hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: hektor:626bdc79bf8d32fee1cfc1c2fb5563db5b92db64
Branches Tags
hektor:main hektor:claude-nvim hektor:feat/flakify-neovim hektor:disko
...
compare: hektor:disko
Branches Tags
hektor:main hektor:claude-nvim hektor:feat/flakify-neovim hektor:disko

13 Commits
626bdc79bf ... disko

Author SHA1 Message Date
Hektor Misplon
cbdc5a99f2 Update readme 2025-10-05 00:07:19 +02:00
Hektor Misplon
34c02e4049 Add 'networking.hostId' (required for ZFS) 2025-10-05 00:07:06 +02:00
Hektor Misplon
0abaab830e Fix ZFS issue with virtual disks (https://discourse.nixos.org/t/zfs-with-disko-faluire-to-import-zfs-pool/61988/3) 2025-10-04 23:57:46 +02:00
Hektor Misplon
fc5a3f4eca Fix inputrc path 2025-10-04 23:31:09 +02:00
Hektor Misplon
c5d81f1e9e Set up disko zfs encrypted root for 'vm' host 2025-10-04 23:23:47 +02:00
Hektor Misplon
bfa17953a8 Use an easy (though insecure) initial password (for testing) 2025-10-04 21:25:32 +02:00
Hektor Misplon
c36b202d4e Modularize NixOS 'vm' configuration 2025-10-04 21:25:11 +02:00
Hektor Misplon
ca8cfd7deb Use 'systemd-boot' bootloader instead of GRUB 2025-10-04 20:52:07 +02:00
Hektor Misplon
b69140605c Update NixOS networking configuration 2025-10-04 20:52:07 +02:00
Hektor Misplon
70363bdc48 Fix SSH daemon not starting 2025-10-04 20:17:05 +02:00
Hektor Misplon
f8169a8438 Source 'dots/.inputrc' 2025-10-04 19:07:02 +02:00
Hektor Misplon
85f81e61e2 Switch from gnome to XMonad (config from dots) 2025-10-04 19:06:01 +02:00
Hektor Misplon
8a0e1758de Link NixOS repo in dotfiles repository 2025-10-04 18:33:55 +02:00
13 changed files with 177 additions and 57 deletions
Expand all files Collapse all files

8
README.md
View File

@@ -1,3 +1,9 @@
# nixos
My NixOS config
My NixOS config
```
git clone https://git.hektormisplon.xyz/hektor/nix.git
cd nix
sudo nix run 'github:nix-community/disko/latest#disko-install' -- --flake .#vm --disk root /dev/vda
```

3
dots/README.md
View File

@@ -8,3 +8,6 @@ bash <(curl -s https://git.hektormisplon.xyz/hektor/dots/raw/branch/master/.bin/
Note: will not set up *everything* (e.g. `/etc` configs, dependencies...), but
should get you up and running.
2025-10-04: I am migrating from Arch Linux to NixOS. For this transition, these
dotfiles are currently included as a subtree in my [NixOS repository](https://git.hektormisplon.xyz/hektor/nix).

34
flake.lock generated
View File

@@ -1,5 +1,26 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746728054,
"narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
"owner": "nix-community",
"repo": "disko",
"rev": "ff442f5d1425feb86344c028298548024f21256d",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "latest",
"repo": "disko",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -7,11 +28,11 @@
]
},
"locked": {
"lastModified": 1748665073,
"narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=",
"lastModified": 1758463745,
"narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "282e1e029cb6ab4811114fc85110613d72771dea",
"rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
"type": "github"
},
"original": {
@@ -23,11 +44,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1748437600,
"narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=",
"lastModified": 1759439645,
"narHash": "sha256-oiAyQaRilPk525Z5aTtTNWNzSrcdJ7IXM0/PL3CGlbI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7282cb574e0607e65224d33be8241eae7cfe0979",
"rev": "879bd460b3d3e8571354ce172128fbcbac1ed633",
"type": "github"
},
"original": {
@@ -39,6 +60,7 @@
},
"root": {
"inputs": {
"disko": "disko",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
}

28
flake.nix
View File

@@ -1,21 +1,29 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.05";
home-manager.url = "github:nix-community/home-manager/release-25.05";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
nixpkgs = {
url = "github:nixos/nixpkgs?ref=nixos-25.05";
};
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, home-manager }: {
nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
outputs = { self, nixpkgs, disko, home-manager }: {
nixosConfigurations.vm = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
home-manager.nixosModules.home-manager
{
./hosts/vm/configuration.nix
disko.nixosModules.disko
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.h = ./home.nix;
}
home-manager.users.h = ./hosts/vm/home.nix;
}
];
};
};

31
configuration.nix → hosts/vm/configuration.nix
View File

@@ -1,22 +1,33 @@
{ config, pkgs, ... }:
{ pkgs, ... }:
{
system.stateVersion = "25.05";
imports =
[
./modules/bootloader.nix
./modules/hardware-configuration.nix # Include the results of the hardware scan.
./modules/networking.nix
./modules/users.nix
./modules/audio.nix
./modules/printing.nix
./modules/localization.nix
./modules/x.nix
./hard.nix
./disk.nix
../../modules/bootloader.nix
../../modules/networking.nix
../../modules/users.nix
../../modules/audio.nix
../../modules/printing.nix
../../modules/localization.nix
../../modules/x.nix
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# These are needed for ZFS
networking.hostId = "25698a58";
# https://discourse.nixos.org/t/zfs-with-disko-faluire-to-import-zfs-pool/61988/3
boot = {
zfs = {
devNodes = "/dev/disk/by-uuid";
};
};
programs.git.enable = true;
programs.firefox.enable = true;
@@ -26,7 +37,7 @@
services.spice-vdagentd.enable = true;
services.openssh = {
enable = false;
enable = true;
startWhenNeeded = true;
settings = {
## hardening

1
hosts/vm/disk.nix Normal file
View File

@@ -0,0 +1 @@
import ../../modules/disko.zfs-encrypted-root.nix

9
modules/hardware-configuration.nix → hosts/vm/hard.nix
View File

@@ -13,15 +13,6 @@
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/7d406784-bf6b-420e-a956-134f719c8206";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/4cbaffdb-0ca2-4735-87d0-eefe994f0e18"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction

2
home.nix → hosts/vm/home.nix
View File

@@ -6,5 +6,7 @@
home.username = "h";
home.homeDirectory = "/home/h";
home.file.".inputrc".source = ../../dots/.inputrc;
programs.home-manager.enable = true;
}

5
modules/bootloader.nix
View File

@@ -1,7 +1,6 @@
{ ... }:
{
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda";
boot.loader.grub.useOSProber = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
}

81
modules/disko.zfs-encrypted-root.nix Normal file
View File

@@ -0,0 +1,81 @@
{
disko.devices = {
disk = {
root = {
type = "disk";
device = "/dev/vda";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "nofail" ];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
rootFsOptions = {
mountpoint = "none";
compression = "zstd";
acltype = "posixacl";
xattr = "sa";
"com.sun:auto-snapshot" = "true";
};
options.ashift = "12";
datasets = {
"root" = {
type = "zfs_fs";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
#keylocation = "file:///tmp/secret.key";
keylocation = "prompt";
};
mountpoint = "/";
};
"root/nix" = {
type = "zfs_fs";
options.mountpoint = "/nix";
mountpoint = "/nix";
};
# README MORE: https://wiki.archlinux.org/title/ZFS#Swap_volume
"root/swap" = {
type = "zfs_volume";
size = "10M";
content = {
type = "swap";
};
options = {
volblocksize = "4096";
compression = "zle";
logbias = "throughput";
sync = "always";
primarycache = "metadata";
secondarycache = "none";
"com.sun:auto-snapshot" = "false";
};
};
};
};
};
};
}

21
modules/networking.nix
View File

@@ -1,19 +1,10 @@
{ ... }:
{
networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
networking.hostName = "nixos";
networking.wireless = { iwd = { enable = true; }; };
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
};
}

3
modules/users.nix
View File

@@ -4,6 +4,7 @@
users.users.h = {
isNormalUser = true;
description = "h";
extraGroups = [ "wheel" "networkmanager" ];
extraGroups = [ "wheel" ];
initialPassword = "h";
};
}

8
modules/x.nix
View File

@@ -1,10 +1,14 @@
{ ... }:
{
services.xserver.windowManager.xmonad = {
enable = true;
enableContribAndExtras = true;
config = builtins.readFile ../dots/.xmonad/xmonad.hs;
};
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
xkb.layout = "us";
xkb.variant = "";
};