update nixpkgs, home-manager, remove root password, refactor, use tmpfs, c2: use disk labels

flake.lock

@@ -1,12 +1,32 @@
 {
   "nodes": {
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745071558,
+        "narHash": "sha256-bvcatss0xodcdxXm0LUSLPd2jjrhqO3yFSu3stOfQXg=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "9676e8a52a177d80c8a42f66566362a6d74ecf78",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1744463964,
-        "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
+        "lastModified": 1744932701,
+        "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
+        "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
         "type": "github"
       },
       "original": {
@@ -18,6 +38,7 @@
     },
     "root": {
       "inputs": {
+        "home-manager": "home-manager",
         "nixpkgs": "nixpkgs"
       }
     }

flake.nix

@@ -1,10 +1,18 @@
 {
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs =
-    { self, nixpkgs }@inputs:
+    {
+      self,
+      nixpkgs,
+      home-manager,
+    }@inputs:
     let
       lib = nixpkgs.lib;
       mod = import ./mod { inherit lib; };
@@ -25,6 +33,6 @@
         };
       };
 
-      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
+      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-tree;
     };
 }

host/c2/hardware-configuration.nix

@@ -26,7 +26,7 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
-    device = "/dev/disk/by-uuid/0aa43f8a-a6e8-47aa-800d-b02d98f2cb8a";
+    device = "/dev/disk/by-label/nixroot";
     fsType = "btrfs";
     options = [
       "noatime"
@@ -36,7 +36,7 @@
   };
 
   fileSystems."/nix" = {
-    device = "/dev/disk/by-uuid/0aa43f8a-a6e8-47aa-800d-b02d98f2cb8a";
+    device = "/dev/disk/by-label/nixroot";
     fsType = "btrfs";
     options = [
       "noatime"
@@ -46,7 +46,7 @@
   };
 
   fileSystems."/home" = {
-    device = "/dev/disk/by-uuid/0aa43f8a-a6e8-47aa-800d-b02d98f2cb8a";
+    device = "/dev/disk/by-label/nixroot";
     fsType = "btrfs";
     options = [
       "noatime"
@@ -56,7 +56,7 @@
   };
 
   fileSystems."/boot/efi" = {
-    device = "/dev/disk/by-uuid/829B-BDFC";
+    device = "/dev/disk/by-label/NIXENV";
     fsType = "vfat";
     options = [
       "fmask=0022"
@@ -64,7 +64,11 @@
     ];
   };
 
-  swapDevices = [ ];
+  swapDevices = [
+    {
+      device = "/dev/disk/by-label/nixswap";
+    }
+  ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

mod/boot.nix

@@ -9,5 +9,9 @@
     };
   };
 
+  # otherwise /tmp is on disk. This *may* be problematic as nix
+  # builds in /tmp but I think my swap is large enough...
+  boot.tmp.useTmpfs = true;
+
   boot.kernelPackages = pkgs.linuxPackages_6_13;
 }

mod/nix.nix

@@ -1,31 +1,54 @@
-{ lib, ... }:
 {
-  nix.settings = {
-    experimental-features = [
-      "nix-command"
-      "flakes"
-    ];
-    trusted-users = [
-      "root"
-      "@wheel"
-    ];
-    auto-optimise-store = true;
+  lib,
+  inputs,
+  config,
+  ...
+}:
+{
+  config = {
+    nix.settings = {
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+      trusted-users = [
+        "root"
+        "@wheel"
+      ];
+      auto-optimise-store = true;
+    };
+
+    programs.nix-ld.enable = true;
+
+    nixpkgs.config.allowUnfree = false;
+    nixpkgs.config.allowUnfreePredicate =
+      pkg:
+      builtins.elem (lib.getName pkg) [
+        "nvidia-x11"
+        "nvidia-settings"
+        "vscode"
+        "obsidian"
+        "steam"
+        "steam-unwrapped"
+        "gateway" # jetbrains
+        "spotify"
+        "rust-rover"
+      ];
+
+    home.home.stateVersion = config.system.stateVersion; # is this safe?
   };
 
-  programs.nix-ld.enable = true;
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+  ];
 
-  nixpkgs.config.allowUnfree = false;
-  nixpkgs.config.allowUnfreePredicate =
-    pkg:
-    builtins.elem (lib.getName pkg) [
-      "nvidia-x11"
-      "nvidia-settings"
-      "vscode"
-      "obsidian"
-      "steam"
-      "steam-unwrapped"
-      "gateway" # jetbrains
-      "spotify"
-      "rust-rover"
-    ];
+  # I don't think this will ever be multi user,
+  # no need to seperate home-manager. `home` is used
+  # in users.nix, I should prbably refactor...
+  options = {
+    home = lib.mkOption {
+      type = lib.types.attrs;
+      default = { };
+    };
+  };
 }

mod/shell.nix

@@ -19,6 +19,7 @@
     unzip
     wget
     wl-clipboard
+    nixfmt-rfc-style
   ];
 
   programs = {

mod/software.nix

@@ -21,7 +21,6 @@
         wireguard-tools
         bitwarden
         kitty
-        nixfmt-rfc-style
         nil
       ];
 

mod/users.nix

@@ -1,8 +1,15 @@
-{ pkgs, ... }:
 {
-  users.users.hd = {
+  pkgs,
+  lib,
+  options,
+  ...
+}:
+{
+  users.users."hd" = {
     description = "Henri";
     isNormalUser = true;
+    createHome = true;
+    home = "/home/hd";
     extraGroups = [
       "networkmanager"
       "wheel"
@@ -10,4 +17,7 @@
     shell = pkgs.fish;
     packages = [ ];
   };
+
+  home-manager.users."hd" = lib.mkAliasDefinitions options.home;
+  users.users.root.hashedPassword = "!";
 }