Price/NixOS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit

Browse Source 
TODO: Modify `orion`'s filesystem file to be accurate to the laptop, not
a VM
This commit is contained in:
Price Hiller 2023-09-17 03:40:50 -05:00
commit 61671baedc
No known key found for this signature in database
16 changed files with 502 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md Normal file
View File

@ -0,0 +1,10 @@
# Commands
```bash
git config --global user.email "m@m.com"; git config --global user.name "name"; git add .; git commit -m "Shit" >/dev/null 2>&1; \
git clone . /mnt/etc/nixos
git config --global user.email "m@m.com"; git config --global user.name "name"; git add .; git commit -m "Shit" >/dev/null 2>&1; \
nixos-generate-config --root /mnt --dir /mnt/persist/etc/nixos/hosts/orion/os;
git config --global user.email "m@m.com"; git config --global user.name "name"; git add .; git commit -m "Shit" >/dev/null 2>&1; \
nixos-install --flake "git+file:.#orion"
``

64
flake.lock Normal file
View File

@ -0,0 +1,64 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1694069327,
"narHash": "sha256-Si2otUNjCe8kY5nsV7tILi4PsI0odBFrdSu8cCjn/eQ=",
"owner": "nix-community",
"repo": "disko",
"rev": "7bee8de8e6755506c70323b864a884f9624cc23a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1690797372,
"narHash": "sha256-GImz19e33SeVcIvBB7NnhbJSbTpFFmNtWLh7Z85Y188=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "e3a7acd113903269a1b5c8b527e84ce7ee859851",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1693985761,
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0bffda19b8af722f8069d09d8b6a24594c80b352",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"impermanence": "impermanence",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

22
flake.nix Normal file
View File

@ -0,0 +1,22 @@
{
description = "Price Hiller's flake for managing system configurations";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
impermanence.url = "github:nix-community/impermanence";
};
outputs = inputs @ { self, nixpkgs, impermanence, ... }: rec {
imports = [
./configuration.nix
];
nixosConfigurations.orion = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs;
modules = [
./hosts/orion
impermanence.nixosModules.impermanence
];
};
};
}

3
hosts/luna/README.md Normal file
View File

@ -0,0 +1,3 @@
# Luna
This is my primary server.

2
hosts/orion/README.md Normal file
View File

@ -0,0 +1,2 @@
# Orion
This is my laptop and primary (and only) developer machine.

9
hosts/orion/default.nix Normal file
View File

@ -0,0 +1,9 @@
{ config, lib, nixpkgs, ... }:
{
imports = [
./modules
./os/filesystem.nix
];
system.stateVersion = "23.11";
}

16
hosts/orion/modules/audio.nix Normal file
View File

@ -0,0 +1,16 @@
{ inputs, lib, pkgs, ... }:
{
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
wireplumber.enable = true;
jack.enable = true;
};
}

30
hosts/orion/modules/bluetooth.nix Normal file
View File

@ -0,0 +1,30 @@
{ inputs, lib, pkgs, ... }:
{
hardware.bluetooth.enable = true;
services.blueman.enable = true;
environment.systemPackages = with pkgs; [
bluez
];
systemd.user.services.mpris-proxy = {
description = "Mpris proxy";
after = [ "network.target" "sound.target" ];
wantedBy = [ "default.target" ];
serviceConfig.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
};
security.polkit.extraConfig = ''
/* Allow users in wheel group to use blueman feature requiring root without authentication */
polkit.addRule(function(action, subject) {
if ((action.id == "org.blueman.network.setup" ||
action.id == "org.blueman.dhcp.client" ||
action.id == "org.blueman.rfkill.setstate" ||
action.id == "org.blueman.pppd.pppconnect") &&
subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
'';
}

13
hosts/orion/modules/default.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, pkgs, lib, ... }:
{
imports = [
./audio.nix
./bluetooth.nix
./hardware.nix
./networking.nix
./nix.nix
./power.nix
./user.nix
];
}

21
hosts/orion/modules/hardware.nix Normal file
View File

@ -0,0 +1,21 @@
{ inputs, lib, pkgs, ... }:
{
# NOTE: Disable Nvidia GPU
boot.extraModprobeConfig = ''
blacklist nouveau
options nouveau iwlwifi power_save=1 modeset=0
'';
services.udev.extraRules = ''
# Remove NVIDIA USB xHCI Host Controller devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{power/control}="auto", ATTR{remove}="1"
# Remove NVIDIA USB Type-C UCSI devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{power/control}="auto", ATTR{remove}="1"
# Remove NVIDIA Audio devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{power/control}="auto", ATTR{remove}="1"
# Remove NVIDIA VGA/3D controller devices
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x03[0-9]*", ATTR{power/control}="auto", ATTR{remove}="1"
'';
boot.blacklistedKernelModules = [ "nouveau" "nvidia" "nvidia_drm" "nvidia_modeset" ];
}

86
hosts/orion/modules/networking.nix Normal file
View File

@ -0,0 +1,86 @@
{ inputs, lib, pkgs, hostname, ... }:
let
hostname = "orion";
networks_dhcp_use_dns = "no";
networks_dhcp = "yes";
networks_multicast_dns = "yes";
networks_ipv6_privacy = "yes";
networks_ipv6_accept_ra = "yes";
networks_network_config = {
DHCP = networks_dhcp;
MulticastDNS = networks_multicast_dns;
IPv6PrivacyExtensions = networks_ipv6_privacy;
IPv6AcceptRA = networks_ipv6_accept_ra;
};
resolved_nameservers = [
"198.180.150.12#rgnet-iad.anycast.uncensoreddns.org"
"2001:418:8006::12:853#rgnet-iad.anycast.uncensoreddns.org"
"194.242.2.2#dns.mullvad.net"
"2a07:e340::2:853#dns.mullvad.net"
];
resolved_fallback_nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
in
{
systemd.network = {
enable = true;
networks = {
"10-wlan" = {
matchConfig.Name = [ "wl*" ];
networkConfig = networks_network_config;
dhcpV4Config = {
RouteMetric = 600;
UseDNS = networks_dhcp_use_dns;
};
ipv6AcceptRAConfig = {
RouteMetric = 600;
UseDNS = networks_dhcp_use_dns;
};
};
"10-ethernet" = {
matchConfig.name = [ "en*" "eth*" ];
networkConfig = networks_network_config;
dhcpV4Config = {
RouteMetric = 100;
UseDNS = networks_dhcp_use_dns;
};
ipv6AcceptRAConfig = {
RouteMetric = 100;
UseDNS = networks_dhcp_use_dns;
};
};
"10-wwan" = {
matchConfig.name = [ "ww*" ];
networkConfig = networks_network_config;
dhcpV4Config = {
RouteMetric = 700;
UseDNS = networks_dhcp_use_dns;
};
ipv6AcceptRAConfig = {
RouteMetric = 700;
UseDNS = networks_dhcp_use_dns;
};
};
};
};
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = resolved_fallback_nameservers;
llmnr = "true";
extraConfig = ''
MulticastDNS=yes
DNSOverTLS=yes
CacheFromLocalhost=no
Cache=yes
'';
};
networking = {
hostName = "${hostname}";
wireless.iwd.enable = true;
};
}

16
hosts/orion/modules/nix.nix Normal file
View File

@ -0,0 +1,16 @@
{ pkgs, ... }:
{
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
trusted-users = ["@wheel"];
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
}

7
hosts/orion/modules/power.nix Normal file
View File

@ -0,0 +1,7 @@
{ ... }:
{
powerManagement.enable = true;
powerManagement.powertop.enable = true;
services.thermald.enable = true;
}

37
hosts/orion/modules/user.nix Normal file
View File

@ -0,0 +1,37 @@
{ pkgs, user, ... }:
let
user = "price";
in
{
programs = {
zsh.enable = true;
};
nixpkgs.config.allowUnfree = true;
users.users = {
root.initialPassword = "pass";
"${user}" = {
initialPassword = "pass";
shell = pkgs.zsh;
isNormalUser = true;
description = "${user}";
extraGroups = [
"wheel"
"docker"
"nix-users"
"libvirt"
"log"
];
};
};
environment.systemPackages = with pkgs; [
ungoogled-chromium
wezterm
yamllint
stylua
eza
];
}

84
hosts/orion/os/filesystem.nix Normal file
View File

@ -0,0 +1,84 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
initrd = {
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
kernelModules = [ ];
luks.devices = {
"luksroot" = {
device = "/dev/disk/by-label/NixOS-Crypt";
allowDiscards = true;
};
};
};
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
swapDevices = [{ device = "/dev/disk/by-label/NixOS-Swap"; }];
fileSystems = {
"/" = {
device = "none";
fsType = "tmpfs";
options = [ "defaults" "noatime" "mode=755" ];
};
"/boot" = {
device = "/dev/disk/by-label/NixOS-Boot";
fsType = "vfat";
options = [ "defaults" "noatime" ];
depends = [ "/" ];
};
"/nix" = {
device = "/dev/disk/by-label/NixOS-Primary";
fsType = "btrfs";
options = [ "subvol=@nix" "compress=zstd" "noatime" ];
};
"/home" = {
device = "/dev/disk/by-label/NixOS-Primary";
fsType = "btrfs";
options = [ "subvol=@home" "compress=zstd" "noatime" ];
};
};
environment.persistence = {
"/nix/persist" = {
hideMounts = true;
directories = [
"/var/lib"
"/var/log"
"/etc/nixos"
];
files = [
"/etc/machine-id"
"/etc/nix/id_rsa"
];
users.price = {
directories = [
"Git"
"ISOs"
"Downloads"
"Keep"
"Notes"
".local/share"
{ directory = ".gnupg"; mode = "0700"; }
{ directory = ".ssh"; mode = "0700"; }
];
files = [
".zsh_history"
];
};
};
};
}

82
install.bash Normal file
View File

@ -0,0 +1,82 @@
#!/usr/env/bin bash
set -euox pipefail
export DISK="/dev/vda"
export DISK_EXT="${DISK}"
# The size is large because I'd like to be able to hibernate my laptop in its entirety. I have 64 GB of ram.
export SWAP_SIZE="32"
export SWAP_OFFSET="$(( SWAP_SIZE + 1 ))"
export LABEL_CRYPT_LUKS="NixOS-Crypt"
export LABEL_SWAP="NixOS-Swap"
export LABEL_BTRFS="NixOS-Primary"
export LABEL_BOOT="NixOS-Boot"
swapoff -a || true
umount /mnt/**/* || true
umount /mnt/* || true
umount /mnt || true
cryptsetup close enc || true
dd if=/dev/zero of="${DISK}" bs=512 count=1024 || true
### Partition The Disk
parted "${DISK}" -- mklabel gpt
# Boot partition
parted -a optimal "${DISK}" -- mkpart ESP fat32 1MiB 1GiB
parted "${DISK}" -- set 1 boot on
mkfs.vfat "${DISK_EXT}1"
fatlabel "${DISK_EXT}1" "${LABEL_BOOT}"
# Swap Partition
parted -a optimal "${DISK}" -- mkpart "${LABEL_SWAP}" linux-swap 1Gib "${SWAP_OFFSET}GB"
mkswap -L "${LABEL_SWAP}" "${DISK_EXT}2"
swapon "${DISK_EXT}2"
# Nix Partition, where the OS will reside with our data
parted -a optimal "${DISK}" -- mkpart "${LABEL_BTRFS}" "${SWAP_OFFSET}GiB" 100%
### Encrypt
cryptsetup --verify-passphrase -v luksFormat "${DISK_EXT}3"
cryptsetup config "${DISK_EXT}3" --label "${LABEL_CRYPT_LUKS}"
# Have to decrypt it so we can actually get other things setup
export CRYPT_OPEN_NAME="enc"
export CRYPT_PATH="/dev/mapper/${CRYPT_OPEN_NAME}"
cryptsetup open "${DISK_EXT}3" "${CRYPT_OPEN_NAME}"
### BTRFS Setup
# Go ahead and make the unerypted BTRFS
mkfs.btrfs -L "${LABEL_BTRFS}" "${CRYPT_PATH}"
# Mount it
mount -t btrfs "${CRYPT_PATH}" /mnt
# Create our subvolumes
for subvol in "home" "nix"; do
btrfs subvolume create "/mnt/@${subvol}"
done
umount /mnt
### Final Mountings
# Mount tmpfs to mnt
mount -t tmpfs -o mode=755 none /mnt
# Create our directories
mkdir /mnt/{"boot","nix","home"}
# Mount our boot partition
mount -t vfat -o defaults,noatime "${DISK_EXT}1" /mnt/boot
# Mount our btrfs subvolumes individually with some btrfs options
# NOTE: On high performance NVME SSDs with a beefy CPU it may be worth considering ZLO compression instead of ZSTD. In
# many cases ZLO is more performant, especially when writing, than ZSTD while having a somewhat worse comrpession ratio.
# WARN: ZLO *may* be a good solution, it can be VERY slow on incompressible data. Something to keep in mind.
mount -t btrfs -o noatime,compress=zstd,subvol=@nix "${CRYPT_PATH}" /mnt/nix
mount -t btrfs -o noatime,compress=zstd,subvol=@home "${CRYPT_PATH}" /mnt/home
mkdir -p /mnt/nix/persist
### Install NixOS
# Gotta make sure current working tree isn't dirty for the flake
git config --global user.email "m@m.com"; git config --global user.name "name"; git add .; git commit -m "Shit" >/dev/null 2>&1; \
# Clone the flake into place
git clone . /mnt/nix/persist/etc/nixos && cd /mnt/nix/persist/etc/nixos
# Finally, actually install NixOS
nixos-install --flake "git+file:.#orion"