initial commit

2024-04-07 19:34:18 +02:00 · 2024-04-07 19:34:18 +02:00 · 9fad1743b2
commit 9fad1743b2
parent c51f2f436c
13 changed files with 292 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+/.direnv/
+*.iso
--- a/README.md
+++ b/README.md
@ -0,0 +1,10 @@
+# Impermanence Talk
+
+## Start a NixOS setup with Impermanence
+
+1. Create the configuration with the template
+    `nix flake init --template https://github.com/Krezzlu/impermanence-talk#default --extra-experimental-features "nix-command flakes"`
+2. Change the template to your liking.
+    Specifically the `disko.nix` file.
+3. `nix develop --extra-experimental-features "nix-command flakes"`
+4. `sudo disko --mode disko ./systems/desktop/<system>/disko.nix`
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1712437997,
+        "narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@ -1,15 +1,32 @@
 {
-  description = "A very basic flake";
+  description = "Material for a talk about NixOS Impermanence";

  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
  };

-  outputs = { self, nixpkgs }: {
+  outputs = {
+    self,
+    nixpkgs,
+    ...
+  } @ inputs: let
+    supportedSystems = ["x86_64-linux"];
+    forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
+    pkgs = forAllSystems (system: nixpkgs.legacyPackages.${system});
+  in {
+    # Typst PDF
+    # programs = throw "TODO"; # slides

-    packages.x86_64-linux.hello = nixpkgs.legacyPackages.x86_64-linux.hello;
+    # For sue with `nix flake init --template </path/to/this/flake>#<template>` or
+    # `nix flake new --template .#<template> /path/to/project`
+    templates = {
+      default = {
+        path = ./template;

-    packages.x86_64-linux.default = self.packages.x86_64-linux.hello;
+        description = "A flake template for a NixOS setup with impermanence.";

+        welcomeText = "";
+      };
+    };
  };
 }
--- a/template/.envrc
+++ b/template/.envrc
@ -0,0 +1 @@
+use flake
--- a/template/.gitignore
+++ b/template/.gitignore
@ -0,0 +1 @@
+/.direnv/
--- a/template/README.md
+++ b/template/README.md
@ -0,0 +1,26 @@
+# Impermanence Example
+
+## Disk Partitioning
+
+```txt
+nix develop .#first-install --extra-experimental-features "nix-command flakes"
+sudo disko --mode disko ./systems/desktop/<system>/disko.nix
+```
+
+While formatting you will be asked for a password which is used for disk encryption with LUKS.
+Make sure you have the correct keyboard layout set.
+
+## [Optional] Generate Hardware Configuration (for new Systems)
+
+```txt
+sudo nixos-generate-config --no-filesystems --root /mnt
+```
+
+Integrate into existing config.
+
+## Install from Flake
+
+```txt
+sudo nixos-install --no-root-password --root /mnt --flake .#<system>
+```
+
--- a/template/flake.nix
+++ b/template/flake.nix
@ -0,0 +1,50 @@
+{
+  description = "Impermanence Example";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
+
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    impermanence = {
+      url = "github:nix-community/impermanence";
+    };
+  };
+
+  outputs = {
+    self,
+    nixpkgs,
+    ...
+  } @ inputs: let
+    system = "x86_64-linux";
+    pkgs = nixpkgs.legacyPackages.${system};
+  in {
+    nixosConfigurations = {
+      minimal = nixpkgs.lib.nixosSystem {
+        inherit system;
+        modules = [
+          inputs.disko.nixosModules.default
+          inputs.impermanence.nixosModules.impermanence
+
+          ./system
+        ];
+      };
+
+      formatter = pkgs.alejandra;
+
+      devShells = {
+        default = pkgs.mkShellNoCC.mkShellNoCC {
+          packages = with pkgs; [
+            git
+            inputs.disko.packages.default
+          ];
+        };
+      };
+    };
+  };
+}
--- a/template/libs/default.nix
+++ b/template/libs/default.nix
@ -0,0 +1,90 @@
+{
+  diskSetup = {
+    device ? throw "Missing required argument device. (e.g. /dev/sda)",
+    swapCapacity ? throw "Missing required argument swapCapacity. (e.g. 16G)",
+    ssd ? false,
+    ...
+  }: {
+    disko.devices = {
+      disk.main = {
+        inherit device;
+
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            "esp" = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = ["umask=0077"];
+              };
+            };
+
+            "luks" = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "crypted";
+                settings.allowDiscards = true;
+
+                content = {
+                  type = "btrfs";
+                  extraArgs = ["-f"];
+                  subvolumes = {
+                    "/root" = {
+                      mountpoint = "/";
+                      mountOptions =
+                        [
+                          "compress=zstd"
+                          "noatime"
+                        ]
+                        ++ (
+                          if ssd
+                          then ["ssd"]
+                          else []
+                        );
+                    };
+                    "/persist" = {
+                      mountpoint = "/persist";
+                      mountOptions =
+                        [
+                          "compress=zstd"
+                          "noatime"
+                        ]
+                        ++ (
+                          if ssd
+                          then ["ssd"]
+                          else []
+                        );
+                    };
+                    "/nix" = {
+                      mountpoint = "/nix";
+                      mountOptions =
+                        [
+                          "compress=zstd"
+                          "noatime"
+                        ]
+                        ++ (
+                          if ssd
+                          then ["ssd"]
+                          else []
+                        );
+                    };
+                    "/swap" = {
+                      mountpoint = "/.swapvol";
+                      swap.swapfile.size = swapCapacity;
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/template/system/configuration.nix
+++ b/template/system/configuration.nix
@ -0,0 +1,49 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  networking.hostName = "example";
+  networking.firewall.enable = true;
+  networking.firewall.allowPing = false;
+
+  environment.systemPackages = with pkgs; [
+    git
+  ];
+
+  nix.settings = {
+    experimental-features = lib.mkDefault "nix-command flakes";
+    auto-optimise-store = true;
+    trusted-users = ["root" "@wheel"];
+  };
+
+  security.sudo = {
+    enable = true;
+    execWheelOnly = true;
+    wheelNeedsPassword = false; # So we don't have to set a password for our user
+  };
+
+  users = {
+    mutableUsers = false; # Disallow creation of new users and groups
+
+    users."admin" = {
+      isNormalUser = true;
+      extraGroups = ["wheel"];
+    };
+  };
+
+  time.timeZone = "Europe/Vienna";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_AT.UTF-8";
+    LC_IDENTIFICATION = "de_AT.UTF-8";
+    LC_MEASUREMENT = "de_AT.UTF-8";
+    LC_MONETARY = "de_AT.UTF-8";
+    LC_NAME = "de_AT.UTF-8";
+    LC_NUMERIC = "de_AT.UTF-8";
+    LC_PAPER = "de_AT.UTF-8";
+    LC_TELEPHONE = "de_AT.UTF-8";
+    LC_TIME = "de_AT.UTF-8";
+  };
+}
--- a/template/system/default.nix
+++ b/template/system/default.nix
@ -0,0 +1,8 @@
+{...}: {
+  imports = [
+    ./disko.nix
+    ./impermanence.nix
+
+    ./configurations.nix
+  ];
+}
--- a/template/system/disko.nix
+++ b/template/system/disko.nix
@ -0,0 +1,6 @@
+{libs ? import ../libs, ...}:
+libs.diskSetup {
+  device = "/dev/sda";
+  ssd = true;
+  swapCapacity = "2G";
+}
--- a/template/system/impermanence.nix
+++ b/template/system/impermanence.nix