diff --git a/flake.nix b/flake.nix index 9382a34..2822f98 100644 --- a/flake.nix +++ b/flake.nix @@ -180,6 +180,18 @@ # NixOS configuration entrypoint # Available through 'nixos-rebuild --flake .#your-hostname' nixosConfigurations = { + nixIso = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs outputs;}; + modules = + sharedModules + ++ desktopModules + ++ [ + ./nixos/hosts/iso/configuration.nix + "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix" + ]; + }; + EDI = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = {inherit inputs outputs;}; diff --git a/home-manager/hosts/iso/id_ed25519.pub b/home-manager/hosts/iso/id_ed25519.pub new file mode 100644 index 0000000..c1ae600 --- /dev/null +++ b/home-manager/hosts/iso/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeZHHAEoUh/Ly9F1xUSPZLPNE0Yh/wM2qWgKvlEBa8A lillian@GLaDOS diff --git a/home-manager/hosts/iso/lillian.nix b/home-manager/hosts/iso/lillian.nix index 1922c62..b76bd91 100644 --- a/home-manager/hosts/iso/lillian.nix +++ b/home-manager/hosts/iso/lillian.nix @@ -11,13 +11,11 @@ # You can also split up your configuration and import pieces of it here: # ./nvim.nix - ../../desktop - ../../shared ]; home.packages = with pkgs; [ ]; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - home.stateVersion = "25.05"; + home.stateVersion = "25.11"; } diff --git a/nixos/hosts/iso/configuration.nix b/nixos/hosts/iso/configuration.nix index 1c45890..fd73d37 100644 --- a/nixos/hosts/iso/configuration.nix +++ b/nixos/hosts/iso/configuration.nix @@ -10,20 +10,20 @@ # outputs.homeManagerModules.example # outputs.nixosModules.contabo.wan inputs.home-manager.nixosModules.home-manager + outputs.nixosModules.vpn-ip # Or modules exported from other flakes (such as nix-colors): # inputs.nix-colors.homeManagerModules.defaults # Import shared settings - ../../shared ]; - programs.command-not-found.enable = lib.mkForce false; - programs.nix-index.enable = true; - programs.nix-index-database.comma.enable = true; + # programs.command-not-found.enable = lib.mkForce false; + # programs.nix-index.enable = true; + # programs.nix-index-database.comma.enable = true; - boot.tmp.cleanOnBoot = true; - zramSwap.enable = false; - networking.domain = ""; + # boot.tmp.cleanOnBoot = true; + # zramSwap.enable = false; + # networking.domain = ""; services.openssh = { enable = true; # require public key authentication for better security @@ -45,7 +45,9 @@ #Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys sops.defaultSopsFile = ./secrets/sops.yaml; - services.desktopManager.plasma6.enable = true; + services.vpn-ip.enable = false; + + # services.desktopManager.plasma6.enable = true; environment.systemPackages = with pkgs; [ # Custom tools @@ -65,7 +67,6 @@ sbctl tpm2-tools tpm2-tss - waydroid zsh # KDE/QT @@ -81,13 +82,14 @@ kdePackages.plasma-pa kdePackages.sddm-kcm kdePackages.dolphin-plugins - libportal-qt5 libportal ]; # Enable networking networking.networkmanager.enable = true; + networking.hostName = "iso"; + # Contabo ipv6 nameservers: "2a02:c207::1:53" "2a02:c207::2:53" networking.firewall.enable = true; @@ -106,24 +108,24 @@ # Enable bluetooth hardware hardware.bluetooth.enable = true; - security.tpm2.enable = true; - security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so - security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables - users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices + # security.tpm2.enable = true; + # security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so + # security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables + # users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices # Set your time zone. time.timeZone = "Europe/Amsterdam"; - programs.git = { - enable = true; - }; + # programs.git = { + # enable = true; + # }; - programs.direnv = { - enable = true; - }; + # programs.direnv = { + # enable = true; + # }; - # Enable completion of system packages by zsh - environment.pathsToLink = ["/share/zsh"]; + # # Enable completion of system packages by zsh + # environment.pathsToLink = ["/share/zsh"]; # kde power settings do not turn off screen systemd = { @@ -136,17 +138,17 @@ }; }; - home-manager = { - extraSpecialArgs = {inherit inputs outputs;}; - users = { - # Import your home-manager configuration - lillian = import ../../../home-manager/hosts/iso; - }; - }; + # home-manager = { + # extraSpecialArgs = {inherit inputs outputs;}; + # users = { + # # Import your home-manager configuration + # lillian = import ../../../home-manager/hosts/iso; + # }; + # }; - boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; - boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"]; + # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; + # boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"]; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "24.11"; + system.stateVersion = "25.11"; } diff --git a/nixos/hosts/iso/secrets/sops.yaml b/nixos/hosts/iso/secrets/sops.yaml index 92548c8..27763b5 100644 --- a/nixos/hosts/iso/secrets/sops.yaml +++ b/nixos/hosts/iso/secrets/sops.yaml @@ -1,9 +1,8 @@ lillian-password: ENC[AES256_GCM,data:eQzZwGxK9Lw2gc8HDNw57odxPzTH4sa/2O97h3VAghRwLClmCYKT91kxj2F3kQ4iEctBl0GxdS4WoL3H9eE4/CAPffXdTmkdYg==,iv:2ezB4DNHFv5ceJ2gtATV12Azm3vFFDLX1qSSy+cKuMY=,tag:zxb5agUCDpi92bYV7+DmoA==,type:str] +ssh-private-key: ENC[AES256_GCM,data:YQ+9aKpBL9XYl0IBxpPttUli6/E25alUhO36dZwPPSIBLI1ehyczocQMxNRYNtB2xKYx4wPaYIndLBhj9VdTUgaOWUd2C6aU6YgXgFAsjgEwqVDZWRp7TrTHojtrS5HnJgfopx6EqPf/uljD9yQsOkubDDUbpYkpWX/3vixm9LJ1eRXxTxXW8D3O5OM2Z1NsqA7meVa1xhvWJokqS4sD5ntp1HT78Xmu62EweHQVGaznUvWZupYh0uCQd0tr6GVTZLHdyCdaFUGHRbRddBcljpBIRWaWkhIrkjejvptUZ4Ht/UN5XM5z+zfU3DxsDOxeJ7m83om9I3WdZSdq1aDXe+VFEfMrx/0QTk2LtAmOvujcN6wO7a77SD4Rpuvq8KH2CeKrwMLlFf2BeGIcGhvAhRYUVxtypM38DEdbf/7xIcw0vQP2zNZN4QWdukUInDndnAxMfbIXKpYI5OPRaZMTVui41hkS86LBfbd5RhTjyzrtIpVSq9XkKRX7d5i8Gcjb4ORpQvrNNYMo+TXCiLNTg3/q0My/jEhfjfTF,iv:EpKC9judTZ1+0Y2LC1OK2YzGH/orRpZNtE7O+ZZyU1E=,tag:S6ju/FkwIBbBA8YU3dRo1A==,type:str] +nextcloud-password: ENC[AES256_GCM,data:5u8j1wau5FewTe+t3YZ365Acfcrt09XDgCUNpDbuVKaNZIEW3gdR60XACQeAvsyQeznynILJnz7/txV2,iv:l1xYhUkQGdWYNNy1lG9xB5SgL9cn2FdzAs19iVCohlA=,tag:rT0flG+v9wd8jSUm8DrCjg==,type:str] +wg-private-key: ENC[AES256_GCM,data:3JpyscuzK4LG1lfM3oyQNBHy7BQ2WeTaSyaZoaNfS4U7KkpEaCp5EVLBYiY=,iv:odDG8xp+d+O4FuECfeCJn/z2ka4KSzSBvgBCmcMZ0S0=,tag:iPwnqgtap+i44Mru/S7TyA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz enc: | @@ -14,8 +13,7 @@ sops: dXlaN3dWOUl4Mys2V0x3Z3F6UVU4MVUKEJYpX8XhSNcM+7aUuxnIwrokY0/29Cnh yz0HAZkaj8FwvnPnafo5jmwVyi6WXECvX5E0NZfjKH4AF5vTu6Wukg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-20T18:17:48Z" - mac: ENC[AES256_GCM,data:3UHIoYPHC6n56CHguOVuoFd9VwCjGiD9VCYy2d5W+4XQEZpjnONX8fhwwWRm42COymz89tmqDmpDp88BnSU8uE14IaCIUoxfCaRiZtjAiHjouua2jr50aUV56pwyan8ZiiOjP8oP1VY/tsv1w0jWI9TjSTHvCdNLR8XEcf6bCrk=,iv:/lBJdkQgwZyiztQ9vSoHgY+WxXJKHFI93dxtOSunHNo=,tag:lLwrSdzoN9CzmyIdLOe5ig==,type:str] - pgp: [] + lastmodified: "2025-08-14T18:00:16Z" + mac: ENC[AES256_GCM,data:NnX0hMrfeKJucgqgVUIUS0WOHerkDtKe3P+4vvWRCMX3eXg4Tsju8pZySZP7RSZX7+2W3OUHMOUuAum0YrVasTXuhm6jPvlbqvRnVXaVzCNheIUvTCF7LFeJEOQYKS5m8AiVKFRrxz+dGn90DSeijjajSePBjo8AnKyAOQEt1S8=,iv:1iJiqJU0vdDiWnJAYDlbOBBa9lBOODjjdlsRH54aTGI=,tag:JZtgVeLvFN6vcCZkRnuNcQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.10.2 diff --git a/nixos/shared/default.nix b/nixos/shared/default.nix index 3730051..0fa24d4 100644 --- a/nixos/shared/default.nix +++ b/nixos/shared/default.nix @@ -4,7 +4,6 @@ lib, config, pkgs, - mkIf, ... }: { imports = [