summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--flake.lock43
-rw-r--r--flake.nix10
-rw-r--r--machines.nix13
-rw-r--r--modules/nixos/boot/109-199-104-83.nix1
-rw-r--r--modules/nixos/common.nix3
-rw-r--r--modules/nixos/disko/remote.nix64
-rw-r--r--modules/nixos/impermanence-ssh.nix4
-rw-r--r--modules/nixos/impermanence.nix1
-rw-r--r--modules/nixos/machines/109-199-104-83.nix24
-rw-r--r--users/andromeda/home.nix1
10 files changed, 106 insertions, 58 deletions
diff --git a/flake.lock b/flake.lock
index faa81e0..91bce37 100644
--- a/flake.lock
+++ b/flake.lock
@@ -129,6 +129,27 @@
"type": "github"
}
},
+ "disko": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1746728054,
+ "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
+ "owner": "nix-community",
+ "repo": "disko",
+ "rev": "ff442f5d1425feb86344c028298548024f21256d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "latest",
+ "repo": "disko",
+ "type": "github"
+ }
+ },
"firefox-gnome-theme": {
"flake": false,
"locked": {
@@ -304,26 +325,6 @@
"type": "github"
}
},
- "glide-browser": {
- "inputs": {
- "nixpkgs": [
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1767296470,
- "narHash": "sha256-4VpU9zSO4mHV4kaqhs6Wkt7UdNwbb/6PdKWgyRkpw64=",
- "owner": "glide-browser",
- "repo": "glide.nix",
- "rev": "2778e385e37330c9effd6c66252d940e7ec8ac95",
- "type": "github"
- },
- "original": {
- "owner": "glide-browser",
- "repo": "glide.nix",
- "type": "github"
- }
- },
"gnome-shell": {
"flake": false,
"locked": {
@@ -617,7 +618,7 @@
"root": {
"inputs": {
"agenix": "agenix",
- "glide-browser": "glide-browser",
+ "disko": "disko",
"home-manager": "home-manager_2",
"impermanence": "impermanence",
"nix-zulip": "nix-zulip",
diff --git a/flake.nix b/flake.nix
index 918cd6e..ec6c255 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,8 +4,8 @@
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
- glide-browser = {
- url = "github:glide-browser/glide.nix";
+ disko = {
+ url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
@@ -45,7 +45,7 @@
};
outputs = {
agenix,
- glide-browser,
+ disko,
home-manager,
impermanence,
nixos-mailserver,
@@ -70,8 +70,9 @@
./users.nix
./secrets.nix
./modules/nixos/common.nix
- impermanence.nixosModules.impermanence
agenix.nixosModules.default
+ disko.nixosModules.disko
+ impermanence.nixosModules.impermanence
nixos-mailserver.nixosModule
noshell.nixosModules.default
phoenix.nixosModules.default
@@ -79,7 +80,6 @@
{
nixpkgs.overlays = [
agenix.overlays.default
- glide-browser.overlays.default
nur.overlays.default
nix-zulip'.overlays.default
];
diff --git a/machines.nix b/machines.nix
index 9825bce..ade302f 100644
--- a/machines.nix
+++ b/machines.nix
@@ -6,6 +6,7 @@
modules = [
# impermanence
./modules/nixos/impermanence.nix
+ ./modules/nixos/impermanence-ssh.nix
# hardware configuration
# includes `system.stateVersion`
@@ -39,6 +40,7 @@
# hardware configuration
# verbatim as `nixos-generate-config` AND `system.stateVersion`
./modules/nixos/machines/109-199-104-83.nix
+ ./modules/nixos/disko/remote.nix
# boot process
# grub boot on /dev/sda
@@ -51,9 +53,12 @@
# ssh through port 5522 among other things
# andromeda@lenovo is the only user allowed access
- ./modules/nixos/networking/hard-ssh.nix
- ./modules/nixos/networking/ssh-as-root.nix
- ({config, ...}: {users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];})
+ # ./modules/nixos/networking/hard-ssh.nix
+ #./modules/nixos/networking/ssh-as-root.nix
+ ({config, ...}: {
+ services.openssh.enable = true;
+ users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];
+ })
# TODO add Impermanence to the following services
@@ -70,8 +75,6 @@
# zulip chat server
# zulip.domain
# ./modules/nixos/zulip.nix
- {
- }
];
};
}
diff --git a/modules/nixos/boot/109-199-104-83.nix b/modules/nixos/boot/109-199-104-83.nix
index d54de8e..71f8d54 100644
--- a/modules/nixos/boot/109-199-104-83.nix
+++ b/modules/nixos/boot/109-199-104-83.nix
@@ -1,6 +1,5 @@
{
boot.loader.grub = {
- devices = ["/dev/sda"];
efiSupport = true;
efiInstallAsRemovable = true;
};
diff --git a/modules/nixos/common.nix b/modules/nixos/common.nix
index 94d77d4..ba476e5 100644
--- a/modules/nixos/common.nix
+++ b/modules/nixos/common.nix
@@ -20,4 +20,7 @@
# disable lecture
security.sudo.extraConfig = ''Defaults lecture="never"'';
+
+ # make users immutable
+ users.mutableUsers = false;
}
diff --git a/modules/nixos/disko/remote.nix b/modules/nixos/disko/remote.nix
new file mode 100644
index 0000000..0b2e726
--- /dev/null
+++ b/modules/nixos/disko/remote.nix
@@ -0,0 +1,64 @@
+{
+ disko.devices = {
+ disk = {
+ disk1 = {
+ device = "/dev/sda";
+ type = "disk";
+ content = {
+ type = "gpt";
+ partitions = {
+ # legacy boot
+ boot = {
+ name = "boot";
+ size = "1M";
+ type = "EF02";
+ };
+
+ # efi boot
+ esp = {
+ name = "ESP";
+ size = "512M";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ };
+ };
+
+ # btrfs
+ # root is on nodev
+ root = {
+ size = "100%";
+ content = {
+ extraArgs = ["-f"]; # internet told me to, works
+ type = "btrfs";
+ subvolumes = {
+ # nix store
+ "/nix" = {
+ mountpoint = "/nix";
+ };
+
+ # persistant directory
+ "/persist" = {
+ mountpoint = "/persist";
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+ nodev = {
+ # root
+ "/" = {
+ fsType = "tmpfs";
+ mountOptions = [
+ "defaults"
+ "mode=755" # stops security complaints
+ ];
+ };
+ };
+ };
+}
diff --git a/modules/nixos/impermanence-ssh.nix b/modules/nixos/impermanence-ssh.nix
new file mode 100644
index 0000000..00dc294
--- /dev/null
+++ b/modules/nixos/impermanence-ssh.nix
@@ -0,0 +1,4 @@
+{
+ # ONLY include this module AFTER a machine has been provisioned
+ environment.persistence."/persist".directories = ["/etc/ssh"];
+}
diff --git a/modules/nixos/impermanence.nix b/modules/nixos/impermanence.nix
index 91e0dd7..7f0062b 100644
--- a/modules/nixos/impermanence.nix
+++ b/modules/nixos/impermanence.nix
@@ -7,7 +7,6 @@
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
- "/etc/ssh"
];
files = [
"/etc/machine-id"
diff --git a/modules/nixos/machines/109-199-104-83.nix b/modules/nixos/machines/109-199-104-83.nix
index 85399e9..998001c 100644
--- a/modules/nixos/machines/109-199-104-83.nix
+++ b/modules/nixos/machines/109-199-104-83.nix
@@ -17,30 +17,6 @@
boot.kernelModules = [];
boot.extraModulePackages = [];
- fileSystems."/" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["defaults" "mode=755"];
- };
-
- fileSystems."/nix" = {
- device = "/dev/disk/by-uuid/3457e181-b01d-4712-809d-c8b65e863992";
- fsType = "btrfs";
- options = ["subvol=nix"];
- };
-
- fileSystems."/persist" = {
- device = "/dev/disk/by-uuid/3457e181-b01d-4712-809d-c8b65e863992";
- fsType = "btrfs";
- options = ["subvol=persist"];
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/05FB-0941";
- fsType = "vfat";
- options = ["fmask=0022" "dmask=0022"];
- };
-
swapDevices = [];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
diff --git a/users/andromeda/home.nix b/users/andromeda/home.nix
index 5960690..6be79be 100644
--- a/users/andromeda/home.nix
+++ b/users/andromeda/home.nix
@@ -35,7 +35,6 @@ in {
pkgs.dust
pkgs.fluffychat
pkgs.fzf
- pkgs.glide-browser
pkgs.glow
pkgs.grim
pkgs.jmtpfs
generated by cgit v1.3 (git 2.53.0) at 2026-05-07 01:01:45 +0000