AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Changes

Browse Source
This commit is contained in:
Dmitriy 2019-09-26 02:46:10 +04:00
parent bab4aee477
commit ba24ea38da
9 changed files with 57 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
install/install.sh
View File

@ -1,5 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
ENCRYPT_ROOT=true ENCRYPT_ROOT=false
ENCRYPT_SWAP=false ENCRYPT_SWAP=false
FORMAT_BOOT_PARTITION=false FORMAT_BOOT_PARTITION=false
@ -11,7 +11,6 @@ ROOT_PARTITION=/dev/nvme0n1p2
SWAP_NAME=cryptswap SWAP_NAME=cryptswap
ROOT_NAME=cryptnixos ROOT_NAME=cryptnixos
gdisk $DEVICE gdisk $DEVICE
# Format boot partition # Format boot partition
@ -20,26 +19,29 @@ if [[ "$FORMAT_BOOT_PARTITION" == true ]]; then
fi fi
# Create luks partition # Create luks partition
if [[ "$ENCRYPT_ROOT" == true ]]; then if [[ "$ENCRYPT_ROOT" == true ]]; then
ROOT_NAME=/dev/mapper/$ROOT_NAME
cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 luksFormat $ROOT_PARTITION cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 luksFormat $ROOT_PARTITION
cryptsetup luksOpen $ROOT_PARTITION $ROOT_NAME cryptsetup luksOpen $ROOT_PARTITION $ROOT_NAME
mkfs.btrfs -f -L root /dev/mapper/$ROOT_NAME mkfs.btrfs -f -L root $ROOT_NAME
mount -t btrfs -o compress=zstd,noatime,ssd $ROOT_NAME /mnt
else else
ROOT_NAME=$ROOT_PARTITION
mkfs.btrfs -f -L root $ROOT_PARTITION mkfs.btrfs -f -L root $ROOT_PARTITION
mount -t btrfs -o compress=zstd,noatime,ssd $ROOT_PARTITION /mnt
fi fi
# read -p "Press enter to continue" # read -p "Press enter to continue"
mount -t btrfs -o compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt
btrfs subvolume create /mnt/@nixos btrfs subvolume create /mnt/@nixos
btrfs subvolume create /mnt/@nix-store btrfs subvolume create /mnt/@nix-store
btrfs subvolume create /mnt/@home btrfs subvolume create /mnt/@home
btrfs subvolume create /mnt/@snapshots btrfs subvolume create /mnt/@snapshots
umount /mnt umount /mnt
mount -t btrfs -o subvol=@nixos,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/ mount -t btrfs -o subvol=@nixos,compress=zstd,noatime,ssd $ROOT_NAME /mnt/
mkdir -p /mnt/.snapshots mkdir -p /mnt/.snapshots
mkdir -p /mnt/home mkdir -p /mnt/home
mkdir -p /mnt/nix/store mkdir -p /mnt/nix/store
mount -t btrfs -o subvol=@snapshots,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/.snapshots mount -t btrfs -o subvol=@snapshots,compress=zstd,noatime,ssd $ROOT_NAME /mnt/.snapshots
mount -t btrfs -o subvol=@home,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/home mount -t btrfs -o subvol=@home,compress=zstd,noatime,ssd $ROOT_NAME /mnt/home
mount -t btrfs -o subvol=@nix-store,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/nix/store mount -t btrfs -o subvol=@nix-store,compress=zstd,noatime,ssd $ROOT_NAME /mnt/nix/store
btrfs subvolume create /mnt/tmp btrfs subvolume create /mnt/tmp
btrfs subvolume create /mnt/var btrfs subvolume create /mnt/var
# read -p "Press enter to continue" # read -p "Press enter to continue"
@ -52,7 +54,7 @@ if [[ "$ENCRYPT_SWAP" == true ]]; then
dd count=1 bs=256 if=/dev/urandom of=/mnt/root/swap.key dd count=1 bs=256 if=/dev/urandom of=/mnt/root/swap.key
cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 --key-file /mnt/root/swap.key luksFormat $SWAP_PARTITION cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 --key-file /mnt/root/swap.key luksFormat $SWAP_PARTITION
cryptsetup --key-file /mnt/root/swap.key luksOpen $SWAP_PARTITION $SWAP_NAME cryptsetup --key-file /mnt/root/swap.key luksOpen $SWAP_PARTITION $SWAP_NAME
mkswap -L swap /dev/mapper/cryptswap mkswap -L swap /dev/mapper/$SWAP_NAME
else else
mkswap -L swap $SWAP_PARTITION mkswap -L swap $SWAP_PARTITION
fi fi
@ -62,7 +64,8 @@ nixos-generate-config --root /mnt/
mkdir -p /mnt/root/nixos-config mkdir -p /mnt/root/nixos-config
cp -r $(pwd)/.. /mnt/root/nixos-config cp -r $(pwd)/.. /mnt/root/nixos-config
echo "import /mnt/root/nixos-config \"$DEVICE_NAME\"" > /mnt/etc/nixos/configuration.nix echo "import /mnt/root/nixos-config \"$DEVICE_NAME\"" > /mnt/etc/nixos/configuration.nix
nano /mnt/etc/nixos/configuration.nix read -p "Debug"
# nano /mnt/etc/nixos/configuration.nix
sed -i 's/\/etc\/nixos/\/mnt\/etc\/nixos/g' /mnt/root/nixos-config/default.nix sed -i 's/\/etc\/nixos/\/mnt\/etc\/nixos/g' /mnt/root/nixos-config/default.nix
read -p "Please, add swap device into nixos-config/modules/filesystems.nix before continue" read -p "Please, add swap device into nixos-config/modules/filesystems.nix before continue"
read -p "Press enter to continue" read -p "Press enter to continue"

2
modules/filesystems.nix
View File

@ -72,7 +72,7 @@ with deviceSpecific; {
device = if device == "Dell-Laptop" then device = if device == "Dell-Laptop" then
"/dev/disk/by-partuuid/2de40bc4-a91c-4c89-a2cd-cbf34a0adf01" "/dev/disk/by-partuuid/2de40bc4-a91c-4c89-a2cd-cbf34a0adf01"
else if device == "NixOS-VM" then else if device == "NixOS-VM" then
"/dev/disk/by-partuuid/afa18996-0fbc-448d-86ba-acf3f046671d" "/dev/disk/by-partuuid/4caf1e45-2f1c-4cb2-a914-f2e90961503a"
else else
""; "";
randomEncryption.enable = true; randomEncryption.enable = true;

2
modules/network.nix
View File

@ -19,7 +19,7 @@
# usePredictableInterfaceNames = false; # usePredictableInterfaceNames = false;
hostName = config.deviceSpecific.hostName; hostName = config.deviceSpecific.hostName;
mullvad.enable = true; mullvad.enable = false;
}; };
# systemd.services.dhcpcd.serviceConfig.Type = lib.mkForce # systemd.services.dhcpcd.serviceConfig.Type = lib.mkForce
# "simple"; # TODO Make a PR with this change; forking is not acceptable for dhcpcd. # "simple"; # TODO Make a PR with this change; forking is not acceptable for dhcpcd.

14
modules/packages.nix
View File

@ -10,13 +10,13 @@
nixpkgs.config = { nixpkgs.config = {
packageOverrides = pkgs: { packageOverrides = pkgs: {
i3lock-fancy = pkgs.callPackage ./applications/i3lock-fancy.nix {}; i3lock-fancy = pkgs.callPackage ./applications/i3lock-fancy.nix {};
# mullvad-vpn = pkgs.mullvad-vpn.overrideAttrs (oldAttrs: rec { mullvad-vpn = pkgs.mullvad-vpn.overrideAttrs (oldAttrs: rec {
# version = "2019.8"; version = "2019.8";
# src = pkgs.fetchurl { src = pkgs.fetchurl {
# url = "https://www.mullvad.net/media/app/MullvadVPN-${version}_amd64.deb"; url = "https://www.mullvad.net/media/app/MullvadVPN-${version}_amd64.deb";
# sha256 = "0cjc8j8pqgdhnax4mvwmvnxfcygjsp805hxalfaj8wa5adph96hz"; sha256 = "0cjc8j8pqgdhnax4mvwmvnxfcygjsp805hxalfaj8wa5adph96hz";
# }; };
# }); });
}; };
}; };
} }

2
modules/secrets.nix
View File

@ -25,7 +25,7 @@ in rec {
description = "Wireguard conf"; description = "Wireguard conf";
}; };
windows-samba = mkCredOption "samba on windows" { }; windows-samba = mkCredOption "samba on windows" { };
linxu-samba = mkCredOption "samba on linux" { }; linux-samba = mkCredOption "samba on linux" { };
}; };
config = let config = let
secretnix = import ../secret.nix; secretnix = import ../secret.nix;

21
modules/wireguard.nix
View File

@ -4,22 +4,15 @@ let
in { in {
# Enable wireguard # Enable wireguard
networking.wg-quick.interfaces = lib.mkIf cfg.enable { networking.wg-quick.interfaces = lib.mkIf cfg.enable {
wg0 = { wg0 = cfg.interface;
address = [ cfg.address ];
dns = [ "10.192.122.1" ];
# TODO change to privateKeyFile
privateKey = cfg.privateKey;
peers = [
{
allowedIPs = [ "0.0.0.0/0" ];
publicKey = "AgtgtS3InfOv4UQ+2MNAEMKFqZGhYXNOFmfMdKXIpng=";
endpoint = "51.38.98.116:51820";
}
];
};
}; };
# Enable killswitch # Enable killswitch
networking.nftables = lib.mkIf cfg.enable { environment.systemPackages =
lib.mkIf (cfg.killswitch.package == "iptables") [
pkgs.iptables
];
networking.nftables =
lib.mkIf (cfg.killswitch.package == "nftables") {
enable = true; enable = true;
ruleset = '' ruleset = ''
flush ruleset flush ruleset

5
modules/workspace/barrier.nix
View File

@ -87,7 +87,7 @@ in
serviceConfig.Restart = "on-failure"; serviceConfig.Restart = "on-failure";
}; };
}) })
] // { ({
services.barrier = if config.device == "NixOS-VM" then { services.barrier = if config.device == "NixOS-VM" then {
server.enable = true; server.enable = true;
server.autoStart = true; server.autoStart = true;
@ -112,6 +112,7 @@ in
client.enable = true; client.enable = true;
client.serverAddress = "NixOS-VM"; client.serverAddress = "NixOS-VM";
}; };
}; })
];
} }

6
modules/workspace/misc.nix
View File

@ -7,16 +7,12 @@
LESS = "-asrRix8"; LESS = "-asrRix8";
NIX_AUTO_RUN = "1"; NIX_AUTO_RUN = "1";
}; };
services.atd.enable = true; services.atd.enable = true;
home-manager.users.alukard = { home-manager.users.alukard = {
xdg.enable = true; xdg.enable = true;
services.udiskie.enable = true; services.udiskie.enable = true;
services.screen-locker = {
enable = true;
inactiveInterval = 15; # Minutes
lockCmd = "${pkgs.i3lock-fancy}/bin/i3lock-fancy -f Roboto-Medium";
};
programs.git = { programs.git = {
enable = true; enable = true;
userEmail = "alukard.develop@gmail.com"; userEmail = "alukard.develop@gmail.com";

BIN
secret.nix.gpg
View File

Binary file not shown.