ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

doing all sorts of random stuff, custom isntaller iso, testbed, etc

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-11-23 22:45:02 -06:00
parent bdd5bf83ed
commit 334f73d0a6
9 changed files with 897 additions and 380 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/lio/flake.nix
View file

@ -97,6 +97,7 @@
# ./sway_customizations.nix
./i3_customizations.nix
./opencode-shim.nix
./vms.nix
(
{
config,

32
hosts/lio/vms.nix Normal file
View file

@ -0,0 +1,32 @@
{ pkgs, ... }:
{
options = { };
config = {
users.users.josh.extraGroups = [ "libvirtd" "kvm" ];
environment.systemPackages = with pkgs; [
virt-manager
virt-viewer
spice
spice-gtk
spice-protocol
win-virtio
win-spice
adwaita-icon-theme
];
virtualisation = {
libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [ pkgs.OVMFFull.fd ];
};
};
spiceUSBRedirection.enable = true;
};
services.spice-vdagentd.enable = true;
};
}

6
hosts/testbed/configuration.nix
View file

@ -1,6 +0,0 @@
{
...
}:
{
system.stateVersion = "25.05"; # Did you read the comment?
}

876
hosts/testbed/flake.lock generated
View file

File diff suppressed because it is too large Load diff

137
hosts/testbed/flake.nix
View file

@ -1,16 +1,19 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
# nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager.url = "github:rycee/home-manager/release-25.05";
# Use relative to get current version for testing
# common.url = "path:../../common";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
# common.url = "path:../../flakes/common";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common";
disko.url = "github:nix-community/disko/latest";
disko.inputs.nixpkgs.follows = "nixpkgs";
# impermanence.url = "github:nix-community/impermanence";
# hyprland.url = "path:../../flakes/hyprland";
hyprland.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/hyprland";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
};
@ -18,88 +21,102 @@
{
self,
nixpkgs,
home-manager,
common,
ros_neovim,
disko,
hyprland,
# impermanence,
...
}:
let
configuration_name = "testbed";
configurationName = "testbed";
stateVersion = "25.05";
primaryUser = "luser";
lib = nixpkgs.lib;
in
{
packages = {
x86_64-linux.vm = self.nixosConfigurations.${configuration_name}.config.system.build.vmWithDisko;
x86_64-linux.vm = self.nixosConfigurations.${configurationName}.config.system.build.vmWithDisko;
};
nixosConfigurations = {
"${configuration_name}" = (
"${configurationName}" = (
lib.nixosSystem {
modules = [
home-manager.nixosModules.default
disko.nixosModules.disko
# impermanence.nixosModules.impermanence
common.nixosModules.default
ros_neovim.nixosModules.default
./configuration.nix
hyprland.nixosModules.default
# impermanence.nixosModules.impermanence
common.nixosModules.essentials
common.nixosModules.git
common.nixosModules.boot_systemd
common.nixosModules.hardening
common.nixosModules.nix_options
common.nixosModules.podman
common.nixosModules.timezone_auto
common.nixosModules.zsh
./hardware-configuration.nix
./disko-config.nix
(
{ config, pkgs, ... }:
{
rec {
# Home Manager
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
backupFileExtension = "bak";
# add all normal users to home manager so it applies to them
users = lib.mapAttrs (name: user: {
home.stateVersion = stateVersion;
programs.home-manager.enable = true;
}) (lib.filterAttrs (name: user: user.isNormalUser or false) users.users);
sharedModules = [
common.homeManagerModules.tmux
common.homeManagerModules.atuin
common.homeManagerModules.direnv
common.homeManagerModules.git
common.homeManagerModules.postgres_cli_options
common.homeManagerModules.starship
common.homeManagerModules.zoxide
common.homeManagerModules.zsh
];
};
# System configuration
system.stateVersion = stateVersion;
networking.hostName = configurationName;
programs.nh.flake = "/home/${primaryUser}/.config/nixos-config/hosts/${configurationName}";
nixpkgs.config.allowUnfree = true;
users.users = {
"${primaryUser}" = {
isNormalUser = true;
initialPassword = "password1";
shell = pkgs.zsh;
extraGroups = [
"wheel"
"networkmanager"
"video"
"input"
];
openssh.authorizedKeys.keys = [
];
};
root = {
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
];
};
};
environment.systemPackages = with pkgs; [
cowsay
lolcat
];
ringofstorms_common = {
systemName = configuration_name;
boot.systemd.enable = true;
programs = {
ssh.enable = true;
podman.enable = true;
};
users = {
admins = [ "luser" ]; # First admin is also the primary user owning nix config
users = {
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2KFSRkViT+asBTjCgA7LNP3SHnfNCW+jHbV08VUuIi nix2nix"
];
shell = pkgs.zsh;
};
luser = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2KFSRkViT+asBTjCgA7LNP3SHnfNCW+jHbV08VUuIi nix2nix"
];
extraGroups = [
"networkmanager"
"video"
"input"
];
shell = pkgs.zsh;
};
};
};
homeManager = {
users = {
luser = {
imports = with common.homeManagerModules; [
kitty
tmux
atuin
direnv
git
nix_deprecations
postgres
ssh
starship
zoxide
zsh
];
};
};
};
};
}
)
];

100
readme.md
View file

@ -27,12 +27,103 @@
1. Install nix minimal: (new with btrfs backing)
```bash
# Partition main drive with btrfs
lsblk
echo "Read the above output and determine what drive to install NixOS on"
read -p "Enter device name: " DEVICE
# Partitioning
echo "Creating partitions on $DEVICE..."
parted /dev/$DEVICE -- mklabel gpt # make GPT partition table
parted /dev/$DEVICE -- mkpart NIXROOT 2GB 100% # make root partition (2GB offset for boot)
parted /dev/$DEVICE -- mkpart ESP fat32 1MB 2GB # make boot partition, 1MB alignment offset
parted /dev/$DEVICE -- set 2 esp on # make boot partition bootable
ROOT=$DEVICE"1"
BOOT=$DEVICE"2"
# Encryption Luks
prompt="Use encryption on root partition?" var=ENC && read -r -p "$prompt (y/n) [n]: " resp && resp=$(echo "$resp" | tr '[:upper:]' '[:lower:]'); [[ "$resp" == "y" || "$resp" == "yes" || "$resp" == "1" ]] && export $var=true || export $var=false
if [ $ENC = true ]; then
while true; do
echo "Setting up encrypted root, you will want to save the passphrase somewhere!"
cryptsetup luksFormat /dev/$ROOT
if [ $? -eq 0 ]; then
echo "Encryption setup successful"
cryptsetup luksOpen /dev/$ROOT cryptroot
break
elif [ $? -eq 2 ]; then
echo "Missmatched passphrase, try again or select NO to cancel encryption"
else
prompt="Failed to setup encrypted root, continue without encryption?" var=CON && read -r -p "$prompt (y/n) [n]: " resp && resp=$(echo "$resp" | tr '[:upper:]' '[:lower:]'); [[ "$resp" == "y" || "$resp" == "yes" || "$resp" == "1" ]] && export $var=true || export $var=false
if [ $CON = true ]; then
ENC=false
break
fi
fi
done
fi
if [ $ENC = true ]; then ROOTP="/dev/mapper/cryptroot" ; else ROOTP="/dev/$ROOT"; fi
# Formatting
echo "Formatting drives..."
mkfs.fat -F 32 -n NIXBOOT /dev/$BOOT
mkfs.btrfs -fL NIXROOT $ROOTP
# Subvolumes
prompt="Use subvolumes for nix store and snapshots?" var=SUBV && read -r -p "$prompt (y/n) [n]: " resp && resp=$(echo "$resp" | tr '[:upper:]' '[:lower:]'); [[ "$resp" == "y" || "$resp" == "yes" || "$resp" == "1" ]] && export $var=true || export $var=false
if [ $SUBV = true ]; then
mount $ROOTP /mnt
btrfs subvolume create /mnt/root
btrfs subvolume create /mnt/nix
btrfs subvolume create /mnt/snapshots
umount /mnt
fi
if [ $SUBV = true ]; then
mount $ROOTP /mnt
mount -o subvol=root,compress=zstd,noatime $ROOTP /mnt
mkdir -p /mnt/{nix,boot,.snapshots}
mount -o subvol=nix,compress=zstd,noatime $ROOTP /mnt/nix
mount -o subvol=snapshots,compress=zstd,noatime $ROOTP /mnt/.snapshots
mount -o umask=077 /dev/disk/by-label/NIXBOOT /mnt/boot
else
mount -o compress=zstd,noatime $ROOTP /mnt
mkdir -p /mnt/boot
mount -o umask=077 /dev/disk/by-label/NIXBOOT /mnt/boot
fi
echo "Generating nixos-config..."
nixos-generate-config --root /mnt
prompt="Add swap file?" var=SWP && read -r -p "$prompt (y/n) [n]: " resp && resp=$(echo "$resp" | tr '[:upper:]' '[:lower:]'); [[ "$resp" == "y" || "$resp" == "yes" || "$resp" == "1" ]] && export $var=true || export $var=false
if [ $SWP = true ]; then
SIZE=$(grep MemTotal /proc/meminfo | awk 'function ceil(x, y){y=int(x); return(x>y? y+1:y)} {print ceil($2/1024/1024)}')
read -r -p "Custom size in GB? [$SIZE]" SIZE_OVERRIDE
SIZE="${SIZE_OVERRIDE:-$SIZE}"
SWAP_DEVICE=' swapDevices = [ { device = "/.swapfile"; size = $SIZE * 1024; } ];'
sed -i "/swapDevices/c\\$SWAP_DEVICE" /mnt/etc/nixos/hardware-configuration.nix
echo "Added swap device to hardware configuration"
fi
echo "Getting initial config for Jason"
curl -o /mnt/etc/nixos/jason.nix https://gist.joshuabell.xyz/ringofstorms/jason-nix/raw/HEAD/jason.nix
sed -i '/\.\/hardware-configuration.nix/a \ ./jason.nix' /mnt/etc/nixos/configuration.nix
echo "Added config to imports of configuration.nix"
echo "Installing nixos"
sudo nixos-install
```
- Partitions
- `parted /dev/DEVICE -- mklabel gpt` - make GPT partition table
- `parted /dev/DEVICE -- mkpart NIXROOT 2GB 100%` - make root partition (2GB offset for boot)
- `parted /dev/DEVICE -- mkpart ESP fat32 1MB 2GB` - make boot partition (2GB)
- `parted /dev/DEVICE -- set 2 esp on` - make boot bootable
- LUKS Encryption
- LUKS Encryption (optional)
- `cryptsetup luksFormat /dev/DEVICE_1`
- Create passphrase and save to bitwarden
- `cryptsetup luksOpen /dev/DEVUCE_1 cryptroot`
@ -41,10 +132,11 @@
- `chmod 400 /tmp/keyfile`
- `cryptsetup luksAddKey /dev/DEVICE_1 /tmp/keyfile_DEVICE_1`
- Formatting
- `mkfs.btrfs -L NIXROOT /dev/mapper/cryptroot`
- `mkfs.fat -F 32 -n NIXBOOT /dev/DEVICE_2`
- `mkfs.btrfs -L NIXROOT /dev/mapper/cryptroot`
- `/dev/sda1` if not encyrpted instead of dev mapper cryptroot
- `mkfs.fat -F 32 -n NIXBOOT /dev/DEVICE_2`
- Create btrfs subvolumes (optional: for better snapshot perf)
- `mount /dev/mapper/cryptroot /mnt`
- `mount /dev/mapper/cryptroot /mnt` (`/dev/sda1` for non encrypted)
- `btrfs subvolume create /mnt/root`
- `btrfs subvolume create /mnt/nix`
- `btrfs subvolume create /mnt/snapshots`

0
utilities/asd Normal file
View file

44
utilities/nixos-installers/flake.lock generated Normal file
View file

@ -0,0 +1,44 @@
{
"nodes": {
"root": {
"inputs": {
"stable": "stable",
"unstable": "unstable"
}
},
"stable": {
"locked": {
"lastModified": 1763622513,
"narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"unstable": {
"locked": {
"lastModified": 1763421233,
"narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

81
utilities/nixos-installers/flake.nix Normal file
View file

@ -0,0 +1,81 @@
{
description = "NixOS installer ISOs with extra bits I like";
inputs = {
stable.url = "github:nixos/nixpkgs/nixos-25.05";
unstable.url = "github:nixos/nixpkgs/nixos-unstable";
};
outputs =
{ stable, unstable, ... }:
let
lib = stable.lib;
systems = lib.systems.flakeExposed;
channels = {
stable = stable;
unstable = unstable;
};
# Build a NixOS system that is an installation ISO with SSH enabled
minimal =
{ nixpkgs, system }:
nixpkgs.lib.nixosSystem {
inherit system;
modules = [
(
{ pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
environment.systemPackages = with pkgs; [
neovim
fastfetch
fzf
];
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = true;
};
};
users.users.nixos = {
password = "password";
initialHashedPassword = lib.mkForce null;
};
users.users.root = {
password = "password";
initialHashedPassword = lib.mkForce null;
};
}
)
];
};
mkIsoPkgsForSystem =
system:
builtins.listToAttrs (
builtins.map (channelName: {
name = "iso-minimal-${channelName}";
value =
(minimal {
nixpkgs = channels.${channelName};
inherit system;
}).config.system.build.isoImage;
}) (builtins.attrNames channels)
);
in
{
packages = lib.genAttrs systems (system: mkIsoPkgsForSystem system);
};
}