From c59347238f52bb8a45643ac4022adb918ca77c99 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Tue, 22 Apr 2025 14:19:48 -0700 Subject: [PATCH] latest updates --- framework/configuration-zfs.nix | 204 ------------------ framework/configuration.nix | 91 +++++++- framework/disko-zfs.nix | 110 ---------- framework/{disko-btrfs.nix => disko.nix} | 0 framework/hardware-configuration-tmpfs.nix | 72 ------- framework/hardware-configuration.nix | 40 +++- framework/original-hardware-configuration.nix | 63 ------ 7 files changed, 120 insertions(+), 460 deletions(-) delete mode 100644 framework/configuration-zfs.nix delete mode 100644 framework/disko-zfs.nix rename framework/{disko-btrfs.nix => disko.nix} (100%) delete mode 100644 framework/hardware-configuration-tmpfs.nix delete mode 100644 framework/original-hardware-configuration.nix diff --git a/framework/configuration-zfs.nix b/framework/configuration-zfs.nix deleted file mode 100644 index 0f1d763..0000000 --- a/framework/configuration-zfs.nix +++ /dev/null @@ -1,204 +0,0 @@ -# Config for framework16 -{ config, pkgs, lib, ... }: - -#... luksOpen /dev/mapper/crypt -#zpool import -f rpool -#mount -t zfs rpool/local/root /mnt -#mkdir -p /mnt/{boot,nix,home,persist,var/lib,var/log} -#mount /dev/nvme0n1p1 /mnt/boot -#mount -t zfs rpool/local/nix /mnt/nix -#mount -t zfs rpool/safe/home /mnt/home -#mount -t zfs rpool/safe/persist /mnt/persist -#mount -t zfs rpool/local/var/lib /mnt/var/lib -#mount -t zfs rpool/local/var/log /mnt/var/log -let - impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz"; -in -{ - imports = - [ - ./hardware-configuration.nix - "${impermanence}/nixos.nix" - ]; - - boot = { - kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; - kernelParams = [ "nohibernate" ]; - supportedFilesystems = [ "zfs" ]; - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - zfs.requestEncryptionCredentials = false; - zfs.devNodes = "/dev/disk/by-path"; - initrd.luks.devices."crypt".device = "/dev/disk/by-uuid/9f40ebbb-b4b6-42bc-9ae3-493ee933142a"; - initrd.postResumeCommands = lib.mkAfter '' - zfs rollback -r rpool/local/root@blank - ''; - }; - - fileSystems = { - "/persist" = { - device = "rpool/safe/persist"; - fsType = "zfs"; - neededForBoot = true; # Only /persist needs to be marked as needed for boot - }; - }; - - swapDevices = [ { - device = "/dev/nvme0n1p2"; - randomEncryption.enable = true; - } ]; - - networking.hostId = "3294c9a2"; # Required for ZFS - networking.hostName = "cryochamber"; - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - environment.persistence."/persist" = { - hideMounts = true; - directories = [ - "/root" - "/etc/nixos" - "/etc/ssh" - ]; - files = [ - "/etc/machine-id" - #"/etc/nix/id_rsa" # Needed? - ]; - }; - # Files are not copied to /persist during install, so need to do so manually - #rsync -azPH /mnt/root/ /mnt/persist/root - #rsync -azPH /mnt/etc/nixos/ /mnt/persist/etc/nixos - #rsync -azPH /mnt/etc/ssh/ /mnt/persist/etc/ssh - #cp /mnt/etc/machine-id /mnt/persist/etc/machine-id - - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/Los_Angeles"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - virtualisation.docker = { - enable = true; - extraOptions = "--storage-driver=overlay2"; - }; - programs.zsh.enable = true; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "yes"; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - - # Configure keymap in X11 - services.xserver.xkb = { - layout = "us"; - variant = ""; - }; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.hunner = { - isNormalUser = true; - description = "Hunter Haugen"; - extraGroups = [ "docker" "networkmanager" "wheel" ]; - hashedPassword = "$y$j9T$hLqdzlz7dbJZgUnKs.eo3/$25s/2X18vGtDKj53qD1sn/.Omp/6CBJWbn7d9KAiOK7"; - shell = pkgs.zsh; - packages = with pkgs; [ - # thunderbird - ]; - }; - - # Enable automatic login for the user. - services.displayManager.autoLogin.enable = true; - services.displayManager.autoLogin.user = "hunner"; - - # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229 - systemd.services."getty@tty1".enable = false; - systemd.services."autovt@tty1".enable = false; - - # Install firefox. - programs.firefox.enable = true; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - git - vim - wget - curl - htop - zfs - tmux - docker-compose - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? - -} diff --git a/framework/configuration.nix b/framework/configuration.nix index 73f0263..5ef2167 100644 --- a/framework/configuration.nix +++ b/framework/configuration.nix @@ -3,6 +3,10 @@ let impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz"; + unstable = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz") { + config = config.nixpkgs.config; + overlays = config.nixpkgs.overlays; + }; in { imports = @@ -28,7 +32,7 @@ in "/" = { device = "none"; fsType = "tmpfs"; - options = [ "defaults" "size=4G" "mode=755" ]; + options = [ "defaults" "size=17G" "mode=755" ]; }; "/persist" = { neededForBoot = true; @@ -36,7 +40,7 @@ in }; networking.hostId = "3294c9a2"; # Required for ZFS - networking.hostName = "cryochamber"; + networking.hostName = "liminal"; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. environment.persistence."/persist" = { @@ -45,6 +49,7 @@ in "/root" "/etc/nixos" "/etc/ssh" + "/etc/NetworkManager/system-connections" ]; files = [ "/etc/machine-id" @@ -56,6 +61,10 @@ in #rsync -azPH /mnt/etc/nixos/ /mnt/persist/etc/nixos #rsync -azPH /mnt/etc/ssh/ /mnt/persist/etc/ssh #cp /mnt/etc/machine-id /mnt/persist/etc/machine-id + security.sudo.extraConfig = '' + # Don't lecture after reboot + Defaults lecture = never + ''; networking.networkmanager.enable = true; @@ -92,6 +101,11 @@ in services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; + services.xserver.windowManager.xmonad = { + enable = true; + enableContribAndExtras = true; + }; + # Configure keymap in X11 services.xserver.xkb = { layout = "us"; @@ -101,6 +115,10 @@ in # Enable CUPS to print documents. services.printing.enable = true; + # Enable bluetooth + hardware.bluetooth.enable = true; + services.blueman.enable = true; + # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; @@ -124,16 +142,22 @@ in users.users.hunner = { isNormalUser = true; description = "Hunter Haugen"; - extraGroups = [ "docker" "networkmanager" "wheel" ]; + extraGroups = [ "docker" "networkmanager" "wheel" "audio" ]; hashedPassword = "$y$j9T$hLqdzlz7dbJZgUnKs.eo3/$25s/2X18vGtDKj53qD1sn/.Omp/6CBJWbn7d9KAiOK7"; shell = pkgs.zsh; packages = with pkgs; [ - # thunderbird + neovim + asdf-vm + pinentry-gtk2 + gnupg + zoom-us + firefox-devedition + nodejs ]; }; # Enable automatic login for the user. - services.displayManager.autoLogin.enable = true; + services.displayManager.autoLogin.enable = false; services.displayManager.autoLogin.user = "hunner"; # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229 @@ -149,8 +173,6 @@ in # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget git vim wget @@ -158,7 +180,39 @@ in htop zfs tmux + file + ripgrep docker-compose + alacritty + rofi + xlockmore + dzen2 + arandr + xorg.xrandr + xorg.xsetroot + xorg.xset + hsetroot + redshift + flameshot + #code-cursor + unstable.code-cursor + pwvucontrol + helvum + ]; + + services.clipmenu.enable = true; + programs.direnv = { + enable = true; + package = unstable.direnv; + nix-direnv.enable = true; + nix-direnv.package = unstable.nix-direnv; + }; + programs._1password.enable = true; + programs._1password-gui.enable = true; + + fonts.packages = with pkgs; [ + nerdfonts + liberation_ttf ]; # Some programs need SUID wrappers, can be configured further or are @@ -179,6 +233,29 @@ in # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; + systemd.services.upower.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; # Enable NSS lookup for .local domains + openFirewall = true; + publish = { + enable = true; + addresses = true; + domain = true; + workstation = true; + }; + }; + + services.fprintd.enable = true; + #security.pam.services = { + # login.fprintAuth = true; + # xscreensaver.fprintAuth = true; + # sudo.fprintAuth = true; + # #gdm.fprintAuth = true; + # gdm-password.fprintAuth = true; + #}; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions diff --git a/framework/disko-zfs.nix b/framework/disko-zfs.nix deleted file mode 100644 index b3ea421..0000000 --- a/framework/disko-zfs.nix +++ /dev/null @@ -1,110 +0,0 @@ -# Config for framework 16 -# sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount disko.nix -{ - disko.devices = { - disk = { - nvme0n1 = { - type = "disk"; - device = "/dev/nvme0n1"; - content = { - type = "gpt"; - partitions = { - ESP = { - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - swap = { - size = "70G"; - content = { - type = "swap"; - randomEncryption = true; - }; - }; - crypt = { - size = "100%"; - content = { - type = "luks"; - name = "crypt"; - extraOpenArgs = [ "--allow-discards" ]; - passwordFile = "/tmp/secret.key"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }; - }; - }; - zpool = { - rpool = { - type = "zpool"; - rootFsOptions = { - canmount = "off"; - mountpoint = "none"; - acltype = "posixacl"; - compression = "lz4"; - dnodesize = "auto"; - normalization = "formD"; - relatime = "on"; - xattr = "sa"; - }; - options = { - ashift = "12"; - autotrim = "on"; - }; - datasets = { - "local/root" = { - type = "zfs_fs"; - options = { - mountpoint = "legacy"; - canmount = "noauto"; - }; - mountpoint = "/"; - postCreateHook = '' - zfs snapshot rpool/local/root@blank - ''; - }; - "local/nix" = { - type = "zfs_fs"; - options.mountpoint = "legacy"; - mountpoint = "/nix"; - }; - "safe/persist" = { - type = "zfs_fs"; - options.mountpoint = "legacy"; - mountpoint = "/persist"; - }; - "safe/home" = { - type = "zfs_fs"; - options.mountpoint = "legacy"; - mountpoint = "/home"; - postCreateHook = '' - zfs snapshot rpool/safe/home@blank - ''; - }; - "local/var" = { - type = "zfs_fs"; - }; - "local/var/lib" = { - type = "zfs_fs"; - options.mountpoint = "legacy"; - mountpoint = "/var/lib"; - }; - "local/var/log" = { - type = "zfs_fs"; - options.mountpoint = "legacy"; - mountpoint = "/var/log"; - }; - }; - }; - }; - }; -} diff --git a/framework/disko-btrfs.nix b/framework/disko.nix similarity index 100% rename from framework/disko-btrfs.nix rename to framework/disko.nix diff --git a/framework/hardware-configuration-tmpfs.nix b/framework/hardware-configuration-tmpfs.nix deleted file mode 100644 index dadb542..0000000 --- a/framework/hardware-configuration-tmpfs.nix +++ /dev/null @@ -1,72 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "none"; - fsType = "tmpfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/963D-7FF2"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/64d32a97-9d65-4562-9c3c-f19935c04be5"; - fsType = "btrfs"; - options = [ "subvol=home" ]; - }; - - boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/3e59f9f8-065f-4778-a08e-dc361fc8c3a5"; - - fileSystems."/nix" = - { device = "/dev/disk/by-uuid/64d32a97-9d65-4562-9c3c-f19935c04be5"; - fsType = "btrfs"; - options = [ "subvol=nix" ]; - }; - - fileSystems."/persist" = - { device = "/dev/disk/by-uuid/64d32a97-9d65-4562-9c3c-f19935c04be5"; - fsType = "btrfs"; - options = [ "subvol=persist" ]; - }; - - fileSystems."/var/lib" = - { device = "/dev/disk/by-uuid/64d32a97-9d65-4562-9c3c-f19935c04be5"; - fsType = "btrfs"; - options = [ "subvol=var/lib" ]; - }; - - fileSystems."/var/log" = - { device = "/dev/disk/by-uuid/64d32a97-9d65-4562-9c3c-f19935c04be5"; - fsType = "btrfs"; - options = [ "subvol=var/log" ]; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/05e71820-86a3-44d2-86e5-14738b3283b4"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/framework/hardware-configuration.nix b/framework/hardware-configuration.nix index 7b7a78c..2cba214 100644 --- a/framework/hardware-configuration.nix +++ b/framework/hardware-configuration.nix @@ -14,18 +14,50 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/9df8e21d-7a32-4d3c-85bc-430b4e8d81e2"; - fsType = "ext4"; + { device = "none"; + fsType = "tmpfs"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/FD5E-1CDC"; + { device = "/dev/disk/by-uuid/E270-3DFB"; fsType = "vfat"; options = [ "fmask=0077" "dmask=0077" ]; }; + fileSystems."/home" = + { device = "/dev/disk/by-uuid/8be833f2-6247-49e4-a6cb-f8ebe69619f6"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + + boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/2fade11e-8347-415d-8629-0578a7c8d534"; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/8be833f2-6247-49e4-a6cb-f8ebe69619f6"; + fsType = "btrfs"; + options = [ "subvol=nix" ]; + }; + + fileSystems."/persist" = + { device = "/dev/disk/by-uuid/8be833f2-6247-49e4-a6cb-f8ebe69619f6"; + fsType = "btrfs"; + options = [ "subvol=persist" ]; + }; + + fileSystems."/var/lib" = + { device = "/dev/disk/by-uuid/8be833f2-6247-49e4-a6cb-f8ebe69619f6"; + fsType = "btrfs"; + options = [ "subvol=var/lib" ]; + }; + + fileSystems."/var/log" = + { device = "/dev/disk/by-uuid/8be833f2-6247-49e4-a6cb-f8ebe69619f6"; + fsType = "btrfs"; + options = [ "subvol=var/log" ]; + }; + swapDevices = - [ { device = "/dev/disk/by-uuid/57ee1e51-6c22-4046-9a01-da31e88cd800"; } + [ { device = "/dev/disk/by-uuid/4ad150c5-5d21-422c-8038-18952e1d999d"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/framework/original-hardware-configuration.nix b/framework/original-hardware-configuration.nix deleted file mode 100644 index 89f7968..0000000 --- a/framework/original-hardware-configuration.nix +++ /dev/null @@ -1,63 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "rpool/local/root"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3B6B-5D51"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - fileSystems."/home" = - { device = "rpool/safe/home"; - fsType = "zfs"; - }; - - fileSystems."/nix" = - { device = "rpool/local/nix"; - fsType = "zfs"; - }; - - fileSystems."/persist" = - { device = "rpool/safe/persist"; - fsType = "zfs"; - }; - - fileSystems."/var/lib" = - { device = "rpool/local/var/lib"; - fsType = "zfs"; - }; - - fileSystems."/var/log" = - { device = "rpool/local/var/log"; - fsType = "zfs"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -}