Fixed some phrasing of readme's

README.org

@@ -13,7 +13,7 @@ These are my dotfiles (configuration files) for my NixOS setup(s).
 Here is my main setup:
 [[desktop.png]]
 
-** My 55+ Themes
+** My Themes
 [[https://github.com/danth/stylix#readme][Stylix]] (and [[https://github.com/SenchoPens/base16.nix#readme][base16.nix]], of course) is amazing, allowing you to theme your entire system with base16-themes.
 
 Using this I have [[./themes][55+ themes]] (I add more sometimes) I can switch between on-the-fly. Visit the [[./themes][themes directory]] for more info and screenshots!
@@ -21,6 +21,11 @@ Using this I have [[./themes][55+ themes]] (I add more sometimes) I can switch b
 ** Install
 I wrote some reinstall notes for myself [[./install.org][here (install.org)]].
 
+TLDR: You should™ be able to install my dotfiles to an existing UEFI NixOS system with the following script:
+#+begin_src sh :noeval
+nix-shell -p git --command "nix-run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes"
+#+end_src
+
 ** Modules
 Separate Nix files can be imported as modules using an import block:
 #+BEGIN_SRC nix

flake.nix

@@ -1,10 +1,10 @@
 {
   description = "Flake of LibrePhoenix";
 
-  outputs = { self, nixpkgs, nixpkgs-stable, home-manager, nix-doom-emacs, nix-straight,
+  outputs = inputs@{ self, nixpkgs, nixpkgs-stable, home-manager, nix-doom-emacs, nix-straight,
               stylix, blocklist-hosts, rust-overlay, hyprland-plugins,
               eaf, eaf-browser, org-nursery, org-yaap,
-              org-side-tree, org-timeblock, phscroll, ... }@inputs:
+              org-side-tree, org-timeblock, phscroll, ... }:
   let
     # ---- SYSTEM SETTINGS ---- #
     systemSettings = {
@@ -67,6 +67,20 @@
     # configure lib
     lib = nixpkgs.lib;
 
+    # Systems that can run tests:
+     supportedSystems = [
+       "aarch64-linux"
+       "i686-linux"
+       "x86_64-linux"
+     ];
+
+    # Function to generate a set based on supported systems:
+    forAllSystems = inputs.nixpkgs.lib.genAttrs supportedSystems;
+
+    # Attribute set of nixpkgs for each system:
+    nixpkgsFor = forAllSystems (system:
+      import inputs.nixpkgs { inherit system; });
+
   in {
     homeConfigurations = {
       user = home-manager.lib.homeManagerConfiguration {
@@ -107,6 +121,23 @@
         };
       };
     };
+
+    packages = forAllSystems (system:
+      let pkgs = nixpkgsFor.${system}; in
+      {
+        default = self.packages.${system}.install;
+
+        install = pkgs.writeScriptBin "install" ./install.sh;
+      });
+
+    apps = forAllSystems (system: {
+      default = self.apps.${system}.install;
+
+      install = {
+        type = "app";
+        program = "${self.packages.${system}.install}/bin/install";
+      };
+    });
   };
 
   inputs = {

harden.sh

@@ -0,0 +1,29 @@
+#!/bin/sh
+
+# This will harden the security of these dotfiles, preventing
+# unpriveleged users from editing system-level (root configuration)
+# files maliciously
+
+# Run this inside of ~/.dotfiles (or whatever directory you installed
+# the dotfiles to)
+
+# Run this as root!
+
+# BTW, this assumes your user account has a PID/GID of 1000
+
+# After running this, the command `nix flake update` will require root
+
+if [ "$#" = 1 ]; then
+    dotfilesDir=$1;
+else
+    dotfilesDir=$(pwd);
+fi
+pushd $dotfilesDir &> /dev/null;
+chown -R root:root system;
+chown -R root:root patches;
+chown root:root flake.lock;
+chown root:root flake.nix
+chown root:root profiles/*/configuration.nix;
+chown 1000:users **/README.org;
+chown root:root harden.sh;
+popd &> /dev/null;

install.org

@@ -3,16 +3,72 @@
 
 These are just some simple install notes for myself (in-case I have to reinstall unexpectedly).
 
-** Install Notes for Myself
+** Automated Install Script (Experimental)
-To get this running on a NixOS system, start by cloning the repo:
+*** Install Directly From Git
+I wrote a quick automated install script at [[./install.sh][install.sh]]. It essentially just runs [[Manual Install Procedure][the manual install steps]] and additionally hardens the security of the system-level (root configuration) files using [[./harden.sh][harden.sh]].
+
+I'll eventually™ add the ability to supply arguments to this script as well.
+
+The quickest way to install is running the install script directly from the remote git repo using =nix-run=, which is essentially just one of the following:
+#+BEGIN_SRC sh :noeval
+# Install from gitlab
+nix-run gitlab:librephoenix/nixos-config
+
+# Or install from github
+nix-run github:librephoenix/nixos-config
+
+# Or install from codeberg
+nix-run git+https://codeberg.org/librephoenix/nixos-config
+#+END_SRC
+
+The script will ask for sudo permissions at certain points, /but you should not run the script as root/.
+
+If the above =nix-run= command gives you an error, odds are you either don't have =git= installed, or you haven't enabled the experimental features in your Nix config (=nix-command= and =flakes=). To get the command to install properly, you can first enter a shell with =git= available using:
+#+begin_src sh :noeval
+nix-shell -p git
+#+end_src
+and then running:
+#+BEGIN_SRC sh :noeval
+nix-run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes
+#+END_SRC
+
+And if you want a single copy-paste solution:
+#+begin_src sh :noeval
+nix-shell -p git --command "nix-run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes"
+#+end_src
+
+At a certain point in the install script it will open =nano= (or whatever your $EDITOR is set to) and ask you to edit the =flake.nix=. You can edit as much or as little of the config variables as you like, and it will continue the install after you exit the editor.
+
+*** Install From Local Git Clone
+The dotfiles can be installed after cloning the repo into =~/.dotfiles= using:
+#+BEGIN_SRC sh :noeval
+git clone https://gitlab.com/librephoenix/nixos-config.git ~/.dotfiles
+~/.dotfiles/install.sh
+#+END_SRC
+
+At a certain point in the install script it will open =nano= (or whatever your $EDITOR is set to) and ask you to edit the =flake.nix=. You can edit as much or as little of the config variables as you like, and it will continue the install after you exit the editor.
+
+*** Automatic Install Script Limitations
+At this time, this only works on an existing NixOS install. It also only works if the dotfiles are cloned into =~/.dotfiles=. It also only works on UEFI, not on BIOS :(
+
+Future upgrade plans:
+- [ ] Be able to install directly from NixOS iso
+- [ ] Be able to install just home-manager config to a non-NixOS Linux distro
+- [ ] Be able to detect UEFI or BIOS and switch config as needed
+- [ ] ??? (open up an issue if you think there is anything else I should try to figure out)
+
+** Manual Install Procedure
+If you instead want to install this manually to see all the steps (kind of like an Arch install before the archinstall script existed), you can follow this following procedure:
+
+*** Clone Repo and Modify Configuration
+Start by cloning the repo:
 #+BEGIN_SRC sh :noeval
 git clone https://gitlab.com/librephoenix/nixos-config.git ~/.dotfiles
 #+END_SRC
 
 To get the hardware configuration on a new system, either copy from =/etc/nixos/hardware-configuration.nix= or run:
 #+BEGIN_SRC sh :noeval
-cd ~/.dotfiles
+sudo nixos-generate-config --show-hardware-config > ~/.dotfiles/system/hardware-configuration.nix
-sudo nixos-generate-config --show-hardware-config > system/hardware-configuration.nix
 #+END_SRC
 
 Also, if you have a differently named user account than my default (=emmet=), you /must/ update the following lines in the let binding near the top of the [[./flake.nix][flake.nix]]:
@@ -28,43 +84,21 @@ let
 
 There are many more config options there that you may also want to change as well.
 
+*** Rebuild and Switch System Config
 Once the variables are set, then switch into the system configuration by running:
 #+BEGIN_SRC sh :noeval
-cd ~/.dotfiles
+sudo nixos-rebuild switch --flake ~/.dotfiles#system
-sudo nixos-rebuild switch --flake .#system
 #+END_SRC
 
-Home manager can be installed with:
+The build will fail if you are booting from BIOS instead of UEFI.
+# TODO write instructions on how to fix install on bios instead of uefi
+
+*** Intall and Switch Home Manager Config
+Home manager can be installed and the configuration activated with:
 #+BEGIN_SRC sh :noeval
-nix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager
+nix run home-manager/master -- switch --flake ~/.dotfiles#user
-nix-channel --update
-nix-shell '<home-manager>' -A install
 #+END_SRC
 
-If home-manager starts to not cooperate, it may be because the unstable branch of nixpkgs is in the Nix channel list.  This can be fixed via:
-#+BEGIN_SRC sh :noeval
-nix-channel --add https://nixos.org/channels/nixpkgs-unstable
-nix-channel --update
-#+END_SRC
-
-Home-manager may also not work without re-logging back in after it has been installed.
-
-Once home-manager is running, my home-manager configuration can be installed with:
-#+BEGIN_SRC sh :noeval
-cd ~/.dotfiles
-home-manager switch --flake .#user
-#+END_SRC
-
-This loads in my convenience script =phoenix= (still a WIP), which replaces frequently used nix and nixos commands with more user friendly ones, namely:
-- =phoenix sync= to build and switch system and home configuration
-  - =phoenix sync system= to build and switch only system configuration
-  - =phoenix sync user= to build and switch only home configuration
-- =phoenix update= to update flake inputs
-- =phoenix gc= to garbage collect
-  - If no argument is given, it cleans anything older than 30 days
-  - If a time argument is supplied (i.e. 10d), it cleans stuff older than that (10 days in this example)
-  - If the argument =full= is given, it deletes /all/ previous generations
-
 ** FAQ
 *** =home-manager switch --flake .#user= Command Fails
 If it fails with something to the effect of "could not download {some image file}" then that just means that one of my themes is having trouble downloading the background image. To conserve on space in the repo, my themes download the relevant wallpapers directly from their source, but that also means that if the link is broken, =home-manager switch= fails.
@@ -72,3 +106,9 @@ If it fails with something to the effect of "could not download {some image file
 I have included a script in the [[./themes][themes directory]] named [[./themes/background-test.sh][background-test.sh]] which performs a rough test on every theme background url, reporting which are broken.
 
 If you're having this error, navigate to the [[./flake.nix][flake.nix]] and select any theme with a good background wallpaper link. As long as it is able to download the new wallpaper, it should be able to build.
+
+*** Do I have to put the configuration files in =~/.dotfiles=?
+No. You can put them in literally any directory you want. I just prefer to use =~/.dotfiles= as a convention. If you change the directory, do keep in mind that the above scripts must be modified, replacing =~/.dotfiles= with whatever directory you want to install them to.
+
+*** So I cloned these dotfiles into ~/.dotfiles, and now there are system-level files owned by my user account.. HOW IS THIS SECURE?!
+If you're worried about someone modifying your system-level (root configuration) files as your unpriveleged user, see [[./harden.sh][harden.sh]].

install.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# Automated script to install my dotfiles
+
+nix-shell -p git --command "git clone https://gitlab.com/librephoenix/nixos-config ~/.dotfiles"
+sudo nixos-generate-config --show-hardware-config > ~/.dotfiles/system/hardware-configuration.nix
+sed -i "0,/emmet/s//$(whoami)/" flake.nix
+sed -i "0,/Emmet/s//$(getent passwd $(whoami) | cut -d ':' -f 5 | cut -d ',' -f 1)/" flake.nix
+if [ -z "$EDITOR" ]; then
+    EDITOR=nano;
+fi
+$EDITOR ~/.dotfiles/flake.nix;
+sudo nixos-rebuild switch --flake ~/.dotfiles#system;
+nix run home-manager/master --extra-experimental-features nix-command --extra-experimental-features flakes -- switch --flake ~/.dotfiles#user;
+sudo ~/.dotfiles/harden.sh;

profiles/homelab/configuration.nix

@@ -31,7 +31,7 @@
   # Bootloader
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  boot.loader.efi.efiSysMountPoint = "/boot";
 
   # Networking
   networking.hostName = systemSettings.hostname; # Define your hostname.

profiles/work/configuration.nix

@@ -48,7 +48,7 @@
   # Bootloader
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  boot.loader.efi.efiSysMountPoint = "/boot";
 
   # Networking
   networking.hostName = systemSettings.hostname; # Define your hostname.

system/hardware-configuration.nix

@@ -26,7 +26,7 @@
 
   boot.initrd.luks.devices."luks-385106b5-71f7-460e-9a2b-2416f3b54cb6".device = "/dev/disk/by-uuid/385106b5-71f7-460e-9a2b-2416f3b54cb6";
 
-  fileSystems."/boot/efi" =
+  fileSystems."/boot" =
     { device = "/dev/disk/by-uuid/F09D-73C9";
       fsType = "vfat";
     };