From 796bdd1a421073356a32cace05cb12c1ed4fb53a Mon Sep 17 00:00:00 2001 From: Jimbo Date: Mon, 7 Oct 2024 15:11:45 -0400 Subject: [PATCH 01/11] Add Luks protection to Desktop, switch to BTRFS --- .../JimDesktop/hardware-configuration.nix | 48 ++++++++++++++----- 1 file changed, 36 insertions(+), 12 deletions(-) diff --git a/system/hosts/JimDesktop/hardware-configuration.nix b/system/hosts/JimDesktop/hardware-configuration.nix index 8dfaf0b..7e621d9 100644 --- a/system/hosts/JimDesktop/hardware-configuration.nix +++ b/system/hosts/JimDesktop/hardware-configuration.nix @@ -48,6 +48,13 @@ in { "vfio_iommu_type1" "kvm-amd" ]; + luks.devices = { + "crypt-ssd" = { + device = "/dev/disk/by-uuid/52110c74-19b6-40ef-9710-e6c9b157005f"; + preLVM = true; + allowDiscards = true; + }; + }; }; }; @@ -61,48 +68,65 @@ in { # Mount everything as necessary fileSystems = { "/" = { - device = "/dev/disk/by-uuid/f0786b07-8303-416f-87ff-276bfd696387"; - fsType = "bcachefs"; + device = "/dev/disk/by-uuid/bbfed7d1-62f2-4d8e-b63f-7f6ec932105b"; + fsType = "btrfs"; + options = [ "subvol=@" "noatime" "nodiratime" "discard" ]; + }; + "/home" = { + device = "/dev/disk/by-uuid/bbfed7d1-62f2-4d8e-b63f-7f6ec932105b"; + fsType = "btrfs"; + options = [ "subvol=@home" "noatime" "nodiratime" "discard" ]; + }; + "/nix" = { + device = "/dev/disk/by-uuid/bbfed7d1-62f2-4d8e-b63f-7f6ec932105b"; + fsType = "btrfs"; + options = [ "subvol=@nix" "noatime" "nodiratime" "discard" ]; + }; + "/var" = { + device = "/dev/disk/by-uuid/bbfed7d1-62f2-4d8e-b63f-7f6ec932105b"; + fsType = "btrfs"; + options = [ "subvol=@var" "noatime" "nodiratime" "discard" ]; }; "/boot" = { - device = "/dev/disk/by-uuid/EF6D-9009"; + device = "/dev/disk/by-uuid/3B4A-76C9"; fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; }; "/etc/libvirt" = { device = "/dev/disk/by-label/Qemu"; - options = ["nosuid" "nodev" "nofail"]; + options = [ "nosuid" "nodev" "nofail" ]; }; "/var/lib/libvirt" = { - depends = ["/etc/libvirt"]; + depends = [ "/etc/libvirt" ]; device = "/etc/libvirt/varlibvirt"; - options = ["bind" "rw"]; + options = [ "bind" "rw" ]; }; "/mnt/Linux1" = { device = "/dev/disk/by-label/Linux1"; - options = ["nosuid" "nodev" "nofail" "x-gvfs-show"]; + options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; }; "/mnt/Linux2" = { device = "/dev/disk/by-label/Linux2"; - options = ["nosuid" "nodev" "nofail" "x-gvfs-show"]; + options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; }; "/mnt/Windows1" = { device = "/dev/disk/by-label/Windows1"; - options = ["nosuid" "nodev" "noauto"]; + options = [ "nosuid" "nodev" "noauto" ]; }; "/mnt/Windows2" = { device = "/dev/disk/by-label/Windows2"; - options = ["nosuid" "nodev" "noauto"]; + options = [ "nosuid" "nodev" "noauto" ]; }; "/home/jimbo/JimboNFS" = { device = "${outputs.ips.server}:/export/JimboNFS"; fsType = "nfs4"; - options = ["x-systemd.automount" "_netdev" "nofail" "noauto"]; + options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; }; }; # Set the swap partition swapDevices = [ - {device = "/dev/disk/by-uuid/2e4c5120-716d-4cdc-84a0-c9e6391760db";} + { device = "/dev/disk/by-uuid/1a6a68d0-8ae7-4836-a585-b708597937a1"; } ]; # Enables DHCP on each ethernet and wireless interface. From 121653cf1e6ae5e2f523bfa1d8c05ceb3662ab27 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Mon, 7 Oct 2024 23:05:46 -0400 Subject: [PATCH 02/11] Add changes for secure boot and how mounts happen --- flake.lock | 219 +++++++++++++++++- flake.nix | 8 + system/hosts/JimDesktop/configuration.nix | 2 +- .../JimDesktop/hardware-configuration.nix | 53 +++-- system/modules/lanzaboote.nix | 6 + 5 files changed, 261 insertions(+), 27 deletions(-) create mode 100644 system/modules/lanzaboote.nix diff --git a/flake.lock b/flake.lock index 5081499..98ba869 100644 --- a/flake.lock +++ b/flake.lock @@ -33,6 +33,27 @@ "type": "gitlab" } }, + "crane": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717535930, + "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", + "owner": "ipetkov", + "repo": "crane", + "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -50,6 +71,22 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1673956053, @@ -65,9 +102,48 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" }, "locked": { "lastModified": 1681202837, @@ -83,6 +159,28 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "hardware": { "locked": { "lastModified": 1727665282, @@ -120,10 +218,37 @@ "type": "github" } }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1718178907, + "narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "b627ccd97d0159214cee5c7db1412b75e4be6086", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.4.1", + "repo": "lanzaboote", + "type": "github" + } + }, "mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "nixpkgs": "nixpkgs_2", "nixpkgs-24_05": "nixpkgs-24_05", "utils": "utils" @@ -145,8 +270,8 @@ }, "minecraft": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils", + "flake-compat": "flake-compat_3", + "flake-utils": "flake-utils_2", "nixpkgs": "nixpkgs_3" }, "locked": { @@ -192,6 +317,22 @@ "type": "indirect" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1727348695, @@ -270,11 +411,39 @@ "type": "github" } }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1717664902, + "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "blender-bin": "blender-bin", "hardware": "hardware", "home-manager": "home-manager", + "lanzaboote": "lanzaboote", "mailserver": "mailserver", "minecraft": "minecraft", "nixpkgs": "nixpkgs_4", @@ -282,6 +451,31 @@ "nur": "nur" } }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717813066, + "narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -312,9 +506,24 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1709126324, diff --git a/flake.nix b/flake.nix index 0b46cb3..e313862 100644 --- a/flake.nix +++ b/flake.nix @@ -11,6 +11,12 @@ minecraft.url = "github:Infinidoge/nix-minecraft"; hardware.url = "github:nixos/nixos-hardware/master"; + # Secure boot + lanzaboote = { + url = "github:nix-community/lanzaboote/v0.4.1"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # Home manager home-manager = { url = "github:nix-community/home-manager/release-24.05"; @@ -26,6 +32,7 @@ mailserver, blender-bin, hardware, + lanzaboote, home-manager, ... } @inputs: let @@ -56,6 +63,7 @@ specialArgs = {inherit inputs outputs;}; modules = [ ./system/hosts/JimDesktop/configuration.nix + lanzaboote.nixosModules.lanzaboote ]; }; JimServer = nixpkgs.lib.nixosSystem { diff --git a/system/hosts/JimDesktop/configuration.nix b/system/hosts/JimDesktop/configuration.nix index 3e53a5c..ce9c0e9 100644 --- a/system/hosts/JimDesktop/configuration.nix +++ b/system/hosts/JimDesktop/configuration.nix @@ -24,7 +24,7 @@ # Hardware ./hardware-configuration.nix - ./../../modules/systemdboot.nix + ./../../modules/lanzaboote.nix ./../../modules/opengl.nix ./../../modules/filesystems.nix ./../../modules/nvidia.nix diff --git a/system/hosts/JimDesktop/hardware-configuration.nix b/system/hosts/JimDesktop/hardware-configuration.nix index 7e621d9..7dc5a62 100644 --- a/system/hosts/JimDesktop/hardware-configuration.nix +++ b/system/hosts/JimDesktop/hardware-configuration.nix @@ -22,9 +22,7 @@ in { (modulesPath + "/installer/scan/not-detected.nix") ]; - # Set all boot options boot = { - # Set a kernel version and load/blacklist drivers kernelPackages = pkgs.unstable.linuxPackages_zen; blacklistedKernelModules = [ "pcspkr" @@ -48,6 +46,9 @@ in { "vfio_iommu_type1" "kvm-amd" ]; + + # Encryption and TPM + systemd.enable = true; luks.devices = { "crypt-ssd" = { device = "/dev/disk/by-uuid/52110c74-19b6-40ef-9710-e6c9b157005f"; @@ -61,7 +62,7 @@ in { # Additional entry to boot from the second GPU specialisation = { gputwo.configuration = { - boot.kernelParams = commonKernelParams ++ ["vfio-pci.ids=10de:2504,10de:228e"]; + boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ]; }; }; @@ -92,8 +93,33 @@ in { fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; + + # Games and such + "/mnt/Linux1" = { + device = "/dev/disk/by-uuid/b2901f8c-ffda-4b88-bb63-a9ea0c96ccb4"; + options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; + }; + "/mnt/Linux2" = { + device = "/dev/disk/by-uuid/f08e4f38-162c-402f-ba2a-5925151b78bf"; + options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; + }; + "/mnt/Windows1" = { + device = "/dev/disk/by-uuid/10BC97B2BC979138"; + options = [ "nosuid" "nodev" "noauto" ]; + }; + "/mnt/Windows2" = { + device = "/dev/disk/by-uuid/0A5A3420237C863A"; + options = [ "nosuid" "nodev" "noauto" ]; + }; + + # Miscellaneous mounts "/etc/libvirt" = { - device = "/dev/disk/by-label/Qemu"; + device = "/dev/disk/by-uuid/f18a0302-9914-471d-828c-85ab1a67a8be"; + options = [ "nosuid" "nodev" "nofail" ]; + }; + "/etc/libvirt/VMs/Bulk" = { + depends = [ "/etc/libvirt" ]; + device = "/dev/disk/by-uuid/3eb36c3e-81ac-4281-89f0-c89242d88dd6"; options = [ "nosuid" "nodev" "nofail" ]; }; "/var/lib/libvirt" = { @@ -101,22 +127,8 @@ in { device = "/etc/libvirt/varlibvirt"; options = [ "bind" "rw" ]; }; - "/mnt/Linux1" = { - device = "/dev/disk/by-label/Linux1"; - options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; - }; - "/mnt/Linux2" = { - device = "/dev/disk/by-label/Linux2"; - options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; - }; - "/mnt/Windows1" = { - device = "/dev/disk/by-label/Windows1"; - options = [ "nosuid" "nodev" "noauto" ]; - }; - "/mnt/Windows2" = { - device = "/dev/disk/by-label/Windows2"; - options = [ "nosuid" "nodev" "noauto" ]; - }; + + # Network mounts "/home/jimbo/JimboNFS" = { device = "${outputs.ips.server}:/export/JimboNFS"; fsType = "nfs4"; @@ -131,7 +143,6 @@ in { # Enables DHCP on each ethernet and wireless interface. networking.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/system/modules/lanzaboote.nix b/system/modules/lanzaboote.nix new file mode 100644 index 0000000..26dcb01 --- /dev/null +++ b/system/modules/lanzaboote.nix @@ -0,0 +1,6 @@ +{ + boot.lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; +} From 343011019ababe547b95795e76c17d666647030e Mon Sep 17 00:00:00 2001 From: Jimbo Date: Tue, 8 Oct 2024 12:31:45 -0400 Subject: [PATCH 03/11] Update secrets against new install --- extras/secrets.nix | Bin 3017 -> 3017 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/extras/secrets.nix b/extras/secrets.nix index 0d7d38b1ef48744424b619af3817ec86056dafdc..431f37f54f2fd371673409f44d03db2a51f47239 100644 GIT binary patch literal 3017 zcmV;)3pVrsM@dveQdv+`0C-G2voYwm5A5sSC%YQxN#w8<|Dp3)BSvIJ1W>DbvQt`o8@dkwp~VEPk9hcQ(xv!iiGH!3&!^sz6g`WR{t{VGkGYn&!4&y zJ7XrSbSHWSb{^cUlJVdfQvVO+W(&0mC?&mVC6ja#r#*(LxM|Ej#@x_@y0?h((RqiQ zYo26pRoJRkPNa)H^1W{No`~$Z4I!OvGhGr%YoPQLpx;{G+h`tN2%7&8Z;dl_x~6->;mds$}YB9FxsA`U7aYmRhJcQv$EhJc} zoVh>q%B+LlkPC!X01dh^5U))@;Ho65_jwNfgF%XPI)JZU=e031m+yfrB1YJy0-NDA zOX~>JfU@RGaSk6j2?!>HdKQaFeK%Cf%4s5TZD$m}=il$z>NTpjAf|W4^-_;}Y>xxe zTN6n&XRwMX`u{)eh)+&maxD{1BRfW67FHiysUpETbG(h^0%S4%X{McoymZ*7f4dY= ziRLwR>&b1*#@WHmS)amj6vPWuj;(UeneNE)Aw~?H63wd&@_YGoxo0dph5vZw;o3*@ zJ9s6+2ppjeCRjcOkjhfOu7cV5QWP_Z()UT63?nyhz=5QI?&7kGfxs^hRB5MMF_se~@Cs-!Qq(-nx?=vjIkW-sHZu@U((O@g^)qtyTlUUT%-2M6p>U0z>oxm5EMI}#oCP`7#kLm-SM-S zYV)M{oq7Yo8RG;5w?7Q+ji202JCgxhCU@qwhS_La=7qh)xUlSuU{ymMmjD0-v+onInkWaSLF9*F>um3WyfKIw?E*c6Nys#P) zii@lbV3rozZf2!@)cwWjIwsPJLSzzpp@-j+wG3 zr<>rtRGgnk+s~qb#Cw!>dv^V)kK`x5E{Rps@8d1?KXARWA0KYn;)X;!KRrlol;ol) zoQm#H=rjYD`BDHv&H2h``Ac@+OmqQeW@@>hYE?9!@tr-$FrL0mcL_~U$2ewDTNgNc z{1S{JozpRfg~Q;*XloZMI$%d`&N|@k^;DiA-tnbJu}-*sBLto;=k8PYdP>VZ)yrST zr~3GnSm0n&S@0RCxJK_LCEC$p(oQXL+eohb*AJV5mK}PEdU1wt||RJQOFf zBWH(}qus6YJs^M@HYE&nIsE$_s3Q*s%dt=}(>?i;or>or*UYx3s(J(QnO9W6#=i;D zfI~XH8pesp#=T2Pdo~sd5jWsK>As8%HU}j3h=R6%Q3z=!3O4u3Yvuc1SCmQ%*+BHd2#d(&*eMWp*--$?))t{ON8T}Yv4`0Ze3?zkA$GIyDQn=hnS8U83WJu| zqz8W!5SfMBTXNcp5-&fQDi6PWMYZ3+)KUEeUrCI1St?B^CFl4X*2IV*y}1E9BT`*G z=p;i_$EsX3+mQ>cKR3}yJM|Y`8m;EB0?d~F413u_Yz{Oy??Zx*XZ;Hy{#C={WQ)9c zC>xTx%%S;a+(^2e@g250Y~S|2A}mE62uP0JFZkz@eBTBs=y8a*=Q9d-W&J4nsVX+{ zRoRCOdR$BDph0xrFrXP9MaAVh%>U>|PC|4}F=A!C53x`sL&zrJ{!w2wZixI`HG?W+ zLO-k;>SEb$wI_iz`4XjflEb?ab3_qPKfo;f<;X^S=wPqbxOQ#QZ6Ui>Tk0Y(DDReH z{+Y#Bs*IrnG*rTUJ_J!+YzW&Ee1vMZx76CKp6;XPxrB2JnFJlS=WJNF2hMr=Gag7z zjZFH=2KYzhl8I~{pw0Hxomh1V|DQS@liQ+t0|Y=Gl5N$QkBRi|eiBJfH@wqZH|cMC z#PkAdHErahRvIQ&`GHWfPZ>w?(^%a>CxRwY%A11#&=GAYnQU8G%huyVFoGgyHB;L6 z3$9*-^i=ErMviF%KmUP*)hV`+g;G47wT#bWU4nR7J!MPEIYF--VJ{YYBC=v7MR_xz zd$P0{_9|=1{rG8*rA@0dOFe>GE4Z{#4n-6tf{!cbqjP|zzCo7sWFMJAc8EAi(Ak1# ziA&C7o69M^612Q|^%7iKQfx`n3b(R2Y+hJZ6Jw(2pF>xTBirJP5Wk3cJOn}2v*Z*g zx<_nEy_YRR_!Q><5?vgQZK=)LAjbrD&Uh`^K+&%f5pudnS`FtG6P~PBZ-Z1Zi2 z+4*`DeOSK~^n|V1cgwUkAewV@i^*dM1;W-$co^V8GIIIDg5(oW>CtpT)nr>-@g-Ow z-H!GMmcLng5_IUc@adingYMehfj^^?u)gTNxuU!3tCb}fE$K10m z{vM&Jl)B?oR)1s|?TaY3v#F7TcGYn-s>m->sgZ>4JkpGX^URl-!`+>e>~3Qxe=)h} zy?9Lt2V6Qbj2m(rY*Ht|QaAc=M>(12(uoZc@Pc%=>J8%grOze|5H8DmT*)zSg_tb> z!Bp&>6y$d;TCCxQ8eifkOxA%b0Kd}duSzvryfjw_abnpylH+~1HWPi{;xd^J&7}%J LSWB9Mf!b_o6;j!0 literal 3017 zcmV;)3pVrsM@dveQdv+`09TiJZo12qF=N2nr0Mn(6k!nN5Uh&=0xin09aJv^Iq?wS zo_a-T*Zx;lVf^mcn`F9YcU`w_gQ~l_@J*pL2ZJj;g`iu(rUJlW5VZX%l`BbxDk@gh z-Hz(FBp-nDXgq#`JfxxCS}*9hzxM%4`$Q`d#Hku^_bG;R3w!AW=eM&8Etz#U$@Kd> z+6B{d*n;hK$A>4D5yg82BCg;CVV zWTQ+KWI%A9mCoIginwC#N(8nqGRuKb6_KFv746$afkOoiW^=VP)S9Y7i-e8c)eh;im$anL$HY*x zEGirR;lf1wHf<$g5J3ttW{+c28{^G(EBVYP76R#SGCTG_x?RF0O|_WJ@wUi4)&h&( zI@Ia^9ISL^2u6?nRNqQum|;)805|G`;R80XeGGA zV#nNt5zcla86I_p%^7k2u&Op6wyVlAAiyfrt5^wC&5iqIfyIBo^dg+sZcEsQn3@X0;?^^fW`_A0JFD%<=R6x8k>M$EOPP5DIS+E z)%|y{Nuaj(T}azbzOLiAWX_8aeSMwAoU^)0m{MK0cSum9{FDwYy+}OG&&Pry5H5f( z>istssfvIt2nq=|nIepZkM{QY=kIVv8Bjuud&(inCb8<1#Mq%kHMHNf)eVpW zcOrq5lNp!!8gILbI69XhC^iMCf37hkxBJ4dRLl#!O29hYYv zo(k9x@2TI)>$R?Iurx1b?hw1=-7<^({7CpQTZ0BBOeJcVR8GePSZN75Vij;=+ON^S?`q*7`J9x##OkH{e#9mO(EaEXZn{&|bdlKyF_KDs4}G;U zk;Hz9=Shj;f_7R-=NutV{6)Ywx7ww}cVujADXRZXeJ4kS|E`7NyMUeu;G-+@+>fd3AeW@ zy@-7%Nj=(n?ZnN5tr0{prCC zFQn!xFlj{NlT;AM|IZue$@??jAPl9%*3d5$<^Z9C>t(%!+~i1^CRV;4pNXq@FE+S` zO`2}#3hgvotSApvdg&}c-Gdeyyjkw~Vn`GECv2GPpjS+*S5R~7DdvJ&X5jg8tTqO)lbyG;9K(j2#jYHUZsBvQ=$;8Flk^J zpCr9xv0+>4S@67x=A?XN>v<2Hh1LU=uG&{yhesr{*hgel1y;zZ8SnP(Aug%a%DST3*zX0W+V~a|DeWO z&BqN4h5f9Sd|{v*TR#%N@^>{S|FID-<(jf@-R6V|6*6SR^p0NvSXKnAH}PzBL4BA= zYC+&;u=3ti+KH(TKJEca&u9+5I7A9MDXl2qK`Vme=1`7PQq%AKL1L!i-nQy^3=xh&pgS1(dt z`~}j|RW|0!`zFrzTbtJre}O^HsRzv$v1FdGLv}5{CU)$WuvRDFPLeX#2hKW3={uIw zzc6)z!g>(qCmMC)$eIq9&mMI)H3{5{p!9_hB%aqck;V12!;|HEk_28oMY zFBz$diZ4QBE;#Ep_>Fg`O%Xzc?|-g*4~?m;^kC;5O7jE@f4F0`OWC3T^e7oj2u`PU zsmb$qUw1Dx3J+2r?cp6IJ&z+`I*_HSNy#Yh*!S*xq=Sr8@(Vg*krm?l8OXkDN>-sF#j9T{k@>oeb`jEk zFBb?b@3%jmtx;F}i}Z~KFDS~t)35|tje!@;TIVCKA2Xpo8d5|DTWP}*d4TSqAor5t&ffizaRept;@~LOTLyi z(y~wiEG4HQIs-LNtOv^vE5o!X{C4J=1~*uWd%|`Z^73h9O+6UY@W$(QW5r?MYvX#i z6w@6bUjJqdj@31`xx<)>2UP5PfYb^Juxe}q(o{1AnRRy8ss9B@TG}b^R#o*Nd$|y^ zbfbmGXa(!R{7i zNP3KQpOKZ>li_7|YRS^)Q6yL^p3XD Lw97kCt%S)I%lhkv From 205b262c181a86bca3270e9a6b10556e2d7d1632 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Tue, 8 Oct 2024 12:37:40 -0400 Subject: [PATCH 04/11] Change the boot config for server --- system/hosts/JimServer/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/hosts/JimServer/configuration.nix b/system/hosts/JimServer/configuration.nix index 0622a83..29a926c 100644 --- a/system/hosts/JimServer/configuration.nix +++ b/system/hosts/JimServer/configuration.nix @@ -15,7 +15,7 @@ # Hardware ./hardware-configuration.nix - ./../../hardware/systemdboot.nix + ./../../modules/systemdboot.nix # Services ./../../services/openssh.nix From 8bd5d3c0c829b54fe4b1913e7827eba944a46296 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Fri, 11 Oct 2024 22:22:24 -0400 Subject: [PATCH 05/11] Modify flake slightly idk --- flake.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index e313862..aa39697 100644 --- a/flake.nix +++ b/flake.nix @@ -47,7 +47,9 @@ packages = forAllSystems (system: import ./extras/pkgs nixpkgs.legacyPackages.${system}); # Your custom packages and modifications, exported as overlays - overlays = import ./extras/overlays.nix {inherit inputs;}; + overlays = [ + (import ./extras/overlays.nix {inherit inputs;}) + ]; # Variables defined so they can be accessed globally secrets = import ./extras/secrets.nix; From ef085e32f15d0eac19e4222497cf766c24491966 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Fri, 11 Oct 2024 22:22:46 -0400 Subject: [PATCH 06/11] Update velocity --- system/server/firewall.nix | 1 + system/server/minecraft/servers/velocity.nix | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/system/server/firewall.nix b/system/server/firewall.nix index a5a4184..9ddf789 100644 --- a/system/server/firewall.nix +++ b/system/server/firewall.nix @@ -27,6 +27,7 @@ type nat hook prerouting priority dstnat; policy accept; tcp dport 2211 dnat to ${outputs.ips.pc}:22 comment "SSH to PC" tcp dport 2233 dnat to ${outputs.ips.wgSpan}.3:22 comment "SSH to Oracle VM" + tcp dport 2255 dnat to ${outputs.ips.vm}:22 comment "SSH to VM" udp dport { 27005, 27015, 7777 } dnat to ${outputs.ips.pc} comment "PC Hosted Games" diff --git a/system/server/minecraft/servers/velocity.nix b/system/server/minecraft/servers/velocity.nix index 6db38c2..b02b657 100644 --- a/system/server/minecraft/servers/velocity.nix +++ b/system/server/minecraft/servers/velocity.nix @@ -7,12 +7,12 @@ in { jvmOpts = "-Xmx512M"; symlinks = { "plugins/Geyser.jar" = builtins.fetchurl { - url = "https://download.geysermc.org/v2/projects/geyser/versions/2.4.2/builds/660/downloads/velocity"; - sha256 = "09z938v6xrgbiba8rxgi7cdh3xxkv9fdampy15k6fmwddmj9y4a2"; + url = "https://download.geysermc.org/v2/projects/geyser/versions/2.4.3/builds/688/downloads/velocity"; + sha256 = "0gmsr2pspjklnshrrm7ril8c669gsac4v9ck4n6j85p0dp6aizql"; }; "plugins/Floodgate.jar" = builtins.fetchurl { - url = "https://download.geysermc.org/v2/projects/floodgate/versions/2.2.3/builds/109/downloads/velocity"; - sha256 = "1hxdf38qzpzdnyn2gn1152fyd54bi37i0ayc82dgcjf0qrcbmv0c"; + url = "https://download.geysermc.org/v2/projects/floodgate/versions/2.2.3/builds/112/downloads/velocity"; + sha256 = "1cbb9qdlk9nw2q1vchq4fq553qxqi49268pg46b426wsa1yxjqa9"; }; "plugins/LuckPerms.jar" = builtins.fetchurl { url = "https://download.luckperms.net/1556/velocity/LuckPerms-Velocity-5.4.141.jar"; From 300c954fd7a19a3dca4d67f93b4f64dd6e979a05 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Fri, 11 Oct 2024 22:33:59 -0400 Subject: [PATCH 07/11] undo breaking change --- flake.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index aa39697..e313862 100644 --- a/flake.nix +++ b/flake.nix @@ -47,9 +47,7 @@ packages = forAllSystems (system: import ./extras/pkgs nixpkgs.legacyPackages.${system}); # Your custom packages and modifications, exported as overlays - overlays = [ - (import ./extras/overlays.nix {inherit inputs;}) - ]; + overlays = import ./extras/overlays.nix {inherit inputs;}; # Variables defined so they can be accessed globally secrets = import ./extras/secrets.nix; From c380052b0cc21eada534f8d2d71da4915ca18fe2 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Sat, 12 Oct 2024 17:35:29 -0400 Subject: [PATCH 08/11] Move fonts config into home-manager --- flake.nix | 2 +- home/hosts/JimDesktop/home.nix | 1 + home/hosts/JimLenovo/home.nix | 1 + home/hosts/JimPine/home.nix | 1 + home/misc/fonts.nix | 19 +++++++++++++++++++ system/desktop/fonts.nix | 14 -------------- system/hosts/JimDesktop/configuration.nix | 1 - system/hosts/JimLenovo/configuration.nix | 1 - system/hosts/JimPine/configuration.nix | 1 - 9 files changed, 23 insertions(+), 18 deletions(-) create mode 100644 home/misc/fonts.nix delete mode 100644 system/desktop/fonts.nix diff --git a/flake.nix b/flake.nix index e313862..6ac9fbb 100644 --- a/flake.nix +++ b/flake.nix @@ -47,7 +47,7 @@ packages = forAllSystems (system: import ./extras/pkgs nixpkgs.legacyPackages.${system}); # Your custom packages and modifications, exported as overlays - overlays = import ./extras/overlays.nix {inherit inputs;}; + overlays = import ./extras/overlays.nix { inherit inputs; }; # Variables defined so they can be accessed globally secrets = import ./extras/secrets.nix; diff --git a/home/hosts/JimDesktop/home.nix b/home/hosts/JimDesktop/home.nix index 3055040..8f213a9 100644 --- a/home/hosts/JimDesktop/home.nix +++ b/home/hosts/JimDesktop/home.nix @@ -7,6 +7,7 @@ # GUI Apps ./../../misc/guifiles.nix + ./../../misc/fonts.nix ./../../sway/sway.nix ./../../sway/swaylock.nix ./../../programs/gtk.nix diff --git a/home/hosts/JimLenovo/home.nix b/home/hosts/JimLenovo/home.nix index 007f786..a2090db 100644 --- a/home/hosts/JimLenovo/home.nix +++ b/home/hosts/JimLenovo/home.nix @@ -7,6 +7,7 @@ # GUI Apps ./../../misc/guifiles.nix + ./../../misc/fonts.nix ./../../sway/sway.nix ./../../sway/swaylock.nix ./../../programs/gtk.nix diff --git a/home/hosts/JimPine/home.nix b/home/hosts/JimPine/home.nix index ba5e93b..809906c 100644 --- a/home/hosts/JimPine/home.nix +++ b/home/hosts/JimPine/home.nix @@ -7,6 +7,7 @@ # GUI Apps ./../../misc/guifiles.nix + ./../../misc/fonts.nix ./../../sway/sway.nix ./../../sway/swaylock.nix ./../../programs/gtk.nix diff --git a/home/misc/fonts.nix b/home/misc/fonts.nix new file mode 100644 index 0000000..d6ef4f7 --- /dev/null +++ b/home/misc/fonts.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: { + home.packages = with pkgs; [ + liberation_ttf + twitter-color-emoji + noto-fonts + sarasa-gothic + ubuntu_font_family + (nerdfonts.override { fonts = [ "UbuntuMono" ]; }) + ]; + + fonts.fontconfig = { + enable = true; + defaultFonts = { + sansSerif = [ "Ubuntu" ]; + monospace = [ "UbuntuMono Nerd Font Mono" ]; + emoji = [ "Twitter Color Emoji" ]; + }; + }; +} diff --git a/system/desktop/fonts.nix b/system/desktop/fonts.nix deleted file mode 100644 index e38a909..0000000 --- a/system/desktop/fonts.nix +++ /dev/null @@ -1,14 +0,0 @@ -{pkgs, ...}: { - # Fonts - fonts = { - packages = with pkgs; [ - liberation_ttf - twitter-color-emoji - noto-fonts - sarasa-gothic - ubuntu_font_family - (nerdfonts.override {fonts = ["UbuntuMono"];}) - ]; - fontconfig.defaultFonts.emoji = ["Twitter Color Emoji"]; - }; -} diff --git a/system/hosts/JimDesktop/configuration.nix b/system/hosts/JimDesktop/configuration.nix index ce9c0e9..1308fdc 100644 --- a/system/hosts/JimDesktop/configuration.nix +++ b/system/hosts/JimDesktop/configuration.nix @@ -16,7 +16,6 @@ ./../../desktop/pipewire.nix ./../../desktop/bluetooth.nix ./../../desktop/firewall.nix - ./../../desktop/fonts.nix ./../../desktop/qt.nix # Modules diff --git a/system/hosts/JimLenovo/configuration.nix b/system/hosts/JimLenovo/configuration.nix index a543934..4b975b4 100644 --- a/system/hosts/JimLenovo/configuration.nix +++ b/system/hosts/JimLenovo/configuration.nix @@ -16,7 +16,6 @@ ./../../desktop/pipewire.nix ./../../desktop/bluetooth.nix ./../../desktop/firewall.nix - ./../../desktop/fonts.nix ./../../desktop/qt.nix # Laptop/Portable only diff --git a/system/hosts/JimPine/configuration.nix b/system/hosts/JimPine/configuration.nix index 797a8f0..c7df43b 100644 --- a/system/hosts/JimPine/configuration.nix +++ b/system/hosts/JimPine/configuration.nix @@ -15,7 +15,6 @@ ./../../desktop/pipewire.nix ./../../desktop/bluetooth.nix ./../../desktop/firewall.nix - ./../../desktop/fonts.nix ./../../desktop/qt.nix ./../../desktop/wireguard.nix From c3193845a4c16139297cecbc23ae40e60ea1f9e6 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Sat, 12 Oct 2024 21:14:55 -0400 Subject: [PATCH 09/11] Simplify flake with variables --- flake.nix | 112 ++++++++++++++++++------------------------------------ 1 file changed, 38 insertions(+), 74 deletions(-) diff --git a/flake.nix b/flake.nix index 6ac9fbb..de700c6 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,6 @@ description = "Jimbo's systems as a flake"; inputs = { - # Nixpkgs nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nur.url = "github:nix-community/NUR"; @@ -37,15 +36,16 @@ ... } @inputs: let inherit (self) outputs; - forAllSystems = nixpkgs.lib.genAttrs [ - "aarch64-linux" - "x86_64-linux" - ]; + mkNixos = modules: nixpkgs.lib.nixosSystem { + inherit modules; + specialArgs = { inherit inputs outputs; }; + }; + + mkHome = modules: pkgs: home-manager.lib.homeManagerConfiguration { + inherit modules pkgs; + extraSpecialArgs = { inherit inputs outputs; }; + }; in rec { - # Your custom packages - # Accessible through 'nix build', 'nix shell', etc - packages = forAllSystems (system: import ./extras/pkgs nixpkgs.legacyPackages.${system}); - # Your custom packages and modifications, exported as overlays overlays = import ./extras/overlays.nix { inherit inputs; }; @@ -59,76 +59,40 @@ # NixOS config entrypoint, use 'nixos-rebuild --flake .#your-hostname' nixosConfigurations = { - JimDesktop = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs outputs;}; - modules = [ - ./system/hosts/JimDesktop/configuration.nix - lanzaboote.nixosModules.lanzaboote - ]; - }; - JimServer = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs outputs;}; - modules = [ - ./system/hosts/JimServer/configuration.nix - mailserver.nixosModule - ]; - }; - JimPine = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs outputs;}; - modules = [ - ./system/hosts/JimPine/configuration.nix - hardware.nixosModules.pine64-pinebook-pro - ]; - }; - JimLenovo = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs outputs;}; - modules = [ - ./system/hosts/JimLenovo/configuration.nix - ]; - }; + JimDesktop = mkNixos [ + ./system/hosts/JimDesktop/configuration.nix + lanzaboote.nixosModules.lanzaboote + ]; + JimServer = mkNixos [ + ./system/hosts/JimServer/configuration.nix + mailserver.nixosModule + ]; + JimPine = mkNixos [ + ./system/hosts/JimPine/configuration.nix + hardware.nixosModules.pine64-pinebook-pro + ]; }; # Home-manager configuration, use 'home-manager --flake .#your-username@your-hostname' homeConfigurations = { - "jimbo@JimDesktop" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = {inherit inputs outputs;}; - modules = [ - ./home/hosts/JimDesktop/home.nix - nur.nixosModules.nur - ]; - }; - "jimbo@JimServer" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = {inherit inputs outputs;}; - modules = [ - ./home/hosts/JimServer/home.nix - ]; - }; - "jimbo@JimPine" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.aarch64-linux; - extraSpecialArgs = {inherit inputs outputs;}; - modules = [ - ./home/hosts/JimPine/home.nix - nur.nixosModules.nur - ]; - }; - "jimbo@JimLenovo" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = {inherit inputs outputs;}; - modules = [ - ./home/hosts/JimLenovo/home.nix - nur.nixosModules.nur - ]; - }; + "jimbo@JimDesktop" = mkHome [ + ./home/hosts/JimDesktop/home.nix + nur.nixosModules.nur + ] nixpkgs.legacyPackages."x86_64-linux"; + + "jimbo@JimServer" = mkHome [ + ./home/hosts/JimServer/home.nix + ] nixpkgs.legacyPackages.x86_64-linux; + + "jimbo@JimPine" = mkHome [ + ./home/hosts/JimPine/home.nix + nur.nixosModules.nur + ] nixpkgs.legacyPackages.aarch64-linux; + # Derivation for ssh envrionments on other people's servers - "jimbo@JimTerminal" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = {inherit inputs outputs;}; - modules = [ - ./home/hosts/JimTerminal/home.nix - ]; - }; + "jimbo@JimTerminal" = mkHome [ + ./home/hosts/JimTerminal/home.nix + ] nixpkgs.legacyPackages.x86_64-linux; }; }; } From 2e7f9a1f3eeedae3dcfccdcb8c5884b6996f8267 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Sun, 13 Oct 2024 02:08:29 -0400 Subject: [PATCH 10/11] Update the flake again with some minor details --- extras/overlays.nix | 2 +- flake.lock | 36 ++++++++++++++++++------------------ flake.nix | 21 ++++++++++----------- 3 files changed, 29 insertions(+), 30 deletions(-) diff --git a/extras/overlays.nix b/extras/overlays.nix index f048cce..fe3e019 100644 --- a/extras/overlays.nix +++ b/extras/overlays.nix @@ -9,7 +9,7 @@ }); finalprev = (final: prev: { - unstable = import inputs.nixpkgs-unstable { + unstable = import inputs.unstable { system = final.system; config.allowUnfree = true; }; diff --git a/flake.lock b/flake.lock index 98ba869..5cf5787 100644 --- a/flake.lock +++ b/flake.lock @@ -333,22 +333,6 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1727348695, - "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1717602782, @@ -447,8 +431,8 @@ "mailserver": "mailserver", "minecraft": "minecraft", "nixpkgs": "nixpkgs_4", - "nixpkgs-unstable": "nixpkgs-unstable", - "nur": "nur" + "nur": "nur", + "unstable": "unstable" } }, "rust-overlay": { @@ -521,6 +505,22 @@ "type": "github" } }, + "unstable": { + "locked": { + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "utils": { "inputs": { "systems": "systems_2" diff --git a/flake.nix b/flake.nix index de700c6..4afae91 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nur.url = "github:nix-community/NUR"; mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; blender-bin.url = "https://flakehub.com/f/edolstra/blender-bin/1.0.8.tar.gz"; @@ -26,7 +26,7 @@ outputs = { self, nixpkgs, - nixpkgs-unstable, + unstable, nur, mailserver, blender-bin, @@ -34,18 +34,17 @@ lanzaboote, home-manager, ... - } @inputs: let - inherit (self) outputs; + }@inputs: let mkNixos = modules: nixpkgs.lib.nixosSystem { inherit modules; - specialArgs = { inherit inputs outputs; }; + specialArgs = { inherit (self) inputs outputs; }; }; mkHome = modules: pkgs: home-manager.lib.homeManagerConfiguration { inherit modules pkgs; - extraSpecialArgs = { inherit inputs outputs; }; + extraSpecialArgs = { inherit (self) inputs outputs; }; }; - in rec { + in { # Your custom packages and modifications, exported as overlays overlays = import ./extras/overlays.nix { inherit inputs; }; @@ -57,7 +56,7 @@ look = import ./extras/look.nix; ws = import ./extras/workspaces.nix; - # NixOS config entrypoint, use 'nixos-rebuild --flake .#your-hostname' + # NixOS configuration: 'nixos-rebuild --flake .#hostname' nixosConfigurations = { JimDesktop = mkNixos [ ./system/hosts/JimDesktop/configuration.nix @@ -73,12 +72,12 @@ ]; }; - # Home-manager configuration, use 'home-manager --flake .#your-username@your-hostname' + # Home-manager configuration: 'home-manager --flake .#username@hostname' homeConfigurations = { "jimbo@JimDesktop" = mkHome [ ./home/hosts/JimDesktop/home.nix nur.nixosModules.nur - ] nixpkgs.legacyPackages."x86_64-linux"; + ] nixpkgs.legacyPackages.x86_64-linux; "jimbo@JimServer" = mkHome [ ./home/hosts/JimServer/home.nix @@ -89,7 +88,7 @@ nur.nixosModules.nur ] nixpkgs.legacyPackages.aarch64-linux; - # Derivation for ssh envrionments on other people's servers + # Profile for ssh envrionments on different non-root systems "jimbo@JimTerminal" = mkHome [ ./home/hosts/JimTerminal/home.nix ] nixpkgs.legacyPackages.x86_64-linux; From 4d7bd7ecfa72601a7367ae3d31fcc1e41cfd5ea0 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Sun, 13 Oct 2024 11:56:39 -0400 Subject: [PATCH 11/11] Update Blender flake --- flake.lock | 2 +- flake.nix | 2 +- home/utils/zsh.nix | 17 ++++++++--------- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index 5cf5787..2c9a6df 100644 --- a/flake.lock +++ b/flake.lock @@ -14,7 +14,7 @@ }, "original": { "type": "tarball", - "url": "https://flakehub.com/f/edolstra/blender-bin/1.0.8.tar.gz" + "url": "https://flakehub.com/f/edolstra/blender-bin/1.0.9.tar.gz" } }, "blobs": { diff --git a/flake.nix b/flake.nix index 4afae91..4680652 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,7 @@ unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nur.url = "github:nix-community/NUR"; mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; - blender-bin.url = "https://flakehub.com/f/edolstra/blender-bin/1.0.8.tar.gz"; + blender-bin.url = "https://flakehub.com/f/edolstra/blender-bin/1.0.9.tar.gz"; minecraft.url = "github:Infinidoge/nix-minecraft"; hardware.url = "github:nixos/nixos-hardware/master"; diff --git a/home/utils/zsh.nix b/home/utils/zsh.nix index f619a52..0613ca9 100644 --- a/home/utils/zsh.nix +++ b/home/utils/zsh.nix @@ -1,4 +1,4 @@ -{pkgs, config, outputs, ...}: { +{ pkgs, config, ... }: { programs.zsh = { enable = true; autosuggestion.enable = true; @@ -9,19 +9,18 @@ plugins = ["git"]; }; shellAliases = { - # NixOS aliases - nixcfg = "${outputs.cmd.nixcfg}"; - nixclean = "${outputs.cmd.auth} nix-store --gc; nix-collect-garbage -d"; - nixpurge = "${outputs.cmd.auth} nix-collect-garbage --delete-old"; - nixoptimize = "${outputs.cmd.auth} nix store optimise"; - # Flake commands - flakedate = "${outputs.cmd.auth} nix flake update /etc/nixos"; - sysswitch = "${outputs.cmd.auth} nixos-rebuild switch --flake /etc/nixos"; + flakedate = "doas nix flake update /etc/nixos"; + sysswitch = "doas nixos-rebuild switch --flake /etc/nixos"; homeswitch = "home-manager switch --flake /etc/nixos"; nixswitch = "sysswitch; homeswitch"; nixdate = "flakedate && sysswitch; homeswitch"; + # NixOS aliases + nixclean = "doas nix-store --gc; nix-collect-garbage -d"; + nixpurge = "doas nix-collect-garbage --delete-old"; + nixoptimize = "doas nix store optimise"; + # Shortcut aliases neo = "clear && fastfetch"; ip = "ip -c";