update nixpkgs, home-manager, remove root password, refactor, use tmpfs, c2: use disk labels

2025-04-19 22:36:22 +02:00 · 2025-04-19 22:36:22 +02:00 · 62d3765e58
commit 62d3765e58
parent 59a71b5cf2
8 changed files with 109 additions and 39 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,12 +1,32 @@
 {
  "nodes": {
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1745071558,
        "narHash": "sha256-bvcatss0xodcdxXm0LUSLPd2jjrhqO3yFSu3stOfQXg=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "9676e8a52a177d80c8a42f66566362a6d74ecf78",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1744463964,
+        "lastModified": 1744932701,
-        "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
+        "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
+        "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
        "type": "github"
      },
      "original": {
@ -18,6 +38,7 @@
    },
    "root": {
      "inputs": {
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs"
      }
    }
--- a/flake.nix
+++ b/flake.nix
@ -1,10 +1,18 @@
 {
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs =
-    { self, nixpkgs }@inputs:
+    {
      self,
      nixpkgs,
      home-manager,
    }@inputs:
    let
      lib = nixpkgs.lib;
      mod = import ./mod { inherit lib; };
@ -25,6 +33,6 @@
        };
      };
-      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
+      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-tree;
    };
 }
--- a/host/c2/hardware-configuration.nix
+++ b/host/c2/hardware-configuration.nix
@ -26,7 +26,7 @@
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/0aa43f8a-a6e8-47aa-800d-b02d98f2cb8a";
+    device = "/dev/disk/by-label/nixroot";
    fsType = "btrfs";
    options = [
      "noatime"
@ -36,7 +36,7 @@
  };
  fileSystems."/nix" = {
-    device = "/dev/disk/by-uuid/0aa43f8a-a6e8-47aa-800d-b02d98f2cb8a";
+    device = "/dev/disk/by-label/nixroot";
    fsType = "btrfs";
    options = [
      "noatime"
@ -46,7 +46,7 @@
  };
  fileSystems."/home" = {
-    device = "/dev/disk/by-uuid/0aa43f8a-a6e8-47aa-800d-b02d98f2cb8a";
+    device = "/dev/disk/by-label/nixroot";
    fsType = "btrfs";
    options = [
      "noatime"
@ -56,7 +56,7 @@
  };
  fileSystems."/boot/efi" = {
-    device = "/dev/disk/by-uuid/829B-BDFC";
+    device = "/dev/disk/by-label/NIXENV";
    fsType = "vfat";
    options = [
      "fmask=0022"
@ -64,7 +64,11 @@
    ];
  };
-  swapDevices = [ ];
+  swapDevices = [
    {
      device = "/dev/disk/by-label/nixswap";
    }
  ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/mod/boot.nix
+++ b/mod/boot.nix
@ -9,5 +9,9 @@
    };
  };
  # otherwise /tmp is on disk. This *may* be problematic as nix
  # builds in /tmp but I think my swap is large enough...
  boot.tmp.useTmpfs = true;
  boot.kernelPackages = pkgs.linuxPackages_6_13;
 }
--- a/mod/nix.nix
+++ b/mod/nix.nix
@ -1,31 +1,54 @@
 { lib, ... }:
 {
-  nix.settings = {
+  lib,
-    experimental-features = [
+  inputs,
-      "nix-command"
+  config,
-      "flakes"
+  ...
-    ];
+}:
-    trusted-users = [
+{
-      "root"
+  config = {
-      "@wheel"
+    nix.settings = {
-    ];
+      experimental-features = [
-    auto-optimise-store = true;
+        "nix-command"
        "flakes"
      ];
      trusted-users = [
        "root"
        "@wheel"
      ];
      auto-optimise-store = true;
    };
    programs.nix-ld.enable = true;
    nixpkgs.config.allowUnfree = false;
    nixpkgs.config.allowUnfreePredicate =
      pkg:
      builtins.elem (lib.getName pkg) [
        "nvidia-x11"
        "nvidia-settings"
        "vscode"
        "obsidian"
        "steam"
        "steam-unwrapped"
        "gateway" # jetbrains
        "spotify"
        "rust-rover"
      ];
    home.home.stateVersion = config.system.stateVersion; # is this safe?
  };
-  programs.nix-ld.enable = true;
+  imports = [
    inputs.home-manager.nixosModules.home-manager
  ];
-  nixpkgs.config.allowUnfree = false;
+  # I don't think this will ever be multi user,
-  nixpkgs.config.allowUnfreePredicate =
+  # no need to seperate home-manager. `home` is used
-    pkg:
+  # in users.nix, I should prbably refactor...
-    builtins.elem (lib.getName pkg) [
+  options = {
-      "nvidia-x11"
+    home = lib.mkOption {
-      "nvidia-settings"
+      type = lib.types.attrs;
-      "vscode"
+      default = { };
-      "obsidian"
+    };
-      "steam"
+  };
      "steam-unwrapped"
      "gateway" # jetbrains
      "spotify"
      "rust-rover"
    ];
 }
--- a/mod/shell.nix
+++ b/mod/shell.nix
@ -19,6 +19,7 @@
    unzip
    wget
    wl-clipboard
    nixfmt-rfc-style
  ];
  programs = {
--- a/mod/software.nix
+++ b/mod/software.nix
@ -21,7 +21,6 @@
        wireguard-tools
        bitwarden
        kitty
        nixfmt-rfc-style
        nil
      ];
--- a/mod/users.nix
+++ b/mod/users.nix
@ -1,8 +1,15 @@
 { pkgs, ... }:
 {
-  users.users.hd = {
+  pkgs,
  lib,
  options,
  ...
 }:
 {
  users.users."hd" = {
    description = "Henri";
    isNormalUser = true;
    createHome = true;
    home = "/home/hd";
    extraGroups = [
      "networkmanager"
      "wheel"
@ -10,4 +17,7 @@
    shell = pkgs.fish;
    packages = [ ];
  };
  home-manager.users."hd" = lib.mkAliasDefinitions options.home;
  users.users.root.hashedPassword = "!";
 }