From 5a0ccdc29f5021096c65cd4b58176138d49f9508 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 23 Jan 2024 10:51:02 +0100 Subject: [PATCH 01/39] Add gitignore for vscode and direnv --- home-manager/desktop/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home-manager/desktop/configuration.nix b/home-manager/desktop/configuration.nix index 4d896bc..c390731 100644 --- a/home-manager/desktop/configuration.nix +++ b/home-manager/desktop/configuration.nix @@ -128,6 +128,10 @@ defaultBranch = "main"; }; }; + ignores = [ + ".direnv" + ".vscode" + ]; }; # Nicely reload system units when changing configs From f265222ba35ed30b1b463f7104352df129422c36 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 23 Jan 2024 10:52:23 +0100 Subject: [PATCH 02/39] Comment this out, the output doesn't exist --- nixos/desktop/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/desktop/configuration.nix b/nixos/desktop/configuration.nix index 090719f..3c5d1d8 100644 --- a/nixos/desktop/configuration.nix +++ b/nixos/desktop/configuration.nix @@ -17,7 +17,7 @@ # Add overlays your own flake exports (from overlays and pkgs dir): outputs.overlays.additions outputs.overlays.modifications - outputs.overlays.unstable-packages + #outputs.overlays.unstable-packages # You can also add overlays exported from other flakes: # neovim-nightly-overlay.overlays.default From 34ec59cba7cee34ea3b5812dc38ab4775d59fdda Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 23 Jan 2024 10:56:09 +0100 Subject: [PATCH 03/39] Maybe ignore them everywhere --- home-manager/desktop/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home-manager/desktop/configuration.nix b/home-manager/desktop/configuration.nix index c390731..a1862a0 100644 --- a/home-manager/desktop/configuration.nix +++ b/home-manager/desktop/configuration.nix @@ -129,8 +129,8 @@ }; }; ignores = [ - ".direnv" - ".vscode" + "*.direnv" + "*.vscode" ]; }; From 46d6df4346f507592d33826513fc8d78742fafa0 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 23 Jan 2024 11:40:34 +0100 Subject: [PATCH 04/39] Update the readme to be more explanatory --- README.md | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 99e42c4..57c70b9 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,42 @@ # NixOS-Config -My NixOS configuration for my different hosts. \ No newline at end of file +The configuration of different NixOS hosts using flakes and home-manager. It is assumed you have already installed NixOS and git to your system (note: git is not installed by default with the NixOS image, you can grab it with ``nix-shell -p git``), this configuration does not have image artifacts nor can it create them. + +## Building and deploying the configuration + +The first step is to add your age keyfile to the /nix/var/secrets folder with the name "keys.txt" (if you don't have one, remove the imports from the configuration files; the import can be found under +``hosts//configuration.nix``). + +Then run this command within your cloned github repo (I put mine in /etc/nixos): + +``sudo nixos-rebuild --flake .# switch`` + +This should rebuild the OS with all programs and settings defined as in the configuration. + +## Updating the flake lock + +In order to have updated packages you will have to update the flake.lock file, this can be done by running the following command in the repository: + +``nix flake update`` + +Please note that you should commit and push after you do this. It is therefore advisable to do this not in your deployment directory, but your local dev environment. Not commiting the files will dirty your git history, which can have unintended consequences as nix flakes work via git. + +## Testing the evaluation + +To test if your build succeeds the basic checks and can start building the artifacts, you can run the following command: + +``nix flake check`` + +Note: this does not build the full configuration, and errors might still happen in deployment, especially for dependencies that rely on external services like webservers to be called. For obvious reasons the test building does not actually pull in all the artifacts, and does not make external calls aside from to the package files (You will need a built nix store, or a connection to the git repository that hosts your packages, like an internet connection to github, to make the test run) + +## Technical details + +### Home manager +Home manager is imported as a module within the global configuration, it is therefor not needed to build home-manager packages separately in this configuration. On multi user systems it might be useful to pull the home-manager configurations from separate repos for different users, so you don't have to give your users access to the global configuration. + +### Sops +The secrets are managed in sops files within the hosts folders, there is only one sops file per host, but this can be changed quite easily. The command to edit the sops file is as follows: + +``nix-shell -p sops --run "sops ./nixos/hosts//secrets/sops.yaml"`` + +This requires your system to have the keyfile available for sops to use, by default sops looks in the sops/age folder in your user folder for a keys.txt file with the private key. You can change this behaviour by setting the **$SOPS_AGE_KEY_FILE** environment variable, or setting the **SOPS_AGE_KEY** environment variable to the key itself. \ No newline at end of file From 2b33ba485c664926a4061091f332f4614a9f2d85 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 23 Jan 2024 13:39:13 +0100 Subject: [PATCH 05/39] Fix the git repo link --- .sops.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.sops.yaml b/.sops.yaml index b7b6799..0bbb971 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,6 @@ # This example uses YAML anchors which allows reuse of multiple keys # without having to repeat yourself. -# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml +# Also see https://github.com/Mic92/dotfiles/blob/main/nixos/.sops.yaml # for a more complex example. keys: - &admin_lillian age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz From 6c251a600c7f2bd195a70d7a0e096904f01fd094 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 23 Jan 2024 13:44:18 +0100 Subject: [PATCH 06/39] Put a space there --- .sops.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.sops.yaml b/.sops.yaml index 0bbb971..e7562a3 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,5 +9,5 @@ creation_rules: key_groups: - age: - *admin_lillian -#Run the following command to create EDI-Lillian.yaml in the secrets folder: +# Run the following command to create EDI-Lillian.yaml in the secrets folder: # nix-shell -p sops --run "sops secrets/EDI-Lillian.yaml" \ No newline at end of file From 3acc9452a6f9fe3fed2f19d56d1d38c8cf84c0f7 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 23 Jan 2024 14:09:04 +0100 Subject: [PATCH 07/39] Add starship --- home-manager/package-configs/zsh.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/home-manager/package-configs/zsh.nix b/home-manager/package-configs/zsh.nix index 3a4cfd8..e86be66 100644 --- a/home-manager/package-configs/zsh.nix +++ b/home-manager/package-configs/zsh.nix @@ -6,6 +6,11 @@ pkgs, ... }: { + # Enable starship + programs.starship = { + enable = true; + }; + programs.zsh = { enable = true; plugins = [ From ae33b36fe03edc3e37083a0d4866bfae39aeaf16 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 23 Jan 2024 16:02:47 +0100 Subject: [PATCH 08/39] Add original source --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 57c70b9..415c6ab 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +Original source: https://git.lillianviolet.dev/Lillian-Violet/dev-templates + # NixOS-Config The configuration of different NixOS hosts using flakes and home-manager. It is assumed you have already installed NixOS and git to your system (note: git is not installed by default with the NixOS image, you can grab it with ``nix-shell -p git``), this configuration does not have image artifacts nor can it create them. From 1b7a9c69321dbc2fa18970b6d0a65f3989381181 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Wed, 24 Jan 2024 11:17:07 +0100 Subject: [PATCH 09/39] Little markdown rendering fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 415c6ab..e48951b 100644 --- a/README.md +++ b/README.md @@ -41,4 +41,4 @@ The secrets are managed in sops files within the hosts folders, there is only on ``nix-shell -p sops --run "sops ./nixos/hosts//secrets/sops.yaml"`` -This requires your system to have the keyfile available for sops to use, by default sops looks in the sops/age folder in your user folder for a keys.txt file with the private key. You can change this behaviour by setting the **$SOPS_AGE_KEY_FILE** environment variable, or setting the **SOPS_AGE_KEY** environment variable to the key itself. \ No newline at end of file +This requires your system to have the keyfile available for sops to use, by default sops looks in the sops/age folder in your user folder for a keys.txt file with the private key. You can change this behaviour by setting the **\$SOPS_AGE_KEY_FILE** environment variable, or setting the **\$SOPS_AGE_KEY** environment variable to the key itself. \ No newline at end of file From 42aace2d51e4ae17aef33d01be54bbee2862b7e6 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Wed, 24 Jan 2024 11:38:05 +0100 Subject: [PATCH 10/39] Add direnv plugin to vscodium --- home-manager/desktop/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home-manager/desktop/configuration.nix b/home-manager/desktop/configuration.nix index a1862a0..49be5a8 100644 --- a/home-manager/desktop/configuration.nix +++ b/home-manager/desktop/configuration.nix @@ -104,6 +104,7 @@ github.vscode-pull-request-github jnoortheen.nix-ide kamadorueda.alejandra + mkhl.direnv ms-toolsai.jupyter ms-pyright.pyright ms-python.black-formatter From d5707d49dff4cc63efde36c8850876c54e653172 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Wed, 24 Jan 2024 12:36:38 +0100 Subject: [PATCH 11/39] Oops linked to wrong repo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e48951b..5dfb5df 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -Original source: https://git.lillianviolet.dev/Lillian-Violet/dev-templates +Original source: https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config # NixOS-Config From 57d00dec44ac093f2e40fbdd9fc1ff894a16c2c1 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Wed, 24 Jan 2024 15:12:10 +0100 Subject: [PATCH 12/39] Add ruff python linter --- home-manager/desktop/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home-manager/desktop/configuration.nix b/home-manager/desktop/configuration.nix index 49be5a8..2f76ebe 100644 --- a/home-manager/desktop/configuration.nix +++ b/home-manager/desktop/configuration.nix @@ -99,6 +99,7 @@ extensions = with pkgs.vscode-extensions; [ arrterian.nix-env-selector #ban.spellright + charliermarsh.ruff dracula-theme.theme-dracula eamodio.gitlens github.vscode-pull-request-github From b6e714fae3dfd9e3e4125cf1070dac62e2e62a4b Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Wed, 24 Jan 2024 15:14:44 +0100 Subject: [PATCH 13/39] Add ruff to system --- home-manager/desktop/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home-manager/desktop/configuration.nix b/home-manager/desktop/configuration.nix index 2f76ebe..c9dfc54 100644 --- a/home-manager/desktop/configuration.nix +++ b/home-manager/desktop/configuration.nix @@ -51,6 +51,7 @@ # Coding: direnv git + ruff kate # Chat applications: From 3512a4e0509bba9c99c585e4a97e9794c720dc91 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Wed, 24 Jan 2024 15:15:18 +0100 Subject: [PATCH 14/39] Ruff vscode package is broken --- home-manager/desktop/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home-manager/desktop/configuration.nix b/home-manager/desktop/configuration.nix index c9dfc54..5f3920c 100644 --- a/home-manager/desktop/configuration.nix +++ b/home-manager/desktop/configuration.nix @@ -100,7 +100,7 @@ extensions = with pkgs.vscode-extensions; [ arrterian.nix-env-selector #ban.spellright - charliermarsh.ruff + #charliermarsh.ruff dracula-theme.theme-dracula eamodio.gitlens github.vscode-pull-request-github From b57cb5a3ecce355001366ba5bc4f90e6748ff6b4 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sun, 28 Jan 2024 23:07:30 +0100 Subject: [PATCH 15/39] Fix for dovecot update (flake lock update should work again hopefully) --- nixos/server/package-configs/mail-server/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/server/package-configs/mail-server/configuration.nix b/nixos/server/package-configs/mail-server/configuration.nix index 144ac7d..cf2c434 100644 --- a/nixos/server/package-configs/mail-server/configuration.nix +++ b/nixos/server/package-configs/mail-server/configuration.nix @@ -9,6 +9,9 @@ sops.secrets."mailpass".mode = "0440"; sops.secrets."mailpass".owner = config.users.users.virtualMail.name; + #Fix for the dovecot update + services.dovecot2.sieve.extensions = ["fileinto"]; + mailserver = { enable = true; enableImap = true; From e1aa02c4f9bed5ed4f489c5a9b45460f166c2cb2 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sun, 28 Jan 2024 23:08:30 +0100 Subject: [PATCH 16/39] Update the nix flake then --- flake.lock | 118 ++++++++++++++++++++++++++--------------------------- 1 file changed, 59 insertions(+), 59 deletions(-) diff --git a/flake.lock b/flake.lock index 31906c6..8dcde63 100644 --- a/flake.lock +++ b/flake.lock @@ -22,11 +22,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1701241962, - "narHash": "sha256-zY2MbHEMmGjPObG73aOEGqXxEJTveItYKV8cFL50XnQ=", + "lastModified": 1706332837, + "narHash": "sha256-6jwCjD6hLVRkPHyl/2K+5ZEoQV3C5BgWlDroUx/9ru8=", "owner": "chaorace", "repo": "extest-nix", - "rev": "e0c93df813a594a0cd883f6bdd01ec44149206fa", + "rev": "a9dbc41a7ba6723d8598cd699bbb163630b646b3", "type": "github" }, "original": { @@ -92,11 +92,11 @@ ] }, "locked": { - "lastModified": 1704980804, - "narHash": "sha256-lPNNKdPqIYcjhhYIVwlajNt/HqVWbMOoSdNnwCvOP04=", + "lastModified": 1706435589, + "narHash": "sha256-yhEYJxMv5BkfmUuNe4QELKo+V5eq1pwhtVs6kEziHfE=", "owner": "nix-community", "repo": "home-manager", - "rev": "93e804e7f8a1eb88bde6117cd5046501e66aa4bd", + "rev": "4d54c29bce71f8c261513e0662cc573d30f3e33e", "type": "github" }, "original": { @@ -112,11 +112,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1704665257, - "narHash": "sha256-Cycz00I26e8QZ9sZtCz0uIz6Cad5ld3zM7N2I+5beqI=", + "lastModified": 1705667791, + "narHash": "sha256-J0JYfA6eFdHluLnROVDkrqbYacWcJXYKXeJAFayDiAE=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "8951673c6c216ddd6bac3db3e88e3f2281b3511a", + "rev": "330b7a78fcba967f2273ae71fb3c4bfb03b5dd21", "type": "github" }, "original": { @@ -169,11 +169,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1704842529, - "narHash": "sha256-OTeQA+F8d/Evad33JMfuXC89VMetQbsU4qcaePchGr4=", + "lastModified": 1706367331, + "narHash": "sha256-AqgkGHRrI6h/8FWuVbnkfFmXr4Bqsr4fV23aISqj/xg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "eabe8d3eface69f5bb16c18f8662a702f50c20d5", + "rev": "160b762eda6d139ac10ae081f8f78d640dd523eb", "type": "github" }, "original": { @@ -183,28 +183,13 @@ "type": "github" } }, - "nixpkgs-22_11": { - "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, "nixpkgs-23_05": { "locked": { - "lastModified": 1684782344, - "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", + "lastModified": 1704290814, + "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", "type": "github" }, "original": { @@ -213,13 +198,28 @@ "type": "indirect" } }, - "nixpkgs-stable": { + "nixpkgs-23_11": { "locked": { - "lastModified": 1704290814, - "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", + "lastModified": 1706098335, + "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", + "rev": "a77ab169a83a4175169d78684ddd2e54486ac651", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.11", + "type": "indirect" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1705957679, + "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", "type": "github" }, "original": { @@ -231,11 +231,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1704722960, - "narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=", + "lastModified": 1706191920, + "narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d", + "rev": "ae5c332cbb5827f6b1f02572496b141021de335f", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1702312524, - "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", + "lastModified": 1705133751, + "narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a9bf124c46ef298113270b1f84a164865987a91c", + "rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1704722960, - "narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=", + "lastModified": 1706191920, + "narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d", + "rev": "ae5c332cbb5827f6b1f02572496b141021de335f", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1670751203, - "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", "type": "github" }, "original": { @@ -294,11 +294,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1704161960, - "narHash": "sha256-QGua89Pmq+FBAro8NriTuoO/wNaUtugt29/qqA8zeeM=", + "lastModified": 1706173671, + "narHash": "sha256-lciR7kQUK2FCAYuszyd7zyRRmTaXVeoZsCyK6QFpGdk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "63143ac2c9186be6d9da6035fa22620018c85932", + "rev": "4fddc9be4eaf195d631333908f2a454b03628ee5", "type": "github" }, "original": { @@ -344,11 +344,11 @@ ] }, "locked": { - "lastModified": 1705257805, - "narHash": "sha256-hx88TjxRWR9hEYrePm2aR/rKAu4VFx4irgN7AofE0Wg=", + "lastModified": 1706365059, + "narHash": "sha256-2+M4vliRmSHQwGb1q1krg5lWKYiX7rF/B9GF4AlzXW4=", "owner": "pjones", "repo": "plasma-manager", - "rev": "87ca0e29c6fccfb7f09be6ff137716db5a7c8d8f", + "rev": "64f31bc95c22b04896111e4c9921d3e1122c0a92", "type": "github" }, "original": { @@ -377,16 +377,16 @@ "blobs": "blobs", "flake-compat": "flake-compat", "nixpkgs": "nixpkgs_4", - "nixpkgs-22_11": "nixpkgs-22_11", "nixpkgs-23_05": "nixpkgs-23_05", + "nixpkgs-23_11": "nixpkgs-23_11", "utils": "utils" }, "locked": { - "lastModified": 1703666786, - "narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=", + "lastModified": 1706219574, + "narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4", + "rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf", "type": "gitlab" }, "original": { @@ -402,11 +402,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1704908274, - "narHash": "sha256-74W9Yyomv3COGRmKi8zvyA5tL2KLiVkBeaYmYLjXyOw=", + "lastModified": 1706410821, + "narHash": "sha256-iCfXspqUOPLwRobqQNAQeKzprEyVowLMn17QaRPQc+M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c0b3a5af90fae3ba95645bbf85d2b64880addd76", + "rev": "73bf36912e31a6b21af6e0f39218e067283c67ef", "type": "github" }, "original": { From 96377ea434fe0dce7b540acb51ef981a277726ca Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Mon, 29 Jan 2024 17:58:05 +0100 Subject: [PATCH 17/39] Install and enable waydroid --- home-manager/desktop/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home-manager/desktop/configuration.nix b/home-manager/desktop/configuration.nix index 5f3920c..f54deee 100644 --- a/home-manager/desktop/configuration.nix +++ b/home-manager/desktop/configuration.nix @@ -85,6 +85,7 @@ sops virtualbox watchmate + waydroid qbittorrent zsh @@ -94,6 +95,8 @@ ungoogled-chromium ]; + virtualisation.waydroid.enable = true; + programs.vscode = { enable = true; package = pkgs.vscodium; From 78f9c38b8ff5f7ffc68c8bb9352b11b41ef58396 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Mon, 29 Jan 2024 17:59:34 +0100 Subject: [PATCH 18/39] Not in home manager though --- home-manager/desktop/configuration.nix | 3 --- nixos/desktop/configuration.nix | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/home-manager/desktop/configuration.nix b/home-manager/desktop/configuration.nix index f54deee..5f3920c 100644 --- a/home-manager/desktop/configuration.nix +++ b/home-manager/desktop/configuration.nix @@ -85,7 +85,6 @@ sops virtualbox watchmate - waydroid qbittorrent zsh @@ -95,8 +94,6 @@ ungoogled-chromium ]; - virtualisation.waydroid.enable = true; - programs.vscode = { enable = true; package = pkgs.vscodium; diff --git a/nixos/desktop/configuration.nix b/nixos/desktop/configuration.nix index 3c5d1d8..255888f 100644 --- a/nixos/desktop/configuration.nix +++ b/nixos/desktop/configuration.nix @@ -76,6 +76,7 @@ pciutils rsync wget + waydroid zsh # KDE/QT @@ -99,6 +100,8 @@ noisetorch ]; + virtualisation.waydroid.enable = true; + programs.direnv = { enable = true; }; From 60225a06e0250b0d4fb7c659b4252f30d1dedbb3 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Mon, 29 Jan 2024 18:10:37 +0100 Subject: [PATCH 19/39] Add xwaylandvideobridge to enable screen sharing to discord etc. --- nixos/desktop/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/desktop/configuration.nix b/nixos/desktop/configuration.nix index 255888f..680b62d 100644 --- a/nixos/desktop/configuration.nix +++ b/nixos/desktop/configuration.nix @@ -77,6 +77,7 @@ rsync wget waydroid + xwaylandvideobridge zsh # KDE/QT From d11182813187f2b55c1ca7d202d0f873730fa362 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Mon, 29 Jan 2024 20:23:45 +0100 Subject: [PATCH 20/39] Turning waydroid off because my laptop wants to take off --- nixos/desktop/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/desktop/configuration.nix b/nixos/desktop/configuration.nix index 680b62d..fb74b83 100644 --- a/nixos/desktop/configuration.nix +++ b/nixos/desktop/configuration.nix @@ -101,7 +101,7 @@ noisetorch ]; - virtualisation.waydroid.enable = true; + virtualisation.waydroid.enable = false; programs.direnv = { enable = true; From 7e7baef7303ae8a6d32d442e4766329a876a7d4b Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 30 Jan 2024 12:03:29 +0100 Subject: [PATCH 21/39] Refactor a bit by adding globally shared packages in one file --- nixos/desktop/configuration.nix | 20 ++++------------ nixos/hosts/queen/configuration.nix | 15 +++--------- nixos/hosts/wheatley/configuration.nix | 5 ++++ nixos/shared/packages/configuration.nix | 31 +++++++++++++++++++++++++ 4 files changed, 43 insertions(+), 28 deletions(-) create mode 100644 nixos/shared/packages/configuration.nix diff --git a/nixos/desktop/configuration.nix b/nixos/desktop/configuration.nix index fb74b83..ba92d00 100644 --- a/nixos/desktop/configuration.nix +++ b/nixos/desktop/configuration.nix @@ -9,7 +9,11 @@ ... }: { imports = [ + # Import locale settings ../shared/locale/configuration.nix + + # Import shared packages + ../../shared/packages/configuration.nix ]; nixpkgs = { # You can add overlays here @@ -59,23 +63,12 @@ }; environment.systemPackages = with pkgs; [ - # Custom tools - dvd - dvt - # System tools - age - alejandra direnv docker docker-compose git-filter-repo - home-manager - htop - oh-my-zsh pciutils - rsync - wget waydroid xwaylandvideobridge zsh @@ -92,11 +85,6 @@ libsForQt5.packagekit-qt libportal-qt5 - # System libraries - noto-fonts - noto-fonts-emoji-blob-bin - noto-fonts-emoji - # User tools noisetorch ]; diff --git a/nixos/hosts/queen/configuration.nix b/nixos/hosts/queen/configuration.nix index c328563..bdd26b5 100644 --- a/nixos/hosts/queen/configuration.nix +++ b/nixos/hosts/queen/configuration.nix @@ -21,6 +21,9 @@ # Import locale settings ../../shared/locale/configuration.nix + # Import shared packages + ../../shared/packages/configuration.nix + #../../server/package-configs/akkoma/configuration.nix ../../server/package-configs/forgejo/configuration.nix ../../server/package-configs/gotosocial/configuration.nix @@ -88,12 +91,10 @@ environment.systemPackages = with pkgs; [ akkoma - age fzf matrix-conduit docker docker-compose - git gitea gotosocial alejandra @@ -101,22 +102,14 @@ imagemagick ffmpeg aria2 - git-filter-repo - home-manager - htop jellyfin jellyfin-web jellyfin-ffmpeg nextcloud28 nginx - noto-fonts - noto-fonts-emoji-blob-bin - noto-fonts-emoji - oh-my-zsh onlyoffice-documentserver postgresql_16 python3 - rsync rabbitmq-server roundcube roundcubePlugins.contextmenu @@ -125,8 +118,6 @@ roundcubePlugins.persistent_login roundcubePlugins.thunderbird_labels youtube-dl - wget - zsh ]; # Enable networking diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix index 047f261..5d26cea 100644 --- a/nixos/hosts/wheatley/configuration.nix +++ b/nixos/hosts/wheatley/configuration.nix @@ -14,7 +14,12 @@ ./armv7l.nix ./hardware-configuration.nix + + # Import locale settings ../../shared/locale/configuration.nix + + # Import shared packages + ../../shared/packages/configuration.nix ]; boot.loader.generic-extlinux-compatible.enable = true; diff --git a/nixos/shared/packages/configuration.nix b/nixos/shared/packages/configuration.nix new file mode 100644 index 0000000..376e607 --- /dev/null +++ b/nixos/shared/packages/configuration.nix @@ -0,0 +1,31 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [ + # Custom tools + dvd + dvt + + # System tools + age + git + git-filter-repo + home-manager + htop + neofetch + oh-my-zsh + rsync + wget + zsh + + # System libraries + noto-fonts + noto-fonts-emoji-blob-bin + noto-fonts-emoji + ]; +} From e9cddb0dcfe7224d54c7b05e75173515942d0553 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 30 Jan 2024 12:05:25 +0100 Subject: [PATCH 22/39] Right location for desktop to import shared --- nixos/desktop/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/desktop/configuration.nix b/nixos/desktop/configuration.nix index ba92d00..d92e30c 100644 --- a/nixos/desktop/configuration.nix +++ b/nixos/desktop/configuration.nix @@ -13,7 +13,7 @@ ../shared/locale/configuration.nix # Import shared packages - ../../shared/packages/configuration.nix + ../shared/packages/configuration.nix ]; nixpkgs = { # You can add overlays here From dda2303cbef54a444bdd40b35c0e0f2c053a4632 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 30 Jan 2024 12:07:57 +0100 Subject: [PATCH 23/39] Let's do it this way instead --- nixos/desktop/configuration.nix | 4 ++++ nixos/shared/packages/configuration.nix | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/nixos/desktop/configuration.nix b/nixos/desktop/configuration.nix index d92e30c..b0323b9 100644 --- a/nixos/desktop/configuration.nix +++ b/nixos/desktop/configuration.nix @@ -63,6 +63,10 @@ }; environment.systemPackages = with pkgs; [ + # Custom tools + dvd + dvt + # System tools direnv docker diff --git a/nixos/shared/packages/configuration.nix b/nixos/shared/packages/configuration.nix index 376e607..2764301 100644 --- a/nixos/shared/packages/configuration.nix +++ b/nixos/shared/packages/configuration.nix @@ -7,10 +7,6 @@ ... }: { environment.systemPackages = with pkgs; [ - # Custom tools - dvd - dvt - # System tools age git From 4bf6af1ebc1e08ecfa3232dc5a92229eae43089d Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 30 Jan 2024 14:10:27 +0100 Subject: [PATCH 24/39] Add alejandra to shared packages --- nixos/shared/packages/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/shared/packages/configuration.nix b/nixos/shared/packages/configuration.nix index 2764301..1a18ae2 100644 --- a/nixos/shared/packages/configuration.nix +++ b/nixos/shared/packages/configuration.nix @@ -9,6 +9,7 @@ environment.systemPackages = with pkgs; [ # System tools age + alejandra git git-filter-repo home-manager From 4d64fe36e744b1813ece6a975557e6646631d5ad Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Thu, 1 Feb 2024 11:31:36 +0100 Subject: [PATCH 25/39] Added spacevim --- nixos/shared/packages/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/shared/packages/configuration.nix b/nixos/shared/packages/configuration.nix index 1a18ae2..d16f35f 100644 --- a/nixos/shared/packages/configuration.nix +++ b/nixos/shared/packages/configuration.nix @@ -17,6 +17,7 @@ neofetch oh-my-zsh rsync + spacevim wget zsh From ed28548fd9fad3aa2d639a1f88b9b49ea722847e Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Thu, 1 Feb 2024 13:05:09 +0100 Subject: [PATCH 26/39] Lanzaboot initial setup --- flake.nix | 6 ++++++ nixos/desktop/configuration.nix | 1 + 2 files changed, 7 insertions(+) diff --git a/flake.nix b/flake.nix index 3b565c4..ea49f6d 100644 --- a/flake.nix +++ b/flake.nix @@ -15,6 +15,10 @@ nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Also see the 'unstable-packages' overlay at 'overlays/default.nix'. + # Lanzaboot (secure boot) + #lanzaboote.url = "github:nix-community/lanzaboote"; + + # Jovian nixos (steam deck) jovian.url = "github:Jovian-Experiments/Jovian-NixOS"; # Home manager @@ -79,6 +83,7 @@ # > Our main nixos configuration file < ./nixos/hosts/EDI/configuration.nix sops-nix.nixosModules.sops + #lanzaboote.nixosModules.lanzaboote home-manager.nixosModules.home-manager { home-manager.sharedModules = [plasma-manager.homeManagerModules.plasma-manager]; @@ -95,6 +100,7 @@ # > Our main nixos configuration file < ./nixos/hosts/GLaDOS/configuration.nix sops-nix.nixosModules.sops + #lanzaboote.nixosModules.lanzaboote home-manager.nixosModules.home-manager { home-manager.sharedModules = [plasma-manager.homeManagerModules.plasma-manager]; diff --git a/nixos/desktop/configuration.nix b/nixos/desktop/configuration.nix index b0323b9..04a0d3c 100644 --- a/nixos/desktop/configuration.nix +++ b/nixos/desktop/configuration.nix @@ -163,6 +163,7 @@ boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.configurationLimit = 3; boot.loader.efi.canTouchEfiVariables = true; + boot.bootspec.enable = true; users.users = { lillian = { From 4c592ca72f68dd9a7e95da426afc51b2d95504bc Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Thu, 1 Feb 2024 14:35:46 +0100 Subject: [PATCH 27/39] Add bchacefs support, set up the first luks and bcachefs settings, and update plasma-manager config --- disko/EDI/configuration.nix | 66 +++++++++++++++++++ .../plasma-desktop/configuration.nix | 5 +- nixos/desktop/configuration.nix | 4 ++ 3 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 disko/EDI/configuration.nix diff --git a/disko/EDI/configuration.nix b/disko/EDI/configuration.nix new file mode 100644 index 0000000..7c17496 --- /dev/null +++ b/disko/EDI/configuration.nix @@ -0,0 +1,66 @@ +{ + disko.devices = { + disk = { + vdb = { + device = "/dev/disk/by-path/pci-0000:71:00.0-nvme-1"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + # disable settings.keyFile if you want to use interactive password entry + #passwordFile = "/tmp/secret.key"; # Interactive + settings = { + allowDiscards = true; + keyFile = "/tmp/secret.key"; + }; + #additionalKeyFiles = ["/tmp/additionalSecret.key"]; + content = { + root = { + name = "root"; + end = "-1G"; + content = { + type = "filesystem"; + format = "bcachefs"; + mountpoint = "/"; + }; + }; + encryptedSwap = { + size = "10M"; + content = { + type = "swap"; + randomEncryption = true; + }; + }; + plainSwap = { + size = "100%"; + content = { + type = "swap"; + resumeDevice = true; # resume from hiberation from this device + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/home-manager/hosts/EDI/package-configs/plasma-desktop/configuration.nix b/home-manager/hosts/EDI/package-configs/plasma-desktop/configuration.nix index a193e98..d065b77 100644 --- a/home-manager/hosts/EDI/package-configs/plasma-desktop/configuration.nix +++ b/home-manager/hosts/EDI/package-configs/plasma-desktop/configuration.nix @@ -258,6 +258,7 @@ "dolphinrc"."ExtractDialog"."1536x864 screen: Height" = 560; "dolphinrc"."ExtractDialog"."1536x864 screen: Width" = 1024; "dolphinrc"."ExtractDialog"."DirHistory[$e]" = "/home/"; + "dolphinrc"."IconsMode"."PreviewSize" = 80; "dolphinrc"."KFileDialog Settings"."Places Icons Auto-resize" = false; "dolphinrc"."KFileDialog Settings"."Places Icons Static Size" = 22; "dolphinrc"."KFileDialog Settings"."detailViewIconSize" = 16; @@ -270,6 +271,7 @@ "kded5rc"."Module-browserintegrationreminder"."autoload" = false; "kded5rc"."Module-device_automounter"."autoload" = false; "kded5rc"."PlasmaBrowserIntegration"."shownCount" = 1; + "kdeglobals"."General"."AllowKDEAppsToRememberWindowPositions" = true; "kdeglobals"."General"."BrowserApplication" = "firefox.desktop"; "kdeglobals"."KDE"."AnimationDurationFactor" = 0.7071067811865475; "kdeglobals"."KDE"."SingleClick" = false; @@ -590,7 +592,7 @@ "khotkeysrc"."Data_3Conditions0"."Type" = "ACTIVE_WINDOW"; "khotkeysrc"."Data_3Conditions0Window"."Comment" = "Konqueror"; "khotkeysrc"."Data_3Conditions0Window"."WindowsCount" = 1; - "khotkeysrc"."Data_3Conditions0Window0"."Class" = "^konqueror\s"; + "khotkeysrc"."Data_3Conditions0Window0"."Class" = "^konquerors"; "khotkeysrc"."Data_3Conditions0Window0"."ClassType" = 3; "khotkeysrc"."Data_3Conditions0Window0"."Comment" = "Konqueror"; "khotkeysrc"."Data_3Conditions0Window0"."Role" = "konqueror-mainwindow#1"; @@ -799,6 +801,7 @@ "khotkeysrc"."Data_3_9Triggers"."TriggersCount" = 1; "khotkeysrc"."Data_3_9Triggers0"."GesturePointData" = "0,0.0625,-0.5,0.5,1,0.0625,0.0625,-0.5,0.5,0.875,0.125,0.0625,-0.5,0.5,0.75,0.1875,0.0625,-0.5,0.5,0.625,0.25,0.0625,-0.5,0.5,0.5,0.3125,0.0625,-0.5,0.5,0.375,0.375,0.0625,-0.5,0.5,0.25,0.4375,0.0625,-0.5,0.5,0.125,0.5,0.0625,0.5,0.5,0,0.5625,0.0625,0.5,0.5,0.125,0.625,0.0625,0.5,0.5,0.25,0.6875,0.0625,0.5,0.5,0.375,0.75,0.0625,0.5,0.5,0.5,0.8125,0.0625,0.5,0.5,0.625,0.875,0.0625,0.5,0.5,0.75,0.9375,0.0625,0.5,0.5,0.875,1,0,0,0.5,1"; "khotkeysrc"."Data_3_9Triggers0"."Type" = "GESTURE"; + "khotkeysrc"."General"."AllowKDEAppsToRememberWindowPositions[$d]" = ""; "khotkeysrc"."General"."BrowserApplication[$d]" = ""; "khotkeysrc"."General"."ColorSchemeHash[$d]" = ""; "khotkeysrc"."General"."ColorScheme[$d]" = ""; diff --git a/nixos/desktop/configuration.nix b/nixos/desktop/configuration.nix index 04a0d3c..ac78897 100644 --- a/nixos/desktop/configuration.nix +++ b/nixos/desktop/configuration.nix @@ -71,10 +71,12 @@ direnv docker docker-compose + gcc-wrapper git-filter-repo pciutils waydroid xwaylandvideobridge + yubikey-personalization zsh # KDE/QT @@ -164,6 +166,8 @@ boot.loader.systemd-boot.configurationLimit = 3; boot.loader.efi.canTouchEfiVariables = true; boot.bootspec.enable = true; + boot.supportedFilesystems = ["bcachefs"]; + boot.kernelPackages = pkgs.linuxPackages_latest; users.users = { lillian = { From 7d6e6c427ae50d1eef5001b771b94771ec094988 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Thu, 1 Feb 2024 14:54:48 +0100 Subject: [PATCH 28/39] Increase the swap a bit --- disko/EDI/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/disko/EDI/configuration.nix b/disko/EDI/configuration.nix index 7c17496..610edd9 100644 --- a/disko/EDI/configuration.nix +++ b/disko/EDI/configuration.nix @@ -34,7 +34,7 @@ content = { root = { name = "root"; - end = "-1G"; + end = "-2G"; content = { type = "filesystem"; format = "bcachefs"; @@ -42,7 +42,7 @@ }; }; encryptedSwap = { - size = "10M"; + size = "20M"; content = { type = "swap"; randomEncryption = true; From 62a03026c8d7fdff3b05c5d3d5d1789166294275 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sat, 3 Feb 2024 14:18:35 +0100 Subject: [PATCH 29/39] Renew gladtherescake.eu's mail cert --- nixos/server/package-configs/mail-server/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/server/package-configs/mail-server/configuration.nix b/nixos/server/package-configs/mail-server/configuration.nix index cf2c434..e43a5c6 100644 --- a/nixos/server/package-configs/mail-server/configuration.nix +++ b/nixos/server/package-configs/mail-server/configuration.nix @@ -88,6 +88,7 @@ "mail.lillianviolet.dev" "pop3.lillianviolet.dev" "lillianviolet.dev" + "mail.gladtherescake.eu" ]; }; } From 24f1f2380e7a6b1de3e1dc60e967c4bfe4117430 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sat, 3 Feb 2024 14:21:13 +0100 Subject: [PATCH 30/39] remove this not needed dependency --- nixos/desktop/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/desktop/configuration.nix b/nixos/desktop/configuration.nix index ac78897..a2d02b1 100644 --- a/nixos/desktop/configuration.nix +++ b/nixos/desktop/configuration.nix @@ -71,7 +71,6 @@ direnv docker docker-compose - gcc-wrapper git-filter-repo pciutils waydroid From 34ebb0b8ebddaf368d5e6415853790a612bebb00 Mon Sep 17 00:00:00 2001 From: Lillian Violet Date: Sat, 3 Feb 2024 17:04:30 +0100 Subject: [PATCH 31/39] Update nixos/hosts/EDI/hardware-configuration.nix Changed the hardware configuration to the new encrypted disk setup --- nixos/hosts/EDI/hardware-configuration.nix | 46 +++++++++++----------- 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/nixos/hosts/EDI/hardware-configuration.nix b/nixos/hosts/EDI/hardware-configuration.nix index 2dc46a9..9305d68 100644 --- a/nixos/hosts/EDI/hardware-configuration.nix +++ b/nixos/hosts/EDI/hardware-configuration.nix @@ -1,34 +1,33 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + { - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.kernel.sysctl."net.ipv4.icmp_echo_ignore_broadcasts" = 1; - boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/f930d7c6-2798-4e25-abc1-81d02e9abf35"; - fsType = "ext4"; - }; + fileSystems."/" = + { device = "UUID=88cd54d3-b644-4bae-96e9-51d2db3c5628"; + fsType = "bcachefs"; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/42ED-068B"; - fsType = "vfat"; - }; + boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/91da75e7-52bc-4a50-9293-7e5e431040e0"; - swapDevices = []; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/01B2-909E"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/6aa6422f-c724-4c67-851d-030daf5003fb"; } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -39,6 +38,5 @@ # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } From b0dbfa4856e288d119174ebfd7859c028b99ea61 Mon Sep 17 00:00:00 2001 From: Lillian Violet Date: Sat, 3 Feb 2024 17:19:23 +0100 Subject: [PATCH 32/39] Make /boot inacessible by default --- nixos/hosts/EDI/hardware-configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/hosts/EDI/hardware-configuration.nix b/nixos/hosts/EDI/hardware-configuration.nix index 9305d68..008e857 100644 --- a/nixos/hosts/EDI/hardware-configuration.nix +++ b/nixos/hosts/EDI/hardware-configuration.nix @@ -23,6 +23,7 @@ fileSystems."/boot" = { device = "/dev/disk/by-uuid/01B2-909E"; fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" "defaults" ]; }; swapDevices = From 719c05402b5cc7ab3c741dbc306647485f5067df Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sat, 3 Feb 2024 17:50:32 +0100 Subject: [PATCH 33/39] Update for secure boot --- disko/EDI/configuration.nix | 36 +++++++++++++------------------ nixos/desktop/configuration.nix | 1 - nixos/hosts/EDI/configuration.nix | 2 ++ 3 files changed, 17 insertions(+), 22 deletions(-) diff --git a/disko/EDI/configuration.nix b/disko/EDI/configuration.nix index 610edd9..e240d0d 100644 --- a/disko/EDI/configuration.nix +++ b/disko/EDI/configuration.nix @@ -19,6 +19,20 @@ ]; }; }; + encryptedSwap = { + size = "20M"; + content = { + type = "swap"; + randomEncryption = true; + }; + }; + plainSwap = { + size = "4G"; + content = { + type = "swap"; + resumeDevice = true; # resume from hiberation from this device + }; + }; luks = { size = "100%"; content = { @@ -28,33 +42,14 @@ #passwordFile = "/tmp/secret.key"; # Interactive settings = { allowDiscards = true; - keyFile = "/tmp/secret.key"; + #keyFile = "/tmp/secret.key"; }; #additionalKeyFiles = ["/tmp/additionalSecret.key"]; - content = { - root = { - name = "root"; - end = "-2G"; content = { type = "filesystem"; format = "bcachefs"; mountpoint = "/"; }; - }; - encryptedSwap = { - size = "20M"; - content = { - type = "swap"; - randomEncryption = true; - }; - }; - plainSwap = { - size = "100%"; - content = { - type = "swap"; - resumeDevice = true; # resume from hiberation from this device - }; - }; }; }; }; @@ -62,5 +57,4 @@ }; }; }; - }; } diff --git a/nixos/desktop/configuration.nix b/nixos/desktop/configuration.nix index ac78897..aeb858b 100644 --- a/nixos/desktop/configuration.nix +++ b/nixos/desktop/configuration.nix @@ -165,7 +165,6 @@ boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.configurationLimit = 3; boot.loader.efi.canTouchEfiVariables = true; - boot.bootspec.enable = true; boot.supportedFilesystems = ["bcachefs"]; boot.kernelPackages = pkgs.linuxPackages_latest; diff --git a/nixos/hosts/EDI/configuration.nix b/nixos/hosts/EDI/configuration.nix index 8f8eea4..8bc0b8a 100644 --- a/nixos/hosts/EDI/configuration.nix +++ b/nixos/hosts/EDI/configuration.nix @@ -38,6 +38,8 @@ networking.hostName = "EDI"; + boot.bootspec.enable = true; + # Enable bluetooth hardware hardware.bluetooth.enable = true; From e53b87ced177162bea5941e46bf53981a2e15c65 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sat, 3 Feb 2024 18:10:52 +0100 Subject: [PATCH 34/39] Update boot for EDI, put the boot for GLaDOS in her own file now --- flake.nix | 4 ++-- nixos/desktop/configuration.nix | 6 ------ nixos/hosts/EDI/configuration.nix | 8 +++++++- nixos/hosts/GLaDOS/configuration.nix | 6 ++++++ 4 files changed, 15 insertions(+), 9 deletions(-) diff --git a/flake.nix b/flake.nix index ea49f6d..6351a63 100644 --- a/flake.nix +++ b/flake.nix @@ -16,7 +16,7 @@ # Also see the 'unstable-packages' overlay at 'overlays/default.nix'. # Lanzaboot (secure boot) - #lanzaboote.url = "github:nix-community/lanzaboote"; + lanzaboote.url = "github:nix-community/lanzaboote"; # Jovian nixos (steam deck) jovian.url = "github:Jovian-Experiments/Jovian-NixOS"; @@ -83,7 +83,7 @@ # > Our main nixos configuration file < ./nixos/hosts/EDI/configuration.nix sops-nix.nixosModules.sops - #lanzaboote.nixosModules.lanzaboote + lanzaboote.nixosModules.lanzaboote home-manager.nixosModules.home-manager { home-manager.sharedModules = [plasma-manager.homeManagerModules.plasma-manager]; diff --git a/nixos/desktop/configuration.nix b/nixos/desktop/configuration.nix index adecf1e..fb02a9d 100644 --- a/nixos/desktop/configuration.nix +++ b/nixos/desktop/configuration.nix @@ -161,12 +161,6 @@ enable = true; }; - boot.loader.systemd-boot.enable = true; - boot.loader.systemd-boot.configurationLimit = 3; - boot.loader.efi.canTouchEfiVariables = true; - boot.supportedFilesystems = ["bcachefs"]; - boot.kernelPackages = pkgs.linuxPackages_latest; - users.users = { lillian = { isNormalUser = true; diff --git a/nixos/hosts/EDI/configuration.nix b/nixos/hosts/EDI/configuration.nix index 8bc0b8a..1929455 100644 --- a/nixos/hosts/EDI/configuration.nix +++ b/nixos/hosts/EDI/configuration.nix @@ -39,7 +39,13 @@ networking.hostName = "EDI"; boot.bootspec.enable = true; - + boot = { + loader.systemd-boot.enable = lib.mkForce false; + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + }; # Enable bluetooth hardware hardware.bluetooth.enable = true; diff --git a/nixos/hosts/GLaDOS/configuration.nix b/nixos/hosts/GLaDOS/configuration.nix index 730f894..d42cb1c 100644 --- a/nixos/hosts/GLaDOS/configuration.nix +++ b/nixos/hosts/GLaDOS/configuration.nix @@ -28,6 +28,12 @@ ./hardware-configuration.nix ]; + boot.loader.systemd-boot.enable = true; + boot.loader.systemd-boot.configurationLimit = 3; + boot.loader.efi.canTouchEfiVariables = true; + boot.supportedFilesystems = ["bcachefs"]; + boot.kernelPackages = pkgs.linuxPackages_latest; + home-manager = { extraSpecialArgs = {inherit inputs outputs;}; users = { From e8f857149a0de8f1e4d01ce5fb81e796d034ba4a Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sat, 3 Feb 2024 18:14:27 +0100 Subject: [PATCH 35/39] Needed to add lanzaboot to the outputs (test first!) --- flake.lock | 240 +++++++++++++++++++++++++++++++++++++++++++++++++++-- flake.nix | 1 + 2 files changed, 234 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 8dcde63..eefcd59 100644 --- a/flake.lock +++ b/flake.lock @@ -16,6 +16,27 @@ "type": "gitlab" } }, + "crane": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706473964, + "narHash": "sha256-Fq6xleee/TsX6NbtoRuI96bBuDHMU57PrcK9z1QEKbk=", + "owner": "ipetkov", + "repo": "crane", + "rev": "c798790eabec3e3da48190ae3698ac227aab770c", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "extest": { "inputs": { "extest": "extest_2", @@ -52,6 +73,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1668681692, @@ -67,6 +104,27 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1704982712, + "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "07f6395285469419cf9d078f59b5b49993198c00", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -85,6 +143,46 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703887061, + "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -125,6 +223,30 @@ "type": "github" } }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_3", + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1706522979, + "narHash": "sha256-2wP2qEFVoZ9q8C9MZdAwXPKDkIIQiEwUzuzCxVKafDc=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "c42edac7eb881315bb2a8dfd5190c8c87b91e084", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lanzaboote", + "type": "github" + } + }, "linger": { "inputs": { "flake-utils": [ @@ -214,6 +336,22 @@ } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1704874635, + "narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1705957679, "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", @@ -262,6 +400,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1706370590, + "narHash": "sha256-vq8hTMHsmPkBDaLR2i3m2nSmFObWmo7YwK51KQdI6RY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3fb3707af869e32b0ad0676f589b16cc7711a376", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1706191920, "narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=", @@ -277,7 +431,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1705856552, "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", @@ -292,7 +446,7 @@ "type": "indirect" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1706173671, "narHash": "sha256-lciR7kQUK2FCAYuszyd7zyRRmTaXVeoZsCyK6QFpGdk=", @@ -357,14 +511,46 @@ "type": "github" } }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1706424699, + "narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "extest": "extest", "flake-utils": "flake-utils", "home-manager": "home-manager", "jovian": "jovian", + "lanzaboote": "lanzaboote", "linger": "linger", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-unstable": "nixpkgs-unstable", "pihole": "pihole", "plasma-manager": "plasma-manager", @@ -372,11 +558,36 @@ "sops-nix": "sops-nix" } }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706494265, + "narHash": "sha256-4ilEUJEwNaY9r/8BpL3VmZiaGber0j09lvvx0e/bosA=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "246ba7102553851af60e0382f558f6bc5f63fa13", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs_4", + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_5", "nixpkgs-23_05": "nixpkgs-23_05", "nixpkgs-23_11": "nixpkgs-23_11", "utils": "utils" @@ -398,8 +609,8 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_5", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs": "nixpkgs_6", + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1706410821, @@ -430,6 +641,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1605370193, diff --git a/flake.nix b/flake.nix index 6351a63..ed6a712 100644 --- a/flake.nix +++ b/flake.nix @@ -51,6 +51,7 @@ plasma-manager, linger, pihole, + lanzaboote, ... } @ inputs: let inherit (self) outputs; From a9e7603352242f9b14ee9c890374cf671a7f05d1 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sat, 3 Feb 2024 20:41:54 +0100 Subject: [PATCH 36/39] I think I somehow forgot bcachefs support for EDI --- nixos/hosts/EDI/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/hosts/EDI/configuration.nix b/nixos/hosts/EDI/configuration.nix index 1929455..1272719 100644 --- a/nixos/hosts/EDI/configuration.nix +++ b/nixos/hosts/EDI/configuration.nix @@ -39,6 +39,8 @@ networking.hostName = "EDI"; boot.bootspec.enable = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.supportedFilesystems = ["bcachefs"]; boot = { loader.systemd-boot.enable = lib.mkForce false; lanzaboote = { From 7aa8b51ca8cbb0f6ea5f62b01e77f5247f5e554a Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sun, 4 Feb 2024 00:05:02 +0100 Subject: [PATCH 37/39] Add encrypted swap as well --- nixos/hosts/EDI/hardware-configuration.nix | 47 ++++++++++++---------- 1 file changed, 26 insertions(+), 21 deletions(-) diff --git a/nixos/hosts/EDI/hardware-configuration.nix b/nixos/hosts/EDI/hardware-configuration.nix index 008e857..be659e2 100644 --- a/nixos/hosts/EDI/hardware-configuration.nix +++ b/nixos/hosts/EDI/hardware-configuration.nix @@ -1,34 +1,39 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "UUID=88cd54d3-b644-4bae-96e9-51d2db3c5628"; - fsType = "bcachefs"; - }; + fileSystems."/" = { + device = "UUID=88cd54d3-b644-4bae-96e9-51d2db3c5628"; + fsType = "bcachefs"; + }; boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/91da75e7-52bc-4a50-9293-7e5e431040e0"; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/01B2-909E"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" "defaults" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/01B2-909E"; + fsType = "vfat"; + options = ["fmask=0077" "dmask=0077" "defaults"]; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/6aa6422f-c724-4c67-851d-030daf5003fb"; } - ]; + swapDevices = [ + {device = "dev/disk/by-uuid/e2156681-e9de-49ca-8ed3-ae83cd696b89";} + {device = "/dev/disk/by-uuid/6aa6422f-c724-4c67-851d-030daf5003fb";} + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's From f16368cec463e4a0a6dc9276fbf516b75c24a7a7 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sun, 4 Feb 2024 00:22:52 +0100 Subject: [PATCH 38/39] This is how we do that maybe? --- nixos/hosts/EDI/hardware-configuration.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/nixos/hosts/EDI/hardware-configuration.nix b/nixos/hosts/EDI/hardware-configuration.nix index be659e2..c62d408 100644 --- a/nixos/hosts/EDI/hardware-configuration.nix +++ b/nixos/hosts/EDI/hardware-configuration.nix @@ -31,8 +31,10 @@ }; swapDevices = [ - {device = "dev/disk/by-uuid/e2156681-e9de-49ca-8ed3-ae83cd696b89";} - {device = "/dev/disk/by-uuid/6aa6422f-c724-4c67-851d-030daf5003fb";} + { + device = "dev/disk/by-uuid/2b4f0e94-65b4-4e98-8744-0c671954e524"; + randomEncryption.enable = true; + } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking From 2580164d413db26d3b6ee43481d3eaeec0b883b5 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sun, 4 Feb 2024 00:36:42 +0100 Subject: [PATCH 39/39] That didn't work, maybe now? --- nixos/hosts/EDI/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/hosts/EDI/hardware-configuration.nix b/nixos/hosts/EDI/hardware-configuration.nix index c62d408..ad2bffb 100644 --- a/nixos/hosts/EDI/hardware-configuration.nix +++ b/nixos/hosts/EDI/hardware-configuration.nix @@ -32,7 +32,7 @@ swapDevices = [ { - device = "dev/disk/by-uuid/2b4f0e94-65b4-4e98-8744-0c671954e524"; + device = "/dev/disk/by-path/pci-0000:71:00.0-nvme-1-part2"; randomEncryption.enable = true; } ];