AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Changes

Browse Source
This commit is contained in:
Dmitriy 2019-09-25 20:47:27 +04:00
parent 1ec57a6dcc
commit 28263c0247
8 changed files with 106 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
install/install.sh
View File

@ -1,4 +1,9 @@
#!/usr/bin/env bash
ENCRYPT_ROOT=true
ENCRYPT_SWAP=false
FORMAT_BOOT_PARTITION=false
DEVICE_NAME=NixOS-VM
DEVICE=/dev/nvme0n1
BOOT_PARTITION=/dev/nvme0n1p1
SWAP_PARTITION=/dev/nvme0n1p3
@ -6,12 +11,22 @@ ROOT_PARTITION=/dev/nvme0n1p2
SWAP_NAME=cryptswap
ROOT_NAME=cryptnixos
gdisk $DEVICE
# mkfs.vfat -n BOOT $BOOT_PARTITION
cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 luksFormat $ROOT_PARTITION
cryptsetup luksOpen $ROOT_PARTITION $ROOT_NAME
mkfs.btrfs -f -L root /dev/mapper/$ROOT_NAME
# Format boot partition
if [[ "$FORMAT_BOOT_PARTITION" == true ]]; then
mkfs.vfat -n BOOT $BOOT_PARTITION
fi
# Create luks partition
if [[ "$ENCRYPT_ROOT" == true ]]; then
cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 luksFormat $ROOT_PARTITION
cryptsetup luksOpen $ROOT_PARTITION $ROOT_NAME
mkfs.btrfs -f -L root /dev/mapper/$ROOT_NAME
else
mkfs.btrfs -f -L root $ROOT_PARTITION
fi
# read -p "Press enter to continue"
mount -t btrfs -o compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt
btrfs subvolume create /mnt/@nixos
btrfs subvolume create /mnt/@nix-store
@ -27,16 +42,31 @@ mount -t btrfs -o subvol=@home,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME
mount -t btrfs -o subvol=@nix-store,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/nix/store
btrfs subvolume create /mnt/tmp
btrfs subvolume create /mnt/var
# read -p "Press enter to continue"
# Mount boot
mkdir /mnt/boot
mount $BOOT_PARTITION /mnt/boot
# create swap
dd count=1 bs=256 if=/dev/urandom of=/mnt/root/swap.key
cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 --key-file /mnt/root/swap.key luksFormat $SWAP_PARTITION
cryptsetup --key-file /mnt/root/swap.key luksOpen $SWAP_PARTITION $SWAP_NAME
mkswap -L swap /dev/mapper/cryptswap
swapon -L swap
# read -p "Press enter to continue"
# Create swap
if [[ "$ENCRYPT_SWAP" == true ]]; then
dd count=1 bs=256 if=/dev/urandom of=/mnt/root/swap.key
cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 --key-file /mnt/root/swap.key luksFormat $SWAP_PARTITION
cryptsetup --key-file /mnt/root/swap.key luksOpen $SWAP_PARTITION $SWAP_NAME
mkswap -L swap /dev/mapper/cryptswap
else
mkswap -L swap $SWAP_PARTITION
fi
# Generate config (hardware)
nixos-generate-config --root /mnt/
cp ./min-config.nix /mnt/etc/nixos/configuration.nix
# Copy config to new system
mkdir -p /mnt/root/nixos-config
cp -r $(pwd)/.. /mnt/root/nixos-config
echo "import /mnt/root/nixos-config \"$DEVICE_NAME\"" > /mnt/etc/nixos/configuration.nix
nano /mnt/etc/nixos/configuration.nix
sed -i 's/\/etc\/nixos/\/mnt\/etc\/nixos/g' /mnt/root/nixos-config/default.nix
read -p "Please, add swap device into nixos-config/modules/filesystems.nix before continue"
read -p "Press enter to continue"
nixos-install -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz
sed -i 's/\/mnt\/etc\/nixos/\/etc\/nixos/g' /mnt/root/nixos-config/default.nix
sed -i 's/\/mnt\/root/\/root/g' /mnt/etc/nixos/configuration.nix
read -p "Installation complete!"

3
modules/applications/packages.nix
View File

@ -19,6 +19,8 @@ with deviceSpecific; {
lxqt.pavucontrol-qt
bibata-cursors
i3lock-fancy
# mullvad-vpn
# Samba support
cifs-utils
# Utils
@ -30,6 +32,7 @@ with deviceSpecific; {
libva-utils
lm_sensors
libnotify
tree
(youtube-to-mpv.override { isLaptop = isLaptop; })
# Other
(vivaldi.override { proprietaryCodecs = true; })

1
modules/default.nix
View File

@ -22,6 +22,7 @@
./workspace/xresources.nix
./workspace/barrier.nix
./themes.nix
./mullvad.nix
./applications.nix
./secrets.nix
./devices.nix

2
modules/filesystems.nix
View File

@ -71,6 +71,8 @@ with deviceSpecific; {
{
device = if device == "Dell-Laptop" then
"/dev/disk/by-partuuid/2de40bc4-a91c-4c89-a2cd-cbf34a0adf01"
else if device == "NixOS-VM" then
"/dev/disk/by-partuuid/afa18996-0fbc-448d-86ba-acf3f046671d"
else
"";
randomEncryption.enable = true;

50
modules/mullvad.nix Normal file
View File

@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.networking.mullvad;
in {
###### interface
options = {
networking.mullvad = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
This option enables mullvad vpn daemon.
'';
};
enableOnBoot = mkOption {
type = types.bool;
default = true;
description = ''
When enabled mullvad daemon is started on boot.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.mullvad-vpn ];
systemd.services.mullvad-daemon = {
description = "Mullvad VPN daemon";
wantedBy = optional cfg.enableOnBoot "multi-user.target";
wants = [ "network.target" ];
after = [
"network-online.target"
"NetworkManager.service"
"systemd-resolved.service"
];
startLimitIntervalSec = 20;
serviceConfig = {
ExecStart = "${pkgs.mullvad-vpn}/bin/mullvad-daemon -v --disable-stdout-timestamps";
Restart = "always";
RestartSec = 1;
};
};
};
}

2
modules/network.nix
View File

@ -18,6 +18,8 @@
firewall.enable = false;
# usePredictableInterfaceNames = false;
hostName = config.deviceSpecific.hostName;
mullvad.enable = true;
};
# systemd.services.dhcpcd.serviceConfig.Type = lib.mkForce
# "simple"; # TODO Make a PR with this change; forking is not acceptable for dhcpcd.

7
modules/packages.nix
View File

@ -10,6 +10,13 @@
nixpkgs.config = {
packageOverrides = pkgs: {
i3lock-fancy = pkgs.callPackage ./applications/i3lock-fancy.nix {};
# mullvad-vpn = pkgs.mullvad-vpn.overrideAttrs (oldAttrs: rec {
# version = "2019.8";
# src = pkgs.fetchurl {
# url = "https://www.mullvad.net/media/app/MullvadVPN-${version}_amd64.deb";
# sha256 = "0cjc8j8pqgdhnax4mvwmvnxfcygjsp805hxalfaj8wa5adph96hz";
# };
# });
};
};
}

BIN
secret.nix.gpg
View File

Binary file not shown.