README.md

@@ -11,67 +11,47 @@ A full set of configuration files managed via NixOS. This project is an **unoffi
 
 Secrets are managed using [git-crypt](https://github.com/AGWA/git-crypt). To unlock the repo, use `git-crypt unlock [path to key file]`. git-crypt will transparently encrypt/decrypt files stored in `modules/secrets` going forward, but you'll need this key file on all hosts that are using secrets.
 
-> [!NOTE]
-> This is a poor man's secret management solution. If you use this, your secrets will be world-readable in the `/nix/store/`.
+Note: This is a poor man's secret management solution. These secrets will be world-readable in the `/nix/store/`.
 
 ### First-time installation
 
-When installing on a brand new system, partition the main drive into two partitions: a `/boot` partition, and a LUKS partition. Then, run `bin/format-drives.sh --root [root partition] --luks [luks partition]` (the script will request sudo privileges):
+When installing on a brand new system, partition the main drive into two partitions: a `/boot` partition, and a LUKS partition. Then, run `bin/format-drives.sh --root [root partition] --luks [luks partition]`. This also creates a `hardware-configuration.nix` file.
 
 ```sh
 ./bin/format-drives.sh --boot /dev/nvme0n1p1 --luks /dev/nvme0n1p2 
 ```
 
-Next, set up the host's config under in the `hosts` folder by copying `configuration.nix.template` and `hardware-configuration.nix.template` into a new folder. Running `format-drives.sh` also generates a `hardware-configuration.nix` file you can use.
+Next, set up the host's config under in the `hosts` folder by copying `configuration.nix.template` and `hardware-configuration.nix.template` into a new folder.
 
 Then, add the host to `flake.nix` under the `nixosConfigurations` section.
 
 Finally, run the NixOS installer, replacing `host` with your actual hostname:
 
 ```sh
-sudo nixos-install --verbose --root /mnt --flake .#host --no-root-password
+nixos-install --verbose --root /mnt --flake .#host --no-root-password
 ``` 
 
 > [!TIP]
-> This config installs a nixos-rebuild wrapper called `nos` (NixOS Operations Script) that handles pulling and pushing changes to your configuration repository via git. For more info, run `nixos-operations-script --help`.
+> This config installs a [Nix wrapper called nh](https://github.com/viperML/nh). Basic install/upgrade commands can be run using `nh`, but more advanced stuff should use `nixos-rebuild`.
 
 ### Running updates
 
-To update a system, run `nixos-operations-script` (or just `nos`). To commit updates back to the repo, use `nos --update`. Do not run this script as root - it will automatically request sudo permissions as needed.
+All hosts are configured to run automatic daily updates (see `modules/system/system.nix`). You can disable this by adding `aux.system.services.autoUpgrade = false;` to a host's config.
 
-#### Automatic updates
-
-To enable automatic updates for a host, set `aux.system.services.autoUpgrade = true;`. You can configure the autoUpgrade module with additional settings, e.g.:
-
-```nix
-aux.system.services.autoUpgrade = {
-  enable = true;
-  configDir = config.secrets.nixConfigFolder;
-  extraFlags = "--build-host hevana";
-  onCalendar = "daily";
-  user = config.users.users.aires.name;
-};
-```
-
-Automatic updates work by running `nos`. There's an additional `pushUpdates` option that, when enabled, updates the `flake.lock` file and pushes it back up to the Git repository. Only one host needs to do this (in this case, it's [Hevana](./hosts/Hevana), but you can safely enable it on multiple hosts as long as they use the same repository and update at different times.
+Automatic updates work by `git pull`ing the latest version of the repo from Forgejo. This repo gets updated nightly by [`Hevana`](./hosts/Hevana), which updates the `flake.lock` file and pushes it back up to Forgejo. Only one host needs to do this, and you can enable this feature on a host using `aux.system.services.autoUpgrade.pushUpdates = true;`.
 
 #### Manually updating
 
-Run `nos` to update the system. Use the `--update` flag to update `flake.lock` as part of the process. For the first build, you'll need to specify the path to your `flake.nix` file and the hostname using `nos --hostname my_hostname --flake /path/to/flake.nix`.
-
-After the first build, you can omit the hostname and path:
+Run `nh` to update the system. Use the `--update` flag to update `flake.lock` as part of the process. After the first build, you can omit the hostname and path to your flake.nix file:
 
 ```sh
-nos
+nh os switch --update
 ```
 
 This is the equivalent of running:
 
 ```sh 
-cd [flake dir]
-git pull
-nix flake update --commit-lock-file
-git push
+nix flake update
 sudo nixos-rebuild switch --flake .
 ```
 

bin/nixos-operations-script.sh

@@ -1,13 +1,12 @@
 #!/usr/bin/env bash
-# The NixOS Operations Script (NOS) is a wrapper script for nixos-rebuild and Flake-based configurations.
-# It handles pulling the latest version of your repository using Git, running system updates, and pushing changes back up.
+# Wrapper script for nixos-rebuild
 
 # Configuration parameters
 operation="switch"                              # The nixos-rebuild operation to use
 hostname=$(/run/current-system/sw/bin/hostname) # The name of the host to build
-flakeDir="${FLAKE_DIR}"                         # Path to the flake file (and optionally the hostname)
-update=false                                    # Whether to update and commmit flake.lock
-user=$(/run/current-system/sw/bin/whoami)       # Which user account to use for git commands
+flakeDir="${FLAKE_DIR}"                         # Path to the flake file (and optionally the hostname). Defaults to the FLAKE_DIR environment variable.
+update=false                                    # Whether to update flake.lock (false by default)
+user=$(/run/current-system/sw/bin/whoami)       # Which user account to use for git commands (defaults to whoever called the script)
 remainingArgs=""                                # All remaining arguments that haven't yet been processed (will be passed to nixos-rebuild)
 
 function usage() {
@@ -17,17 +16,15 @@ function usage() {
 	echo "  1. Pull the latest version of your Nix config repository"
 	echo "  2. Run 'nixos-rebuild switch'."
 	echo ""
-	echo "Advanced usage: nixos-operations-script.sh [-h | --hostname hostname-to-build] [-o | --operation operation] [-f | --flake path-to-flake] [extra nixos-rebuild parameters]"
-	echo ""
+	echo "Advanced usage: nixos-operations-script.sh [-o|--operation operation] [-f|--flake path-to-flake] [extra nixos-rebuild parameters]"
 	echo "Options:"
-	echo " --help                       Show this help screen."
-	echo " -f, --flake [path]           The path to your flake.nix file (defualts to the FLAKE_DIR environment variable)."
-	echo " -h, --hostname [hostname]    The name of the host to build (defaults to the current system's hostname)."
-	echo " -o, --operation [operation]  The nixos-rebuild operation to perform (defaults to 'switch')."
-	echo " -U, --update                 Update and commit the flake.lock file."
-	echo " -u, --user [username]        Which user account to run git commands under (defaults to the user running this script)."
+	echo " -h, --help          Show this help screen."
+	echo " -o, --operation     The nixos-rebuild operation to perform."
+	echo " -f, --flake <path>  The path to your flake.nix file (and optionally, the hostname to build)."
+	echo " -U, --update        Update and commit flake.lock."
+	echo " -u, --user          Which user account to run git commands under."
 	echo ""
-	exit 0
+	exit 2
 }
 
 # Argument processing logic shamelessly stolen from https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash
@@ -39,11 +36,6 @@ while [[ $# -gt 0 ]]; do
 		shift
 		shift
 		;;
-	--hostname|-h)
-	    hostname="$2"
-	    shift
-	    shift
-	    ;;
 	--update|--upgrade|-U)
 		update=true
 		shift
@@ -58,8 +50,9 @@ while [[ $# -gt 0 ]]; do
 		shift
 		shift
 		;;
-	--help)
+	--help|-h)
 		usage
+		exit 0
 		;;
 	*)
 		POSITIONAL_ARGS+=("$1") # save positional arg
@@ -87,9 +80,9 @@ else
 	echo "Skipping 'nix flake update'..."
 fi
 
-options="--flake ${flakeDir}#${hostname} ${remainingArgs} --use-remote-sudo --log-format multiline-with-logs"
+options="--flake $flakeDir $remainingArgs --use-remote-sudo --log-format multiline-with-logs"
 
-echo "Running this operation: nixos-rebuild ${operation} ${options}"
-/run/wrappers/bin/sudo -u $user /run/current-system/sw/bin/nixos-rebuild $operation $options
+echo "Running this operation: nixos-rebuild $operation $options"
+/run/wrappers/bin/sudo -u root /run/current-system/sw/bin/nixos-rebuild $operation $options
 
 exit 0

flake.lock

@@ -203,7 +203,7 @@
         "narHash": "sha256-5WHctvz0R9N9oBGda1ROuJ/V/m/tZsEXloGWDrd9G7Y=",
         "rev": "866b8902c975a1aaec547445976dd39d60def4ab",
         "type": "tarball",
-        "url": "https://git.auxolotl.org/api/v1/repos/auxolotl/labs/archive/d7762a5a78273ffb76da6f6902245983143f63f6.tar.gz?rev=d7762a5a78273ffb76da6f6902245983143f63f6"
+        "url": "https://git.auxolotl.org/api/v1/repos/auxolotl/labs/archive/866b8902c975a1aaec547445976dd39d60def4ab.tar.gz?rev=866b8902c975a1aaec547445976dd39d60def4ab"
       },
       "original": {
         "dir": "lib",
@@ -315,11 +315,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1728492678,
-        "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
+        "lastModified": 1728888510,
+        "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
+        "rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c",
         "type": "github"
       },
       "original": {
@@ -331,11 +331,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1728740863,
-        "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=",
+        "lastModified": 1728909085,
+        "narHash": "sha256-WLxED18lodtQiayIPDE5zwAfkPJSjHJ35UhZ8h3cJUg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077",
+        "rev": "c0b1da36f7c34a7146501f684e9ebdf15d2bebf8",
         "type": "github"
       },
       "original": {

modules/common.nix

@@ -13,7 +13,6 @@
     aux.system.packages = with pkgs; [
       fastfetch # Show a neat system statistics screen when opening a terminal
       htop # System monitor
-      lm_sensors # System temperature monitoring
       zellij # Terminal multiplexer
     ];
 

modules/system/filesystem.nix

@@ -5,12 +5,6 @@ let
   # LUKS partition will decrypt to /dev/mapper/nixos-root
   decryptPart = "nixos-root";
   decryptPath = "/dev/mapper/${decryptPart}";
-
-  # Default mount options for your main partitions
-  primaryPartOpts = [
-    "compress=zstd"
-    (lib.mkIf cfg.discard "discard=async").content
-  ];
 in
 {
   options = {
@@ -62,11 +56,15 @@ in
       # Enable TPM auto-unlocking if configured
       crypttabExtraOpts = lib.mkIf config.aux.system.bootloader.tpm2.enable [ "tpm2-device=auto" ];
     };
-    fileSystems = {
+    fileSystems =
+      {
         "/" = {
           device = decryptPath;
           fsType = "btrfs";
-        options = [ "subvol=@" ] ++ primaryPartOpts;
+          options = [
+            "subvol=@"
+            "compress=zstd"
+          ] ++ lib.optionals cfg.discard [ "discard=async" ];
         };
         "/boot" = {
           device = cfg.partitions.boot;
@@ -75,29 +73,37 @@ in
         "/home" = {
           device = decryptPath;
           fsType = "btrfs";
-        options = [ "subvol=@home" ] ++ primaryPartOpts;
+          options = [
+            "subvol=@home"
+            "compress=zstd"
+          ] ++ lib.optionals cfg.discard [ "discard=async" ];
         };
         "/var/log" = {
           device = decryptPath;
           fsType = "btrfs";
-        options = [ "subvol=@log" ] ++ primaryPartOpts;
+          options = [
+            "subvol=@log"
+            "compress=zstd"
+          ] ++ lib.optionals cfg.discard [ "discard=async" ];
         };
         "/nix" = {
           device = decryptPath;
           fsType = "btrfs";
           options = [
             "subvol=@nix"
+            "compress=zstd"
             "noatime"
-        ] ++ primaryPartOpts;
+          ] ++ lib.optionals cfg.discard [ "discard=async" ];
         };
-      "/swap" = lib.mkIf cfg.swapFile.enable {
+      }
+      // lib.optionalAttrs cfg.swapFile.enable {
+        "/swap" = {
           device = decryptPath;
           fsType = "btrfs";
           options = [
             "subvol=@swap"
             "noatime"
-          (lib.mkIf cfg.discard "discard=async").content
-        ];
+          ] ++ lib.optionals cfg.discard [ "discard=async" ];
         };
       };
 

modules/system/system.nix

@@ -32,7 +32,10 @@ in
           gnutar
           gzip
           home-manager
-          openssh
+          lm_sensors
+          config.nix.package.out
+          nh
+          config.programs.ssh.package
           sudo
           xz.bin
         ];

modules/ui/desktops/common.nix

@@ -59,7 +59,6 @@ in
         noto-fonts-emoji
         liberation_ttf
         fira-code
-        fira-code-nerdfont
         fira-code-symbols
         fira
         roboto-slab

modules/users/aires/default.nix

@@ -87,13 +87,16 @@ in
               matchBlocks = config.secrets.users.aires.sshConfig;
             };
 
-            # Tweak Zsh
+            # Set up Zsh
             zsh = {
+              oh-my-zsh = {
+                theme = "gentoo";
+              };
               shellAliases = {
                 nos = "nixos-operations-script";
                 z = "zellij";
                 update = "upgrade";
-                upgrade = "nos --update";
+                upgrade = "nos";
               };
               loginExtra = "fastfetch --memory-percent-green 75 --memory-percent-yellow 90";
             };

modules/users/common/home-manager/zsh.nix

@@ -1,24 +1,29 @@
 # Additional ZSH settings via Home Manager
 { pkgs, ... }:
 {
-  programs = {
-    # Set up Starship
-    # https://starship.rs/
-    starship = {
-      enable = true;
-      enableZshIntegration = true;
-    };
-    zsh = {
+  programs.zsh = {
     enable = true;
     autosuggestion.enable = true;
     syntaxHighlighting.enable = true;
     history.ignoreDups = true; # Do not enter command lines into the history list if they are duplicates of the previous event.
-      initExtra = ''
-              	function set_win_title(){
-              	  echo -ne "\033]0; $(basename "$PWD") \007"
+    prezto = {
+      git.submoduleIgnore = "untracked"; # Ignore submodules when they are untracked.
+    };
+    plugins = [
+      {
+        name = "zsh-nix-shell";
+        file = "nix-shell.plugin.zsh";
+        src = pkgs.fetchFromGitHub {
+          owner = "chisui";
+          repo = "zsh-nix-shell";
+          rev = "v0.8.0";
+          sha256 = "1lzrn0n4fxfcgg65v0qhnj7wnybybqzs4adz7xsrkgmcsr0ii8b7";
+        };
       }
-              	precmd_functions+=(set_win_title)
-      '';
+    ];
+    oh-my-zsh = {
+      enable = true;
+      plugins = [ "git" ];
     };
   };
 }

modules/users/gremlin/default.nix

@@ -90,6 +90,23 @@ in
             enable = true;
             matchBlocks = config.secrets.users.gremlin.sshConfig;
           };
+
+          # Set up Zsh
+          zsh = {
+            # Install and source the p10k theme
+            plugins = [
+              {
+                name = "powerlevel10k";
+                src = pkgs.zsh-powerlevel10k;
+                file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
+              }
+              {
+                name = "powerlevel10k-config";
+                src = ./p10k-config;
+                file = "p10k.zsh";
+              }
+            ];
+          };
         };
       };
     })