkgs: '' - general { - gaps_in = 1 - gaps_out = 0 - no_cursor_warps = true + general { + gaps_in = 1 + gaps_out = 0 + no_cursor_warps = true + } + + input { + sensitivity = 0 + kb_layout = de,de + kb_variant = bone, + repeat_rate = 60 + repeat_delay = 235 + # Only change focus on mouse click + follow_mouse = 2 + float_switch_override_focus = 0 + accel_profile = flat + touchpad { + natural_scroll = true } + } - input { - sensitivity = 0 - kb_layout = de,de - kb_variant = bone, - repeat_rate = 60 - repeat_delay = 235 - # Only change focus on mouse click - follow_mouse = 2 - float_switch_override_focus = 0 - accel_profile = flat - touchpad { - natural_scroll = true - } - } + gestures { + workspace_swipe = true + workspace_swipe_numbered = true + } - gestures { - workspace_swipe = true - workspace_swipe_numbered = true - } + misc { + disable_hyprland_logo = true + mouse_move_focuses_monitor = false + } - misc { - disable_hyprland_logo = true - mouse_move_focuses_monitor = false - } + binds { + focus_preferred_method = 1 + } - binds { - focus_preferred_method = 1 - } + # keybinds + bind=${MOD},q,killactive, + bind=${MOD},return,fullscreen, + bind=${MOD},f,togglefloating + bind=${MOD},tab,cyclenext, + bind=ALT,tab,cyclenext, + bind=,Menu,exec,rofi -show drun - # keybinds - bind=${MOD},q,killactive, - bind=${MOD},return,fullscreen, - bind=${MOD},f,togglefloating - bind=${MOD},tab,cyclenext, - bind=ALT,tab,cyclenext, - bind=,Menu,exec,rofi -show drun + bind=${MOD},left,movefocus,l + bind=${MOD},right,movefocus,r + bind=${MOD},up,movefocus,u + bind=${MOD},down,movefocus,d - bind=${MOD},left,movefocus,l - bind=${MOD},right,movefocus,r - bind=${MOD},up,movefocus,u - bind=${MOD},down,movefocus,d + bind=${MOD},n,movefocus,l + bind=${MOD},s,movefocus,r + bind=${MOD},l,movefocus,u + bind=${MOD},r,movefocus,d - bind=${MOD},n,movefocus,l - bind=${MOD},s,movefocus,r - bind=${MOD},l,movefocus,u - bind=${MOD},r,movefocus,d + bind=${MOD} + SHIFT,left,movewindow,l + bind=${MOD} + SHIFT,right,movewindow,r + bind=${MOD} + SHIFT,up,movewindow,u + bind=${MOD} + SHIFT,down,movewindow,d - bind=${MOD} + SHIFT,left,movewindow,l - bind=${MOD} + SHIFT,right,movewindow,r - bind=${MOD} + SHIFT,up,movewindow,u - bind=${MOD} + SHIFT,down,movewindow,d + bindm=${MOD},mouse:272,movewindow - bindm=${MOD},mouse:272,movewindow + bind=${MOD} + SHIFT,n,movewindow,l + bind=${MOD} + SHIFT,s,movewindow,r + bind=${MOD} + SHIFT,l,movewindow,u + bind=${MOD} + SHIFT,r,movewindow,d - bind=${MOD} + SHIFT,n,movewindow,l - bind=${MOD} + SHIFT,s,movewindow,r - bind=${MOD} + SHIFT,l,movewindow,u - bind=${MOD} + SHIFT,r,movewindow,d - - bind=${MOD},comma,workspace,-1 - bind=${MOD},period,workspace,+1 + bind=${MOD},comma,workspace,-1 + bind=${MOD},period,workspace,+1 - bind=${MOD},b,exec,firefox - bind=${MOD},t,exec,kitty - bind=${MOD} + SHIFT,l,exec,systemctl suspend -i - bind=${MOD} + SHIFT,Escape,exit - #fix xwayland hidpi - exec-once = ${pkgs.xorg.xprop}/bin/xprop -root -f _XWAYLAND_GLOBAL_OUTPUT_SCALE 32c -set _XWAYLAND_GLOBAL_OUTPUT_SCALE 2 - env = GDK_SCALE,2 - env = XCURSOR_SIZE,48 + bind=${MOD},b,exec,firefox + bind=${MOD},t,exec,kitty + bind=${MOD} + SHIFT,l,exec,systemctl suspend -i + bind=${MOD} + SHIFT,Escape,exit + #fix xwayland hidpi + exec-once = ${pkgs.xorg.xprop}/bin/xprop -root -f _XWAYLAND_GLOBAL_OUTPUT_SCALE 32c -set _XWAYLAND_GLOBAL_OUTPUT_SCALE 2 + env = GDK_SCALE,2 + env = XCURSOR_SIZE,48 - workspace = eDP-1, 42 + workspace = eDP-1, 42 + + exec-once=bash -c "waybar >/tmp/waybar_error.log" + env = LIBVA_DRIVER_NAME,nvidia + env = XDG_SESSION_TYPE,wayland + env = GBM_BACKEND,nvidia-drm + env = __GLX_VENDOR_LIBRARY_NAME,nvidia + env = WLR_NO_HARDWARE_CURSORS,1 - exec-once=bash -c "waybar >/tmp/waybar_error.log" '' + builtins.concatStringsSep "\n" (map ( x: '' diff --git a/users/common/graphical/sway/default.nix b/users/common/graphical/sway/default.nix new file mode 100644 index 0000000..e5b85b0 --- /dev/null +++ b/users/common/graphical/sway/default.nix @@ -0,0 +1,9 @@ +{config, ...}: { + wayland.windowManager.sway = { + enable = true; + config = { + modifier = "Mod4"; + terminal = "kitty"; + }; + }; +} diff --git a/users/common/shells/alias.nix b/users/common/shells/alias.nix index 4860b63..48126af 100644 --- a/users/common/shells/alias.nix +++ b/users/common/shells/alias.nix @@ -24,6 +24,5 @@ _: { rg = "rg -S"; zf = "zathura --fork"; - hypr = "Hyprland"; }; } diff --git a/users/patrick/default.nix b/users/patrick/default.nix index ea71c3e..70c9dd7 100644 --- a/users/patrick/default.nix +++ b/users/patrick/default.nix @@ -5,7 +5,7 @@ }: { # enable nixos wide hyprland config imports = [ - ../../hosts/common/graphical/hyprland.nix + #../../hosts/common/graphical/hyprland.nix ]; users.users.patrick = { @@ -31,7 +31,7 @@ ./impermanence.nix ../common ../common/interactive.nix - ../common/graphical.nix + ../common/graphical ]; }; } diff --git a/users/patrick/ssh.nix b/users/patrick/ssh.nix index 10769e2..0da0443 100644 --- a/users/patrick/ssh.nix +++ b/users/patrick/ssh.nix @@ -16,12 +16,25 @@ user = "root"; inherit identityFile; }; + "patricknix" = { hostname = "patricknix.local"; user = "root"; inherit identityFile; }; + "testienix" = { + hostname = "192.168.178.74"; + user = "root"; + inherit identityFile; + }; + + "desktopnix" = { + hostname = "192.168.178.176"; + user = "root"; + inherit identityFile; + }; + "WSALVM" = { hostname = "172.10.8.156"; user = "root";