diff --git a/install/install.sh b/install/install.sh index ff86fa6..eef58a8 100644 --- a/install/install.sh +++ b/install/install.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -ENCRYPT_ROOT=true +ENCRYPT_ROOT=false ENCRYPT_SWAP=false FORMAT_BOOT_PARTITION=false @@ -11,7 +11,6 @@ ROOT_PARTITION=/dev/nvme0n1p2 SWAP_NAME=cryptswap ROOT_NAME=cryptnixos - gdisk $DEVICE # Format boot partition @@ -20,26 +19,29 @@ if [[ "$FORMAT_BOOT_PARTITION" == true ]]; then fi # Create luks partition if [[ "$ENCRYPT_ROOT" == true ]]; then + ROOT_NAME=/dev/mapper/$ROOT_NAME cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 luksFormat $ROOT_PARTITION cryptsetup luksOpen $ROOT_PARTITION $ROOT_NAME - mkfs.btrfs -f -L root /dev/mapper/$ROOT_NAME + mkfs.btrfs -f -L root $ROOT_NAME + mount -t btrfs -o compress=zstd,noatime,ssd $ROOT_NAME /mnt else + ROOT_NAME=$ROOT_PARTITION mkfs.btrfs -f -L root $ROOT_PARTITION + mount -t btrfs -o compress=zstd,noatime,ssd $ROOT_PARTITION /mnt fi # read -p "Press enter to continue" -mount -t btrfs -o compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt btrfs subvolume create /mnt/@nixos btrfs subvolume create /mnt/@nix-store btrfs subvolume create /mnt/@home btrfs subvolume create /mnt/@snapshots umount /mnt -mount -t btrfs -o subvol=@nixos,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/ +mount -t btrfs -o subvol=@nixos,compress=zstd,noatime,ssd $ROOT_NAME /mnt/ mkdir -p /mnt/.snapshots mkdir -p /mnt/home mkdir -p /mnt/nix/store -mount -t btrfs -o subvol=@snapshots,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/.snapshots -mount -t btrfs -o subvol=@home,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/home -mount -t btrfs -o subvol=@nix-store,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/nix/store +mount -t btrfs -o subvol=@snapshots,compress=zstd,noatime,ssd $ROOT_NAME /mnt/.snapshots +mount -t btrfs -o subvol=@home,compress=zstd,noatime,ssd $ROOT_NAME /mnt/home +mount -t btrfs -o subvol=@nix-store,compress=zstd,noatime,ssd $ROOT_NAME /mnt/nix/store btrfs subvolume create /mnt/tmp btrfs subvolume create /mnt/var # read -p "Press enter to continue" @@ -52,7 +54,7 @@ if [[ "$ENCRYPT_SWAP" == true ]]; then dd count=1 bs=256 if=/dev/urandom of=/mnt/root/swap.key cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 --key-file /mnt/root/swap.key luksFormat $SWAP_PARTITION cryptsetup --key-file /mnt/root/swap.key luksOpen $SWAP_PARTITION $SWAP_NAME - mkswap -L swap /dev/mapper/cryptswap + mkswap -L swap /dev/mapper/$SWAP_NAME else mkswap -L swap $SWAP_PARTITION fi @@ -62,7 +64,8 @@ nixos-generate-config --root /mnt/ mkdir -p /mnt/root/nixos-config cp -r $(pwd)/.. /mnt/root/nixos-config echo "import /mnt/root/nixos-config \"$DEVICE_NAME\"" > /mnt/etc/nixos/configuration.nix -nano /mnt/etc/nixos/configuration.nix +read -p "Debug" +# nano /mnt/etc/nixos/configuration.nix sed -i 's/\/etc\/nixos/\/mnt\/etc\/nixos/g' /mnt/root/nixos-config/default.nix read -p "Please, add swap device into nixos-config/modules/filesystems.nix before continue" read -p "Press enter to continue" diff --git a/modules/filesystems.nix b/modules/filesystems.nix index 26bc238..afae593 100644 --- a/modules/filesystems.nix +++ b/modules/filesystems.nix @@ -72,7 +72,7 @@ with deviceSpecific; { device = if device == "Dell-Laptop" then "/dev/disk/by-partuuid/2de40bc4-a91c-4c89-a2cd-cbf34a0adf01" else if device == "NixOS-VM" then - "/dev/disk/by-partuuid/afa18996-0fbc-448d-86ba-acf3f046671d" + "/dev/disk/by-partuuid/4caf1e45-2f1c-4cb2-a914-f2e90961503a" else ""; randomEncryption.enable = true; diff --git a/modules/network.nix b/modules/network.nix index 35b9110..ec15132 100644 --- a/modules/network.nix +++ b/modules/network.nix @@ -19,7 +19,7 @@ # usePredictableInterfaceNames = false; hostName = config.deviceSpecific.hostName; - mullvad.enable = true; + mullvad.enable = false; }; # systemd.services.dhcpcd.serviceConfig.Type = lib.mkForce # "simple"; # TODO Make a PR with this change; forking is not acceptable for dhcpcd. diff --git a/modules/packages.nix b/modules/packages.nix index 58d9c41..b8a64a5 100644 --- a/modules/packages.nix +++ b/modules/packages.nix @@ -10,13 +10,13 @@ nixpkgs.config = { packageOverrides = pkgs: { i3lock-fancy = pkgs.callPackage ./applications/i3lock-fancy.nix {}; - # mullvad-vpn = pkgs.mullvad-vpn.overrideAttrs (oldAttrs: rec { - # version = "2019.8"; - # src = pkgs.fetchurl { - # url = "https://www.mullvad.net/media/app/MullvadVPN-${version}_amd64.deb"; - # sha256 = "0cjc8j8pqgdhnax4mvwmvnxfcygjsp805hxalfaj8wa5adph96hz"; - # }; - # }); + mullvad-vpn = pkgs.mullvad-vpn.overrideAttrs (oldAttrs: rec { + version = "2019.8"; + src = pkgs.fetchurl { + url = "https://www.mullvad.net/media/app/MullvadVPN-${version}_amd64.deb"; + sha256 = "0cjc8j8pqgdhnax4mvwmvnxfcygjsp805hxalfaj8wa5adph96hz"; + }; + }); }; }; } \ No newline at end of file diff --git a/modules/secrets.nix b/modules/secrets.nix index cac20b5..d14ecf1 100644 --- a/modules/secrets.nix +++ b/modules/secrets.nix @@ -25,7 +25,7 @@ in rec { description = "Wireguard conf"; }; windows-samba = mkCredOption "samba on windows" { }; - linxu-samba = mkCredOption "samba on linux" { }; + linux-samba = mkCredOption "samba on linux" { }; }; config = let secretnix = import ../secret.nix; diff --git a/modules/wireguard.nix b/modules/wireguard.nix index b501bc8..297449f 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -4,22 +4,15 @@ let in { # Enable wireguard networking.wg-quick.interfaces = lib.mkIf cfg.enable { - wg0 = { - address = [ cfg.address ]; - dns = [ "10.192.122.1" ]; - # TODO change to privateKeyFile - privateKey = cfg.privateKey; - peers = [ - { - allowedIPs = [ "0.0.0.0/0" ]; - publicKey = "AgtgtS3InfOv4UQ+2MNAEMKFqZGhYXNOFmfMdKXIpng="; - endpoint = "51.38.98.116:51820"; - } - ]; - }; + wg0 = cfg.interface; }; # Enable killswitch - networking.nftables = lib.mkIf cfg.enable { + environment.systemPackages = + lib.mkIf (cfg.killswitch.package == "iptables") [ + pkgs.iptables + ]; + networking.nftables = + lib.mkIf (cfg.killswitch.package == "nftables") { enable = true; ruleset = '' flush ruleset diff --git a/modules/workspace/barrier.nix b/modules/workspace/barrier.nix index 326c676..49621b2 100644 --- a/modules/workspace/barrier.nix +++ b/modules/workspace/barrier.nix @@ -87,31 +87,32 @@ in serviceConfig.Restart = "on-failure"; }; }) - ] // { - services.barrier = if config.device == "NixOS-VM" then { - server.enable = true; - server.autoStart = true; - server.configFile = pkgs.writeTextFile { - name = "barrier.conf"; - text = '' - section: screens - NixOS-VM: - dell-ataraxia: - end - section: links - dell-ataraxia: - right = NixOS-VM - end - section: options - keystroke(super+alt+left) = switchInDirection(left) - keystroke(super+alt+right) = switchInDirection(right) - end - ''; + ({ + services.barrier = if config.device == "NixOS-VM" then { + server.enable = true; + server.autoStart = true; + server.configFile = pkgs.writeTextFile { + name = "barrier.conf"; + text = '' + section: screens + NixOS-VM: + dell-ataraxia: + end + section: links + dell-ataraxia: + right = NixOS-VM + end + section: options + keystroke(super+alt+left) = switchInDirection(left) + keystroke(super+alt+right) = switchInDirection(right) + end + ''; + }; + } else { + client.enable = true; + client.serverAddress = "NixOS-VM"; }; - } else { - client.enable = true; - client.serverAddress = "NixOS-VM"; - }; - }; + }) + ]; } \ No newline at end of file diff --git a/modules/workspace/misc.nix b/modules/workspace/misc.nix index 642e778..56e1ce4 100644 --- a/modules/workspace/misc.nix +++ b/modules/workspace/misc.nix @@ -7,16 +7,12 @@ LESS = "-asrRix8"; NIX_AUTO_RUN = "1"; }; + services.atd.enable = true; home-manager.users.alukard = { xdg.enable = true; services.udiskie.enable = true; - services.screen-locker = { - enable = true; - inactiveInterval = 15; # Minutes - lockCmd = "${pkgs.i3lock-fancy}/bin/i3lock-fancy -f Roboto-Medium"; - }; programs.git = { enable = true; userEmail = "alukard.develop@gmail.com"; diff --git a/secret.nix.gpg b/secret.nix.gpg index 3cb149e..decf464 100644 Binary files a/secret.nix.gpg and b/secret.nix.gpg differ