diff --git a/flake.nix b/flake.nix index 4822c21..7d51034 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,7 @@ inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs-stable.follows = "nixpkgs"; }; + impermanence.url = "github:nix-community/impermanence"; # Packages tela-icon-theme = { diff --git a/home-modules/firefox/default.nix b/home-modules/firefox/default.nix index f665605..e97dd09 100644 --- a/home-modules/firefox/default.nix +++ b/home-modules/firefox/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, self, ... }: +{ config, lib, pkgs, inputs, ... }: let cfg = config.jopejoe1.firefox; in { @@ -193,7 +193,7 @@ in { }; profiles = { default = { - extensions = with self.inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [ + extensions = with pkgs.firefox-addons; [ ublock-origin privacy-badger bitwarden diff --git a/systems/hetzner/default.nix b/systems/hetzner/default.nix index 335451c..e3fd879 100644 --- a/systems/hetzner/default.nix +++ b/systems/hetzner/default.nix @@ -6,6 +6,7 @@ self.inputs.srvos.nixosModules.server self.inputs.srvos.nixosModules.hardware-hetzner-online-amd self.inputs.srvos.nixosModules.mixins-nginx + self.inputs.impermanence.nixosModules.impermanence ]; jopejoe1 = { @@ -36,7 +37,92 @@ services.openssh.ports = [ 22 ]; + users.mutableUsers = false; + users.users.jopejoe1.hashedPassword = "$2b$05$Uk84TY/RHlH8DIigUlFYjeorjTlCMEY9wN2pAcw5BLaPoc7dKiSsC"; + users.users.root.hashedPassword = "$2b$05$Uk84TY/RHlH8DIigUlFYjeorjTlCMEY9wN2pAcw5BLaPoc7dKiSsC"; + + home-manager.users = { + jopejoe1 = { + imports = [ self.inputs.impermanence.nixosModules.home-manager.impermanence ]; + home.persistence."/nix/persistent/users/jopejoe1" = { + allowOther = false; + directories = [ + "Downloads" + "Music" + "Pictures" + "Documents" + "Videos" + ".gnupg" + ".ssh" + ".nixops" + ".local/share/keyrings" + ".local/share/direnv" + ]; + files = [ + ".screenrc" + ]; + }; + }; + root = { + imports = [ self.inputs.impermanence.nixosModules.home-manager.impermanence ]; + home.persistence."/nix/persistent/users/root" = { + allowOther = false; + directories = [ + "Downloads" + "Music" + "Pictures" + "Documents" + "Videos" + ".gnupg" + ".ssh" + ".nixops" + ".local/share/keyrings" + ".local/share/direnv" + ]; + files = [ + ".screenrc" + ]; + }; + }; + }; + + environment.persistence."/nix/persistent/system" = { + hideMounts = true; + directories = [ + "/var/log" + "/var/lib/bluetooth" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/etc/NetworkManager/system-connections" + { directory = "/var/lib/colord"; user = "colord"; group = "colord"; mode = "u=rwx,g=rx,o="; } + ]; + files = [ + "/etc/machine-id" + { file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; } + { file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; } + ]; + }; + + fileSystems = { + "/nix" = { + neededForBoot = true; + }; + "/nix/persistent" = { + neededForBoot = true; + }; + }; + disko.devices = { + nodev = { + "/" = { + fsType = "tmpfs"; + mountOptions = [ + "defaults" + "size=25%" + "mode=755" + ]; + }; + }; disk = { vdb = { type = "disk"; @@ -89,9 +175,15 @@ primary = { size = "100%"; content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/nix" = { + mountOptions = [ "compress=zstd" "noatime" ]; + mountpoint = "/nix"; + }; + "/nix/persistent" = {}; + }; }; }; };