changed password age to hash, add disko configuration for use with nixos-anywhere

6 files changed, 134 insertions, 6 deletions

diff --git a/flake.nix b/flake.nix
index 6fc07c2..c99f1a3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -11,6 +11,10 @@
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    disko = {
+      url = github:nix-community/disko;
+      inputs.nixpkgs.follows = "nixpkgs"; 
+    };
   };
 
   outputs = inputs@{ self, ... }: let
@@ -21,13 +25,14 @@
         specialArgs = {inherit inputs;};
       };
     mkSystem = pkgs: system: h: (mkSystem_ pkgs system h [
-        inputs.agenix.nixosModule inputs.impermanence.nixosModules.impermanence
+        inputs.agenix.nixosModule inputs.impermanence.nixosModules.impermanence inputs.disko.nixosModules.disko
       ]);
   in {
     apps = inputs.nixinate.nixinate.x86_64-linux self;
     nixosConfigurations = {
       # pc = mkSystem inputs.nixpkgs "x86_64-linux" "pc";
       vm = mkSystem inputs.nixpkgs "x86_64-linux" "vm";
+      vps = mkSystem inputs.nixpkgs "x86_64-linux" "vps";
     };
   };
 }
diff --git a/hosts/disko.nix b/hosts/disko.nix
new file mode 100644
index 0000000..0a0710e
--- /dev/null
+++ b/hosts/disko.nix
@@ -0,0 +1,49 @@
+# Example to create a bios compatible gpt partition
+{ lib, disks, ... }: {
+  disk = lib.genAttrs disks (dev: {
+    device = dev;
+    type = "disk";
+    content = {
+      type = "table";
+      format = "gpt";
+      partitions = [
+        {
+          type = "partition";
+          name = "boot";
+          start = "1MiB";
+          end = "100MiB";
+          bootable = true;
+          content = {
+            type = "filesystem";
+            format = "vfat";
+            mountpoint = "/boot";
+          };
+        }
+        {
+          name = "nix";
+          type = "partition";
+          start = "128MiB";
+          end = "100%";
+          content = {
+            type = "btrfs";
+            extraArgs = "-f"; # Override existing partition
+            subvolumes = {
+              "/nix" = {
+                mountOptions = ["noatime" "compress=zstd"]
+              }
+            };
+          };
+        }
+      ]
+    };
+  });
+    
+  nodev = {
+    "/" = {
+      fsType = "tmpfs";
+      mountOptions = [
+        "size=200M"
+      ];
+    };
+  };
+}
\ No newline at end of file
diff --git a/hosts/vm/cfg.nix b/hosts/vm/cfg.nix
index 3b5ace8..d6f33d9 100644
--- a/hosts/vm/cfg.nix
+++ b/hosts/vm/cfg.nix
@@ -3,11 +3,12 @@
     ../../profiles/core.nix
     ../../profiles/user.nix
     ../../profiles/ssh.nix
-    ../../profiles/graphical.nix
+    # ../../profiles/graphical.nix
     ../../mixins/tailscale.nix
     ../../mixins/cli.nix
-    ../../mixins/greet.nix
-    ../../mixins/sway.nix
+    # ../../mixins/greet.nix
+    # ../../mixins/sway.nix
+    (modulesPath + "/profiles/qemu-guest.nix")
   ];
 
   config = {
diff --git a/hosts/vps/cfg.nix b/hosts/vps/cfg.nix
new file mode 100644
index 0000000..f32afea
--- /dev/null
+++ b/hosts/vps/cfg.nix
@@ -0,0 +1,72 @@
+{config, lib, pkgs, ...}: {
+  imports = [
+    ../../profiles/core.nix
+    ../../profiles/user.nix
+    ../../profiles/ssh.nix
+    ../../mixins/tailscale.nix
+    ../../mixins/cli.nix
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  config = {
+    _module.args.nixinate = {
+      host = "95.179.249.76";
+      sshUser = "nixos";
+      buildOn = "remote"; # valid args are "local" or "remote"
+      substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s"
+      hermetic = false;
+    };
+
+    disko.devices = import ../disko.nix {
+      lib = pkgs.lib;
+    };
+    networking.hostName = "vps";
+    
+    boot = {
+      initrd = {
+        supportedFilesystems = ["btrfs"];
+      };
+      kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+      kernelParams = [
+        "console=ttyS0"
+        "init_on_free=1"
+        "page_poison=1"
+        "page_alloc.shuffle=1"
+        "slab_nomerge"
+        "vsyscall=none"
+      ];
+      cleanTmpDir = true;
+      loader = {
+        systemd-boot = {
+          enable = true;
+        };
+        efi = {
+          canTouchEfiVariables = true;
+          efiSysMountPoint = "/boot";
+        };
+      };
+    };
+
+    time.timeZone = lib.mkDefault "Frankfurt";
+
+    fileSystems = {
+      "/" = {
+        device = "none";
+        fsType = "tmpfs";
+        options = ["noexec" "defaults" "size=2G" "mode=755"];
+      };
+      "/nix" = {
+        device = "/dev/disk/by-partlabel/nix";
+        options = ["noatime" "compress=zstd"];
+      };
+      "/boot" = {
+        device = "/dev/disk/by-partlabel/boot";
+      };
+    };
+
+    zramSwap = {
+      enable = true;
+      algorithm = "zstd";
+    };
+  };
+}
\ No newline at end of file
diff --git a/profiles/gentoo.nix b/profiles/gentoo.nix
index 67f7e78..6747ba6 100644
--- a/profiles/gentoo.nix
+++ b/profiles/gentoo.nix
@@ -3,7 +3,7 @@
 {
   imports = [];
   config = {
-    nativeStdenv = prev.stdenvAdapters.withCFlags [ "-O3" "-pipe" "-mcpu=apple-m1" ]
+    nativeStdenv = prev.stdenvAdapters.withCFlags [ "-O3" "-pipe" "-march=native" ]
     (prev.overrideCC prev.llvmPackages_latest.stdenv
       (prev.wrapCCWith rec {
         cc = prev.llvmPackages_latest.clang-unwrapped;
diff --git a/profiles/user.nix b/profiles/user.nix
index 6aa8262..514d303 100644
--- a/profiles/user.nix
+++ b/profiles/user.nix
@@ -25,7 +25,8 @@
       extraGroups = ["wheel"];
       packages = [pkgs.git];
       shell = pkgs.fish;
-      passwordFile = config.age.secrets.password.path;
+      hashedPassword = "$6$FAQYKz3OCtRNOP7h$XsApvP.r./Jv5MRI1idDI9BMnA26xxEvXFlE61Zls.QA3EK2x76XsetdpxSlgViylnRwRuq5XQMc3GeAJ7tum1";
+      # passwordFile = config.age.secrets.password.path;
       openssh.authorizedKeys.keys = [
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMDyzrs9sbstv3KFK5FV8qYlSknnEy8Cn+qch4dJLmHA"
       ];