Merge branch 'main' of ssh://code.8bitbuddhism.com/aires/nix-configuration

Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/ecfcd787f373f43307d764762e139a7cdeb9c22b' (2024-10-07)
  → 'github:NixOS/nixos-hardware/a8dd1b21995964b115b1e3ec639dd6ce24ab9806' (2024-10-12)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/d51c28603def282a24fa034bcb007e2bcb5b5dd0' (2024-10-09)
  → 'github:nixos/nixpkgs/a3f9ad65a0bf298ed5847629a57808b97e6e8077' (2024-10-12)

README.md

@@ -11,47 +11,67 @@ A full set of configuration files managed via NixOS. This project is an **unoffi
 
 Secrets are managed using [git-crypt](https://github.com/AGWA/git-crypt). To unlock the repo, use `git-crypt unlock [path to key file]`. git-crypt will transparently encrypt/decrypt files stored in `modules/secrets` going forward, but you'll need this key file on all hosts that are using secrets.
 
-Note: This is a poor man's secret management solution. These secrets will be world-readable in the `/nix/store/`.
+> [!NOTE]
+> This is a poor man's secret management solution. If you use this, your secrets will be world-readable in the `/nix/store/`.
 
 ### First-time installation
 
-When installing on a brand new system, partition the main drive into two partitions: a `/boot` partition, and a LUKS partition. Then, run `bin/format-drives.sh --root [root partition] --luks [luks partition]`. This also creates a `hardware-configuration.nix` file.
+When installing on a brand new system, partition the main drive into two partitions: a `/boot` partition, and a LUKS partition. Then, run `bin/format-drives.sh --root [root partition] --luks [luks partition]` (the script will request sudo privileges):
 
 ```sh
 ./bin/format-drives.sh --boot /dev/nvme0n1p1 --luks /dev/nvme0n1p2 
 ```
 
-Next, set up the host's config under in the `hosts` folder by copying `configuration.nix.template` and `hardware-configuration.nix.template` into a new folder.
+Next, set up the host's config under in the `hosts` folder by copying `configuration.nix.template` and `hardware-configuration.nix.template` into a new folder. Running `format-drives.sh` also generates a `hardware-configuration.nix` file you can use.
 
 Then, add the host to `flake.nix` under the `nixosConfigurations` section.
 
 Finally, run the NixOS installer, replacing `host` with your actual hostname:
 
 ```sh
-nixos-install --verbose --root /mnt --flake .#host --no-root-password
+sudo nixos-install --verbose --root /mnt --flake .#host --no-root-password
 ``` 
 
 > [!TIP]
-> This config installs a [Nix wrapper called nh](https://github.com/viperML/nh). Basic install/upgrade commands can be run using `nh`, but more advanced stuff should use `nixos-rebuild`.
+> This config installs a nixos-rebuild wrapper called `nos` (NixOS Operations Script) that handles pulling and pushing changes to your configuration repository via git. For more info, run `nixos-operations-script --help`.
 
 ### Running updates
 
-All hosts are configured to run automatic daily updates (see `modules/system/system.nix`). You can disable this by adding `aux.system.services.autoUpgrade = false;` to a host's config.
+To update a system, run `nixos-operations-script` (or just `nos`). To commit updates back to the repo, use `nos --update`. Do not run this script as root - it will automatically request sudo permissions as needed.
 
-Automatic updates work by `git pull`ing the latest version of the repo from Forgejo. This repo gets updated nightly by [`Hevana`](./hosts/Hevana), which updates the `flake.lock` file and pushes it back up to Forgejo. Only one host needs to do this, and you can enable this feature on a host using `aux.system.services.autoUpgrade.pushUpdates = true;`.
+#### Automatic updates
+
+To enable automatic updates for a host, set `aux.system.services.autoUpgrade = true;`. You can configure the autoUpgrade module with additional settings, e.g.:
+
+```nix
+aux.system.services.autoUpgrade = {
+  enable = true;
+  configDir = config.secrets.nixConfigFolder;
+  extraFlags = "--build-host hevana";
+  onCalendar = "daily";
+  user = config.users.users.aires.name;
+};
+```
+
+Automatic updates work by running `nos`. There's an additional `pushUpdates` option that, when enabled, updates the `flake.lock` file and pushes it back up to the Git repository. Only one host needs to do this (in this case, it's [Hevana](./hosts/Hevana), but you can safely enable it on multiple hosts as long as they use the same repository and update at different times.
 
 #### Manually updating
 
-Run `nh` to update the system. Use the `--update` flag to update `flake.lock` as part of the process. After the first build, you can omit the hostname and path to your flake.nix file:
+Run `nos` to update the system. Use the `--update` flag to update `flake.lock` as part of the process. For the first build, you'll need to specify the path to your `flake.nix` file and the hostname using `nos --hostname my_hostname --flake /path/to/flake.nix`.
+
+After the first build, you can omit the hostname and path:
 
 ```sh
-nh os switch --update
+nos
 ```
 
 This is the equivalent of running:
 
 ```sh 
-nix flake update
+cd [flake dir]
+git pull
+nix flake update --commit-lock-file
+git push
 sudo nixos-rebuild switch --flake .
 ```
 

bin/nixos-operations-script.sh

@@ -1,12 +1,13 @@
 #!/usr/bin/env bash
-# Wrapper script for nixos-rebuild
+# The NixOS Operations Script (NOS) is a wrapper script for nixos-rebuild and Flake-based configurations.
+# It handles pulling the latest version of your repository using Git, running system updates, and pushing changes back up.
 
 # Configuration parameters
 operation="switch"                              # The nixos-rebuild operation to use
 hostname=$(/run/current-system/sw/bin/hostname) # The name of the host to build
-flakeDir="${FLAKE_DIR}"                         # Path to the flake file (and optionally the hostname). Defaults to the FLAKE_DIR environment variable.
+flakeDir="${FLAKE_DIR}"                         # Path to the flake file (and optionally the hostname)
-update=false                                    # Whether to update flake.lock (false by default)
+update=false                                    # Whether to update and commmit flake.lock
-user=$(/run/current-system/sw/bin/whoami)       # Which user account to use for git commands (defaults to whoever called the script)
+user=$(/run/current-system/sw/bin/whoami)       # Which user account to use for git commands
 remainingArgs=""                                # All remaining arguments that haven't yet been processed (will be passed to nixos-rebuild)
 
 function usage() {
@@ -16,15 +17,17 @@ function usage() {
 	echo "  1. Pull the latest version of your Nix config repository"
 	echo "  2. Run 'nixos-rebuild switch'."
 	echo ""
-	echo "Advanced usage: nixos-operations-script.sh [-o|--operation operation] [-f|--flake path-to-flake] [extra nixos-rebuild parameters]"
+	echo "Advanced usage: nixos-operations-script.sh [-h | --hostname hostname-to-build] [-o | --operation operation] [-f | --flake path-to-flake] [extra nixos-rebuild parameters]"
-	echo "Options:"
-	echo " -h, --help          Show this help screen."
-	echo " -o, --operation     The nixos-rebuild operation to perform."
-	echo " -f, --flake <path>  The path to your flake.nix file (and optionally, the hostname to build)."
-	echo " -U, --update        Update and commit flake.lock."
-	echo " -u, --user          Which user account to run git commands under."
 	echo ""
-	exit 2
+	echo "Options:"
+	echo " --help                       Show this help screen."
+	echo " -f, --flake [path]           The path to your flake.nix file (defualts to the FLAKE_DIR environment variable)."
+	echo " -h, --hostname [hostname]    The name of the host to build (defaults to the current system's hostname)."
+	echo " -o, --operation [operation]  The nixos-rebuild operation to perform (defaults to 'switch')."
+	echo " -U, --update                 Update and commit the flake.lock file."
+	echo " -u, --user [username]        Which user account to run git commands under (defaults to the user running this script)."
+	echo ""
+	exit 0
 }
 
 # Argument processing logic shamelessly stolen from https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash
@@ -36,6 +39,11 @@ while [[ $# -gt 0 ]]; do
 		shift
 		shift
 		;;
+	--hostname|-h)
+	    hostname="$2"
+	    shift
+	    shift
+	    ;;
 	--update|--upgrade|-U)
 		update=true
 		shift
@@ -50,9 +58,8 @@ while [[ $# -gt 0 ]]; do
 		shift
 		shift
 		;;
-	--help|-h)
+	--help)
 		usage
-		exit 0
 		;;
 	*)
 		POSITIONAL_ARGS+=("$1") # save positional arg
@@ -80,9 +87,9 @@ else
 	echo "Skipping 'nix flake update'..."
 fi
 
-options="--flake $flakeDir $remainingArgs --use-remote-sudo --log-format multiline-with-logs"
+options="--flake ${flakeDir}#${hostname} ${remainingArgs} --use-remote-sudo --log-format multiline-with-logs"
 
-echo "Running this operation: nixos-rebuild $operation $options"
+echo "Running this operation: nixos-rebuild ${operation} ${options}"
-/run/wrappers/bin/sudo -u root /run/current-system/sw/bin/nixos-rebuild $operation $options
+/run/wrappers/bin/sudo -u $user /run/current-system/sw/bin/nixos-rebuild $operation $options
 
 exit 0

flake.lock

@@ -203,7 +203,7 @@
         "narHash": "sha256-5WHctvz0R9N9oBGda1ROuJ/V/m/tZsEXloGWDrd9G7Y=",
         "rev": "866b8902c975a1aaec547445976dd39d60def4ab",
         "type": "tarball",
-        "url": "https://git.auxolotl.org/api/v1/repos/auxolotl/labs/archive/866b8902c975a1aaec547445976dd39d60def4ab.tar.gz?rev=866b8902c975a1aaec547445976dd39d60def4ab"
+        "url": "https://git.auxolotl.org/api/v1/repos/auxolotl/labs/archive/d7762a5a78273ffb76da6f6902245983143f63f6.tar.gz?rev=d7762a5a78273ffb76da6f6902245983143f63f6"
       },
       "original": {
         "dir": "lib",
@@ -315,11 +315,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1728888510,
+        "lastModified": 1728492678,
-        "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=",
+        "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c",
+        "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
         "type": "github"
       },
       "original": {
@@ -331,11 +331,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1728909085,
+        "lastModified": 1728740863,
-        "narHash": "sha256-WLxED18lodtQiayIPDE5zwAfkPJSjHJ35UhZ8h3cJUg=",
+        "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c0b1da36f7c34a7146501f684e9ebdf15d2bebf8",
+        "rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077",
         "type": "github"
       },
       "original": {

modules/common.nix

@@ -13,6 +13,7 @@
     aux.system.packages = with pkgs; [
       fastfetch # Show a neat system statistics screen when opening a terminal
       htop # System monitor
+      lm_sensors # System temperature monitoring
       zellij # Terminal multiplexer
     ];
 

modules/system/filesystem.nix

@@ -5,6 +5,12 @@ let
   # LUKS partition will decrypt to /dev/mapper/nixos-root
   decryptPart = "nixos-root";
   decryptPath = "/dev/mapper/${decryptPart}";
+
+  # Default mount options for your main partitions
+  primaryPartOpts = [
+    "compress=zstd"
+    (lib.mkIf cfg.discard "discard=async").content
+  ];
 in
 {
   options = {
@@ -56,56 +62,44 @@ in
       # Enable TPM auto-unlocking if configured
       crypttabExtraOpts = lib.mkIf config.aux.system.bootloader.tpm2.enable [ "tpm2-device=auto" ];
     };
-    fileSystems =
+    fileSystems = {
-      {
+      "/" = {
-        "/" = {
+        device = decryptPath;
-          device = decryptPath;
+        fsType = "btrfs";
-          fsType = "btrfs";
+        options = [ "subvol=@" ] ++ primaryPartOpts;
-          options = [
-            "subvol=@"
-            "compress=zstd"
-          ] ++ lib.optionals cfg.discard [ "discard=async" ];
-        };
-        "/boot" = {
-          device = cfg.partitions.boot;
-          fsType = "vfat";
-        };
-        "/home" = {
-          device = decryptPath;
-          fsType = "btrfs";
-          options = [
-            "subvol=@home"
-            "compress=zstd"
-          ] ++ lib.optionals cfg.discard [ "discard=async" ];
-        };
-        "/var/log" = {
-          device = decryptPath;
-          fsType = "btrfs";
-          options = [
-            "subvol=@log"
-            "compress=zstd"
-          ] ++ lib.optionals cfg.discard [ "discard=async" ];
-        };
-        "/nix" = {
-          device = decryptPath;
-          fsType = "btrfs";
-          options = [
-            "subvol=@nix"
-            "compress=zstd"
-            "noatime"
-          ] ++ lib.optionals cfg.discard [ "discard=async" ];
-        };
-      }
-      // lib.optionalAttrs cfg.swapFile.enable {
-        "/swap" = {
-          device = decryptPath;
-          fsType = "btrfs";
-          options = [
-            "subvol=@swap"
-            "noatime"
-          ] ++ lib.optionals cfg.discard [ "discard=async" ];
-        };
       };
+      "/boot" = {
+        device = cfg.partitions.boot;
+        fsType = "vfat";
+      };
+      "/home" = {
+        device = decryptPath;
+        fsType = "btrfs";
+        options = [ "subvol=@home" ] ++ primaryPartOpts;
+      };
+      "/var/log" = {
+        device = decryptPath;
+        fsType = "btrfs";
+        options = [ "subvol=@log" ] ++ primaryPartOpts;
+      };
+      "/nix" = {
+        device = decryptPath;
+        fsType = "btrfs";
+        options = [
+          "subvol=@nix"
+          "noatime"
+        ] ++ primaryPartOpts;
+      };
+      "/swap" = lib.mkIf cfg.swapFile.enable {
+        device = decryptPath;
+        fsType = "btrfs";
+        options = [
+          "subvol=@swap"
+          "noatime"
+          (lib.mkIf cfg.discard "discard=async").content
+        ];
+      };
+    };
 
     swapDevices = lib.mkIf cfg.swapFile.enable [
       {

modules/system/system.nix

@@ -32,10 +32,7 @@ in
           gnutar
           gzip
           home-manager
-          lm_sensors
+          openssh
-          config.nix.package.out
-          nh
-          config.programs.ssh.package
           sudo
           xz.bin
         ];

modules/ui/desktops/common.nix

@@ -59,6 +59,7 @@ in
         noto-fonts-emoji
         liberation_ttf
         fira-code
+        fira-code-nerdfont
         fira-code-symbols
         fira
         roboto-slab

modules/users/aires/default.nix

@@ -87,16 +87,13 @@ in
               matchBlocks = config.secrets.users.aires.sshConfig;
             };
 
-            # Set up Zsh
+            # Tweak Zsh
             zsh = {
-              oh-my-zsh = {
-                theme = "gentoo";
-              };
               shellAliases = {
                 nos = "nixos-operations-script";
                 z = "zellij";
                 update = "upgrade";
-                upgrade = "nos";
+                upgrade = "nos --update";
               };
               loginExtra = "fastfetch --memory-percent-green 75 --memory-percent-yellow 90";
             };

modules/users/common/home-manager/zsh.nix

@@ -1,29 +1,24 @@
 # Additional ZSH settings via Home Manager
 { pkgs, ... }:
 {
-  programs.zsh = {
+  programs = {
-    enable = true;
+    # Set up Starship
-    autosuggestion.enable = true;
+    # https://starship.rs/
-    syntaxHighlighting.enable = true;
+    starship = {
-    history.ignoreDups = true; # Do not enter command lines into the history list if they are duplicates of the previous event.
-    prezto = {
-      git.submoduleIgnore = "untracked"; # Ignore submodules when they are untracked.
-    };
-    plugins = [
-      {
-        name = "zsh-nix-shell";
-        file = "nix-shell.plugin.zsh";
-        src = pkgs.fetchFromGitHub {
-          owner = "chisui";
-          repo = "zsh-nix-shell";
-          rev = "v0.8.0";
-          sha256 = "1lzrn0n4fxfcgg65v0qhnj7wnybybqzs4adz7xsrkgmcsr0ii8b7";
-        };
-      }
-    ];
-    oh-my-zsh = {
       enable = true;
-      plugins = [ "git" ];
+      enableZshIntegration = true;
+    };
+    zsh = {
+      enable = true;
+      autosuggestion.enable = true;
+      syntaxHighlighting.enable = true;
+      history.ignoreDups = true; # Do not enter command lines into the history list if they are duplicates of the previous event.
+      initExtra = ''
+              	function set_win_title(){
+              	  echo -ne "\033]0; $(basename "$PWD") \007"
+        		}
+              	precmd_functions+=(set_win_title)
+      '';
     };
   };
 }

modules/users/gremlin/default.nix

@@ -90,23 +90,6 @@ in
             enable = true;
             matchBlocks = config.secrets.users.gremlin.sshConfig;
           };
-
-          # Set up Zsh
-          zsh = {
-            # Install and source the p10k theme
-            plugins = [
-              {
-                name = "powerlevel10k";
-                src = pkgs.zsh-powerlevel10k;
-                file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
-              }
-              {
-                name = "powerlevel10k-config";
-                src = ./p10k-config;
-                file = "p10k.zsh";
-              }
-            ];
-          };
         };
       };
     })