diff --git a/README.md b/README.md index 0ec330d..1f9742d 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,8 @@ sudo nixos-rebuild switch --flake ".#" --update-input nixpkgs --commit ## How to install new system with flake +### Method 1 + 1. Boot into live NixOS disk and run the following commands: ``` sudo su @@ -28,6 +30,31 @@ sudo rm -r /etc/nixos/configuration.nix ``` 3. Move build to desired location. + +### Method 2 +1. Boot into live NixOS disk +2. Install NixOS +3. Add the following changes: +```/etc/nixos/configuration.nix +environment.systemPackages = with pkgs; [ + git +]; +services.openssh.enable = true; +nix.settings.experimental-features = [ "nix-command" "flakes" ]; +``` +4. Run the following command: +``` +sudo nixos-rebuild switch +``` +5. Grab the IP address with the following command: +``` +ip addr +``` +6. Copy a flake repo from the host machine: +``` +rsync -avz @: +``` + ## Nix commands to remember ``` diff --git a/flake.lock b/flake.lock index aa196b1..429f6c8 100644 --- a/flake.lock +++ b/flake.lock @@ -22,11 +22,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1698611440, - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", + "lastModified": 1701253981, + "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", + "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58", "type": "github" }, "original": { diff --git a/home-manager/all.nix b/home-manager/all.nix index de8a12d..2bb4a21 100644 --- a/home-manager/all.nix +++ b/home-manager/all.nix @@ -54,8 +54,8 @@ set relativenumber set splitbelow set splitright - set tabstop=4 - set shiftwidth=4 + set tabstop=2 + set shiftwidth=2 ''; }; programs.lf = { diff --git a/home-manager/dots/bspwm/bspwmrc b/home-manager/dots/bspwm/bspwmrc index 562da84..1d8d33e 100755 --- a/home-manager/dots/bspwm/bspwmrc +++ b/home-manager/dots/bspwm/bspwmrc @@ -25,12 +25,9 @@ bspc rule -a Wrapper-2.0 \ state=floating border=off focus=on bspc rule -a mpv \ state=floating sticky=on follow=off focus=on \ - rectangle=640x360+1920+1080 + rectangle=640x360+1920+1080 monitor=DP-1 bspc rule -a "*:Toolkit:Picture-in-Picture" \ state=floating sticky=on follow=off focus=on \ - rectangle=640x360+1920+1080 -bspc rule -a discord:discord: desktop='2' -bspc rule -a Signal:signal: desktop='2' -bspc rule -a steam:steamwebhelper: desktop='9' + rectangle=640x360+1920+1080 monitor=DP-1 bspc rule -a trayer:panel: border=off manage=off bspc rule -a xdragon:Xdragon state=floating sticky=on diff --git a/home-manager/dots/sxhkd/sxhkdrc b/home-manager/dots/sxhkd/sxhkdrc index 0389c33..b479c7e 100644 --- a/home-manager/dots/sxhkd/sxhkdrc +++ b/home-manager/dots/sxhkd/sxhkdrc @@ -27,19 +27,14 @@ super + shift + bracket{left,right} notify-desktop "Volume is now $(amixer sset Master 5%{-,+} | awk -F '[][]' '/Right:/ \{ print $2 \}')" # make sxhkd reload its configuration files: -super + shift + r +super + r pkill -USR1 -x sxhkd; notify-desktop "sxhkd config reloaded" -# -# bspwm hotkeys -# - -# quit/restart bspwm -super + alt + {q,r} - bspc {quit,wm -r} +super + shift + r + bspc wm -r; notify-desktop "bspwm config reloaded" # close and kill -super + {_,shift + }w +super + {_,shift + }q bspc node -{c,k} # alternate between the tiled and monocle layout @@ -59,8 +54,10 @@ super + g # # set the window state -super + {t,shift + t,f,shift + f} - bspc node -t {\~tiled,\~pseudo_tiled,\~fullscreen,\~floating} +super + {t,shift + t,f} + bspc node -t {\~tiled,\~pseudo_tiled,\~floating} +F11 + bspc node -t \~fullscreen # set the node flags super + ctrl + {m,x,y,z} diff --git a/home-manager/dots/xinitrc b/home-manager/dots/xinitrc index e4940d2..21de378 100644 --- a/home-manager/dots/xinitrc +++ b/home-manager/dots/xinitrc @@ -3,8 +3,9 @@ test -z "$DBUS_SESSION_BUS_ADDRESS" && eval $(dbus-launch --exit-with-session -- systemctl --user import-environment DISPLAY XAUTHORITY command -v dbus-update-activation-environment >/dev/null 2>&1 && dbus-update-activation-environment DISPLAY XAUTHORITY xrdb ~/.Xresources & -hsetroot -solid "#282a36" & +xrandr --output DP-1 --primary --mode 2560x1440 --rotate normal --rate "164.99" --output DP-2 --mode 2560x1440 --rotate left --rate "164.99" --right-of DP-1 & picom & +hsetroot -solid "#282a36" & xbanish & dunst & clipmenud & @@ -12,5 +13,4 @@ trayer --edge bottom --align right --margin 0 --widthtype request --SetDockType nm-applet & mullvad-gui & sxhkd & -xrandr --output DP-1 --primary --mode 2560x1440 --rotate normal --rate "164.99" --output DP-2 --mode 2560x1440 --rotate normal --rate "164.99" --right-of DP-1 & exec bspwm diff --git a/home-manager/gui.nix b/home-manager/gui.nix index 9f73758..53164ee 100644 --- a/home-manager/gui.nix +++ b/home-manager/gui.nix @@ -40,13 +40,57 @@ target = ".xinitrc"; }; }; - xdg.configFile = { - "bspwm" = { - source = ./dots/bspwm; - target = "bspwm"; - recursive = true; - executable = true; + xsession.windowManager.bspwm = { + enable = true; + rules = { + "Wrapper-2.0" = { + state = "floating"; + border = false; + focus = true; + }; + "mpv" = { + state = "floating"; + sticky = true; + follow = false; + focus = true; + }; + "*:Toolkit:Picture-in-Picture" = { + state = "floating"; + sticky = true; + follow = false; + focus = true; + }; + "trayer:panel:" = { + border = false; + manage = false; + }; + "xdragon:Xdragon:" = { + state = "floating"; + sticky = true; + }; }; + settings = { + automatic_scheme = "alternate"; + split_ratio = 0.5; + focus_follows_pointer = true; + pointer_follows_focus = false; + border_width = 1; + top_padding = 0; + window_gap = 24; + borderless_monocle = false; + gapless_monocle = false; + focused_border_color = "#bd93f9"; + normal_border_color = "#282a36"; + presel_feedback_color = "#282a36"; + }; + }; + xdg.configFile = { + #"bspwm" = { + # source = ./dots/bspwm; + # target = "bspwm"; + # recursive = true; + # executable = true; + #}; "dunst" = { source = ./dots/dunst; target = "dunst"; diff --git a/hosts/buckwheat/configuration.nix b/hosts/buckwheat/configuration.nix index 5b1f0e5..f5aea20 100644 --- a/hosts/buckwheat/configuration.nix +++ b/hosts/buckwheat/configuration.nix @@ -45,6 +45,11 @@ in virt-manager ]; }; + environment = { + systemPackages = with pkgs; [ + virtiofsd + ]; + }; services = { davfs2 = { enable = true; @@ -71,12 +76,14 @@ in services.borgbackup.jobs."daily" = { paths = [ "/home" + #"/var" ]; exclude = [ "/home/*/go/bin" "/home/*/go/pkg" ]; repo = "/mnt/daily/buckwheat"; + #repo = "/mnt/backups/buckwheat"; encryption = { mode = "repokey-blake2"; passCommand = "cat /root/borgbackup/passphrase"; @@ -85,6 +92,7 @@ in startAt = "daily"; prune.keep = { within = "7d"; + #within = "14d"; }; }; services.borgbackup.jobs."weekly" = { diff --git a/hosts/buckwheat/hardware-configuration.nix b/hosts/buckwheat/hardware-configuration.nix index d016e64..bcf779a 100644 --- a/hosts/buckwheat/hardware-configuration.nix +++ b/hosts/buckwheat/hardware-configuration.nix @@ -22,6 +22,16 @@ fsType = "vfat"; }; + #fileSystems."/mnt/home" = { + # device = ""; + # fsType = "ext4"; + #}; + + #fileSystems."/mnt/backups" = { + # device = ""; + # fsType = "ext4"; + #}; + fileSystems."/mnt/daily" = { device = "/dev/disk/by-uuid/bfdd61f6-2d26-4140-94ac-e60c21636dde"; fsType = "ext4"; @@ -37,12 +47,6 @@ fsType = "ext4"; }; - #fileSystems."/media" = - # { device = "/mnt/videos"; - # fsType = "none"; - # options = [ "bind" ]; - # }; - swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/hosts/buckwheat/home.nix b/hosts/buckwheat/home.nix index bcf3913..463ba4b 100644 --- a/hosts/buckwheat/home.nix +++ b/hosts/buckwheat/home.nix @@ -1,6 +1,32 @@ # Buckwheat home.nix { config, lib, pkgs, inputs, user, ... }: { + xsession.windowManager.bspwm = { + monitors = { + DP-1 = [ + "1" + "2" + "3" + "4" + "5" + ]; + DP-2 = [ + "6" + "7" + "8" + "9" + "0" + ]; + }; + rules = { + "mpv" = { + rectangle = "640x360+1920+1080"; + }; + "*:Toolkit:Picture-in-Picture" = { + rectangle = "640x360+1920+1080"; + }; + }; + }; services = { udiskie = { enable = true; @@ -16,4 +42,35 @@ }; }; }; + systemd.user.services = { + cmus-library-refresh = { + Unit = { + Description = "cmus library refresh to add any new songs"; + }; + Service = { + Type = "oneshot"; + ExecStart = toString ( + pkgs.writeShellScript "cmus-library-refresh" '' + set -eou pipefail + ${pkgs.bash}/bin/bash "/home/${user.name}/.local/bin/cmus_library_refresh.sh"; + '' + ); + }; + Install.WantedBy = [ "default.target" ]; + }; + }; + systemd.user.timers = { + cmus_library_refresh = { + Unit = { + Description = "cmus library refresh to add any new songs"; + Documentation = [ "man:cmus-remote(1)" ]; + }; + Timer = { + Unit = "cmus_library_refresh"; + OnBootSec = "5m"; + OnUnitActiveSec = "1h"; + }; + Install.WantedBy = [ "timers.target" ]; + }; + }; } diff --git a/hosts/vm/configuration.nix_ b/hosts/vm/configuration.nix_ new file mode 100644 index 0000000..5b1f0e5 --- /dev/null +++ b/hosts/vm/configuration.nix_ @@ -0,0 +1,123 @@ +# Buckwheat configuration.nix +{ config, lib, pkgs, inputs, user, ... }: +let + hostname="buckwheat"; +in +{ + imports = [ + ./hardware-configuration.nix + ]; + boot = { + loader = { + systemd-boot = { + enable = true; + configurationLimit = 10; + }; + efi.canTouchEfiVariables = true; + efi.efiSysMountPoint = "/boot/efi"; + timeout = 2; + }; + + # Hardware-configuration edits + kernel.sysctl."net.ipv4.ip_forward" = 1; + + # Clean /tmp at boot + tmp.cleanOnBoot = true; + }; + networking = { + hostName = "${hostname}"; # Define your hostname. + firewall = { + # To disable the firewall altogether: + # enable = false; + allowedTCPPorts = [ 445 139 ]; + allowedUDPPorts = [ 137 138 ]; + }; + # Proxy configuration + # proxy = { + # default = "http://user:password@proxy:port/"; + # noProxy = "127.0.0.1,localhost,internal.domain"; + # }; + }; + users.users.${user.name} = { + extraGroups = [ "davfs2" "libvirtd" "transmission" ]; + packages = with pkgs; [ + mixxx + virt-manager + ]; + }; + services = { + davfs2 = { + enable = true; + }; + mullvad-vpn = { + enable = true; + package = pkgs.mullvad-vpn; + }; + transmission = { + enable = true; + openFirewall = true; + }; + udisks2 = { + enable = true; + mountOnMedia = true; + }; + # Enable automatic login for the user. + # getty.autologinUser = "${user.name}"; + }; + + virtualisation.libvirtd.enable = true; + + # Borg backup configuration + services.borgbackup.jobs."daily" = { + paths = [ + "/home" + ]; + exclude = [ + "/home/*/go/bin" + "/home/*/go/pkg" + ]; + repo = "/mnt/daily/buckwheat"; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat /root/borgbackup/passphrase"; + }; + compression = "auto,lzma"; + startAt = "daily"; + prune.keep = { + within = "7d"; + }; + }; + services.borgbackup.jobs."weekly" = { + paths = [ + "/home" + ]; + exclude = [ + "/home/*/go/bin" + "/home/*/go/pkg" + ]; + repo = "/mnt/weekly/buckwheat"; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat /root/borgbackup/passphrase"; + }; + compression = "auto,lzma"; + startAt = "weekly"; + }; + #services.borgbackup.jobs."borgbase" = { + # paths = [ + # "/home" + # ]; + # exclude = [ + # "/home/*/go/bin" + # "/home/*/go/pkg" + # ]; + # repo = ".repo.borgbase.com:repo"; + # encryption = { + # mode = "repokey-blake2"; + # passCommand = "cat /root/borgbackup/passphrase"; + # }; + # environment.BORG_RSH = "ssh -i /root/borgbackup/ssh_key"; + # compression = "auto,lzma"; + # startAt = "daily"; + #}; +} diff --git a/hosts/vm/default-configuration.nix b/hosts/vm/default-configuration.nix deleted file mode 100644 index c7b515c..0000000 --- a/hosts/vm/default-configuration.nix +++ /dev/null @@ -1,98 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Bootloader. - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/vda"; - boot.loader.grub.useOSProber = true; - - networking.hostName = "nixos"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking - networking.networkmanager.enable = true; - - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - # Set your time zone. - time.timeZone = "America/Los_Angeles"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - # Configure keymap in X11 - services.xserver = { - layout = "us"; - xkbVariant = ""; - }; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.user = { - isNormalUser = true; - description = "user"; - extraGroups = [ "networkmanager" "wheel" ]; - packages = with pkgs; []; - }; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? - -} diff --git a/nixos.qcow2 b/nixos.qcow2 new file mode 100644 index 0000000..20f248b Binary files /dev/null and b/nixos.qcow2 differ diff --git a/nixos/cli.nix b/nixos/cli.nix index 6acb763..47e7a85 100644 --- a/nixos/cli.nix +++ b/nixos/cli.nix @@ -72,7 +72,7 @@ catgirl cava cifs-utils - #cmus + cmus curlie dig dogdns diff --git a/nixos/gui.nix b/nixos/gui.nix index f964093..e161b9b 100644 --- a/nixos/gui.nix +++ b/nixos/gui.nix @@ -73,6 +73,7 @@ glib lagrange libreoffice + librewolf mangal mpv mullvad-browser @@ -80,7 +81,6 @@ #onionshare-gui scrot signal-desktop - surf tor-browser-bundle-bin urlview ]; diff --git a/nixos/server_defense.nix b/nixos/server_defense.nix new file mode 100644 index 0000000..e7c51e2 --- /dev/null +++ b/nixos/server_defense.nix @@ -0,0 +1,35 @@ +# All configuration.nix +{ config, lib, pkgs, inputs, user, ... }: +{ + services = { + openssh = { + enable = true; + ports = [ + 22 + 8282 + ]; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + allowSFTP = false; # Don't set this if you need sftp + extraConfig = '' + AllowTcpForwarding yes + X11Forwarding no + AllowAgentForwarding no + AllowStreamLocalForwarding no + AuthenticationMethods publickey + ''; + }; + endlessh = { + enable = true; + openFirewall = true; + port = 22; + extraOptions = [ + "-6" + "-d 9000" + "-v" + ]; + }; + } +} diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..a1290b6 --- /dev/null +++ b/shell.nix @@ -0,0 +1,14 @@ +let + nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-23.05"; + pkgs = import nixpkgs { config = {}; overlays = []; }; +in + +pkgs.mkShell { + packages = with pkgs; [ + cowsay + ]; + GIT_EDITOR = "${pkgs.neovim}/bin/nvim"; + shellHook = '' + git status + ''; +}