Update readme

README.md

@@ -1,3 +1,9 @@
 # nixos
 
 My NixOS config
+
+```
+git clone https://git.hektormisplon.xyz/hektor/nix.git
+cd nix
+sudo nix run 'github:nix-community/disko/latest#disko-install' -- --flake .#vm --disk root /dev/vda
+```

dots/README.md

@@ -8,3 +8,6 @@ bash <(curl -s https://git.hektormisplon.xyz/hektor/dots/raw/branch/master/.bin/
 
 Note: will not set up *everything* (e.g. `/etc` configs, dependencies...), but
 should get you up and running.
+
+2025-10-04: I am migrating from Arch Linux to NixOS. For this transition, these
+dotfiles are currently included as a subtree in my [NixOS repository](https://git.hektormisplon.xyz/hektor/nix).

flake.lock

@@ -1,5 +1,26 @@
 {
   "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1746728054,
+        "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "ff442f5d1425feb86344c028298548024f21256d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "latest",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -7,11 +28,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1748665073,
+        "lastModified": 1758463745,
-        "narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=",
+        "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "282e1e029cb6ab4811114fc85110613d72771dea",
+        "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
         "type": "github"
       },
       "original": {
@@ -23,11 +44,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1748437600,
+        "lastModified": 1759439645,
-        "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=",
+        "narHash": "sha256-oiAyQaRilPk525Z5aTtTNWNzSrcdJ7IXM0/PL3CGlbI=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "7282cb574e0607e65224d33be8241eae7cfe0979",
+        "rev": "879bd460b3d3e8571354ce172128fbcbac1ed633",
         "type": "github"
       },
       "original": {
@@ -39,6 +60,7 @@
     },
     "root": {
       "inputs": {
+        "disko": "disko",
         "home-manager": "home-manager",
         "nixpkgs": "nixpkgs"
       }

flake.nix

@@ -1,20 +1,28 @@
 {
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.05";
+    nixpkgs = {
-    home-manager.url = "github:nix-community/home-manager/release-25.05";
+      url = "github:nixos/nixpkgs?ref=nixos-25.05";
-    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+    };
+    home-manager = {
+      url = "github:nix-community/home-manager/release-25.05";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    disko = {
+      url = "github:nix-community/disko/latest";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
-  outputs = { self, nixpkgs, home-manager }: {
+  outputs = { self, nixpkgs, disko, home-manager }: {
-    nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
+    nixosConfigurations.vm = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
       modules = [
-        ./configuration.nix
+        ./hosts/vm/configuration.nix
-        home-manager.nixosModules.home-manager
+        disko.nixosModules.disko
-	{
+        home-manager.nixosModules.home-manager {
           home-manager.useGlobalPkgs = true;
           home-manager.useUserPackages = true;
-          home-manager.users.h = ./home.nix;
+          home-manager.users.h = ./hosts/vm/home.nix;
 	      }
       ];
     };

hosts/vm/configuration.nix

@@ -1,22 +1,33 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 
 {
   system.stateVersion = "25.05";
 
   imports =
     [
-      ./modules/bootloader.nix
+      ./hard.nix
-      ./modules/hardware-configuration.nix # Include the results of the hardware scan.
+      ./disk.nix
-      ./modules/networking.nix
+      ../../modules/bootloader.nix
-      ./modules/users.nix
+      ../../modules/networking.nix
-      ./modules/audio.nix
+      ../../modules/users.nix
-      ./modules/printing.nix
+      ../../modules/audio.nix
-      ./modules/localization.nix
+      ../../modules/printing.nix
-      ./modules/x.nix
+      ../../modules/localization.nix
+      ../../modules/x.nix
     ];
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
+  # These are needed for ZFS
+
+  networking.hostId = "25698a58";
+  # https://discourse.nixos.org/t/zfs-with-disko-faluire-to-import-zfs-pool/61988/3
+  boot = {
+    zfs = {
+        devNodes = "/dev/disk/by-uuid";
+      };
+  };
+
   programs.git.enable = true;
   programs.firefox.enable = true;
 
@@ -26,7 +37,7 @@
 
   services.spice-vdagentd.enable = true;
   services.openssh = {
-    enable = false;
+    enable = true;
     startWhenNeeded = true;
     settings = {
       ## hardening

hosts/vm/disk.nix

@@ -0,0 +1 @@
+import ../../modules/disko.zfs-encrypted-root.nix

hosts/vm/hard.nix

@@ -13,15 +13,6 @@
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/7d406784-bf6b-420e-a956-134f719c8206";
-      fsType = "ext4";
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/4cbaffdb-0ca2-4735-87d0-eefe994f0e18"; }
-    ];
-
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction

hosts/vm/home.nix

@@ -6,5 +6,7 @@
   home.username = "h";
   home.homeDirectory = "/home/h";
 
+  home.file.".inputrc".source = ../../dots/.inputrc;
+
   programs.home-manager.enable = true;
 }

modules/bootloader.nix

@@ -1,7 +1,6 @@
 { ... }:
 
 {
-  boot.loader.grub.enable = true;
+  boot.loader.systemd-boot.enable = true;
-  boot.loader.grub.device = "/dev/vda";
+  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.grub.useOSProber = true;
 }

modules/disko.zfs-encrypted-root.nix

@@ -0,0 +1,81 @@
+{
+  disko.devices = {
+    disk = {
+      root = {
+        type = "disk";
+        device = "/dev/vda";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "1G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "nofail" ];
+              };
+            };
+            zfs = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "zroot";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      zroot = {
+        type = "zpool";
+        rootFsOptions = {
+          mountpoint = "none";
+          compression = "zstd";
+          acltype = "posixacl";
+          xattr = "sa";
+          "com.sun:auto-snapshot" = "true";
+        };
+        options.ashift = "12";
+        datasets = {
+          "root" = {
+            type = "zfs_fs";
+            options = {
+              encryption = "aes-256-gcm";
+              keyformat = "passphrase";
+              #keylocation = "file:///tmp/secret.key";
+              keylocation = "prompt";
+            };
+            mountpoint = "/";
+
+          };
+          "root/nix" = {
+            type = "zfs_fs";
+            options.mountpoint = "/nix";
+            mountpoint = "/nix";
+          };
+
+          # README MORE: https://wiki.archlinux.org/title/ZFS#Swap_volume
+          "root/swap" = {
+            type = "zfs_volume";
+            size = "10M";
+            content = {
+              type = "swap";
+            };
+            options = {
+              volblocksize = "4096";
+              compression = "zle";
+              logbias = "throughput";
+              sync = "always";
+              primarycache = "metadata";
+              secondarycache = "none";
+              "com.sun:auto-snapshot" = "false";
+            };
+          };
+        };
+      };
+    };
+  };
+}

modules/networking.nix

@@ -1,19 +1,10 @@
 { ... }:
 
 {
-  networking.hostName = "nixos"; # Define your hostname.
+  networking.hostName = "nixos";
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  networking.wireless = { iwd = { enable = true; }; };
-
+  networking.firewall = {
-  # Configure network proxy if necessary
+    enable = true;
-  # networking.proxy.default = "http://user:password@proxy:port/";
+    allowedTCPPorts = [ 22 ];
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+  };
-
-  # Enable networking
-  networking.networkmanager.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
 }

modules/users.nix

@@ -4,6 +4,7 @@
   users.users.h = {
     isNormalUser = true;
     description = "h";
-    extraGroups = [ "wheel" "networkmanager" ];
+    extraGroups = [ "wheel" ];
+    initialPassword = "h";
   };
 }

modules/x.nix

@@ -1,10 +1,14 @@
 { ... }:
 
 {
+  services.xserver.windowManager.xmonad = {
+   enable = true;
+   enableContribAndExtras = true;
+   config = builtins.readFile ../dots/.xmonad/xmonad.hs;
+ };
+
   services.xserver = {
     enable = true;
-    displayManager.gdm.enable = true;
-    desktopManager.gnome.enable = true;
     xkb.layout = "us";
     xkb.variant = "";
   };