uesrs: add to input group

flake.lock

@@ -28,11 +28,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1716561646,
+        "lastModified": 1718371084,
-        "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
+        "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
+        "rev": "3a56735779db467538fb2e577eda28a9daacaca6",
         "type": "github"
       },
       "original": {
@@ -148,6 +148,26 @@
         "type": "github"
       }
     },
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1718242063,
+        "narHash": "sha256-n3AWItJ4a94GT0cray/eUV7tt3mulQ52L+lWJN9d1E8=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "832a9f2c81ff3485404bd63952eadc17bf7ccef2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
     "dzgui-nix": {
       "inputs": {
         "nixpkgs": [
@@ -515,11 +535,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1718086528,
+        "lastModified": 1718208800,
-        "narHash": "sha256-hoB7B7oPgypePz16cKWawPfhVvMSXj4G/qLsfFuhFjw=",
+        "narHash": "sha256-US1tAChvPxT52RV8GksWZS415tTS7PV42KTc2PNDBmc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "47b604b07d1e8146d5398b42d3306fdebd343986",
+        "rev": "cc54fb41d13736e92229c21627ea4f22199fee6b",
         "type": "github"
       },
       "original": {
@@ -565,6 +585,7 @@
         "agenix": "agenix",
         "demoji": "demoji",
         "dhist": "dhist",
+        "disko": "disko",
         "dzgui-nix": "dzgui-nix",
         "home-manager": "home-manager",
         "nix-index-database": "nix-index-database",

flake.nix

@@ -38,6 +38,9 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    disko.url = "github:nix-community/disko";
+    disko.inputs.nixpkgs.follows = "nixpkgs";
+
     # my stuff
     dhist = {
       url = "github:lelgenio/dhist";
@@ -96,6 +99,7 @@
           inputs.agenix.nixosModules.default
           inputs.dzgui-nix.nixosModules.default
           inputs.home-manager.nixosModules.home-manager
+          inputs.disko.nixosModules.disko
           {
             home-manager.useGlobalPkgs = true;
             home-manager.useUserPackages = true;
@@ -112,15 +116,18 @@
         ++ lib.optional (desktop == "kde") ./system/kde.nix;
     in
     {
+      checks."${system}" = {
+        disko-format-i15 = pkgs.callPackage ./hosts/i15/partitions-test.nix { };
+      };
       nixosConfigurations = {
         i15 = lib.nixosSystem {
           inherit system specialArgs;
-          modules = [ ./hosts/i15.nix ] ++ common_modules;
+          modules = [ ./hosts/i15 ] ++ common_modules;
         };
         monolith = lib.nixosSystem {
           inherit system specialArgs;
           modules = [
-            ./hosts/monolith.nix
+            ./hosts/monolith
             ./system/monolith-gitlab-runner.nix
             ./system/monolith-forgejo-runner.nix
             ./system/nix-serve.nix
@@ -130,7 +137,7 @@
         rainbow = lib.nixosSystem {
           inherit system specialArgs;
           modules = [
-            ./hosts/rainbow.nix
+            ./hosts/rainbow
             ./system/rainbow-gitlab-runner.nix
           ] ++ common_modules;
         };

hosts/i15/default.nix

@@ -0,0 +1,38 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+{
+  networking.hostName = "i15"; # Define your hostname.
+
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "usb_storage"
+    "sd_mod"
+    "rtsx_usb_sdmmc"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  disko.devices = (import ./partitions.nix { disks = [ "/dev/sda" ]; });
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+
+  swapDevices = [
+    {
+      device = "/swap/swapfile";
+      size = (1024 * 8) + (1024 * 2); # RAM size + 2 GB
+    }
+  ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/i15/partitions-test.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+pkgs.makeDiskoTest {
+  name = "test-disko-i15";
+  disko-config = ./partitions.nix;
+  enableOCR = true;
+  bootCommands = ''
+    machine.wait_for_text("[Pp]assphrase for")
+    machine.send_chars("secretsecret\n")
+  '';
+  extraTestScript = ''
+    machine.succeed("cryptsetup isLuks /dev/vda2");
+    machine.succeed("mountpoint /home");
+  '';
+}

hosts/i15/partitions.nix

@@ -0,0 +1,73 @@
+{
+  disks ? [ "/dev/sda" ],
+  ...
+}:
+let
+  btrfs_options = [
+    "compress=zstd:3"
+    "noatime"
+  ];
+in
+{
+  disk.sda = {
+    type = "disk";
+    device = builtins.elemAt disks 0;
+    content = {
+      type = "table";
+      format = "gpt";
+      partitions = [
+        {
+          type = "partition";
+          name = "NIX_BOOT";
+          start = "1MiB";
+          end = "300MiB";
+          bootable = true;
+          content = {
+            type = "filesystem";
+            extraArgs = [
+              "-n"
+              "BOOT_I15"
+            ];
+            format = "vfat";
+            mountpoint = "/boot";
+            # options = [ "defaults" ];
+          };
+        }
+        {
+          type = "partition";
+          name = "CRYPT_I15";
+          start = "300MiB";
+          end = "100%";
+          content = {
+            type = "luks";
+            name = "main";
+            keyFile = "/tmp/secret.key";
+            content = {
+              type = "btrfs";
+              extraArgs = [
+                "--label"
+                "ROOT_I15"
+              ];
+              subvolumes =
+                let
+                  mountOptions = btrfs_options;
+                in
+                {
+                  "/home" = {
+                    inherit mountOptions;
+                  };
+                  "/nixos" = {
+                    inherit mountOptions;
+                    mountpoint = "/";
+                  };
+                  "/swap" = {
+                    inherit mountOptions;
+                  };
+                };
+            };
+          };
+        }
+      ];
+    };
+  };
+}

hosts/monolith/default.nix

@@ -20,7 +20,10 @@ let
   ];
 in
 {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    ./partition.nix
+  ];
   boot.initrd.availableKernelModules = [
     "nvme"
     "xhci_pci"
@@ -42,9 +45,6 @@ in
   boot.kernelParams = [
     "amdgpu.dcdebugmask=0x10" # amdgpu undervolting bug
     "video=DP-1:1920x1080@144"
-    # hibernation
-    "resume=LABEL=BTRFS_ROOT" # findmnt -o LABEL --noheadings /swap/
-    "resume_offset=36709632" # btrfs inspect-internal map-swapfile -r /swap/swapfile
   ];
   systemd.sleep.extraConfig = ''
     HibernateDelaySec=30s
@@ -74,14 +74,14 @@ in
     };
   };
 
-  fileSystems."/" = {
+  fileSystems."/mnt/old" = {
     device = "/dev/disk/by-label/BTRFS_ROOT";
     fsType = "btrfs";
-    options = [ "subvol=nixos" ] ++ btrfs_options ++ btrfs_ssd;
+    options = [ "nofail" ] ++ btrfs_options ++ btrfs_ssd;
   };
   # boot.initrd.luks.reusePassphrases = true;
   boot.initrd.luks.devices = {
-    "main" = {
+    "old" = {
       bypassWorkqueues = true;
       device = "/dev/disk/by-label/CRYPT_ROOT";
     };
@@ -89,21 +89,21 @@ in
       bypassWorkqueues = true;
       device = "/dev/disk/by-label/CRYPT_DATA";
     };
-    "bigboy" = {
+    # "bigboy" = {
-      bypassWorkqueues = true;
+    #   bypassWorkqueues = true;
-      device = "/dev/disk/by-label/CRYPT_BIGBOY";
+    #   device = "/dev/disk/by-label/CRYPT_BIGBOY";
-    };
+    # };
-  };
-  boot.loader.efi.efiSysMountPoint = "/boot/efi";
-  fileSystems."/boot/efi" = {
-    device = "/dev/disk/by-label/NIXBOOT";
-    fsType = "vfat";
-  };
-  fileSystems."/home" = {
-    device = "/dev/disk/by-label/BTRFS_ROOT";
-    fsType = "btrfs";
-    options = [ "subvol=home" ] ++ btrfs_options ++ btrfs_ssd;
   };
+  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  # fileSystems."/boot/efi" = {
+  #   device = "/dev/disk/by-label/NIXBOOT";
+  #   fsType = "vfat";
+  # };
+  # fileSystems."/home" = {
+  #   device = "/dev/disk/by-label/BTRFS_ROOT";
+  #   fsType = "btrfs";
+  #   options = [ "subvol=home" ] ++ btrfs_options ++ btrfs_ssd;
+  # };
   fileSystems."/home/lelgenio/Games" = {
     device = "/dev/disk/by-label/BTRFS_DATA";
     fsType = "btrfs";
@@ -136,11 +136,11 @@ in
       "nofail"
     ] ++ btrfs_options;
   };
-  fileSystems."/home/lelgenio/.local/mount/bigboy" = {
+  # fileSystems."/home/lelgenio/.local/mount/bigboy" = {
-    device = "/dev/disk/by-label/BTRFS_BIGBOY";
+  #   device = "/dev/disk/by-label/BTRFS_BIGBOY";
-    fsType = "btrfs";
+  #   fsType = "btrfs";
-    options = [ "nofail" ] ++ btrfs_options ++ btrfs_ssd;
+  #   options = [ "nofail" ] ++ btrfs_options ++ btrfs_ssd;
-  };
+  # };
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
@@ -162,17 +162,17 @@ in
   '';
 
   # swap
-  fileSystems."/swap" = {
+  # fileSystems."/swap" = {
-    device = "/dev/disk/by-label/BTRFS_ROOT";
+  #   device = "/dev/disk/by-label/BTRFS_ROOT";
-    fsType = "btrfs";
+  #   fsType = "btrfs";
-    # Note these options effect the entire BTRFS filesystem and not just this volume,
+  #   # Note these options effect the entire BTRFS filesystem and not just this volume,
-    # with the exception of `"subvol=swap"`, the other options are repeated in my other `fileSystem` mounts
+  #   # with the exception of `"subvol=swap"`, the other options are repeated in my other `fileSystem` mounts
-    options = [ "subvol=swap" ] ++ btrfs_options ++ btrfs_ssd;
+  #   options = [ "subvol=swap" ] ++ btrfs_options ++ btrfs_ssd;
-  };
+  # };
-  swapDevices = [
+  # swapDevices = [
-    {
+  #   {
-      device = "/swap/swapfile";
+  #     device = "/swap/swapfile";
-      size = (1024 * 16) + (1024 * 2); # RAM size + 2 GB
+  #     size = (1024 * 16) + (1024 * 2); # RAM size + 2 GB
-    }
+  #   }
-  ];
+  # ];
 }

hosts/monolith/partition.nix

@@ -0,0 +1,68 @@
+let
+  btrfs_options = [
+    "compress=zstd:3"
+    "noatime"
+    "x-systemd.device-timeout=0"
+  ];
+  btrfs_ssd = btrfs_options ++ [
+    "ssd"
+    "discard=async"
+  ];
+in
+{
+  disko.devices = {
+    disk = {
+      bigboy_disk = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "2G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "defaults" ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "bigboy";
+                # disable settings.keyFile if you want to use interactive password entry
+                passwordFile = "/tmp/secret.key"; # Interactive
+                # settings = {
+                #   allowDiscards = true;
+                #   keyFile = "/tmp/secret.key";
+                # };
+                # additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
+                content = {
+                  type = "btrfs";
+                  extraArgs = [ "-f" ];
+                  subvolumes = {
+                    "/@nixos" = {
+                      mountpoint = "/";
+                      mountOptions = btrfs_ssd;
+                    };
+                    "/@home" = {
+                      mountpoint = "/home";
+                      mountOptions = btrfs_ssd;
+                    };
+                    "/@swap" = {
+                      mountpoint = "/.swapvol";
+                      swap.swapfile.size = "32G";
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

install/i15.sh

@@ -1,63 +0,0 @@
-#!/bin/sh
-
-set -xe
-
-settle() {
-    udevadm trigger --subsystem-match=block
-    udevadm settle
-}
-
-lsblk
-echo 'Enter the name of the device to WIPE and install (something like "sda"):'
-read DRIVE_ID
-
-echo 'Enter a passphrase to encrypt the disk:'
-read -s DRIVE_PASSPHRASE
-
-echo "Creating partition table..."
-parted -s "/dev/${DRIVE_ID}" -- mklabel gpt
-
-echo "Creating EFI system partition..."
-parted -s "/dev/${DRIVE_ID}" -- mkpart ESP 1MiB 1GiB
-parted -s "/dev/${DRIVE_ID}" -- set 1 boot on
-mkfs.fat -F32 "/dev/${DRIVE_ID}1" -n NIX_BOOT
-
-echo "Creating encrypted root partition..."
-parted -s "/dev/${DRIVE_ID}" -- mkpart luks 1GiB 100%
-echo "$DRIVE_PASSPHRASE" | cryptsetup --batch-mode luksFormat --label CRYPT_ROOT "/dev/${DRIVE_ID}2"
-settle
-echo "$DRIVE_PASSPHRASE" | cryptsetup luksOpen /dev/disk/by-label/CRYPT_ROOT "crypt_root"
-
-echo "Creating btrfs partition..."
-mkfs.btrfs --quiet --label NIX_ROOT /dev/mapper/"crypt_root"
-MNTPOINT=$(mktemp -d)
-mount /dev/mapper/"crypt_root" "$MNTPOINT"
-
-echo "Creating subvolumes..."
-btrfs subvolume create "$MNTPOINT"/@nixos
-btrfs subvolume create "$MNTPOINT"/@home
-btrfs subvolume create "$MNTPOINT"/@swap
-
-echo "Closing btrfs partition..."
-umount -Rl "$MNTPOINT"
-rm -rf "$MNTPOINT"
-
-echo "Mounting root btrfs submodule to '$MNTPOINT' ..."
-MNTPOINT=$(mktemp -d)
-mount /dev/disk/by-label/NIX_ROOT "$MNTPOINT" -o subvol=@nixos,noatime,compress=zstd
-
-echo "Creating and mounting EFI system partition mountpoint..."
-mkdir -p "$MNTPOINT/boot"
-mount /dev/disk/by-label/NIX_BOOT "$MNTPOINT/boot"
-
-echo "Creating home partition mountpoint..."
-mkdir -p "$MNTPOINT/home"
-mount /dev/disk/by-label/NIX_ROOT "$MNTPOINT/home" -o subvol=@home,noatime,compress=zstd
-
-echo "Swapfile"
-mkdir -p "$MNTPOINT/swap"
-mount /dev/disk/by-label/NIX_ROOT "$MNTPOINT/swap" -o subvol=@swap,noatime
-
-# echo "Installing system..."
-nixos-generate-config --root "$MNTPOINT"
-# nixos-install --root "$MNTPOINT"

overlays/default.nix

@@ -6,6 +6,7 @@ rec {
     new-packages
     patches
     lib_extended
+    disko
   ];
 
   scripts = (import ../scripts);
@@ -69,4 +70,13 @@ rec {
       };
     }
   );
+
+  disko = final: prev: {
+    makeDiskoTest =
+      let
+        makeTest = import (prev.path + "/nixos/tests/make-test-python.nix");
+        eval-config = import (prev.path + "/nixos/lib/eval-config.nix");
+      in
+      (prev.callPackage "${inputs.disko}/tests/lib.nix" { inherit makeTest eval-config; }).makeDiskoTest;
+  };
 }

scripts/auto_connect_gamepad

@@ -22,5 +22,6 @@ while true; do
         sleep 10s
         continue
     fi
+    sleep 1s
     try_to_connect_to_all_controllers
 done

system/users.nix

@@ -19,6 +19,7 @@
       "bluetooth"
       "corectrl"
       "vboxusers"
+      "input"
     ];
     shell = pkgs.fish;
     openssh.authorizedKeys.keys = [

user/chat.nix

@@ -9,14 +9,14 @@
   wayland.windowManager.sway = {
     extraConfig = ''
       exec thunderbird
-      exec webcord
+      exec vesktop
       exec telegram-desktop
     '';
   };
 
   home.packages = with pkgs; [
     tdesktop
-    webcord
+    vesktop
     thunderbird
     element-desktop-wayland
   ];