christoph/flake-nixinator
1
Fork 0
Code Activity

Compare commits

base: christoph:7a6e9e07170569ae96556861e1e90ca726b96670
Branches Tags
christoph:master
...
compare: christoph:d68a99d67cea2c53ff2f42da42c452b1cb9c01fb
Branches Tags
christoph:master

5 Commits
7a6e9e0717 ... d68a99d67c

Author SHA1 Message Date
Christoph Urlacher
d68a99d67c Modules/Impermanence: Set home ownership 2025-07-16 16:24:46 +02:00
Christoph Urlacher
f97fd2d6f7 System: Disable mutable users + set explicit uid/gid 2025-07-16 16:24:23 +02:00
Christoph Urlacher
72bfa078e7 System/Nixinator: Update btrfs subvolume names and options 2025-07-16 16:24:03 +02:00
Christoph Urlacher
689efb279a Home: Disable impermanence HM module (only use system module) 2025-07-16 16:23:43 +02:00
Christoph Urlacher
5f919ca9b0 Home/Nixinator: Disable large IDEs and Unity stuff 2025-07-16 16:23:25 +02:00
5 changed files with 61 additions and 26 deletions
Expand all files Collapse all files

12
home/christoph/nixinator/default.nix
View File

@ -109,18 +109,18 @@
# quartus-prime-lite # Intel FPGA design software # quartus-prime-lite # Intel FPGA design software
# Don't want heavy IDE's on the laptop # Don't want heavy IDE's on the laptop
jetbrains.clion # jetbrains.clion
jetbrains.rust-rover # jetbrains.rust-rover
jetbrains.pycharm-professional # jetbrains.pycharm-professional
# jetbrains.idea-ultimate # jetbrains.idea-ultimate
# jetbrains.webstorm # jetbrains.webstorm
# Unity Stuff # Unity Stuff
# unityhub # unityhub
rider # rider
dotnetCore # dotnetCore
mono # mono
blender blender
godot_4 godot_4

2
home/modules/default.nix
View File

@ -27,6 +27,6 @@
# HM modules imported from the flake inputs # HM modules imported from the flake inputs
inputs.nix-flatpak.homeManagerModules.nix-flatpak inputs.nix-flatpak.homeManagerModules.nix-flatpak
inputs.nixvim.homeManagerModules.nixvim inputs.nixvim.homeManagerModules.nixvim
inputs.impermanence.homeManagerModules.impermanence # inputs.impermanence.homeManagerModules.impermanence
]; ];
} }

5
system/default.nix
View File

@ -216,10 +216,13 @@ with mylib.networking; {
console.keyMap = "us-acentos"; console.keyMap = "us-acentos";
# Define a user account. Password is set from sops-nix secrets automatically. # Define a user account. Password is set from sops-nix secrets automatically.
users.mutableUsers = false; # Users are always overridden by stuff defined here
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
hashedPasswordFile = config.sops.secrets.user-password.path; hashedPasswordFile = config.sops.secrets.user-password.path;
description = "Christoph"; description = "Christoph";
group = "users";
uid = 1000;
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"
"wheel" "wheel"
@ -241,6 +244,8 @@ with mylib.networking; {
# packages = with pkgs; []; # packages = with pkgs; [];
}; };
users.groups."users".gid = 100;
# We want these packages to be available even when no user profile is active # We want these packages to be available even when no user profile is active
# Empty since we basically only need git + editor which is enabled below # Empty since we basically only need git + editor which is enabled below
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

51
system/modules/impermanence/default.nix
View File

@ -23,17 +23,17 @@ in {
mkDir = user: directory: mode: { mkDir = user: directory: mode: {
inherit directory mode; inherit directory mode;
user = config.users.users.${user}.name; # user = config.users.users.${user}.name;
group = config.users.users.${user}.group; # group = config.users.users.${user}.group;
}; };
mkFile = user: file: mode: { mkFile = user: file: mode: {
inherit file; inherit file;
parentDirectory = { # parentDirectory = {
inherit mode; # inherit mode;
user = config.users.users.${user}.name; # user = config.users.users.${user}.name;
group = config.users.users.${user}.group; # group = config.users.users.${user}.group;
}; # };
}; };
in in
lib.mkIf impermanence.enable { lib.mkIf impermanence.enable {
@ -55,6 +55,8 @@ in {
(mkRDir "/etc/secureboot" m755) (mkRDir "/etc/secureboot" m755)
(mkRDir "/etc/ssh" m755) (mkRDir "/etc/ssh" m755)
(mkRDir "/nix/var" m755)
# https://github.com/nix-community/impermanence/issues/253 # https://github.com/nix-community/impermanence/issues/253
(mkRDir "/usr/systemd-placeholder" m755) (mkRDir "/usr/systemd-placeholder" m755)
@ -63,9 +65,10 @@ in {
(mkRDir "/var/lib/bluetooth" m755) # m700 (mkRDir "/var/lib/bluetooth" m755) # m700
(mkRDir "/var/lib/containers" m755) (mkRDir "/var/lib/containers" m755)
(mkRDir "/var/lib/flatpak" m755) (mkRDir "/var/lib/flatpak" m755)
(mkRDir "/var/lib/NetworkManager" m755)
(mkRDir "/var/lib/libvirt" m755) (mkRDir "/var/lib/libvirt" m755)
(mkRDir "/var/lib/NetworkManager" m755)
(mkRDir "/var/lib/nixos" m755) (mkRDir "/var/lib/nixos" m755)
(mkRDir "/var/lib/private/ollama" m755)
(mkRDir "/var/lib/systemd" m755) (mkRDir "/var/lib/systemd" m755)
(mkRDir "/var/tmp" m777) (mkRDir "/var/tmp" m777)
@ -126,11 +129,34 @@ in {
(mkUDir ".local/share/zoxide" m755) (mkUDir ".local/share/zoxide" m755)
(mkUDir ".local/state/astal/notifd" m755) (mkUDir ".local/state/astal/notifd" m755)
(mkUDir ".local/state/nix" m755)
(mkUDir ".local/state/nvim" m755) (mkUDir ".local/state/nvim" m755)
]; ];
}; };
}; };
systemd.services."impermanence-fix-home-ownership" = let
homeDir = "/home/${username}";
homeUser = builtins.toString config.users.users.${username}.uid;
homeGroup = builtins.toString config.users.groups.${config.users.users.${username}.group}.gid;
in {
description = "Fix impermanent home ownership";
# wantedBy = ["local-fs.target"];
# partOf = ["local-fs.target"];
after = ["local-fs.target"]; # Execute afer home.mount
before = ["network-online.target"]; # Execute before NFS mounts
serviceConfig.Type = "oneshot";
script = ''
if [[ -d ${homeDir} ]]; then
chown -R ${homeUser}:${homeGroup} ${homeDir}
echo "Set ownership for ${homeDir} to ${homeUser}:${homeGroup}"
else
echo "ERROR: Home ${homeDir} does not exist!"
fi
'';
};
# Because we have a LUKS encrypted drive # Because we have a LUKS encrypted drive
# we use a systemd service to cleanup the volumes # we use a systemd service to cleanup the volumes
boot.initrd.systemd = { boot.initrd.systemd = {
@ -140,6 +166,9 @@ in {
backupDuration = "7"; # Days backupDuration = "7"; # Days
mountDir = "/btrfs_tmp"; mountDir = "/btrfs_tmp";
persistDir = "${mountDir}/persist"; persistDir = "${mountDir}/persist";
homeUser = builtins.toString config.users.users.${username}.uid;
homeGroup = builtins.toString config.users.groups.${config.users.users.${username}.group}.gid;
in { in {
description = "Clean impermanent btrfs subvolumes"; description = "Clean impermanent btrfs subvolumes";
wantedBy = ["initrd.target"]; wantedBy = ["initrd.target"];
@ -205,6 +234,12 @@ in {
btrfs subvolume create ${mountDir}/home btrfs subvolume create ${mountDir}/home
echo "Created new subvolumes ${mountDir}/root and ${mountDir}/home" echo "Created new subvolumes ${mountDir}/root and ${mountDir}/home"
chown -R ${homeUser}:${homeGroup} ${mountDir}/home/${username}
echo "Set permissions for ${mountDir}/home/${username} to ${homeUser}:${homeGroup}"
chown -R ${homeUser}:${homeGroup} ${persistDir}/home/${username}
echo "Set permissions for ${persistDir}/home/${username} to ${homeUser}:${homeGroup}"
umount ${mountDir} umount ${mountDir}
rmdir ${mountDir} rmdir ${mountDir}
''; '';

17
system/nixinator/disks.nix
View File

@ -45,47 +45,42 @@
type = "btrfs"; type = "btrfs";
extraArgs = ["-L" "NIXOS" "-f"]; extraArgs = ["-L" "NIXOS" "-f"];
subvolumes = { subvolumes = {
"/root" = { "root" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = [ mountOptions = [
"subvol=root"
"compress=zstd" "compress=zstd"
"noatime" "noatime"
]; ];
}; };
"/home" = { "home" = {
mountpoint = "/home"; mountpoint = "/home";
mountOptions = [ mountOptions = [
"subvol=home"
"compress=zstd" "compress=zstd"
"noatime" "noatime"
]; ];
}; };
"/nix" = { "nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = [ mountOptions = [
"subvol=nix"
"compress=zstd" "compress=zstd"
"noatime" "noatime"
]; ];
}; };
"/persist" = { "persist" = {
mountpoint = "/persist"; mountpoint = "/persist";
mountOptions = [ mountOptions = [
"subvol=persist"
"compress=zstd" "compress=zstd"
"noatime" "noatime"
]; ];
}; };
"/log" = { "log" = {
mountpoint = "/var/log"; mountpoint = "/var/log";
mountOptions = [ mountOptions = [
"subvol=log"
"compress=zstd" "compress=zstd"
"noatime" "noatime"
]; ];
}; };
"/swap" = { "swap" = {
mountpoint = "/swap"; mountpoint = "/swap";
swap.swapfile.size = "16G"; swap.swapfile.size = "16G";
}; };