robertodr · December 13, 2023 20:47
diff --git a/configuration.nix b/configuration.nix
 # Edit this configuration file to define what should be installed on
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
    "${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix"
    ./disko-config.nix
    "${builtins.fetchTarball "https://github.com/NixOS/nixos-hardware/archive/master.tar.gz"}/lenovo/thinkpad/x1"
  ];

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking = {
    hostName = "carpal-tunnel";
    networkmanager.enable = true;
  };

  # Set your time zone.
  time.timeZone = "Europe/Oslo";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";

  # Enable the X11 windowing system.
  services = {
    xserver = {
      enable = true;
      displayManager.gdm.enable = true;
      displayManager.gdm.wayland = false;
      desktopManager.gnome.enable = true;
      xkb = {
        layout = "us";
        options = "eurosign:e,caps:escape";
      };
      libinput.enable = true;
    };
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };
  };

  # Enable sound.
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;

  users.users = {
    roberto = {
      isNormalUser = true;
      description = "Roberto Di Remigio Eikås";
      group = "users";
      uid = 1000;
      extraGroups = ["networkmanager" "wheel"];
      shell = pkgs.fish;
      hashedPassword = "$y$j9T$Xr0se66uWQYgrdYqYOnvt.$9KNQ0QfWo6k5PdSFEnJNMU3RhK2vGi4xBDksKXIHAD6";
      packages = with pkgs; [
      ];
    };

    karolina = {
      isNormalUser = true;
      description = "Karolina Di Remigio Eikås";
      group = "users";
      uid = 1001;
      extraGroups = ["networkmanager" "wheel"];
      hashedPassword = "$y$j9T$.vvlFxJUtly1AR6GdRT7y.$oiQddkALXXdfRBiOWx1pOiBDtM/vaWBS2wO9eeB0ix0";
      packages = with pkgs; [
      ];
    };
  };

  # Allow unfree packages
  nixpkgs = {
    config.allowUnfree = true;
  };

  # List packages installed in system profile. To search, run:
  environment.systemPackages = with pkgs; [
    neovim
    zoom-us
    alejandra
  ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  programs = {
    fish.enable = true;
    git.enable = true;
    _1password.enable = true;
    _1password-gui = {
      enable = true;
      polkitPolicyOwners = ["roberto" "karolina"];
    };
  };

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  system.copySystemConfiguration = true;

  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
  # Most users should NEVER change this value after the initial install, for any reason,
  # even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
  # so changing it will NOT upgrade your system.
  #
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
  # and migrated your data accordingly.
  #
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "23.11"; # Did you read the comment?
 }
diff --git a/disko-config.nix b/disko-config.nix
 {
  disko.devices = {
    disk = {
      nvme0n1 = {
        type = "disk";
        device = "/dev/nvme0n1";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              label = "EFI";
              size = "512M";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = [
                  "defaults"
                ];
              };
            };
            luks = {
              size = "100%";
              content = {
                type = "luks";
                name = "encrypted";
                passwordFile = "/tmp/secret.key"; # path to file containing password for initial encryption
                settings.allowDiscards = true;
                content = {
                  type = "btrfs";
                  extraArgs = ["-f"];
                  subvolumes = {
                    "SYSTEM" = {};
                    "SYSTEM/root" = {
                      mountpoint = "/";
                      mountOptions = ["compress=zstd" "noatime"];
                    };
                    "SYSTEM/nix" = {
                      mountpoint = "/nix";
                      mountOptions = ["compress=zstd" "noatime"];
                    };
                    "SYSTEM/swap" = {
                      mountpoint = "/.swapvol";
                      swap.swapfile.size = "18G";
                    };
                    "DATA" = {};
                    "DATA/home" = {
                      mountpoint = "/home";
                      mountOptions = ["compress=zstd" "noatime"];
                    };
                    "DATA/local" = {
                      mountpoint = "/var/local";
                      mountOptions = ["compress=zstd" "noatime"];
                    };
                    "DATA/log" = {
                      mountpoint = "/var/log";
                      mountOptions = ["compress=zstd" "noatime"];
                    };
                    "PERSIST" = {};
                    "PERSIST/persist" = {
                      mountpoint = "/persist";
                      mountOptions = ["compress=zstd" "noatime"];
                    };
                  };
                };
              };
            };
          };
        };
      };
    };
  };
 }
	# Edit this configuration file to define what should be installed on
	# your system. Help is available in the configuration.nix(5) man page, on
	# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
	{
	config,
	lib,
	pkgs,
	...
	}: {
	imports = [
	# Include the results of the hardware scan.
	./hardware-configuration.nix
	"${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix"
	./disko-config.nix
	"${builtins.fetchTarball "https://github.com/NixOS/nixos-hardware/archive/master.tar.gz"}/lenovo/thinkpad/x1"
	];

	# Use the systemd-boot EFI boot loader.
	boot.loader.systemd-boot.enable = true;
	boot.loader.efi.canTouchEfiVariables = true;

	networking = {
	hostName = "carpal-tunnel";
	networkmanager.enable = true;
	};

	# Set your time zone.
	time.timeZone = "Europe/Oslo";

	# Select internationalisation properties.
	i18n.defaultLocale = "en_US.UTF-8";

	# Enable the X11 windowing system.
	services = {
	xserver = {
	enable = true;
	displayManager.gdm.enable = true;
	displayManager.gdm.wayland = false;
	desktopManager.gnome.enable = true;
	xkb = {
	layout = "us";
	options = "eurosign:e,caps:escape";
	};
	libinput.enable = true;
	};
	pipewire = {
	enable = true;
	alsa.enable = true;
	alsa.support32Bit = true;
	pulse.enable = true;
	};
	};

	# Enable sound.
	sound.enable = true;
	hardware.pulseaudio.enable = false;
	security.rtkit.enable = true;

	users.users = {
	roberto = {
	isNormalUser = true;
	description = "Roberto Di Remigio Eikås";
	group = "users";
	uid = 1000;
	extraGroups = ["networkmanager" "wheel"];
	shell = pkgs.fish;
	hashedPassword = "$y$j9T$Xr0se66uWQYgrdYqYOnvt.$9KNQ0QfWo6k5PdSFEnJNMU3RhK2vGi4xBDksKXIHAD6";
	packages = with pkgs; [
	];
	};

	karolina = {
	isNormalUser = true;
	description = "Karolina Di Remigio Eikås";
	group = "users";
	uid = 1001;
	extraGroups = ["networkmanager" "wheel"];
	hashedPassword = "$y$j9T$.vvlFxJUtly1AR6GdRT7y.$oiQddkALXXdfRBiOWx1pOiBDtM/vaWBS2wO9eeB0ix0";
	packages = with pkgs; [
	];
	};
	};

	# Allow unfree packages
	nixpkgs = {
	config.allowUnfree = true;
	};

	# List packages installed in system profile. To search, run:
	environment.systemPackages = with pkgs; [
	neovim
	zoom-us
	alejandra
	];

	# Some programs need SUID wrappers, can be configured further or are
	# started in user sessions.
	programs = {
	fish.enable = true;
	git.enable = true;
	_1password.enable = true;
	_1password-gui = {
	enable = true;
	polkitPolicyOwners = ["roberto" "karolina"];
	};
	};

	# Copy the NixOS configuration file and link it from the resulting system
	# (/run/current-system/configuration.nix). This is useful in case you
	# accidentally delete configuration.nix.
	system.copySystemConfiguration = true;

	# This option defines the first version of NixOS you have installed on this particular machine,
	# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
	#
	# Most users should NEVER change this value after the initial install, for any reason,
	# even if you've upgraded your system to a new NixOS release.
	#
	# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
	# so changing it will NOT upgrade your system.
	#
	# This value being lower than the current NixOS release does NOT mean your system is
	# out of date, out of support, or vulnerable.
	#
	# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
	# and migrated your data accordingly.
	#
	# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
	system.stateVersion = "23.11"; # Did you read the comment?
	}
	{
	disko.devices = {
	disk = {
	nvme0n1 = {
	type = "disk";
	device = "/dev/nvme0n1";
	content = {
	type = "gpt";
	partitions = {
	ESP = {
	label = "EFI";
	size = "512M";
	type = "EF00";
	content = {
	type = "filesystem";
	format = "vfat";
	mountpoint = "/boot";
	mountOptions = [
	"defaults"
	];
	};
	};
	luks = {
	size = "100%";
	content = {
	type = "luks";
	name = "encrypted";
	passwordFile = "/tmp/secret.key"; # path to file containing password for initial encryption
	settings.allowDiscards = true;
	content = {
	type = "btrfs";
	extraArgs = ["-f"];
	subvolumes = {
	"SYSTEM" = {};
	"SYSTEM/root" = {
	mountpoint = "/";
	mountOptions = ["compress=zstd" "noatime"];
	};
	"SYSTEM/nix" = {
	mountpoint = "/nix";
	mountOptions = ["compress=zstd" "noatime"];
	};
	"SYSTEM/swap" = {
	mountpoint = "/.swapvol";
	swap.swapfile.size = "18G";
	};
	"DATA" = {};
	"DATA/home" = {
	mountpoint = "/home";
	mountOptions = ["compress=zstd" "noatime"];
	};
	"DATA/local" = {
	mountpoint = "/var/local";
	mountOptions = ["compress=zstd" "noatime"];
	};
	"DATA/log" = {
	mountpoint = "/var/log";
	mountOptions = ["compress=zstd" "noatime"];
	};
	"PERSIST" = {};
	"PERSIST/persist" = {
	mountpoint = "/persist";
	mountOptions = ["compress=zstd" "noatime"];
	};
	};
	};
	};
	};
	};
	};
	};
	};
	};
	}