diff --git a/configs/nixos/common.nix b/configs/nixos/common.nix index f69ef9b..e926d1a 100644 --- a/configs/nixos/common.nix +++ b/configs/nixos/common.nix @@ -14,6 +14,7 @@ optimise.automatic = true; settings = { auto-optimise-store = true; + trusted-users = ["root" "gabe"]; }; gc = { automatic = true; diff --git a/configs/nixos/wireless.nix b/configs/nixos/wireless.nix deleted file mode 100644 index 6f4a74b..0000000 --- a/configs/nixos/wireless.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - config, - pkgs, - ... -}: { - networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. -} diff --git a/flake.lock b/flake.lock index 0ef4ba6..df71274 100644 --- a/flake.lock +++ b/flake.lock @@ -254,42 +254,6 @@ "url": "ssh://git@git.venberg.xyz:7920/Gabe/nix-secrets.git" } }, - "nixlib": { - "locked": { - "lastModified": 1712450863, - "narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "3c62b6a12571c9a7f65ab037173ee153d539905f", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixos-generators": { - "inputs": { - "nixlib": "nixlib", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1716210724, - "narHash": "sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J+ve1w=", - "owner": "nix-community", - "repo": "nixos-generators", - "rev": "d14b286322c7f4f897ca4b1726ce38cb68596c94", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-generators", - "type": "github" - } - }, "nixos-wsl": { "inputs": { "flake-compat": [ @@ -415,7 +379,6 @@ "flake-utils": "flake-utils", "home-manager": "home-manager", "nix-secrets": "nix-secrets", - "nixos-generators": "nixos-generators", "nixos-wsl": "nixos-wsl", "nixpkgs": "nixpkgs", "nixvim": "nixvim", diff --git a/flake.nix b/flake.nix index 3e874c6..113c9fb 100644 --- a/flake.nix +++ b/flake.nix @@ -36,11 +36,6 @@ inputs.flake-compat.follows = "flake-compat"; }; - nixos-generators = { - url = "github:nix-community/nixos-generators"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - #https://unmovedcentre.com/technology/2024/03/22/secrets-management.html sops-nix = { url = "github:mic92/sops-nix"; @@ -110,7 +105,7 @@ packages.x86_64-linux = { proxmox = import ./packages/proxmox.nix {inherit inputs outputs configLib;}; - vm = import ./packages/vm.nix {inherit inputs outputs configLib;}; + iso = import ./packages/iso.nix {inherit inputs outputs configLib;}; }; templates = import ./templates {inherit inputs outputs;}; diff --git a/hosts/workstation-vm/default.nix b/hosts/workstation-vm/default.nix index 5d61b45..dc68e4a 100644 --- a/hosts/workstation-vm/default.nix +++ b/hosts/workstation-vm/default.nix @@ -22,7 +22,6 @@ inputs.nixpkgs.lib.nixosSystem { ../../configs/nixos/i3 ../../configs/nixos/common.nix ../../configs/nixos/sshd.nix - ../../configs/nixos/secrets.nix ({ config, pkgs, diff --git a/packages/iso.nix b/packages/iso.nix new file mode 100644 index 0000000..108155c --- /dev/null +++ b/packages/iso.nix @@ -0,0 +1,154 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + inputs, + outputs, + configLib, + ... +}: +(inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs outputs configLib;}; + # > Our main nixos configuration file < + modules = [ + inputs.home-manager.nixosModules.home-manager + ../configs/nixos/printing.nix + ../configs/nixos/sound.nix + ../configs/nixos/interactive-networking.nix + ../configs/nixos/i3 + ../configs/nixos/common.nix + ../configs/nixos/sshd.nix + ../roles/nixos/power-saving.nix + ({ + config, + pkgs, + lib, + inputs, + configLib, + modulesPath, + options, + ... + }: { + imports = [ + "${modulesPath}/installer/cd-dvd/iso-image.nix" + "${modulesPath}/profiles/base.nix" + "${modulesPath}/profiles/clone-config.nix" + "${modulesPath}/profiles/qemu-guest.nix" + "${modulesPath}/profiles/all-hardware.nix" + "${modulesPath}/installer/scan/detected.nix" + "${modulesPath}/installer/scan/not-detected.nix" + ]; + host = { + user = "gabe"; + fullName = "Gabe Venberg"; + gui.enable = true; + }; + networking.hostName = "nixos-installer"; # Define your hostname. + + users.users.${config.host.user} = { + packages = with pkgs; [ + gparted + firefox + ]; + }; + + home-manager.users.${config.host.user} = { + inputs, + osConfig, + ... + }: { + host = osConfig.host; + user = { + git = { + profile = { + name = "Gabe Venberg"; + email = "gabevenberg@gmail.com"; + }; + workProfile.enable = false; + }; + }; + imports = [ + ../roles/home-manager/terminal.nix + ../configs/home-manager/common.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; + + # Adds terminus_font for people with HiDPI displays + console.packages = options.console.packages.default ++ [pkgs.terminus_font]; + + # ISO naming. + isoImage.isoName = "${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso"; + + # EFI booting + isoImage.makeEfiBootable = true; + + # USB booting + isoImage.makeUsbBootable = true; + + # Add Memtest86+ to the CD. + boot.loader.grub.memtest86.enable = true; + + # services.libinput.enable = true; # for touchpad support on many laptops + + # An installation media cannot tolerate a host config defined file + # system layout on a fresh machine, before it has been formatted. + swapDevices = lib.mkForce []; + fileSystems = lib.mkForce config.lib.isoFileSystems; + + system.nixos.variant_id = lib.mkDefault "installer"; + + # Enable in installer, even if the minimal profile disables it. + documentation.enable = lib.mkForce true; + + # Show the manual. + documentation.nixos.enable = lib.mkForce true; + + # Tell the Nix evaluator to garbage collect more aggressively. + # This is desirable in memory-constrained environments that don't + # (yet) have swap set up. + environment.variables.GC_INITIAL_HEAP_SIZE = "1M"; + + # Make the installer more likely to succeed in low memory + # environments. The kernel's overcommit heustistics bite us + # fairly often, preventing processes such as nix-worker or + # download-using-manifests.pl from forking even if there is + # plenty of free memory. + boot.kernel.sysctl."vm.overcommit_memory" = "1"; + + # To speed up installation a little bit, include the complete + # stdenv in the Nix store on the CD. + system.extraDependencies = with pkgs; [ + stdenv + stdenvNoCC # for runCommand + busybox + jq # for closureInfo + # For boot.initrd.systemd + makeInitrdNGTool + ]; + + # Show all debug messages from the kernel but don't log refused packets + # because we have the firewall enabled. This makes installs from the + # console less cumbersome if the machine has a public IP. + networking.firewall.logRefusedConnections = lib.mkDefault false; + + # Prevent installation media from evacuating persistent storage, as their + # var directory is not persistent and it would thus result in deletion of + # those entries. + environment.etc."systemd/pstore.conf".text = '' + [PStore] + Unlink=no + ''; + + # Much faster than xz + isoImage.squashfsCompression = lib.mkDefault "zstd"; + + system.stateVersion = lib.mkDefault lib.trivial.release; + }) + ]; +}) +.config +.system +.build +.isoImage diff --git a/packages/proxmox.nix b/packages/proxmox.nix index cf38218..e33e79f 100644 --- a/packages/proxmox.nix +++ b/packages/proxmox.nix @@ -4,10 +4,9 @@ configLib, ... }: -inputs.nixos-generators.nixosGenerate { +(inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = {inherit inputs outputs configLib;}; - format = "proxmox-lxc"; modules = [ inputs.home-manager.nixosModules.home-manager ../configs/nixos/sshd.nix @@ -17,10 +16,13 @@ inputs.nixos-generators.nixosGenerate { pkgs, configLib, modulesPath, + lib, ... }: { - imports = [(modulesPath + "/virtualisation/proxmox-lxc.nix")]; + imports = ["${modulesPath}/virtualisation/proxmox-lxc.nix"]; proxmoxLXC.manageHostName = false; + boot.loader.grub.enable = lib.mkForce false; + boot.loader.systemd-boot.enable = lib.mkForce false; host.user = "gabe"; host.fullName = "Gabe Venberg"; @@ -49,4 +51,8 @@ inputs.nixos-generators.nixosGenerate { system.stateVersion = "24.05"; }) ]; -} +}) +.config +.system +.build +.tarball diff --git a/roles/home-manager/minimal-terminal.nix b/roles/home-manager/minimal-terminal.nix index b2e2525..116f663 100644 --- a/roles/home-manager/minimal-terminal.nix +++ b/roles/home-manager/minimal-terminal.nix @@ -22,6 +22,7 @@ fd sd curl + rsync ]; home.sessionVariables = { diff --git a/roles/nixos/power-saving.nix b/roles/nixos/power-saving.nix index d2899c3..3a8a2d8 100644 --- a/roles/nixos/power-saving.nix +++ b/roles/nixos/power-saving.nix @@ -6,5 +6,5 @@ }: { powerManagement.powertop.enable = true; powerManagement.enable = true; - powerManaagement.cpuFreqGovernor = "ondemand"; + powerManagement.cpuFreqGovernor = "ondemand"; }