initial commit

template/.envrc

@@ -0,0 +1 @@
+use flake

template/.gitignore

@@ -0,0 +1 @@
+/.direnv/

template/README.md

@@ -0,0 +1,26 @@
+# Impermanence Example
+
+## Disk Partitioning
+
+```txt
+nix develop .#first-install --extra-experimental-features "nix-command flakes"
+sudo disko --mode disko ./systems/desktop/<system>/disko.nix
+```
+
+While formatting you will be asked for a password which is used for disk encryption with LUKS.
+Make sure you have the correct keyboard layout set.
+
+## [Optional] Generate Hardware Configuration (for new Systems)
+
+```txt
+sudo nixos-generate-config --no-filesystems --root /mnt
+```
+
+Integrate into existing config.
+
+## Install from Flake
+
+```txt
+sudo nixos-install --no-root-password --root /mnt --flake .#<system>
+```
+

template/flake.nix

@@ -0,0 +1,50 @@
+{
+  description = "Impermanence Example";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
+
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    impermanence = {
+      url = "github:nix-community/impermanence";
+    };
+  };
+
+  outputs = {
+    self,
+    nixpkgs,
+    ...
+  } @ inputs: let
+    system = "x86_64-linux";
+    pkgs = nixpkgs.legacyPackages.${system};
+  in {
+    nixosConfigurations = {
+      minimal = nixpkgs.lib.nixosSystem {
+        inherit system;
+        modules = [
+          inputs.disko.nixosModules.default
+          inputs.impermanence.nixosModules.impermanence
+
+          ./system
+        ];
+      };
+
+      formatter = pkgs.alejandra;
+
+      devShells = {
+        default = pkgs.mkShellNoCC.mkShellNoCC {
+          packages = with pkgs; [
+            git
+            inputs.disko.packages.default
+          ];
+        };
+      };
+    };
+  };
+}

template/libs/default.nix

@@ -0,0 +1,90 @@
+{
+  diskSetup = {
+    device ? throw "Missing required argument device. (e.g. /dev/sda)",
+    swapCapacity ? throw "Missing required argument swapCapacity. (e.g. 16G)",
+    ssd ? false,
+    ...
+  }: {
+    disko.devices = {
+      disk.main = {
+        inherit device;
+
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            "esp" = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = ["umask=0077"];
+              };
+            };
+
+            "luks" = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "crypted";
+                settings.allowDiscards = true;
+
+                content = {
+                  type = "btrfs";
+                  extraArgs = ["-f"];
+                  subvolumes = {
+                    "/root" = {
+                      mountpoint = "/";
+                      mountOptions =
+                        [
+                          "compress=zstd"
+                          "noatime"
+                        ]
+                        ++ (
+                          if ssd
+                          then ["ssd"]
+                          else []
+                        );
+                    };
+                    "/persist" = {
+                      mountpoint = "/persist";
+                      mountOptions =
+                        [
+                          "compress=zstd"
+                          "noatime"
+                        ]
+                        ++ (
+                          if ssd
+                          then ["ssd"]
+                          else []
+                        );
+                    };
+                    "/nix" = {
+                      mountpoint = "/nix";
+                      mountOptions =
+                        [
+                          "compress=zstd"
+                          "noatime"
+                        ]
+                        ++ (
+                          if ssd
+                          then ["ssd"]
+                          else []
+                        );
+                    };
+                    "/swap" = {
+                      mountpoint = "/.swapvol";
+                      swap.swapfile.size = swapCapacity;
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

template/system/configuration.nix

@@ -0,0 +1,49 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  networking.hostName = "example";
+  networking.firewall.enable = true;
+  networking.firewall.allowPing = false;
+
+  environment.systemPackages = with pkgs; [
+    git
+  ];
+
+  nix.settings = {
+    experimental-features = lib.mkDefault "nix-command flakes";
+    auto-optimise-store = true;
+    trusted-users = ["root" "@wheel"];
+  };
+
+  security.sudo = {
+    enable = true;
+    execWheelOnly = true;
+    wheelNeedsPassword = false; # So we don't have to set a password for our user
+  };
+
+  users = {
+    mutableUsers = false; # Disallow creation of new users and groups
+
+    users."admin" = {
+      isNormalUser = true;
+      extraGroups = ["wheel"];
+    };
+  };
+
+  time.timeZone = "Europe/Vienna";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_AT.UTF-8";
+    LC_IDENTIFICATION = "de_AT.UTF-8";
+    LC_MEASUREMENT = "de_AT.UTF-8";
+    LC_MONETARY = "de_AT.UTF-8";
+    LC_NAME = "de_AT.UTF-8";
+    LC_NUMERIC = "de_AT.UTF-8";
+    LC_PAPER = "de_AT.UTF-8";
+    LC_TELEPHONE = "de_AT.UTF-8";
+    LC_TIME = "de_AT.UTF-8";
+  };
+}

template/system/default.nix

@@ -0,0 +1,8 @@
+{...}: {
+  imports = [
+    ./disko.nix
+    ./impermanence.nix
+
+    ./configurations.nix
+  ];
+}

template/system/disko.nix

@@ -0,0 +1,6 @@
+{libs ? import ../libs, ...}:
+libs.diskSetup {
+  device = "/dev/sda";
+  ssd = true;
+  swapCapacity = "2G";
+}