diff --git a/Makefile b/Makefile index 5514325..7510ace 100644 --- a/Makefile +++ b/Makefile @@ -56,9 +56,14 @@ install-hm: installer: nix build -o installer $(options) $(flake)#nixosConfigurations.installer.config.system.build.isoImage +.PHONY: isolation +isolation: + nix build -o isolation $(options) $(flake)#nixosConfigurations.isolation.config.system.build.isoImage + .PHONY: live live: - nix build -o installer $(options) $(flake)#nixosConfigurations.live.config.system.build.isoImage + nix build -o iso/live $(options) $(flake)#nixosConfigurations.live.config.system.build.isoImage + no-nixconf: mv /etc/nix/nix.conf /etc/nix/nix.conf_ || true @@ -67,8 +72,7 @@ reboot: boot .PHONY: recovery recovery: - nix build -o installer $(options) $(flake)#nixosConfigurations.recovery.config.system.build.isoImage - + nix build -o recovery $(options) $(flake)#nixosConfigurations.recovery.config.system.build.isoImage show: nix flake show @@ -79,7 +83,6 @@ switch: update: nix flake update -# NOTE: Run `housekeep` target to fix git fsck issues. verify: housekeep git verify-commit HEAD git fsck diff --git a/config/Live.nix b/config/Live.nix new file mode 100644 index 0000000..dd73350 --- /dev/null +++ b/config/Live.nix @@ -0,0 +1,15 @@ +{ config, lib, ... }: +let + cfg = config.module.live; +in +{ + config = lib.mkIf cfg.enable { + services.rogue.enable = true; + services.mingetty = { + autologinUser = "live"; + helpLine = '' + Welcome! Both live and root users have password "live". Enjoy! + ''; + }; + }; +} diff --git a/home/NixOs.nix b/home/NixOs.nix index ad818b8..550b159 100644 --- a/home/NixOs.nix +++ b/home/NixOs.nix @@ -12,12 +12,15 @@ let env = import ./env args; file = import ./file args; program = import ./program args; + purpose = config.module.purpose; in { imports = (util.ls ); options.home.nixos = { - enable = lib.mkEnableOption "the NixOS user setup."; + enable = lib.mkEnableOption "the NixOS user setup." // { + default = with purpose; desktop || laptop || live || server; + }; users = lib.mkOption { default = [ ]; type = with lib.types; listOf attrs; diff --git a/host/x86_64-linux/dasha/default.nix b/host/x86_64-linux/dasha/default.nix index 389fc61..520568c 100644 --- a/host/x86_64-linux/dasha/default.nix +++ b/host/x86_64-linux/dasha/default.nix @@ -1,10 +1,6 @@ { ... }: { - home.nixos.enable = true; - user = { - dasha = true; - root = true; - }; + user.dasha = true; module = { amd.gpu.enable = true; diff --git a/host/x86_64-linux/desktop/default.nix b/host/x86_64-linux/desktop/default.nix index 360f865..c18957b 100644 --- a/host/x86_64-linux/desktop/default.nix +++ b/host/x86_64-linux/desktop/default.nix @@ -1,10 +1,6 @@ { ... }: { - home.nixos.enable = true; - user = { - root = true; - voronind = true; - }; + user.voronind = true; module = { builder.client.enable = true; diff --git a/host/x86_64-linux/home/default.nix b/host/x86_64-linux/home/default.nix index 4deeb38..d7d35f6 100644 --- a/host/x86_64-linux/home/default.nix +++ b/host/x86_64-linux/home/default.nix @@ -1,10 +1,6 @@ { ... }: { - home.nixos.enable = true; - user = { - root = true; - voronind = true; - }; + user.voronind = true; module = { builder.server.enable = true; diff --git a/host/x86_64-linux/installer/default.nix b/host/x86_64-linux/installer/default.nix index 27a23d7..005bb14 100644 --- a/host/x86_64-linux/installer/default.nix +++ b/host/x86_64-linux/installer/default.nix @@ -1,10 +1,16 @@ -{ inputs, lib, pkgs, ... }: +{ + inputs, + lib, + pkgs, + ... +}: { imports = [ "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix" "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" ]; + # Required for live iso. networking.wireless.enable = lib.mkForce false; # Override my settings to allow SSH logins using root password. @@ -14,20 +20,13 @@ }; # Needed by installer smh. + # TODO: Find out what it downloads. environment.systemPackages = with pkgs; [ # tor-browser # NOTE: ??? ghc ]; - # Root user setup. - home.nixos.enable = true; - user.root = true; - module = { - keyd.enable = true; package.all = true; - purpose = { - live = true; - }; }; } diff --git a/host/x86_64-linux/live/default.nix b/host/x86_64-linux/live/default.nix index a15491d..999c420 100644 --- a/host/x86_64-linux/live/default.nix +++ b/host/x86_64-linux/live/default.nix @@ -2,18 +2,12 @@ { imports = [ "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix" ]; - # Root user setup. - home.nixos.enable = true; - user.root = true; - module = { - keyd.enable = true; purpose = { live = true; }; package = { common = true; - core = true; desktop = true; }; }; diff --git a/host/x86_64-linux/max/default.nix b/host/x86_64-linux/max/default.nix index f0828a6..6263095 100644 --- a/host/x86_64-linux/max/default.nix +++ b/host/x86_64-linux/max/default.nix @@ -1,16 +1,14 @@ # SEE: https://github.com/Sabrina-Fox/WM2-Help { __findFile, pkgs, ... }: { - home.nixos.enable = true; - user = { - root = true; - voronind = true; - }; + user.voronind = true; module = { builder.client.enable = true; + display.primary = "eDP-1"; package.all = true; print.enable = true; + sway.extraConfig = [ "output eDP-1 scale 1.75" ]; syncthing.enable = true; purpose = { creative = true; @@ -18,10 +16,6 @@ laptop = true; work = true; }; - display = { - primary = "eDP-1"; - }; - sway.extraConfig = [ "output eDP-1 scale 1.75" ]; hwmon = { file = "temp1_input"; path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon"; diff --git a/host/x86_64-linux/msi/default.nix b/host/x86_64-linux/msi/default.nix index 3c027fe..e6016cb 100644 --- a/host/x86_64-linux/msi/default.nix +++ b/host/x86_64-linux/msi/default.nix @@ -1,9 +1,7 @@ { ... }: { - home.nixos.enable = true; user = { dasha = true; - root = true; voronind = true; }; @@ -24,11 +22,11 @@ }; amd = { compute.enable = true; + gpu.enable = true; cpu = { enable = true; powersave = true; }; - gpu.enable = true; }; }; } diff --git a/host/x86_64-linux/recovery/default.nix b/host/x86_64-linux/recovery/default.nix index 60ab621..22cab8a 100644 --- a/host/x86_64-linux/recovery/default.nix +++ b/host/x86_64-linux/recovery/default.nix @@ -2,12 +2,7 @@ { imports = [ "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix" ]; - # Root user setup. - home.nixos.enable = true; - user.root = true; - module = { - keyd.enable = true; purpose = { live = true; }; diff --git a/host/x86_64-linux/thinkbook/default.nix b/host/x86_64-linux/thinkbook/default.nix index 1229ffe..42dbe30 100644 --- a/host/x86_64-linux/thinkbook/default.nix +++ b/host/x86_64-linux/thinkbook/default.nix @@ -1,10 +1,6 @@ { ... }: { - home.nixos.enable = true; - user = { - root = true; - voronind = true; - }; + user.voronind = true; module = { builder.client.enable = true; diff --git a/host/x86_64-linux/thinkpad/default.nix b/host/x86_64-linux/thinkpad/default.nix index 02f8f48..26eb18b 100644 --- a/host/x86_64-linux/thinkpad/default.nix +++ b/host/x86_64-linux/thinkpad/default.nix @@ -1,19 +1,17 @@ { ... }: { - home.nixos.enable = true; user = { dasha = true; - root = true; voronind = true; }; module = { + builder.client.enable = true; display.primary = "eDP-1"; - package.extra = true; + package.all = true; + powerlimit.thinkpad.enable = true; print.enable = true; syncthing.enable = true; - builder.client.enable = true; - powerlimit.thinkpad.enable = true; purpose = { creative = true; disown = true; diff --git a/option/Keyd.nix b/option/Keyd.nix index 23609e2..96e83f9 100644 --- a/option/Keyd.nix +++ b/option/Keyd.nix @@ -4,6 +4,6 @@ let in { options.module.keyd.enable = lib.mkEnableOption "the keyboard remaps." // { - default = with purpose; desktop || laptop; + default = with purpose; desktop || laptop || live || server; }; } diff --git a/option/Live.nix b/option/Live.nix new file mode 100644 index 0000000..b565b09 --- /dev/null +++ b/option/Live.nix @@ -0,0 +1,9 @@ +{ config, lib, ... }: +let + purpose = config.module.purpose; +in +{ + options.module.live.enable = lib.mkEnableOption "the live modules." // { + default = purpose.live; + }; +} diff --git a/secret/default.nix b/secret/default.nix index 29a28cf..eea1a81 100644 --- a/secret/default.nix +++ b/secret/default.nix @@ -1,7 +1,13 @@ { ... }: { # Password used for root user. - hashedPassword = "$y$j9T$oqCB16i5E2t1t/HAWaFd5.$tTaHtAcifXaDVpTcRv.yH2/eWKxKE9xM8KcqXHfHrD7"; # Use `mkpasswd -s`. + # Use `mkpasswd -s`. + password = { + dasha = "$y$j9T$WGMPv/bRhGBUidcZLZ7CE/$raZhwFFdI/XvegVZVHLILJLMiBkOxSErc6gao/Cxt33"; + live = "$y$j9T$nPMHO52xsFp6ZShidRwVC1$2w9BWmGsCkopKx3L3QLXOnJNCNwtwTOlQ/BzQJEerp0"; # "live". + root = "$y$j9T$oqCB16i5E2t1t/HAWaFd5.$tTaHtAcifXaDVpTcRv.yH2/eWKxKE9xM8KcqXHfHrD7"; + voronind = "$y$j9T$e/mHHkIIAXc0HuQdR3PE6/$Jbh6gJgd0M/s6zCqnsB284a9tlRdLclZSaaSKurIJjB"; + }; ssh = { # Keys that are allowed to connect via SSH. @@ -15,11 +21,11 @@ buildKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIENY0NICXvlTOSZEwivRHEGO1PUzgsmoHwf+zqS7WsGV root@max" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuuw5ek5wGB9KdBhCTxjV+CBpPU6RIOynHkFYC4dau3 root@dasha" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFHBAqquW9mzssSY22XBXvtAsa19WtIgM5xQ+mXZX6W9 root@thinkbook" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFgiYKFkMfiGOZCZIk+O7LtaoF6A3cHEFCqaPwXOM4rR root@thinkpad" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIf192IxsksM6u8UY+eqpHopebgV+NNq2G03ssdXIgz root@desktop" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSWdbkYsRiDlKu8iT/k+JN4KY08iX9qh4VyqxlpEZcE root@home" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaoyC/grc3SfO5blKWRUwW+dLlcfyvuvWjymprfIeqN root@msi" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFHBAqquW9mzssSY22XBXvtAsa19WtIgM5xQ+mXZX6W9 root@thinkbook" ]; }; diff --git a/user/Dasha.nix b/user/Dasha.nix index a61a70b..f2fbf94 100644 --- a/user/Dasha.nix +++ b/user/Dasha.nix @@ -2,6 +2,7 @@ config, lib, pkgs, + secret, ... }: let @@ -21,7 +22,7 @@ in users.users.dasha = { createHome = true; description = "Daria Dranchak"; - hashedPassword = "$y$j9T$WGMPv/bRhGBUidcZLZ7CE/$raZhwFFdI/XvegVZVHLILJLMiBkOxSErc6gao/Cxt33"; + hashedPassword = secret.password.dasha; isNormalUser = true; uid = 1001; extraGroups = [ diff --git a/user/Live.nix b/user/Live.nix new file mode 100644 index 0000000..b01357d --- /dev/null +++ b/user/Live.nix @@ -0,0 +1,35 @@ +{ + config, + lib, + secret, + ... +}: +let + cfg = config.user; +in +{ + options.user.live = lib.mkEnableOption "live user."; + + config = lib.mkIf cfg.live { + home.nixos.users = [ + { + homeDirectory = "/home/live"; + username = "live"; + } + ]; + users.users.live = { + createHome = true; + description = "Live User"; + hashedPassword = secret.password.live; + isNormalUser = true; + uid = 1022; + extraGroups = [ + "input" + "keyd" + "libvirtd" + "networkmanager" + "video" + ]; + }; + }; +} diff --git a/user/Root.nix b/user/Root.nix index 16a0097..31aac4d 100644 --- a/user/Root.nix +++ b/user/Root.nix @@ -6,12 +6,16 @@ }: let cfg = config.user; + purpose = config.module.purpose; in { - options.user.root = lib.mkEnableOption "root."; + options.user.root = lib.mkEnableOption "root." // { + default = with purpose; desktop || laptop || live || server; + }; config = lib.mkIf cfg.root { - users.users.root.hashedPassword = secret.hashedPassword; + users.users.root.hashedPassword = + if purpose.live then secret.password.live else secret.password.root; home.nixos.users = [ { homeDirectory = "/root"; diff --git a/user/Voronind.nix b/user/Voronind.nix index edeee8a..d7970ea 100644 --- a/user/Voronind.nix +++ b/user/Voronind.nix @@ -20,7 +20,7 @@ in users.users.voronind = { createHome = true; description = "Dmitry Voronin"; - hashedPassword = secret.hashedPassword; + hashedPassword = secret.password.voronind; isNormalUser = true; uid = 1000; extraGroups = [