From 8296ca9356e94cd72c24464fc85bf6f75f3215a8 Mon Sep 17 00:00:00 2001 From: Ruixi-rebirth Date: Tue, 2 May 2023 12:10:29 +0800 Subject: [PATCH] feat: add minimall nixos installation --- flake.nix | 6 +- hosts/default.nix | 13 ++ hosts/laptop/wayland/default.nix | 5 +- hosts/laptop/x11/default.nix | 5 +- hosts/laptop_minimal/default.nix | 114 ++++++++++++++++++ hosts/laptop_minimal/disko_layout | 1 + .../laptop_minimal/hardware-configuration.nix | 48 ++++++++ 7 files changed, 183 insertions(+), 9 deletions(-) create mode 100644 hosts/laptop_minimal/default.nix create mode 120000 hosts/laptop_minimal/disko_layout create mode 100644 hosts/laptop_minimal/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index 2e9b3aca..0d2a5626 100644 --- a/flake.nix +++ b/flake.nix @@ -33,7 +33,7 @@ #to set user login password passwd_hash=$(mkpasswd -m sha-512 2>/dev/null) cd /mnt/etc/nixos/Flakes - sed -i "/initialHashedPassword/c\ \ \ \ initialHashedPassword\ =\ \"$passwd_hash\";" ./hosts/laptop/{wayland,x11}/default.nix + sed -i "/initialHashedPassword/c\ \ \ \ initialHashedPassword\ =\ \"$passwd_hash\";" ./hosts/{laptop,laptop_minimal}/{wayland,x11}/default.nix read -p "device name: " -r device nixos-install --no-root-passwd --flake .#"$device" ''; @@ -83,8 +83,8 @@ mount -o bind /mnt/nix/persist/etc/nixos /mnt/etc/nixos nixos-generate-config --no-filesystems --root /mnt cd /mnt/etc/nixos - cp hardware-configuration.nix "$FLAKE_ROOT"/hosts/laptop/hardware-configuration.nix - sed -i 's/imports\ =/imports\ = [(import\ .\/disko_layout\/multi-device-luks.nix\ {})]++/g' "$FLAKE_ROOT"/hosts/laptop/hardware-configuration.nix + cp hardware-configuration.nix "$FLAKE_ROOT"/hosts/{laptop,laptop_minimal}/hardware-configuration.nix + sed -i 's/imports\ =/imports\ = [(import\ .\/disko_layout\/multi-device-luks.nix\ {})]++/g' "$FLAKE_ROOT"/hosts/{laptop,laptop_minimal}/hardware-configuration.nix cp -r "$FLAKE_ROOT" /mnt/etc/nixos lsblk ''; diff --git a/hosts/default.nix b/hosts/default.nix index 642b38a9..a0321b24 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -56,5 +56,18 @@ in } ]; }; + laptop-minimal = lib.nixosSystem { + # Laptop-minimal profile + inherit system; + specialArgs = { inherit inputs user; }; + modules = [ + ./laptop-minimal + ] ++ [ + ./system.nix + ] ++ [ + inputs.impermanence.nixosModules.impermanence + inputs.disko.nixosModules.disko + ]; + }; } diff --git a/hosts/laptop/wayland/default.nix b/hosts/laptop/wayland/default.nix index b884f2e7..369336aa 100644 --- a/hosts/laptop/wayland/default.nix +++ b/hosts/laptop/wayland/default.nix @@ -41,9 +41,9 @@ supportedFilesystems = [ "ntfs" ]; kernelPackages = pkgs.linuxPackages_xanmod_latest; loader = { + bootspec.enable = true; systemd-boot = { - enable = lib.mkForce false; #lanzaboote - # enable = true; + enable = (lib.mkIf config.boot.lanzaboote.enable) lib.mkForce false; #lanzaboote consoleMode = "auto"; }; efi = { @@ -52,7 +52,6 @@ }; timeout = 3; }; - bootspec.enable = true; lanzaboote = { enable = true; pkiBundle = "/etc/secureboot"; diff --git a/hosts/laptop/x11/default.nix b/hosts/laptop/x11/default.nix index 6c1d9610..a56f55a9 100644 --- a/hosts/laptop/x11/default.nix +++ b/hosts/laptop/x11/default.nix @@ -39,9 +39,9 @@ supportedFilesystems = [ "ntfs" ]; kernelPackages = pkgs.linuxPackages_xanmod_latest; loader = { + bootspec.enable = true; systemd-boot = { - enable = lib.mkForce false; #lanzaboote - # enable = true; + enable = (lib.mkIf config.boot.lanzaboote.enable) lib.mkForce false; #lanzaboote consoleMode = "auto"; }; efi = { @@ -50,7 +50,6 @@ }; timeout = 3; }; - bootspec.enable = true; lanzaboote = { enable = true; pkiBundle = "/etc/secureboot"; diff --git a/hosts/laptop_minimal/default.nix b/hosts/laptop_minimal/default.nix new file mode 100644 index 00000000..affd88c0 --- /dev/null +++ b/hosts/laptop_minimal/default.nix @@ -0,0 +1,114 @@ +{ config, pkgs, user, inputs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ]; + + users.mutableUsers = false; + users.users.root = { + initialHashedPassword = "$6$4lwj3AGq8M9CQE2.$q8cNPghWHTl/dfE0dMPm2vsh0cMpY2gWxw91/Uadi8jShbvUHJJu3Jg0CvSpqrlEB7a3kvWDf/p2CI3mSqP1c/"; + }; + users.users.${user} = { + initialHashedPassword = "$6$4lwj3AGq8M9CQE2.$q8cNPghWHTl/dfE0dMPm2vsh0cMpY2gWxw91/Uadi8jShbvUHJJu3Jg0CvSpqrlEB7a3kvWDf/p2CI3mSqP1c/"; + # shell = pkgs.fish; + isNormalUser = true; + extraGroups = [ "wheel" ]; + packages = (with pkgs; [ + ]) ++ (with config.nur.repos;[ + # linyinfeng.icalingua-plus-plus + # linyinfeng.wemeet + ]); + }; + boot = { + supportedFilesystems = [ "ntfs" ]; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + loader = { + systemd-boot = { + enable = true; + consoleMode = "auto"; + }; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + timeout = 3; + }; + kernelParams = [ + "quiet" + "splash" + ]; + consoleLogLevel = 0; + initrd.verbose = false; + }; + + environment = { + persistence."/nix/persist" = { + directories = [ + "/etc/nixos" # bind mounted from /nix/persist/etc/nixos to /etc/nixos + "/etc/NetworkManager/system-connections" + "/etc/v2raya" + "/etc/secureboot" + "/var/log" + "/var/lib" + ]; + users.${user} = { + directories = [ + "Downloads" + "Music" + "Pictures" + "Documents" + "Videos" + ".cache" + "Codelearning" + ".npm-global" + ".config" + ".thunderbird" + ".go-musicfox" + "Flakes" + "Kvm" + ".cabal" + { directory = ".gnupg"; mode = "0700"; } + { directory = ".ssh"; mode = "0700"; } + ".local" + ".mozilla" + ".emacs.d" + ]; + files = [ + ".npmrc" + ]; + }; + }; + systemPackages = with pkgs; [ + ]; + }; + + services.xserver = { + xkbOptions = "caps:escape"; + }; + console.useXkbConfig = true; + + services.xserver.libinput = { + enable = true; + touchpad.naturalScrolling = true; + }; + + services = { + getty.autologinUser = "${user}"; + }; + + security.sudo = { + enable = false; + extraConfig = '' + ${user} ALL=(ALL) NOPASSWD:ALL + ''; + }; + security.doas = { + enable = true; + extraConfig = '' + permit nopass :wheel + ''; + }; + +} diff --git a/hosts/laptop_minimal/disko_layout b/hosts/laptop_minimal/disko_layout new file mode 120000 index 00000000..07ede784 --- /dev/null +++ b/hosts/laptop_minimal/disko_layout @@ -0,0 +1 @@ +../laptop/disko_layout \ No newline at end of file diff --git a/hosts/laptop_minimal/hardware-configuration.nix b/hosts/laptop_minimal/hardware-configuration.nix new file mode 100644 index 00000000..89248a26 --- /dev/null +++ b/hosts/laptop_minimal/hardware-configuration.nix @@ -0,0 +1,48 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "none"; + fsType = "tmpfs"; + options = [ "defaults" "size=12G" "mode=755" ]; + }; + + fileSystems."/nix" = + { + device = "/dev/disk/by-uuid/49e24551-c0e0-48ed-833d-da8289d79cdd"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/3C0D-7D32"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp65s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}