Fixed typos, added autoinstall notes, reworked homelab config

2025-01-18 22:55:52 +05:30 · 2024-02-28 17:39:00 -06:00 · 2024-02-28 17:39:00 -06:00 · 16b832d5f0
parent 4015df2e40
commit 16b832d5f0
8 changed files with 145 additions and 95 deletions
--- a/README.org
+++ b/README.org
@ -23,9 +23,15 @@ I wrote some reinstall notes for myself [[./install.org][here (install.org)]].

 TLDR: You should™ be able to install my dotfiles to an existing UEFI NixOS system with the following script:
 #+begin_src sh :noeval
-nix-shell -p git --command "nix-run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes"
+nix-shell -p git --command "nix run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes"
 #+end_src

+Note: If you're installing this to a VM, Hyprland won't work unless 3D acceleration is enabled.
+
+Disclaimer: If you install my =homelab= or =worklab= profiles /CHANGE THE PUBLIC SSH KEYS UNLESS YOU WANT ME TO BE ABLE TO SSH INTO YOUR SERVER. YOU CAN CHANGE OR REMOVE THE SSH KEY IN THE RELEVANT CONFIGURATION.NIX/:
+- [[./profiles/homelab/configuration.nix][configuration.nix]] for homelab profile
+- [[./profiles/worklab/configuration.nix][configuration.nix]] for worklab profile
+
 ** Modules
 Separate Nix files can be imported as modules using an import block:
 #+BEGIN_SRC nix
--- a/install.org
+++ b/install.org
@ -1,7 +1,7 @@
 #+title: Install
 #+author: Emmet

-These are just some simple install notes for myself (in-case I have to reinstall unexpectedly).
+These are just some simple install notes for myself (in-case I have to reinstall unexpectedly). You could also use these to try out my config in a VM.

 ** Automated Install Script (Experimental)
 *** Install Directly From Git
@ -9,21 +9,21 @@ I wrote a quick automated install script at [[./install.sh][install.sh]]. It ess

 I'll eventually™ add the ability to supply arguments to this script as well.

-The quickest way to install is running the install script directly from the remote git repo using =nix-run=, which is essentially just one of the following:
+The quickest way to install is running the install script directly from the remote git repo using =nix run=, which is essentially just one of the following:
 #+BEGIN_SRC sh :noeval
 # Install from gitlab
-nix-run gitlab:librephoenix/nixos-config
+nix run gitlab:librephoenix/nixos-config

 # Or install from github
-nix-run github:librephoenix/nixos-config
+nix run github:librephoenix/nixos-config

 # Or install from codeberg
-nix-run git+https://codeberg.org/librephoenix/nixos-config
+nix run git+https://codeberg.org/librephoenix/nixos-config
 #+END_SRC

 The script will ask for sudo permissions at certain points, /but you should not run the script as root/.

-If the above =nix-run= command gives you an error, odds are you either don't have =git= installed, or you haven't enabled the experimental features in your Nix config (=nix-command= and =flakes=). To get the command to install properly, you can first enter a shell with =git= available using:
+If the above =nix run= command gives you an error, odds are you either don't have =git= installed, or you haven't enabled the experimental features in your Nix config (=nix-command= and =flakes=). To get the command to install properly, you can first enter a shell with =git= available using:
 #+begin_src sh :noeval
 nix-shell -p git
 #+end_src
@ -34,11 +34,17 @@ nix-run gitlab:librephoenix/nixos-config --extra-experimental-features nix-comma

 And if you want a single copy-paste solution:
 #+begin_src sh :noeval
-nix-shell -p git --command "nix-run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes"
+nix-shell -p git --command "nix run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes"
 #+end_src

 At a certain point in the install script it will open =nano= (or whatever your $EDITOR is set to) and ask you to edit the =flake.nix=. You can edit as much or as little of the config variables as you like, and it will continue the install after you exit the editor.

+Note: If you're installing this to a VM, Hyprland won't work unless 3D acceleration is enabled.
+
+Disclaimer: If you install my =homelab= or =worklab= profiles /CHANGE THE PUBLIC SSH KEYS UNLESS YOU WANT ME TO BE ABLE TO SSH INTO YOUR SERVER. YOU CAN CHANGE OR REMOVE THE SSH KEY IN THE RELEVANT CONFIGURATION.NIX/:
+- [[./profiles/homelab/configuration.nix][configuration.nix]] for homelab profile
+- [[./profiles/worklab/configuration.nix][configuration.nix]] for worklab profile
+
 *** Install From Local Git Clone
 The dotfiles can be installed after cloning the repo into =~/.dotfiles= using:
 #+BEGIN_SRC sh :noeval
@ -46,7 +52,13 @@ git clone https://gitlab.com/librephoenix/nixos-config.git ~/.dotfiles
 ~/.dotfiles/install.sh
 #+END_SRC

-At a certain point in the install script it will open =nano= (or whatever your $EDITOR is set to) and ask you to edit the =flake.nix=. You can edit as much or as little of the config variables as you like, and it will continue the install after you exit the editor.
+At a certain point in the install script it will open =nano= (or whatever your =$EDITOR= is set to) and ask you to edit the =flake.nix=. You can edit as much or as little of the config variables as you like, and it will continue the install after you exit the editor.
+
+Note: If you're installing this to a VM, Hyprland won't work unless 3D acceleration is enabled.
+
+Disclaimer: If you install my =homelab= or =worklab= profiles /CHANGE THE PUBLIC SSH KEYS UNLESS YOU WANT ME TO BE ABLE TO SSH INTO YOUR SERVER. YOU CAN CHANGE OR REMOVE THE SSH KEY IN THE RELEVANT CONFIGURATION.NIX/:
+- [[./profiles/homelab/configuration.nix][configuration.nix]] for homelab profile
+- [[./profiles/worklab/configuration.nix][configuration.nix]] for worklab profile

 *** Automatic Install Script Limitations
 At this time, this only works on an existing NixOS install. It also only works if the dotfiles are cloned into =~/.dotfiles=. It also only works on UEFI, not on BIOS :(
@ -84,6 +96,12 @@ let

 There are many more config options there that you may also want to change as well.

+Note: If you're installing this to a VM, Hyprland won't work unless 3D acceleration is enabled.
+
+Disclaimer: If you install my =homelab= or =worklab= profiles /CHANGE THE PUBLIC SSH KEYS UNLESS YOU WANT ME TO BE ABLE TO SSH INTO YOUR SERVER. YOU CAN CHANGE OR REMOVE THE SSH KEY IN THE RELEVANT CONFIGURATION.NIX/:
+- [[./profiles/homelab/configuration.nix][configuration.nix]] for homelab profile
+- [[./profiles/worklab/configuration.nix][configuration.nix]] for worklab profile
+
 *** Rebuild and Switch System Config
 Once the variables are set, then switch into the system configuration by running:
 #+BEGIN_SRC sh :noeval
@ -112,3 +130,6 @@ No. You can put them in literally any directory you want. I just prefer to use =

 *** So I cloned these dotfiles into ~/.dotfiles, and now there are system-level files owned by my user account.. HOW IS THIS SECURE?!
 If you're worried about someone modifying your system-level (root configuration) files as your unpriveleged user, see [[./harden.sh][harden.sh]].
+
+*** I installed this to a VM and when I log in, it crashes and sends me back to the login manager (SDDM)?
+Enable 3D acceleration for your virtual machine. Hyprland doesn't work without it.
--- a/profiles/homelab/base.nix
+++ b/profiles/homelab/base.nix
@ -0,0 +1,83 @@
+{ lib, pkgs, systemSettings, userSettings, ... }:
+
+{
+  imports =
+    [ ../../system/hardware-configuration.nix
+      ../../system/hardware/time.nix # Network time sync
+      ../../system/security/doas.nix
+      ../../system/security/gpg.nix
+      ( import ../../system/app/docker.nix {storageDriver = "btrfs"; inherit userSettings pkgs lib;} )
+    ];
+
+  # Fix nix path
+  nix.nixPath = [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
+                  "nixos-config=$HOME/dotfiles/system/configuration.nix"
+                  "/nix/var/nix/profiles/per-user/root/channels"
+                ];
+
+  # Ensure nix flakes are enabled
+  nix.package = pkgs.nixFlakes;
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+
+  # I'm sorry Stallman-taichou
+  nixpkgs.config.allowUnfree = true;
+
+  # Kernel modules
+  boot.kernelModules = [ "i2c-dev" "i2c-piix4" ];
+
+  # Bootloader
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot";
+
+  # Networking
+  networking.hostName = systemSettings.hostname; # Define your hostname.
+  networking.networkmanager.enable = true; # Use networkmanager
+
+  # Timezone and locale
+  time.timeZone = systemSettings.timezone; # time zone
+  i18n.defaultLocale = systemSettings.locale;
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = systemSettings.locale;
+    LC_IDENTIFICATION = systemSettings.locale;
+    LC_MEASUREMENT = systemSettings.locale;
+    LC_MONETARY = systemSettings.locale;
+    LC_NAME = systemSettings.locale;
+    LC_NUMERIC = systemSettings.locale;
+    LC_PAPER = systemSettings.locale;
+    LC_TELEPHONE = systemSettings.locale;
+    LC_TIME = systemSettings.locale;
+  };
+
+  # User account
+  users.users.${userSettings.username} = {
+    isNormalUser = true;
+    description = userSettings.name;
+    extraGroups = [ "networkmanager" "wheel" ];
+    packages = with pkgs; [];
+    uid = 1000;
+  };
+
+  # System packages
+  environment.systemPackages = with pkgs; [
+    vim
+    wget
+    zsh
+    git
+    rclone
+    rdiff-backup
+    cryptsetup
+    gocryptfs
+  ];
+
+  # I use zsh btw
+  environment.shells = with pkgs; [ zsh ];
+  users.defaultUserShell = pkgs.zsh;
+  programs.zsh.enable = true;
+
+  # It is ok to leave this unchanged for compatibility purposes
+  system.stateVersion = "22.11";
+
+}
--- a/profiles/homelab/configuration.nix
+++ b/profiles/homelab/configuration.nix
@ -1,85 +1,9 @@
-{ lib, pkgs, systemSettings, userSettings, ... }:
+{ userSettings, ... }:

 {
-  imports =
-    [ ../../system/hardware-configuration.nix
-      ../../system/hardware/time.nix # Network time sync
-      ../../system/security/doas.nix
-      ../../system/security/gpg.nix
-      ../../system/security/sshd.nix
-      ( import ../../system/app/docker.nix {storageDriver = "btrfs"; inherit userSettings pkgs lib;} )
-    ];
-
-  # Fix nix path
-  nix.nixPath = [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
-                  "nixos-config=$HOME/dotfiles/system/configuration.nix"
-                  "/nix/var/nix/profiles/per-user/root/channels"
-                ];
-
-  # Ensure nix flakes are enabled
-  nix.package = pkgs.nixFlakes;
-  nix.extraOptions = ''
-    experimental-features = nix-command flakes
-  '';
-
-  # I'm sorry Stallman-taichou
-  nixpkgs.config.allowUnfree = true;
-
-  # Kernel modules
-  boot.kernelModules = [ "i2c-dev" "i2c-piix4" ];
-
-  # Bootloader
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.efi.efiSysMountPoint = "/boot";
-
-  # Networking
-  networking.hostName = systemSettings.hostname; # Define your hostname.
-  networking.networkmanager.enable = true; # Use networkmanager
-
-  # Timezone and locale
-  time.timeZone = systemSettings.timezone; # time zone
-  i18n.defaultLocale = systemSettings.locale;
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = systemSettings.locale;
-    LC_IDENTIFICATION = systemSettings.locale;
-    LC_MEASUREMENT = systemSettings.locale;
-    LC_MONETARY = systemSettings.locale;
-    LC_NAME = systemSettings.locale;
-    LC_NUMERIC = systemSettings.locale;
-    LC_PAPER = systemSettings.locale;
-    LC_TELEPHONE = systemSettings.locale;
-    LC_TIME = systemSettings.locale;
-  };
-
-  # User account
-  users.users.${userSettings.username} = {
-    isNormalUser = true;
-    description = userSettings.name;
-    extraGroups = [ "networkmanager" "wheel" ];
-    packages = with pkgs; [];
-    uid = 1000;
-  };
-
-  # System packages
-  environment.systemPackages = with pkgs; [
-    vim
-    wget
-    zsh
-    git
-    rclone
-    rdiff-backup
-    cryptsetup
-    gocryptfs
-    cryfs
-  ];
-
-  # I use zsh btw
-  environment.shells = with pkgs; [ zsh ];
-  users.defaultUserShell = pkgs.zsh;
-  programs.zsh.enable = true;
-
-  # It is ok to leave this unchanged for compatibility purposes
-  system.stateVersion = "22.11";
-
+  imports = [ ./base.nix
+              ( import ../../system/security/sshd.nix {
+                authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDaeejVJwUVrIZSo1isbu+gkQ7+8ftCgCsczy3OclkEVWHyRTqlG6yp74hr3j8ZNsOhov7c2Q6RqC8oy669hlxi/y9BsvtlI7sBr94oAKFOmkCS4RiK72ngJjBvI0vbk89wQQjmAd3r8B7ZcedpNOC8CkHu8SebKdYPRIUvAbPc3fTEt7DsJkazAepZCB8LEhUp57FAqQ/Ezlt3X/1uwNq5S0EbE9Zm+nUpEfSqR9apY2neKWLyGiCxpK3dzyNOuulCxvtVz+ie2sTk/6SxM+qWEoVVxhdwyxPihEjgC0EvtG0S5mVh5JmcjRkJOzzBHJuw+6r8yWn/AxGdIsoJ4rKNxH1XH1iLHgCraOLOUjUNlmejTcQPu6o92a79fdz2gCHT/BuIjfCW7MErAC3YSmF45TSur/kiWCBaTqYo06pgbQ3w1vKg7fievQlQzsutmg47RvJp6fb74yxuOdVg39cShQu/l8r6zqm21JAeUaaIp4P/0MrAIMOOVUhbK0QgsNElO4yn0ZKH8wGIF8xORh7ikxUIAyq8C41gjJiO2sAFJc3M8DhduQU3X0lHB7U0Qyu+8ZXn05+zdFPXJ73LKc7DCcLkppRXJsdHLSDEFdWqFnV7o08B4qZkPMT4pmvhwhY0Pf1fwavOqxuTstzw18gUGyQzl0foQi0Qrmdazsp2Qw== emmet@snowfire"];
+                inherit userSettings; })
+            ];
 }
--- a/profiles/worklab/README.org
+++ b/profiles/worklab/README.org
@ -0,0 +1,3 @@
+#+title: Worklab Template
+
+This is literally just my homelab configuration, but setup to work with the ssh keys on my work computer. Used for small servers at work.
--- a/profiles/worklab/configuration.nix
+++ b/profiles/worklab/configuration.nix
@ -0,0 +1,10 @@
+{ userSettings, ... }:
+
+{
+  imports = [ ../homelab/base.nix
+              ( import ../../system/security/sshd.nix {
+                # TODO add public ssh key for worklab
+                authorizedKeys = [ ];
+                inherit userSettings; })
+            ];
+}
--- a/profiles/worklab/home.nix
+++ b/profiles/worklab/home.nix
@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  imports = [ ../homelab/home.nix ];
+}
--- a/system/security/sshd.nix
+++ b/system/security/sshd.nix
@ -1,4 +1,4 @@
-{ userSettings, ... }:
+{ userSettings, authorizedKeys ? [], ... }:

 {
  # Enable incoming ssh
@ -10,7 +10,5 @@
      PermitRootLogin = "no";
    };
  };
-  users.users.${userSettings.username}.openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDaeejVJwUVrIZSo1isbu+gkQ7+8ftCgCsczy3OclkEVWHyRTqlG6yp74hr3j8ZNsOhov7c2Q6RqC8oy669hlxi/y9BsvtlI7sBr94oAKFOmkCS4RiK72ngJjBvI0vbk89wQQjmAd3r8B7ZcedpNOC8CkHu8SebKdYPRIUvAbPc3fTEt7DsJkazAepZCB8LEhUp57FAqQ/Ezlt3X/1uwNq5S0EbE9Zm+nUpEfSqR9apY2neKWLyGiCxpK3dzyNOuulCxvtVz+ie2sTk/6SxM+qWEoVVxhdwyxPihEjgC0EvtG0S5mVh5JmcjRkJOzzBHJuw+6r8yWn/AxGdIsoJ4rKNxH1XH1iLHgCraOLOUjUNlmejTcQPu6o92a79fdz2gCHT/BuIjfCW7MErAC3YSmF45TSur/kiWCBaTqYo06pgbQ3w1vKg7fievQlQzsutmg47RvJp6fb74yxuOdVg39cShQu/l8r6zqm21JAeUaaIp4P/0MrAIMOOVUhbK0QgsNElO4yn0ZKH8wGIF8xORh7ikxUIAyq8C41gjJiO2sAFJc3M8DhduQU3X0lHB7U0Qyu+8ZXn05+zdFPXJ73LKc7DCcLkppRXJsdHLSDEFdWqFnV7o08B4qZkPMT4pmvhwhY0Pf1fwavOqxuTstzw18gUGyQzl0foQi0Qrmdazsp2Qw== emmet@snowfire"
-  ];
+  users.users.${userSettings.username}.openssh.authorizedKeys.keys = authorizedKeys;
 }