Extra notes about autoinstall script

README.org

@@ -21,11 +21,19 @@ Using this I have [[./themes][55+ themes]] (I add more sometimes) I can switch b
 ** Install
 I wrote some reinstall notes for myself [[./install.org][here (install.org)]].
 
-TLDR: You should™ be able to install my dotfiles to an existing UEFI NixOS system with the following script:
+TLDR: You should™ be able to install my dotfiles to a fresh UEFI NixOS system with the following script:
 #+begin_src sh :noeval
-nix-shell -p git --command "nix-run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes"
+nix-shell -p git --command "nix run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes"
 #+end_src
 
+This will clone my dotfiles to =~/.dotfiles=, and switch into both the system and home-manager configurations. Right now it only works on UEFI, and only if your EFI partition is "/boot" (which is what NixOS sets up by default on UEFI). I will try to expand this at some point, but for now, that's all it is!
+
+Note: If you're installing this to a VM, Hyprland won't work unless 3D acceleration is enabled.
+
+Disclaimer: If you install or copy my =homelab= or =worklab= profiles, /CHANGE THE PUBLIC SSH KEYS UNLESS YOU WANT ME TO BE ABLE TO SSH INTO YOUR SERVER. YOU CAN CHANGE OR REMOVE THE SSH KEY IN THE RELEVANT CONFIGURATION.NIX/:
+- [[./profiles/homelab/configuration.nix][configuration.nix]] for homelab profile
+- [[./profiles/worklab/configuration.nix][configuration.nix]] for worklab profile
+
 ** Modules
 Separate Nix files can be imported as modules using an import block:
 #+BEGIN_SRC nix

flake.nix

@@ -13,6 +13,7 @@
       profile = "personal"; # select a profile defined from my profiles directory
       timezone = "America/Chicago"; # select timezone
       locale = "en_US.UTF-8"; # select locale
+      bootMode = "uefi"; # uefi or bios
     };
 
     # ----- USER SETTINGS ----- #

harden.sh

@@ -19,11 +19,13 @@ else
     dotfilesDir=$(pwd);
 fi
 pushd $dotfilesDir &> /dev/null;
-chown -R root:root system;
+chown 0:0 .;
-chown -R root:root patches;
+chown 0:0 profiles/*;
-chown root:root flake.lock;
+chown -R 0:0 system;
-chown root:root flake.nix
+chown -R 0:0 patches;
-chown root:root profiles/*/configuration.nix;
+chown 0:0 flake.lock;
+chown 0:0 flake.nix
+chown 0:0 profiles/*/configuration.nix;
+chown 0:0 harden.sh;
 chown 1000:users **/README.org;
-chown root:root harden.sh;
 popd &> /dev/null;

install.org

@@ -1,7 +1,7 @@
 #+title: Install
 #+author: Emmet
 
-These are just some simple install notes for myself (in-case I have to reinstall unexpectedly).
+These are just some simple install notes for myself (in-case I have to reinstall unexpectedly). You could also use these to try out my config in a VM.
 
 ** Automated Install Script (Experimental)
 *** Install Directly From Git
@@ -9,21 +9,21 @@ I wrote a quick automated install script at [[./install.sh][install.sh]]. It ess
 
 I'll eventually™ add the ability to supply arguments to this script as well.
 
-The quickest way to install is running the install script directly from the remote git repo using =nix-run=, which is essentially just one of the following:
+The quickest way to install is running the install script directly from the remote git repo using =nix run=, which is essentially just one of the following:
 #+BEGIN_SRC sh :noeval
 # Install from gitlab
-nix-run gitlab:librephoenix/nixos-config
+nix run gitlab:librephoenix/nixos-config
 
 # Or install from github
-nix-run github:librephoenix/nixos-config
+nix run github:librephoenix/nixos-config
 
 # Or install from codeberg
-nix-run git+https://codeberg.org/librephoenix/nixos-config
+nix run git+https://codeberg.org/librephoenix/nixos-config
 #+END_SRC
 
 The script will ask for sudo permissions at certain points, /but you should not run the script as root/.
 
-If the above =nix-run= command gives you an error, odds are you either don't have =git= installed, or you haven't enabled the experimental features in your Nix config (=nix-command= and =flakes=). To get the command to install properly, you can first enter a shell with =git= available using:
+If the above =nix run= command gives you an error, odds are you either don't have =git= installed, or you haven't enabled the experimental features in your Nix config (=nix-command= and =flakes=). To get the command to install properly, you can first enter a shell with =git= available using:
 #+begin_src sh :noeval
 nix-shell -p git
 #+end_src
@@ -34,11 +34,19 @@ nix-run gitlab:librephoenix/nixos-config --extra-experimental-features nix-comma
 
 And if you want a single copy-paste solution:
 #+begin_src sh :noeval
-nix-shell -p git --command "nix-run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes"
+nix-shell -p git --command "nix run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes"
 #+end_src
 
+This will clone my dotfiles to =~/.dotfiles=, and switch into both the system and home-manager configurations. Right now it only works on UEFI, and only if your EFI partition is "/boot" (which is what NixOS sets up by default on UEFI). I will try to expand this at some point, but for now, that's all it is!
+
 At a certain point in the install script it will open =nano= (or whatever your $EDITOR is set to) and ask you to edit the =flake.nix=. You can edit as much or as little of the config variables as you like, and it will continue the install after you exit the editor.
 
+Note: If you're installing this to a VM, Hyprland won't work unless 3D acceleration is enabled.
+
+Disclaimer: If you install my =homelab= or =worklab= profiles /CHANGE THE PUBLIC SSH KEYS UNLESS YOU WANT ME TO BE ABLE TO SSH INTO YOUR SERVER. YOU CAN CHANGE OR REMOVE THE SSH KEY IN THE RELEVANT CONFIGURATION.NIX/:
+- [[./profiles/homelab/configuration.nix][configuration.nix]] for homelab profile
+- [[./profiles/worklab/configuration.nix][configuration.nix]] for worklab profile
+
 *** Install From Local Git Clone
 The dotfiles can be installed after cloning the repo into =~/.dotfiles= using:
 #+BEGIN_SRC sh :noeval
@@ -46,7 +54,13 @@ git clone https://gitlab.com/librephoenix/nixos-config.git ~/.dotfiles
 ~/.dotfiles/install.sh
 #+END_SRC
 
-At a certain point in the install script it will open =nano= (or whatever your $EDITOR is set to) and ask you to edit the =flake.nix=. You can edit as much or as little of the config variables as you like, and it will continue the install after you exit the editor.
+At a certain point in the install script it will open =nano= (or whatever your =$EDITOR= is set to) and ask you to edit the =flake.nix=. You can edit as much or as little of the config variables as you like, and it will continue the install after you exit the editor.
+
+Note: If you're installing this to a VM, Hyprland won't work unless 3D acceleration is enabled.
+
+Disclaimer: If you install my =homelab= or =worklab= profiles /CHANGE THE PUBLIC SSH KEYS UNLESS YOU WANT ME TO BE ABLE TO SSH INTO YOUR SERVER. YOU CAN CHANGE OR REMOVE THE SSH KEY IN THE RELEVANT CONFIGURATION.NIX/:
+- [[./profiles/homelab/configuration.nix][configuration.nix]] for homelab profile
+- [[./profiles/worklab/configuration.nix][configuration.nix]] for worklab profile
 
 *** Automatic Install Script Limitations
 At this time, this only works on an existing NixOS install. It also only works if the dotfiles are cloned into =~/.dotfiles=. It also only works on UEFI, not on BIOS :(
@@ -55,6 +69,7 @@ Future upgrade plans:
 - [ ] Be able to install directly from NixOS iso
 - [ ] Be able to install just home-manager config to a non-NixOS Linux distro
 - [ ] Be able to detect UEFI or BIOS and switch config as needed
+- [ ] Be able to detect EFI mount point for systemd-boot?
 - [ ] ??? (open up an issue if you think there is anything else I should try to figure out)
 
 ** Manual Install Procedure
@@ -84,6 +99,12 @@ let
 
 There are many more config options there that you may also want to change as well.
 
+Note: If you're installing this to a VM, Hyprland won't work unless 3D acceleration is enabled.
+
+Disclaimer: If you install my =homelab= or =worklab= profiles /CHANGE THE PUBLIC SSH KEYS UNLESS YOU WANT ME TO BE ABLE TO SSH INTO YOUR SERVER. YOU CAN CHANGE OR REMOVE THE SSH KEY IN THE RELEVANT CONFIGURATION.NIX/:
+- [[./profiles/homelab/configuration.nix][configuration.nix]] for homelab profile
+- [[./profiles/worklab/configuration.nix][configuration.nix]] for worklab profile
+
 *** Rebuild and Switch System Config
 Once the variables are set, then switch into the system configuration by running:
 #+BEGIN_SRC sh :noeval
@@ -112,3 +133,6 @@ No. You can put them in literally any directory you want. I just prefer to use =
 
 *** So I cloned these dotfiles into ~/.dotfiles, and now there are system-level files owned by my user account.. HOW IS THIS SECURE?!
 If you're worried about someone modifying your system-level (root configuration) files as your unpriveleged user, see [[./harden.sh][harden.sh]].
+
+*** I installed this to a VM and when I log in, it crashes and sends me back to the login manager (SDDM)?
+Enable 3D acceleration for your virtual machine. Hyprland doesn't work without it.

install.sh

@@ -2,15 +2,35 @@
 
 # Automated script to install my dotfiles
 
+# Clone dotfiles
 nix-shell -p git --command "git clone https://gitlab.com/librephoenix/nixos-config ~/.dotfiles"
+
+# Generate hardware config for new system
 sudo nixos-generate-config --show-hardware-config > ~/.dotfiles/system/hardware-configuration.nix
+
+# Check if uefi or bios
+if [ -d /sys/firmware/efi/efivars ]; then
+    sed -i "0,/bootMode.*=.*\".*\";/s//bootMode = \"uefi\";/" ~/.dotfiles/flake.nix
+else
+    sed -i "0,/bootMode.*=.*\".*\";/s//bootMode = \"bios\";/" ~/.dotfiles/flake.nix
+fi
+
+# Patch flake.nix with different username/name and remove email by default
 sed -i "0,/emmet/s//$(whoami)/" ~/.dotfiles/flake.nix
 sed -i "0,/Emmet/s//$(getent passwd $(whoami) | cut -d ':' -f 5 | cut -d ',' -f 1)/" ~/.dotfiles/flake.nix
 sed -i "s/emmet@librephoenix.com//" ~/.dotfiles/flake.nix
+
+# Open up editor to manually edit flake.nix before install
 if [ -z "$EDITOR" ]; then
     EDITOR=nano;
 fi
 $EDITOR ~/.dotfiles/flake.nix;
+
+# Rebuild system
 sudo nixos-rebuild switch --flake ~/.dotfiles#system;
+
+# Install and build home-manager configuration
 nix run home-manager/master --extra-experimental-features nix-command --extra-experimental-features flakes -- switch --flake ~/.dotfiles#user;
+
+# Permissions for files that should be owned by root
 sudo ~/.dotfiles/harden.sh ~/.dotfiles;

profiles/homelab/base.nix

@@ -0,0 +1,83 @@
+{ lib, pkgs, systemSettings, userSettings, ... }:
+
+{
+  imports =
+    [ ../../system/hardware-configuration.nix
+      ../../system/hardware/time.nix # Network time sync
+      ../../system/security/doas.nix
+      ../../system/security/gpg.nix
+      ( import ../../system/app/docker.nix {storageDriver = "btrfs"; inherit userSettings pkgs lib;} )
+    ];
+
+  # Fix nix path
+  nix.nixPath = [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
+                  "nixos-config=$HOME/dotfiles/system/configuration.nix"
+                  "/nix/var/nix/profiles/per-user/root/channels"
+                ];
+
+  # Ensure nix flakes are enabled
+  nix.package = pkgs.nixFlakes;
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+
+  # I'm sorry Stallman-taichou
+  nixpkgs.config.allowUnfree = true;
+
+  # Kernel modules
+  boot.kernelModules = [ "i2c-dev" "i2c-piix4" ];
+
+  # Bootloader
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot";
+
+  # Networking
+  networking.hostName = systemSettings.hostname; # Define your hostname.
+  networking.networkmanager.enable = true; # Use networkmanager
+
+  # Timezone and locale
+  time.timeZone = systemSettings.timezone; # time zone
+  i18n.defaultLocale = systemSettings.locale;
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = systemSettings.locale;
+    LC_IDENTIFICATION = systemSettings.locale;
+    LC_MEASUREMENT = systemSettings.locale;
+    LC_MONETARY = systemSettings.locale;
+    LC_NAME = systemSettings.locale;
+    LC_NUMERIC = systemSettings.locale;
+    LC_PAPER = systemSettings.locale;
+    LC_TELEPHONE = systemSettings.locale;
+    LC_TIME = systemSettings.locale;
+  };
+
+  # User account
+  users.users.${userSettings.username} = {
+    isNormalUser = true;
+    description = userSettings.name;
+    extraGroups = [ "networkmanager" "wheel" ];
+    packages = with pkgs; [];
+    uid = 1000;
+  };
+
+  # System packages
+  environment.systemPackages = with pkgs; [
+    vim
+    wget
+    zsh
+    git
+    rclone
+    rdiff-backup
+    cryptsetup
+    gocryptfs
+  ];
+
+  # I use zsh btw
+  environment.shells = with pkgs; [ zsh ];
+  users.defaultUserShell = pkgs.zsh;
+  programs.zsh.enable = true;
+
+  # It is ok to leave this unchanged for compatibility purposes
+  system.stateVersion = "22.11";
+
+}

profiles/homelab/configuration.nix

@@ -1,85 +1,9 @@
-{ lib, pkgs, systemSettings, userSettings, ... }:
+{ userSettings, ... }:
 
 {
-  imports =
+  imports = [ ./base.nix
-    [ ../../system/hardware-configuration.nix
+              ( import ../../system/security/sshd.nix {
-      ../../system/hardware/time.nix # Network time sync
+                authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDaeejVJwUVrIZSo1isbu+gkQ7+8ftCgCsczy3OclkEVWHyRTqlG6yp74hr3j8ZNsOhov7c2Q6RqC8oy669hlxi/y9BsvtlI7sBr94oAKFOmkCS4RiK72ngJjBvI0vbk89wQQjmAd3r8B7ZcedpNOC8CkHu8SebKdYPRIUvAbPc3fTEt7DsJkazAepZCB8LEhUp57FAqQ/Ezlt3X/1uwNq5S0EbE9Zm+nUpEfSqR9apY2neKWLyGiCxpK3dzyNOuulCxvtVz+ie2sTk/6SxM+qWEoVVxhdwyxPihEjgC0EvtG0S5mVh5JmcjRkJOzzBHJuw+6r8yWn/AxGdIsoJ4rKNxH1XH1iLHgCraOLOUjUNlmejTcQPu6o92a79fdz2gCHT/BuIjfCW7MErAC3YSmF45TSur/kiWCBaTqYo06pgbQ3w1vKg7fievQlQzsutmg47RvJp6fb74yxuOdVg39cShQu/l8r6zqm21JAeUaaIp4P/0MrAIMOOVUhbK0QgsNElO4yn0ZKH8wGIF8xORh7ikxUIAyq8C41gjJiO2sAFJc3M8DhduQU3X0lHB7U0Qyu+8ZXn05+zdFPXJ73LKc7DCcLkppRXJsdHLSDEFdWqFnV7o08B4qZkPMT4pmvhwhY0Pf1fwavOqxuTstzw18gUGyQzl0foQi0Qrmdazsp2Qw== emmet@snowfire"];
-      ../../system/security/doas.nix
+                inherit userSettings; })
-      ../../system/security/gpg.nix
-      ../../system/security/sshd.nix
-      ( import ../../system/app/docker.nix {storageDriver = "btrfs"; inherit userSettings pkgs lib;} )
             ];
-
-  # Fix nix path
-  nix.nixPath = [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
-                  "nixos-config=$HOME/dotfiles/system/configuration.nix"
-                  "/nix/var/nix/profiles/per-user/root/channels"
-                ];
-
-  # Ensure nix flakes are enabled
-  nix.package = pkgs.nixFlakes;
-  nix.extraOptions = ''
-    experimental-features = nix-command flakes
-  '';
-
-  # I'm sorry Stallman-taichou
-  nixpkgs.config.allowUnfree = true;
-
-  # Kernel modules
-  boot.kernelModules = [ "i2c-dev" "i2c-piix4" ];
-
-  # Bootloader
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.efi.efiSysMountPoint = "/boot";
-
-  # Networking
-  networking.hostName = systemSettings.hostname; # Define your hostname.
-  networking.networkmanager.enable = true; # Use networkmanager
-
-  # Timezone and locale
-  time.timeZone = systemSettings.timezone; # time zone
-  i18n.defaultLocale = systemSettings.locale;
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = systemSettings.locale;
-    LC_IDENTIFICATION = systemSettings.locale;
-    LC_MEASUREMENT = systemSettings.locale;
-    LC_MONETARY = systemSettings.locale;
-    LC_NAME = systemSettings.locale;
-    LC_NUMERIC = systemSettings.locale;
-    LC_PAPER = systemSettings.locale;
-    LC_TELEPHONE = systemSettings.locale;
-    LC_TIME = systemSettings.locale;
-  };
-
-  # User account
-  users.users.${userSettings.username} = {
-    isNormalUser = true;
-    description = userSettings.name;
-    extraGroups = [ "networkmanager" "wheel" ];
-    packages = with pkgs; [];
-    uid = 1000;
-  };
-
-  # System packages
-  environment.systemPackages = with pkgs; [
-    vim
-    wget
-    zsh
-    git
-    rclone
-    rdiff-backup
-    cryptsetup
-    gocryptfs
-    cryfs
-  ];
-
-  # I use zsh btw
-  environment.shells = with pkgs; [ zsh ];
-  users.defaultUserShell = pkgs.zsh;
-  programs.zsh.enable = true;
-
-  # It is ok to leave this unchanged for compatibility purposes
-  system.stateVersion = "22.11";
-
 }

profiles/work/configuration.nix

@@ -46,9 +46,10 @@
   boot.kernelModules = [ "i2c-dev" "i2c-piix4" "cpufreq_powersave" ];
 
   # Bootloader
-  boot.loader.systemd-boot.enable = true;
+  # Use systemd-boot if uefi, default to grub otherwise
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.systemd-boot.enable = if (systemSettings.bootMode == "uefi") then true else false;
-  boot.loader.efi.efiSysMountPoint = "/boot";
+  boot.loader.efi.canTouchEfiVariables = if (systemSettings.bootMode == "uefi") then true else false;
+  boot.loader.efi.efiSysMountPoint = "/boot"; # does nothing if running bios rather than uefi
 
   # Networking
   networking.hostName = systemSettings.hostname; # Define your hostname.

profiles/worklab/README.org

@@ -0,0 +1,3 @@
+#+title: Worklab Template
+
+This is literally just my homelab configuration, but setup to work with the ssh keys on my work computer. Used for small servers at work.

profiles/worklab/configuration.nix

@@ -0,0 +1,10 @@
+{ userSettings, ... }:
+
+{
+  imports = [ ../homelab/base.nix
+              ( import ../../system/security/sshd.nix {
+                # TODO add public ssh key for worklab
+                authorizedKeys = [ ];
+                inherit userSettings; })
+            ];
+}

profiles/worklab/home.nix

@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  imports = [ ../homelab/home.nix ];
+}

system/app/virtualization.nix

@@ -8,7 +8,7 @@
       "virbr0"
     ];
     enable = true;
-    qemuRunAsRoot = false;
+    qemu.runAsRoot = false;
   };
   boot.extraModulePackages = with config.boot.kernelPackages; [ virtualbox ];
 }

system/hardware/printing.nix

@@ -4,7 +4,7 @@
   # Enable printing
   services.printing.enable = true;
   services.avahi.enable = true;
-  services.avahi.nssmdns = true;
+  services.avahi.nssmdns4 = true;
   services.avahi.openFirewall = true;
   environment.systemPackages = [ pkgs.cups-filters ];
 }

system/security/sshd.nix

@@ -1,4 +1,4 @@
-{ userSettings, ... }:
+{ userSettings, authorizedKeys ? [], ... }:
 
 {
   # Enable incoming ssh
@@ -10,7 +10,5 @@
       PermitRootLogin = "no";
     };
   };
-  users.users.${userSettings.username}.openssh.authorizedKeys.keys = [
+  users.users.${userSettings.username}.openssh.authorizedKeys.keys = authorizedKeys;
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDaeejVJwUVrIZSo1isbu+gkQ7+8ftCgCsczy3OclkEVWHyRTqlG6yp74hr3j8ZNsOhov7c2Q6RqC8oy669hlxi/y9BsvtlI7sBr94oAKFOmkCS4RiK72ngJjBvI0vbk89wQQjmAd3r8B7ZcedpNOC8CkHu8SebKdYPRIUvAbPc3fTEt7DsJkazAepZCB8LEhUp57FAqQ/Ezlt3X/1uwNq5S0EbE9Zm+nUpEfSqR9apY2neKWLyGiCxpK3dzyNOuulCxvtVz+ie2sTk/6SxM+qWEoVVxhdwyxPihEjgC0EvtG0S5mVh5JmcjRkJOzzBHJuw+6r8yWn/AxGdIsoJ4rKNxH1XH1iLHgCraOLOUjUNlmejTcQPu6o92a79fdz2gCHT/BuIjfCW7MErAC3YSmF45TSur/kiWCBaTqYo06pgbQ3w1vKg7fievQlQzsutmg47RvJp6fb74yxuOdVg39cShQu/l8r6zqm21JAeUaaIp4P/0MrAIMOOVUhbK0QgsNElO4yn0ZKH8wGIF8xORh7ikxUIAyq8C41gjJiO2sAFJc3M8DhduQU3X0lHB7U0Qyu+8ZXn05+zdFPXJ73LKc7DCcLkppRXJsdHLSDEFdWqFnV7o08B4qZkPMT4pmvhwhY0Pf1fwavOqxuTstzw18gUGyQzl0foQi0Qrmdazsp2Qw== emmet@snowfire"
-  ];
 }

system/wm/fonts.nix

@@ -2,7 +2,7 @@
 
 {
   # Fonts are nice to have
-  fonts.fonts = with pkgs; [
+  fonts.packages = with pkgs; [
     # Fonts
     (nerdfonts.override { fonts = [ "Inconsolata" ]; })
     powerline

system/wm/wayland.nix

@@ -23,9 +23,11 @@
   # Configure xwayland
   services.xserver = {
     enable = true;
+    xkb = {
       layout = "us";
-    xkbVariant = "";
+      variant = "";
-    xkbOptions = "caps:escape";
+      options = "caps:escape";
+    };
     displayManager.sddm = {
       enable = true;
       wayland.enable = true;

user/app/git/git.nix

@@ -7,5 +7,6 @@
   programs.git.userEmail = userSettings.email;
   programs.git.extraConfig = {
     init.defaultBranch = "main";
+    safe.directory = "/home/" + userSettings.username + "/.dotfiles";
   };
 }

user/wm/hyprland/hyprland.nix

@@ -260,7 +260,7 @@
 
     '';
     xwayland = { enable = true; };
-    systemdIntegration = true;
+    systemd.enable = true;
   };
 
   home.packages = with pkgs; [