Changes

2019-09-26 02:46:10 +04:00 · 2019-09-26 02:46:10 +04:00 · ba24ea38da
commit ba24ea38da
parent bab4aee477
9 changed files with 57 additions and 64 deletions
--- a/install/install.sh
+++ b/install/install.sh
@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-ENCRYPT_ROOT=true
+ENCRYPT_ROOT=false
 ENCRYPT_SWAP=false
 FORMAT_BOOT_PARTITION=false

@ -11,7 +11,6 @@ ROOT_PARTITION=/dev/nvme0n1p2
 SWAP_NAME=cryptswap
 ROOT_NAME=cryptnixos

-
 gdisk $DEVICE

 # Format boot partition
@ -20,26 +19,29 @@ if [[ "$FORMAT_BOOT_PARTITION" == true ]]; then
 fi
 # Create luks partition
 if [[ "$ENCRYPT_ROOT" == true ]]; then
+  ROOT_NAME=/dev/mapper/$ROOT_NAME
  cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 luksFormat $ROOT_PARTITION
  cryptsetup luksOpen $ROOT_PARTITION $ROOT_NAME
-  mkfs.btrfs -f -L root /dev/mapper/$ROOT_NAME
+  mkfs.btrfs -f -L root $ROOT_NAME
+  mount -t btrfs -o compress=zstd,noatime,ssd $ROOT_NAME /mnt
 else
+  ROOT_NAME=$ROOT_PARTITION
  mkfs.btrfs -f -L root $ROOT_PARTITION
+  mount -t btrfs -o compress=zstd,noatime,ssd $ROOT_PARTITION /mnt
 fi
 # read -p "Press enter to continue"
-mount -t btrfs -o compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt
 btrfs subvolume create /mnt/@nixos
 btrfs subvolume create /mnt/@nix-store
 btrfs subvolume create /mnt/@home
 btrfs subvolume create /mnt/@snapshots
 umount /mnt
-mount -t btrfs -o subvol=@nixos,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/
+mount -t btrfs -o subvol=@nixos,compress=zstd,noatime,ssd $ROOT_NAME /mnt/
 mkdir -p /mnt/.snapshots
 mkdir -p /mnt/home
 mkdir -p /mnt/nix/store
-mount -t btrfs -o subvol=@snapshots,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/.snapshots
-mount -t btrfs -o subvol=@home,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/home
-mount -t btrfs -o subvol=@nix-store,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/nix/store
+mount -t btrfs -o subvol=@snapshots,compress=zstd,noatime,ssd $ROOT_NAME /mnt/.snapshots
+mount -t btrfs -o subvol=@home,compress=zstd,noatime,ssd $ROOT_NAME /mnt/home
+mount -t btrfs -o subvol=@nix-store,compress=zstd,noatime,ssd $ROOT_NAME /mnt/nix/store
 btrfs subvolume create /mnt/tmp
 btrfs subvolume create /mnt/var
 # read -p "Press enter to continue"
@ -52,7 +54,7 @@ if [[ "$ENCRYPT_SWAP" == true ]]; then
  dd count=1 bs=256 if=/dev/urandom of=/mnt/root/swap.key
  cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 --key-file /mnt/root/swap.key luksFormat $SWAP_PARTITION
  cryptsetup --key-file /mnt/root/swap.key luksOpen $SWAP_PARTITION $SWAP_NAME
-  mkswap -L swap /dev/mapper/cryptswap
+  mkswap -L swap /dev/mapper/$SWAP_NAME
 else
  mkswap -L swap $SWAP_PARTITION
 fi
@ -62,7 +64,8 @@ nixos-generate-config --root /mnt/
 mkdir -p /mnt/root/nixos-config
 cp -r $(pwd)/.. /mnt/root/nixos-config
 echo "import /mnt/root/nixos-config \"$DEVICE_NAME\"" > /mnt/etc/nixos/configuration.nix
-nano /mnt/etc/nixos/configuration.nix
+read -p "Debug"
+# nano /mnt/etc/nixos/configuration.nix
 sed -i 's/\/etc\/nixos/\/mnt\/etc\/nixos/g' /mnt/root/nixos-config/default.nix
 read -p "Please, add swap device into nixos-config/modules/filesystems.nix before continue"
 read -p "Press enter to continue"
--- a/modules/filesystems.nix
+++ b/modules/filesystems.nix
@ -72,7 +72,7 @@ with deviceSpecific; {
      device = if device == "Dell-Laptop" then
          "/dev/disk/by-partuuid/2de40bc4-a91c-4c89-a2cd-cbf34a0adf01"
        else if device == "NixOS-VM" then
-          "/dev/disk/by-partuuid/afa18996-0fbc-448d-86ba-acf3f046671d"
+          "/dev/disk/by-partuuid/4caf1e45-2f1c-4cb2-a914-f2e90961503a"
        else
          "";
      randomEncryption.enable = true;
--- a/modules/network.nix
+++ b/modules/network.nix
@ -19,7 +19,7 @@
    # usePredictableInterfaceNames = false;
    hostName = config.deviceSpecific.hostName;

-    mullvad.enable = true;
+    mullvad.enable = false;
  };
  # systemd.services.dhcpcd.serviceConfig.Type = lib.mkForce
  # "simple"; # TODO Make a PR with this change; forking is not acceptable for dhcpcd.
--- a/modules/packages.nix
+++ b/modules/packages.nix
@ -10,13 +10,13 @@
  nixpkgs.config = {
    packageOverrides = pkgs: {
      i3lock-fancy = pkgs.callPackage ./applications/i3lock-fancy.nix {};
-      # mullvad-vpn = pkgs.mullvad-vpn.overrideAttrs (oldAttrs: rec {
-      #   version = "2019.8";
-      #   src = pkgs.fetchurl {
-      #     url = "https://www.mullvad.net/media/app/MullvadVPN-${version}_amd64.deb";
-      #     sha256 = "0cjc8j8pqgdhnax4mvwmvnxfcygjsp805hxalfaj8wa5adph96hz";
-      #   };
-      # });
+      mullvad-vpn = pkgs.mullvad-vpn.overrideAttrs (oldAttrs: rec {
+        version = "2019.8";
+        src = pkgs.fetchurl {
+          url = "https://www.mullvad.net/media/app/MullvadVPN-${version}_amd64.deb";
+          sha256 = "0cjc8j8pqgdhnax4mvwmvnxfcygjsp805hxalfaj8wa5adph96hz";
+        };
+      });
    };
  };
 }
--- a/modules/secrets.nix
+++ b/modules/secrets.nix
@ -25,7 +25,7 @@ in rec {
      description = "Wireguard conf";
    };
    windows-samba = mkCredOption "samba on windows" { };
-    linxu-samba = mkCredOption "samba on linux" { };
+    linux-samba = mkCredOption "samba on linux" { };
  };
  config = let
    secretnix = import ../secret.nix;
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@ -4,22 +4,15 @@ let
 in {
  # Enable wireguard
  networking.wg-quick.interfaces = lib.mkIf cfg.enable {
-    wg0 = {
-      address = [ cfg.address ];
-      dns = [ "10.192.122.1" ];
-      # TODO change to privateKeyFile
-      privateKey = cfg.privateKey;
-      peers = [
-        {
-          allowedIPs = [ "0.0.0.0/0" ];
-          publicKey  = "AgtgtS3InfOv4UQ+2MNAEMKFqZGhYXNOFmfMdKXIpng=";
-          endpoint   = "51.38.98.116:51820";
-        }
-      ];
-    };
+    wg0 = cfg.interface;
  };
  # Enable killswitch
-  networking.nftables = lib.mkIf cfg.enable {
+  environment.systemPackages =
+    lib.mkIf (cfg.killswitch.package == "iptables") [
+      pkgs.iptables
+    ];
+  networking.nftables =
+    lib.mkIf (cfg.killswitch.package == "nftables") {
    enable = true;
    ruleset = ''
      flush ruleset
--- a/modules/workspace/barrier.nix
+++ b/modules/workspace/barrier.nix
@ -87,7 +87,7 @@ in
        serviceConfig.Restart = "on-failure";
      };
    })
-  ] // {
+    ({
      services.barrier = if config.device == "NixOS-VM" then {
        server.enable = true;
        server.autoStart = true;
@ -112,6 +112,7 @@ in
        client.enable = true;
        client.serverAddress = "NixOS-VM";
      };
-  };
+    })
+  ];

 }
--- a/modules/workspace/misc.nix
+++ b/modules/workspace/misc.nix
@ -7,16 +7,12 @@
    LESS = "-asrRix8";
    NIX_AUTO_RUN = "1";
  };
+
  services.atd.enable = true;
  home-manager.users.alukard = {
    xdg.enable = true;

    services.udiskie.enable = true;
-    services.screen-locker = {
-      enable = true;
-      inactiveInterval = 15; # Minutes
-      lockCmd = "${pkgs.i3lock-fancy}/bin/i3lock-fancy -f Roboto-Medium";
-    };
    programs.git = {
      enable = true;
      userEmail = "alukard.develop@gmail.com";
--- a/secret.nix.gpg
+++ b/secret.nix.gpg