General: update NOS; Users: switch to Starship shell prompt

2024-10-15 10:22:53 -04:00 · 2024-10-15 10:22:53 -04:00 · b5a01ad121
parent d1796eedb3
commit b5a01ad121
7 changed files with 54 additions and 1851 deletions
--- a/README.md
+++ b/README.md
@ -11,32 +11,33 @@ A full set of configuration files managed via NixOS. This project is an **unoffi
 Secrets are managed using [git-crypt](https://github.com/AGWA/git-crypt). To unlock the repo, use `git-crypt unlock [path to key file]`. git-crypt will transparently encrypt/decrypt files stored in `modules/secrets` going forward, but you'll need this key file on all hosts that are using secrets.
-Note: This is a poor man's secret management solution. These secrets will be world-readable in the `/nix/store/`.
+> [!NOTE]
 > This is a poor man's secret management solution. If you use this, your secrets will be world-readable in the `/nix/store/`.
 ### First-time installation
-When installing on a brand new system, partition the main drive into two partitions: a `/boot` partition, and a LUKS partition. Then, run `bin/format-drives.sh --root [root partition] --luks [luks partition]`. This also creates a `hardware-configuration.nix` file.
+When installing on a brand new system, partition the main drive into two partitions: a `/boot` partition, and a LUKS partition. Then, run `bin/format-drives.sh --root [root partition] --luks [luks partition]` (the script will request sudo privileges):
 ```sh
 ./bin/format-drives.sh --boot /dev/nvme0n1p1 --luks /dev/nvme0n1p2 
 ```
-Next, set up the host's config under in the `hosts` folder by copying `configuration.nix.template` and `hardware-configuration.nix.template` into a new folder.
+Next, set up the host's config under in the `hosts` folder by copying `configuration.nix.template` and `hardware-configuration.nix.template` into a new folder. Running `format-drives.sh` also generates a `hardware-configuration.nix` file you can use.
 Then, add the host to `flake.nix` under the `nixosConfigurations` section.
 Finally, run the NixOS installer, replacing `host` with your actual hostname:
 ```sh
-nixos-install --verbose --root /mnt --flake .#host --no-root-password
+sudo nixos-install --verbose --root /mnt --flake .#host --no-root-password
 ``` 
 > [!TIP]
-> This config installs a nixos-rebuild wrapper called `nos` (NixOS Operations Script). Basic install/upgrade commands can be run using `nos`, but more advanced stuff should use `nixos-rebuild`.
+> This config installs a nixos-rebuild wrapper called `nos` (NixOS Operations Script) that handles pulling and pushing changes to your configuration repository via git. For more info, run `nixos-operations-script --help`.
 ### Running updates
-To update a system, run `sudo nixos-operations-script` (or just `sudo nos`). To commit updates back to the repo, use `sudo nos --update`.
+To update a system, run `nixos-operations-script` (or just `nos`). To commit updates back to the repo, use `nos --update`. Do not run this script as root - it will automatically request sudo permissions as needed.
 #### Automatic updates
@ -52,16 +53,16 @@ aux.system.services.autoUpgrade = {
 };
 ```
-Automatic updates work by `git pull`ing the latest version of the repo from Forgejo. This repo gets updated nightly by [`Hevana`](./hosts/Hevana), which updates the `flake.lock` file and pushes it back up to Forgejo. Only one host needs to do this, but you can safely enable it for multiple hosts as long as they have access to the same repository. You can enable this feature on a host using `aux.system.services.autoUpgrade.pushUpdates = true;`.
+Automatic updates work by running `nos`. There's an additional `pushUpdates` option that, when enabled, updates the `flake.lock` file and pushes it back up to the Git repository. Only one host needs to do this (in this case, it's [Hevana](./hosts/Hevana), but you can safely enable it on multiple hosts as long as they use the same repository and update at different times.
 #### Manually updating
-Run `nos` to update the system. Use the `--update` flag to update `flake.lock` as part of the process. For the first build, you'll need to specify the path to your `flake.nix` file and the hostname using `--flake /path/to/flake.nix/#hostname`.
+Run `nos` to update the system. Use the `--update` flag to update `flake.lock` as part of the process. For the first build, you'll need to specify the path to your `flake.nix` file and the hostname using `nos --hostname my_hostname --flake /path/to/flake.nix`.
 After the first build, you can omit the hostname and path:
 ```sh
-nos --update
+nos
 ```
 This is the equivalent of running:
--- a/bin/nixos-operations-script.sh
+++ b/bin/nixos-operations-script.sh
@ -1,12 +1,13 @@
 #!/usr/bin/env bash
-# Wrapper script for nixos-rebuild
+# The NixOS Operations Script (NOS) is a wrapper script for nixos-rebuild and Flake-based configurations.
 # It handles pulling the latest version of your repository using Git, running system updates, and pushing changes back up.
 # Configuration parameters
 operation="switch"                              # The nixos-rebuild operation to use
 hostname=$(/run/current-system/sw/bin/hostname) # The name of the host to build
-flakeDir="${FLAKE_DIR}"                         # Path to the flake file (and optionally the hostname). Defaults to the FLAKE_DIR environment variable.
+flakeDir="${FLAKE_DIR}"                         # Path to the flake file (and optionally the hostname)
-update=false                                    # Whether to update flake.lock (false by default)
+update=false                                    # Whether to update and commmit flake.lock
-user=$(/run/current-system/sw/bin/whoami)       # Which user account to use for git commands (defaults to whoever called the script)
+user=$(/run/current-system/sw/bin/whoami)       # Which user account to use for git commands
 remainingArgs=""                                # All remaining arguments that haven't yet been processed (will be passed to nixos-rebuild)
 function usage() {
@ -16,15 +17,17 @@ function usage() {
 	echo "  1. Pull the latest version of your Nix config repository"
 	echo "  2. Run 'nixos-rebuild switch'."
 	echo ""
-	echo "Advanced usage: nixos-operations-script.sh [-o|--operation operation] [-f|--flake path-to-flake] [extra nixos-rebuild parameters]"
+	echo "Advanced usage: nixos-operations-script.sh [-h | --hostname hostname-to-build] [-o | --operation operation] [-f | --flake path-to-flake] [extra nixos-rebuild parameters]"
 	echo "Options:"
 	echo " -h, --help          Show this help screen."
 	echo " -o, --operation     The nixos-rebuild operation to perform."
 	echo " -f, --flake <path>  The path to your flake.nix file (and optionally, the hostname to build)."
 	echo " -U, --update        Update and commit flake.lock."
 	echo " -u, --user          Which user account to run git commands under."
 	echo ""
-	exit 2
+	echo "Options:"
 	echo " --help                       Show this help screen."
 	echo " -f, --flake [path]           The path to your flake.nix file (defualts to the FLAKE_DIR environment variable)."
 	echo " -h, --hostname [hostname]    The name of the host to build (defaults to the current system's hostname)."
 	echo " -o, --operation [operation]  The nixos-rebuild operation to perform (defaults to 'switch')."
 	echo " -U, --update                 Update and commit the flake.lock file."
 	echo " -u, --user [username]        Which user account to run git commands under (defaults to the user running this script)."
 	echo ""
 	exit 0
 }
 # Argument processing logic shamelessly stolen from https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash
@ -36,6 +39,11 @@ while [[ $# -gt 0 ]]; do
 		shift
 		shift
 		;;
 	--hostname|-h)
 	    hostname="$2"
 	    shift
 	    shift
 	    ;;
 	--update|--upgrade|-U)
 		update=true
 		shift
@ -50,9 +58,8 @@ while [[ $# -gt 0 ]]; do
 		shift
 		shift
 		;;
-	--help|-h)
+	--help)
 		usage
 		exit 0
 		;;
 	*)
 		POSITIONAL_ARGS+=("$1") # save positional arg
@ -80,9 +87,9 @@ else
 	echo "Skipping 'nix flake update'..."
 fi
-options="--flake $flakeDir $remainingArgs --use-remote-sudo --log-format multiline-with-logs"
+options="--flake ${flakeDir}#${hostname} ${remainingArgs} --use-remote-sudo --log-format multiline-with-logs"
-echo "Running this operation: nixos-rebuild $operation $options"
+echo "Running this operation: nixos-rebuild ${operation} ${options}"
-/run/wrappers/bin/sudo -u root /run/current-system/sw/bin/nixos-rebuild $operation $options
+/run/wrappers/bin/sudo -u $user /run/current-system/sw/bin/nixos-rebuild $operation $options
 exit 0
--- a/modules/ui/desktops/common.nix
+++ b/modules/ui/desktops/common.nix
@ -59,6 +59,7 @@ in
        noto-fonts-emoji
        liberation_ttf
        fira-code
        fira-code-nerdfont
        fira-code-symbols
        fira
        roboto-slab
--- a/modules/users/aires/default.nix
+++ b/modules/users/aires/default.nix
@ -87,16 +87,13 @@ in
              matchBlocks = config.secrets.users.aires.sshConfig;
            };
-            # Set up Zsh
+            # Tweak Zsh
            zsh = {
              oh-my-zsh = {
                theme = "gentoo";
              };
              shellAliases = {
                nos = "nixos-operations-script";
                z = "zellij";
                update = "upgrade";
-                upgrade = "nos";
+                upgrade = "nos --update";
              };
              loginExtra = "fastfetch --memory-percent-green 75 --memory-percent-yellow 90";
            };
--- a/modules/users/common/home-manager/zsh.nix
+++ b/modules/users/common/home-manager/zsh.nix
@ -1,29 +1,24 @@
 # Additional ZSH settings via Home Manager
 { pkgs, ... }:
 {
-  programs.zsh = {
+  programs = {
    # Set up Starship
    # https://starship.rs/
    starship = {
      enable = true;
      enableZshIntegration = true;
    };
    zsh = {
      enable = true;
      autosuggestion.enable = true;
      syntaxHighlighting.enable = true;
      history.ignoreDups = true; # Do not enter command lines into the history list if they are duplicates of the previous event.
-    prezto = {
+      initExtra = ''
-      git.submoduleIgnore = "untracked"; # Ignore submodules when they are untracked.
+              	function set_win_title(){
-    };
+              	  echo -ne "\033]0; $(basename "$PWD") \007"
    plugins = [
      {
        name = "zsh-nix-shell";
        file = "nix-shell.plugin.zsh";
        src = pkgs.fetchFromGitHub {
          owner = "chisui";
          repo = "zsh-nix-shell";
          rev = "v0.8.0";
          sha256 = "1lzrn0n4fxfcgg65v0qhnj7wnybybqzs4adz7xsrkgmcsr0ii8b7";
        };
        		}
-    ];
+              	precmd_functions+=(set_win_title)
-    oh-my-zsh = {
+      '';
      enable = true;
      plugins = [ "git" ];
    };
  };
 }
--- a/modules/users/gremlin/default.nix
+++ b/modules/users/gremlin/default.nix
@ -90,23 +90,6 @@ in
            enable = true;
            matchBlocks = config.secrets.users.gremlin.sshConfig;
          };
          # Set up Zsh
          zsh = {
            # Install and source the p10k theme
            plugins = [
              {
                name = "powerlevel10k";
                src = pkgs.zsh-powerlevel10k;
                file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
              }
              {
                name = "powerlevel10k-config";
                src = ./p10k-config;
                file = "p10k.zsh";
              }
            ];
          };
        };
      };
    })
--- a/modules/users/gremlin/p10k-config/p10k.zsh
+++ b/modules/users/gremlin/p10k-config/p10k.zsh