General: update NOS; Users: switch to Starship shell prompt
This commit is contained in:
parent
d1796eedb3
commit
b5a01ad121
19
README.md
19
README.md
|
@ -11,32 +11,33 @@ A full set of configuration files managed via NixOS. This project is an **unoffi
|
||||||
|
|
||||||
Secrets are managed using [git-crypt](https://github.com/AGWA/git-crypt). To unlock the repo, use `git-crypt unlock [path to key file]`. git-crypt will transparently encrypt/decrypt files stored in `modules/secrets` going forward, but you'll need this key file on all hosts that are using secrets.
|
Secrets are managed using [git-crypt](https://github.com/AGWA/git-crypt). To unlock the repo, use `git-crypt unlock [path to key file]`. git-crypt will transparently encrypt/decrypt files stored in `modules/secrets` going forward, but you'll need this key file on all hosts that are using secrets.
|
||||||
|
|
||||||
Note: This is a poor man's secret management solution. These secrets will be world-readable in the `/nix/store/`.
|
> [!NOTE]
|
||||||
|
> This is a poor man's secret management solution. If you use this, your secrets will be world-readable in the `/nix/store/`.
|
||||||
|
|
||||||
### First-time installation
|
### First-time installation
|
||||||
|
|
||||||
When installing on a brand new system, partition the main drive into two partitions: a `/boot` partition, and a LUKS partition. Then, run `bin/format-drives.sh --root [root partition] --luks [luks partition]`. This also creates a `hardware-configuration.nix` file.
|
When installing on a brand new system, partition the main drive into two partitions: a `/boot` partition, and a LUKS partition. Then, run `bin/format-drives.sh --root [root partition] --luks [luks partition]` (the script will request sudo privileges):
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
./bin/format-drives.sh --boot /dev/nvme0n1p1 --luks /dev/nvme0n1p2
|
./bin/format-drives.sh --boot /dev/nvme0n1p1 --luks /dev/nvme0n1p2
|
||||||
```
|
```
|
||||||
|
|
||||||
Next, set up the host's config under in the `hosts` folder by copying `configuration.nix.template` and `hardware-configuration.nix.template` into a new folder.
|
Next, set up the host's config under in the `hosts` folder by copying `configuration.nix.template` and `hardware-configuration.nix.template` into a new folder. Running `format-drives.sh` also generates a `hardware-configuration.nix` file you can use.
|
||||||
|
|
||||||
Then, add the host to `flake.nix` under the `nixosConfigurations` section.
|
Then, add the host to `flake.nix` under the `nixosConfigurations` section.
|
||||||
|
|
||||||
Finally, run the NixOS installer, replacing `host` with your actual hostname:
|
Finally, run the NixOS installer, replacing `host` with your actual hostname:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
nixos-install --verbose --root /mnt --flake .#host --no-root-password
|
sudo nixos-install --verbose --root /mnt --flake .#host --no-root-password
|
||||||
```
|
```
|
||||||
|
|
||||||
> [!TIP]
|
> [!TIP]
|
||||||
> This config installs a nixos-rebuild wrapper called `nos` (NixOS Operations Script). Basic install/upgrade commands can be run using `nos`, but more advanced stuff should use `nixos-rebuild`.
|
> This config installs a nixos-rebuild wrapper called `nos` (NixOS Operations Script) that handles pulling and pushing changes to your configuration repository via git. For more info, run `nixos-operations-script --help`.
|
||||||
|
|
||||||
### Running updates
|
### Running updates
|
||||||
|
|
||||||
To update a system, run `sudo nixos-operations-script` (or just `sudo nos`). To commit updates back to the repo, use `sudo nos --update`.
|
To update a system, run `nixos-operations-script` (or just `nos`). To commit updates back to the repo, use `nos --update`. Do not run this script as root - it will automatically request sudo permissions as needed.
|
||||||
|
|
||||||
#### Automatic updates
|
#### Automatic updates
|
||||||
|
|
||||||
|
@ -52,16 +53,16 @@ aux.system.services.autoUpgrade = {
|
||||||
};
|
};
|
||||||
```
|
```
|
||||||
|
|
||||||
Automatic updates work by `git pull`ing the latest version of the repo from Forgejo. This repo gets updated nightly by [`Hevana`](./hosts/Hevana), which updates the `flake.lock` file and pushes it back up to Forgejo. Only one host needs to do this, but you can safely enable it for multiple hosts as long as they have access to the same repository. You can enable this feature on a host using `aux.system.services.autoUpgrade.pushUpdates = true;`.
|
Automatic updates work by running `nos`. There's an additional `pushUpdates` option that, when enabled, updates the `flake.lock` file and pushes it back up to the Git repository. Only one host needs to do this (in this case, it's [Hevana](./hosts/Hevana), but you can safely enable it on multiple hosts as long as they use the same repository and update at different times.
|
||||||
|
|
||||||
#### Manually updating
|
#### Manually updating
|
||||||
|
|
||||||
Run `nos` to update the system. Use the `--update` flag to update `flake.lock` as part of the process. For the first build, you'll need to specify the path to your `flake.nix` file and the hostname using `--flake /path/to/flake.nix/#hostname`.
|
Run `nos` to update the system. Use the `--update` flag to update `flake.lock` as part of the process. For the first build, you'll need to specify the path to your `flake.nix` file and the hostname using `nos --hostname my_hostname --flake /path/to/flake.nix`.
|
||||||
|
|
||||||
After the first build, you can omit the hostname and path:
|
After the first build, you can omit the hostname and path:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
nos --update
|
nos
|
||||||
```
|
```
|
||||||
|
|
||||||
This is the equivalent of running:
|
This is the equivalent of running:
|
||||||
|
|
|
@ -1,12 +1,13 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
# Wrapper script for nixos-rebuild
|
# The NixOS Operations Script (NOS) is a wrapper script for nixos-rebuild and Flake-based configurations.
|
||||||
|
# It handles pulling the latest version of your repository using Git, running system updates, and pushing changes back up.
|
||||||
|
|
||||||
# Configuration parameters
|
# Configuration parameters
|
||||||
operation="switch" # The nixos-rebuild operation to use
|
operation="switch" # The nixos-rebuild operation to use
|
||||||
hostname=$(/run/current-system/sw/bin/hostname) # The name of the host to build
|
hostname=$(/run/current-system/sw/bin/hostname) # The name of the host to build
|
||||||
flakeDir="${FLAKE_DIR}" # Path to the flake file (and optionally the hostname). Defaults to the FLAKE_DIR environment variable.
|
flakeDir="${FLAKE_DIR}" # Path to the flake file (and optionally the hostname)
|
||||||
update=false # Whether to update flake.lock (false by default)
|
update=false # Whether to update and commmit flake.lock
|
||||||
user=$(/run/current-system/sw/bin/whoami) # Which user account to use for git commands (defaults to whoever called the script)
|
user=$(/run/current-system/sw/bin/whoami) # Which user account to use for git commands
|
||||||
remainingArgs="" # All remaining arguments that haven't yet been processed (will be passed to nixos-rebuild)
|
remainingArgs="" # All remaining arguments that haven't yet been processed (will be passed to nixos-rebuild)
|
||||||
|
|
||||||
function usage() {
|
function usage() {
|
||||||
|
@ -16,15 +17,17 @@ function usage() {
|
||||||
echo " 1. Pull the latest version of your Nix config repository"
|
echo " 1. Pull the latest version of your Nix config repository"
|
||||||
echo " 2. Run 'nixos-rebuild switch'."
|
echo " 2. Run 'nixos-rebuild switch'."
|
||||||
echo ""
|
echo ""
|
||||||
echo "Advanced usage: nixos-operations-script.sh [-o|--operation operation] [-f|--flake path-to-flake] [extra nixos-rebuild parameters]"
|
echo "Advanced usage: nixos-operations-script.sh [-h | --hostname hostname-to-build] [-o | --operation operation] [-f | --flake path-to-flake] [extra nixos-rebuild parameters]"
|
||||||
echo "Options:"
|
|
||||||
echo " -h, --help Show this help screen."
|
|
||||||
echo " -o, --operation The nixos-rebuild operation to perform."
|
|
||||||
echo " -f, --flake <path> The path to your flake.nix file (and optionally, the hostname to build)."
|
|
||||||
echo " -U, --update Update and commit flake.lock."
|
|
||||||
echo " -u, --user Which user account to run git commands under."
|
|
||||||
echo ""
|
echo ""
|
||||||
exit 2
|
echo "Options:"
|
||||||
|
echo " --help Show this help screen."
|
||||||
|
echo " -f, --flake [path] The path to your flake.nix file (defualts to the FLAKE_DIR environment variable)."
|
||||||
|
echo " -h, --hostname [hostname] The name of the host to build (defaults to the current system's hostname)."
|
||||||
|
echo " -o, --operation [operation] The nixos-rebuild operation to perform (defaults to 'switch')."
|
||||||
|
echo " -U, --update Update and commit the flake.lock file."
|
||||||
|
echo " -u, --user [username] Which user account to run git commands under (defaults to the user running this script)."
|
||||||
|
echo ""
|
||||||
|
exit 0
|
||||||
}
|
}
|
||||||
|
|
||||||
# Argument processing logic shamelessly stolen from https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash
|
# Argument processing logic shamelessly stolen from https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash
|
||||||
|
@ -36,6 +39,11 @@ while [[ $# -gt 0 ]]; do
|
||||||
shift
|
shift
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
|
--hostname|-h)
|
||||||
|
hostname="$2"
|
||||||
|
shift
|
||||||
|
shift
|
||||||
|
;;
|
||||||
--update|--upgrade|-U)
|
--update|--upgrade|-U)
|
||||||
update=true
|
update=true
|
||||||
shift
|
shift
|
||||||
|
@ -50,9 +58,8 @@ while [[ $# -gt 0 ]]; do
|
||||||
shift
|
shift
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--help|-h)
|
--help)
|
||||||
usage
|
usage
|
||||||
exit 0
|
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
POSITIONAL_ARGS+=("$1") # save positional arg
|
POSITIONAL_ARGS+=("$1") # save positional arg
|
||||||
|
@ -80,9 +87,9 @@ else
|
||||||
echo "Skipping 'nix flake update'..."
|
echo "Skipping 'nix flake update'..."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
options="--flake $flakeDir $remainingArgs --use-remote-sudo --log-format multiline-with-logs"
|
options="--flake ${flakeDir}#${hostname} ${remainingArgs} --use-remote-sudo --log-format multiline-with-logs"
|
||||||
|
|
||||||
echo "Running this operation: nixos-rebuild $operation $options"
|
echo "Running this operation: nixos-rebuild ${operation} ${options}"
|
||||||
/run/wrappers/bin/sudo -u root /run/current-system/sw/bin/nixos-rebuild $operation $options
|
/run/wrappers/bin/sudo -u $user /run/current-system/sw/bin/nixos-rebuild $operation $options
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
@ -59,6 +59,7 @@ in
|
||||||
noto-fonts-emoji
|
noto-fonts-emoji
|
||||||
liberation_ttf
|
liberation_ttf
|
||||||
fira-code
|
fira-code
|
||||||
|
fira-code-nerdfont
|
||||||
fira-code-symbols
|
fira-code-symbols
|
||||||
fira
|
fira
|
||||||
roboto-slab
|
roboto-slab
|
||||||
|
|
|
@ -87,16 +87,13 @@ in
|
||||||
matchBlocks = config.secrets.users.aires.sshConfig;
|
matchBlocks = config.secrets.users.aires.sshConfig;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Set up Zsh
|
# Tweak Zsh
|
||||||
zsh = {
|
zsh = {
|
||||||
oh-my-zsh = {
|
|
||||||
theme = "gentoo";
|
|
||||||
};
|
|
||||||
shellAliases = {
|
shellAliases = {
|
||||||
nos = "nixos-operations-script";
|
nos = "nixos-operations-script";
|
||||||
z = "zellij";
|
z = "zellij";
|
||||||
update = "upgrade";
|
update = "upgrade";
|
||||||
upgrade = "nos";
|
upgrade = "nos --update";
|
||||||
};
|
};
|
||||||
loginExtra = "fastfetch --memory-percent-green 75 --memory-percent-yellow 90";
|
loginExtra = "fastfetch --memory-percent-green 75 --memory-percent-yellow 90";
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,29 +1,24 @@
|
||||||
# Additional ZSH settings via Home Manager
|
# Additional ZSH settings via Home Manager
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
programs.zsh = {
|
programs = {
|
||||||
|
# Set up Starship
|
||||||
|
# https://starship.rs/
|
||||||
|
starship = {
|
||||||
|
enable = true;
|
||||||
|
enableZshIntegration = true;
|
||||||
|
};
|
||||||
|
zsh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
autosuggestion.enable = true;
|
autosuggestion.enable = true;
|
||||||
syntaxHighlighting.enable = true;
|
syntaxHighlighting.enable = true;
|
||||||
history.ignoreDups = true; # Do not enter command lines into the history list if they are duplicates of the previous event.
|
history.ignoreDups = true; # Do not enter command lines into the history list if they are duplicates of the previous event.
|
||||||
prezto = {
|
initExtra = ''
|
||||||
git.submoduleIgnore = "untracked"; # Ignore submodules when they are untracked.
|
function set_win_title(){
|
||||||
};
|
echo -ne "\033]0; $(basename "$PWD") \007"
|
||||||
plugins = [
|
|
||||||
{
|
|
||||||
name = "zsh-nix-shell";
|
|
||||||
file = "nix-shell.plugin.zsh";
|
|
||||||
src = pkgs.fetchFromGitHub {
|
|
||||||
owner = "chisui";
|
|
||||||
repo = "zsh-nix-shell";
|
|
||||||
rev = "v0.8.0";
|
|
||||||
sha256 = "1lzrn0n4fxfcgg65v0qhnj7wnybybqzs4adz7xsrkgmcsr0ii8b7";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
precmd_functions+=(set_win_title)
|
||||||
oh-my-zsh = {
|
'';
|
||||||
enable = true;
|
|
||||||
plugins = [ "git" ];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -90,23 +90,6 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
matchBlocks = config.secrets.users.gremlin.sshConfig;
|
matchBlocks = config.secrets.users.gremlin.sshConfig;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Set up Zsh
|
|
||||||
zsh = {
|
|
||||||
# Install and source the p10k theme
|
|
||||||
plugins = [
|
|
||||||
{
|
|
||||||
name = "powerlevel10k";
|
|
||||||
src = pkgs.zsh-powerlevel10k;
|
|
||||||
file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "powerlevel10k-config";
|
|
||||||
src = ./p10k-config;
|
|
||||||
file = "p10k.zsh";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
|
|
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue