From e885306bf0e9ba12e1b860eb456cf185cace5712 Mon Sep 17 00:00:00 2001 From: Shahab Dogar Date: Fri, 31 Jan 2025 16:49:54 +0500 Subject: [PATCH] feat: NixOS | add disko and hashed password for user --- flake.nix | 20 +++++++++-- nixos/configuration.nix | 5 +-- nixos/disko-config.nix | 61 ++++++++++++++++++++++++++++++++ nixos/hardware-configuration.nix | 25 ++----------- 4 files changed, 83 insertions(+), 28 deletions(-) create mode 100644 nixos/disko-config.nix diff --git a/flake.nix b/flake.nix index f70ebec..8632a4a 100644 --- a/flake.nix +++ b/flake.nix @@ -6,26 +6,40 @@ home-manager.url = "github:nix-community/home-manager/release-24.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; hyprland.url = "github:hyprwm/Hyprland"; + + # Disko + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { self, nixpkgs, home-manager, + disko, ... } @ inputs: let system = "x86_64-linux"; host = "rihla"; user = "shahab"; - lib = nixpkgs.lib; pkgs = nixpkgs.legacyPackages.${system}; in { nixosConfigurations = { "${host}" = nixpkgs.lib.nixosSystem { inherit system; - modules = [ ./nixos/configuration.nix ]; - specialArgs = { inherit inputs; }; + modules = [ + disko.nixosModules.disko + ./nixos/configuration.nix + ./nixos/disko-config.nix + ./nixos/hardware-configuration.nix + ]; + specialArgs = { + inherit inputs; + meta = { + hostname = host; + }; + }; }; }; diff --git a/nixos/configuration.nix b/nixos/configuration.nix index 155bc89..ab6e33c 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ inputs, config, pkgs, ... }: +{ inputs, hostname, pkgs, ... }: { imports = @@ -18,7 +18,7 @@ hardware.bluetooth.enable = true; hardware.bluetooth.powerOnBoot = true; - networking.hostName = "rihla"; # Define your hostname. + networking.hostName = hostname; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Configure network proxy if necessary @@ -136,6 +136,7 @@ isNormalUser = true; description = "Shahab Dogar"; extraGroups = [ "networkmanager" "wheel" "input" "libvirtd" ]; + hashedPassword = "$6$.ZlYnf2cZph4tCbM$E/JJUDirRV8MZrgX4Rh.Pi1q95tev1ZxcKjPA1I.uURv56qoWcC39MJWO9S2T5MlkPVbSLGiM8Ihfz9mERImo/"; }; # Allow unfree packages diff --git a/nixos/disko-config.nix b/nixos/disko-config.nix new file mode 100644 index 0000000..255e7b8 --- /dev/null +++ b/nixos/disko-config.nix @@ -0,0 +1,61 @@ +{ + disko.devices = { + disk = { + vdb = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1M"; + end = "128M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + luks = { + size = "100%"; + content = { + name = "crypted"; + type = "luks"; + askPassword = true; + content = { + type = "btrfs"; + extraArgs = ["-L" "nixos" "-f"]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = ["subvol=root" "compress=zstd" "noatime"]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = ["subvol=home" "compress=zstd" "noatime"]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = ["subvol=nix" "compress=zstd" "noatime"]; + }; + "/log" = { + mountpoint = "/var/log"; + mountOptions = ["subvol=log" "compress=zstd" "noatime"]; + }; + "/swap" = { + mountpoint = "/swap"; + swap.swapfile.size = "64G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nixos/hardware-configuration.nix b/nixos/hardware-configuration.nix index 7b0c34f..7d4e36c 100644 --- a/nixos/hardware-configuration.nix +++ b/nixos/hardware-configuration.nix @@ -1,37 +1,16 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/76272a47-955b-4bda-82ec-50418f8210f9"; - fsType = "ext4"; - }; - - boot.initrd.luks.devices = { - "luks-d35c44b6-3e25-4e0a-a439-95a786f17cd8".device = "/dev/disk/by-uuid/d35c44b6-3e25-4e0a-a439-95a786f17cd8"; - "luks-15c96eaf-c225-4a27-873e-94ed67b04037".device = "/dev/disk/by-uuid/15c96eaf-c225-4a27-873e-94ed67b04037"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/4B7B-782A"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/5b377538-3a2e-4ac9-ba53-a63b65b0f48b"; } ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction