ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of ssh://git.joshuabell.xyz:3032/ringofstorms/dotfiles

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-11-25 18:31:21 -06:00
commit 6e3bd69382
4 changed files with 103 additions and 96 deletions
Download patch file Download diff file Expand all files Collapse all files

20
utilities/nixos-installers/flake.lock generated
View file

@ -946,11 +946,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1764043494, "lastModified": 1764112623,
"narHash": "sha256-5P84KpmpWfA4ZJ6EFuzBYtI1NEZivzSff7AOnkbTCKc=", "narHash": "sha256-IBjor1S6fq2nwmzi7sRwJg6mRFlO9qwA1OhJhyHvwlw=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "4bf56c30b27f2be45cfd0f5fd461c74d44aea291", "rev": "d85f1e831e400b2d1ea574fe6e40deba39d4d750",
"revCount": 322, "revCount": 323,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/nvim" "url": "https://git.joshuabell.xyz/ringofstorms/nvim"
}, },
@ -982,11 +982,11 @@
}, },
"stable": { "stable": {
"locked": { "locked": {
"lastModified": 1763622513, "lastModified": 1763948260,
"narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=", "narHash": "sha256-dY9qLD0H0zOUgU3vWacPY6Qc421BeQAfm8kBuBtPVE0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b", "rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -998,11 +998,11 @@
}, },
"unstable": { "unstable": {
"locked": { "locked": {
"lastModified": 1763421233, "lastModified": 1763966396,
"narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
utilities/nixos-installers/flake.nix
View file

@ -43,7 +43,6 @@
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
neovim
fastfetch fastfetch
fzf fzf
]; ];
@ -62,6 +61,9 @@
programs.zsh.enable = true; programs.zsh.enable = true;
environment.pathsToLink = [ "/share/zsh" ]; environment.pathsToLink = [ "/share/zsh" ];
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
system.userActivationScripts.zshrc = "touch .zshrc";
programs.starship.enable = true;
users.users.nixos = { users.users.nixos = {
password = "password"; password = "password";
initialHashedPassword = lib.mkForce null; initialHashedPassword = lib.mkForce null;

167
utilities/nixos-installers/install_notes.md
View file

@ -43,108 +43,105 @@ btrfs subvolume create /mnt/@root
btrfs subvolume create /mnt/@nix btrfs subvolume create /mnt/@nix
btrfs subvolume create /mnt/@snapshots btrfs subvolume create /mnt/@snapshots
btrfs subvolume create /mnt/@swap btrfs subvolume create /mnt/@swap
btrfs subvolume create /mnt/@persist
umount /mnt umount /mnt
# Mount for real system use # Mount for real system use
mount -o subvol=@root,compress=zstd,noatime "$ROOTP" /mnt mount -o subvol=@root,compress=zstd "$ROOTP" /mnt
mkdir -p /mnt/{nix,boot,.snapshots,.swap} mkdir -p /mnt/{nix,boot,.snapshots,.swap,persist}
mount -o umask=077 /dev/disk/by-label/NIXBOOT /mnt/boot
mount -o subvol=@nix,compress=zstd,noatime "$ROOTP" /mnt/nix mount -o subvol=@nix,compress=zstd,noatime "$ROOTP" /mnt/nix
mount -o subvol=@snapshots,compress=zstd,noatime "$ROOTP" /mnt/.snapshots
mount -o subvol=@swap,noatime "$ROOTP" /mnt/.swap mount -o subvol=@swap,noatime "$ROOTP" /mnt/.swap
mount -o subvol=@snapshots,compress=zstd,noatime "$ROOTP" /mnt/.snapshots
mount -o subvol=@persist,compress=zstd,noatime "$ROOTP" /mnt/persist
# Create config # Create config
nixos-generate-config --root /mnt nixos-generate-config --root /mnt
``` ```
TODO leftoff here
`!a%oz0rrtsrnhCRULxpMBqdIlh28bpom$%$1%O1Yh` luks password on test machine for now
### Fix hardware-configuration ### Fix hardware-configuration
```hardware-configuration.nix ```hardware-configuration.nix
# @root options + "compress=zstd"
# @nix options + "compress=zstd" "noatime"
# @swap options + "noatime"
# @snapshots options + "compress=zstd" "noatime"
# @persist options + "compress=zstd"
``` # add Swap device
prompt="Add swap file?" var=SWP && read -r -p "$prompt (y/n) [n]: " resp && resp=$(echo "$resp" | tr '[:upper:]' '[:lower:]'); [[ "$resp" == "y" || "$resp" == "yes" || "$resp" == "1" ]] && export $var=true || export $var=false swapDevices = [{
if [ $SWP = true ]; then device = "/.swap/swapfile";
SIZE=$(grep MemTotal /proc/meminfo | awk 'function ceil(x, y){y=int(x); return(x>y? y+1:y)} {print ceil($2/1024/1024)}') size = 8*1024; # Creates an 8GB swap file
read -r -p "Custom size in GB? [$SIZE]" SIZE_OVERRIDE }];
SIZE="${SIZE_OVERRIDE:-$SIZE}"
if [ $SUBV = true ]; then # https://wiki.nixos.org/wiki/Btrfs#Scrubbing
SWAP_DEVICE=' swapDevices = [ { device = "/.swap/file"; size = '$SIZE' * 1024; } ];' services.btrfs.autoScrub = {
else enable = true;
SWAP_DEVICE=' swapDevices = [ { device = "/.swapfile"; size = '$SIZE' * 1024; } ];' # syntax defined by https://www.freedesktop.org/software/systemd/man/systemd.time.html#Calendar%20Events
fi interval = "monthly";
sed -i "/swapDevices/c\\$SWAP_DEVICE" /mnt/etc/nixos/hardware-configuration.nix fileSystems = [ "/" ];
echo "Added swap device to hardware configuration"
fi
echo "Getting initial config for Jason"
curl -o /mnt/etc/nixos/jason.nix https://gist.joshuabell.xyz/ringofstorms/jason-nix/raw/HEAD/jason.nix
sed -i '/\.\/hardware-configuration.nix/a \ ./jason.nix' /mnt/etc/nixos/configuration.nix
echo "Added config to imports of configuration.nix"
echo "Installing nixos"
sudo nixos-install
```
- Partitions
- `parted /dev/DEVICE -- mklabel gpt` - make GPT partition table
- `parted /dev/DEVICE -- mkpart NIXROOT 2GB 100%` - make root partition (2GB offset for boot)
- `parted /dev/DEVICE -- mkpart ESP fat32 1MB 2GB` - make boot partition (2GB)
- `parted /dev/DEVICE -- set 2 esp on` - make boot bootable
- LUKS Encryption (optional)
- `cryptsetup luksFormat /dev/DEVICE_1`
- Create passphrase and save to bitwarden
- `cryptsetup luksOpen /dev/DEVUCE_1 cryptroot`
- Create keyfile for auto-unlock (optional)
- `dd if=/dev/random of=/tmp/keyfile_DEVICE_1 bs=1024 count=4`
- `chmod 400 /tmp/keyfile`
- `cryptsetup luksAddKey /dev/DEVICE_1 /tmp/keyfile_DEVICE_1`
- Formatting
- `mkfs.btrfs -L NIXROOT /dev/mapper/cryptroot`
- `/dev/sda1` if not encyrpted instead of dev mapper cryptroot
- `mkfs.fat -F 32 -n NIXBOOT /dev/DEVICE_2`
- Create btrfs subvolumes (optional: for better snapshot perf)
- `mount /dev/mapper/cryptroot /mnt` (`/dev/sda1` for non encrypted)
- `btrfs subvolume create /mnt/root`
- `btrfs subvolume create /mnt/nix`
- `btrfs subvolume create /mnt/snapshots`
- `umount /mnt`
- Mount (with sub vols above)
- `mount -o subvol=root,compress=zstd,noatime /dev/mapper/cryptroot /mnt`
- `mkdir -p /mnt/{nix,boot,.snapshots}`
- `mount -o subvol=nix,compress=zstd,noatime /dev/mapper/cryptroot /mnt/nix`
- `mount -o subvol=snapshots,compress=zstd,noatime /dev/mapper/cryptroot /mnt/.snapshots`
- `mount -o umask=077 /dev/disk/by-label/NIXBOOT /mnt/boot`
- Mount (with no sub vols)
- `mount -o compress=zstd,noatime /dev/mapper/cryptroot /mnt`
- `mkdir -p /mnt/boot`
- `mount -o umask=077 /dev/disk/by-label/NIXBOOT /mnt/boot`
- Add SWAP device (optional)
- in hardware config
```nix
swapDevices = [
{
device = "/.swapfile";
size = 32 * 1024; # 32GB
}
];
```
- Copy keyfile for auto-unlock (optional)
- `cp /tmp/keyfile_DEVICE_1 /mnt/boot/keyfile_DEVICE_1`
- `chmod 400 /mnt/boot/keyfile_DEVICE_1`
- If Encrypted keyfile exists
- Add to hardware config
```nix
boot.initrd.secrets = {
"/keyfile_DEVICE_1" = "/boot/keyfile_DEVICE_1";
}; };
boot.initrd.luks.devices
``` ```
### Add initial system config changes
```sh
curl -o /mnt/etc/nixos/onboard.nix https://git.joshuabell.xyz/ringofstorms/dotfiles/raw/branch/master/utilities/nixos-installers/onboard.nix
# add import to configuration.nix
sed -i '/\.\/hardware-configuration.nix/a \ ./onboard.nix' /mnt/etc/nixos/configuration.nix
```
in configuration.nix add
```nix
onboardOpts = {
hostName = "NAME";
primaryUser = "luser";
};
```
### Auto unlock luks (optional) - USB key
```sh
# Format if needed (fat32 for compatibility)
sudo parted /dev/DRIVEDEVICE
mklabel gpt
mkpart primary fat32 0% 100%
quit
sudo mkfs.vfat -F 32 /dev/DRIVEDEVICE1
# Create key
mkdir -p /key_tmpfs
sudo mount -o umask=0022,gid=$(id -g),uid=$(id -u) /dev/DRIVEDEVICE /key_tmpfs
dd if=/dev/random of=/key_tmpfs/keyfile bs=1024 count=4
sudo chmod 0400 /key_tmpfs/keyfile
sudo cryptsetup luksAddKey /dev/ROOT_DEVICE /key_tmpfs/keyfile
lsblk && ll /dev/
sudo umount /key_tmpfs
rmdir /key_tmpfs
```
In hardware-configuration ensure these are all added:
```hardware-configuration.nix
boot.initrd.availableKernelModules = [
"xhci_pci" "ehci_pci" "usb_storage" "uas"
];
boot.initrd.luks.devices."cryptroot" = {
device = "/dev/disk/by-uuid/<LUKS_UUID>";
keyFile = "/keyfile";
# The USB device that holds the keyfile (by UUID for reliability)
keyfileDevice = "/dev/disk/by-uuid/<USB_UUID>";
tryEmptyPassphrase = true;
fallbackToPassword = true;
crypttabExtraOpts = [ "tries=3" ];
};
```
### Install nixos
`sudo nixos-install`
`reboot`
2. Install and setup nixos 2. Install and setup nixos
- nixos config and hardware config - nixos config and hardware config

8
utilities/nixos-installers/onboard.nix
View file

@ -29,6 +29,14 @@
"flakes" "flakes"
]; ];
# nix helper
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep 10";
flake = "/etc/nixos";
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim vim
curl curl