diff --git a/README.md b/README.md index 7b991e8..7eac3a9 100644 --- a/README.md +++ b/README.md @@ -52,18 +52,18 @@ mkdir -p hosts/ cp /etc/nixos/hardware-configuration.nix hosts// ``` -### 2. Replace Placeholders +### 2. Review Configuration Defaults -Edit the following files and replace these placeholders: +Defaults are set in `flake.nix` and used across modules. Update them there: -| Placeholder | Example Value | Files | -|-------------|---------------|-------| -| `` | `desktop` | `flake.nix`, `modules/common.nix` | -| `` | `john` | `modules/common.nix`, `modules/dev.nix`, `modules/gaming.nix` | -| `` | `America/New_York` | `modules/common.nix` | -| `` | `en_US.UTF-8` | `modules/common.nix` | +| Setting | Example Value | File | +|---------|---------------|------| +| `hostname` | `desktop` | `flake.nix` | +| `username` | `john` | `flake.nix` | +| `time.timeZone` | `America/New_York` | `modules/common.nix` | +| `i18n.defaultLocale` | `en_US.UTF-8` | `modules/common.nix` | -Also rename the `hosts/hostname/` directory to match your actual hostname, and ensure the same hostname is used for all `` placeholders (including in `flake.nix`). +Update the `hostname` value in `flake.nix` to match your machine. Then rename the default `hosts/atlas/` directory to the same value (e.g., `hosts/desktop/`). The flake uses it to locate `hosts//hardware-configuration.nix`. ### 3. Stage Files in Git @@ -136,10 +136,12 @@ sudo nixos-rebuild boot --profile-name gaming --flake .#gaming ### Change Password -Generate a password hash and update `modules/common.nix`: +Generate a password hash and save it to `/etc/nixos/secrets//password.hash` (replace `` with your actual username): ```bash -mkpasswd -m sha-512 -# Copy the output and replace in common.nix +sudo mkdir -p /etc/nixos/secrets/ +sudo chmod 700 /etc/nixos/secrets/ +mkpasswd -m sha-512 | sudo tee /etc/nixos/secrets//password.hash +sudo chmod 600 /etc/nixos/secrets//password.hash ``` ### Setup MangoWC @@ -225,4 +227,4 @@ cat /proc/sys/vm/max_map_count # Should be 2147483642 on gaming profile ## License -MIT \ No newline at end of file +MIT diff --git a/flake.nix b/flake.nix index ff0dd48..448218a 100644 --- a/flake.nix +++ b/flake.nix @@ -37,15 +37,25 @@ outputs = { self, nixpkgs, mango, quickshell, noctalia, nix-gaming, home-manager, ... }@inputs: let system = "x86_64-linux"; + hostname = "atlas"; + username = "pinj"; lib = nixpkgs.lib; - specialArgs = { inherit inputs system; }; + usernameValid = + builtins.match "^[a-z_][a-z0-9_]*$" username != null + && builtins.match "^_+$" username == null + && builtins.match "^nix.*" username == null + && username != "root"; + hostConfig = assert builtins.pathExists (./hosts + "/${hostname}/hardware-configuration.nix"); + ./hosts + "/${hostname}/hardware-configuration.nix"; + passwordHashPath = "/etc/nixos/secrets/${username}/password.hash"; + specialArgs = { inherit inputs system hostname username usernameValid passwordHashPath; }; # Verify mango flake exports the expected module mangoModule = assert lib.hasAttrByPath [ "nixosModules" "mango" ] mango; mango.nixosModules.mango; commonModules = [ - ./hosts/atlas/hardware-configuration.nix + hostConfig ./modules/common.nix mangoModule # Home Manager module - Foundation for user-level package management diff --git a/modules/common.nix b/modules/common.nix index cb1413e..20b71a3 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -1,6 +1,12 @@ -{ config, pkgs, inputs, system, ... }: +{ config, pkgs, inputs, system, hostname, username, usernameValid, passwordHashPath, ... }: { + assertions = [ + { + assertion = usernameValid; + message = "username must start with a-z or _, contain only lowercase letters, digits, and underscores, and must not be root or start with nix."; + } + ]; # -------------------------------------------------------------------------- # BOOT # -------------------------------------------------------------------------- @@ -10,7 +16,7 @@ # -------------------------------------------------------------------------- # SYSTEM # -------------------------------------------------------------------------- - networking.hostName = "atlas"; + networking.hostName = hostname; time.timeZone = "Europe/Berlin"; i18n.defaultLocale = "en_US.UTF-8"; @@ -57,12 +63,11 @@ # RADV (Mesa) is the default and performs better for gaming }; - # RADV is already the default Vulkan driver - # This variable is optional but makes it explicit - environment.variables.AMD_VULKAN_ICD = "RADV"; - # Wayland session variables for proper app integration environment.sessionVariables = { + # RADV is already the default Vulkan driver + # This variable is optional but makes it explicit + AMD_VULKAN_ICD = "RADV"; QT_QPA_PLATFORM = "wayland"; MOZ_ENABLE_WAYLAND = "1"; NIXOS_OZONE_WL = "1"; # Electron apps (VS Code, Discord, etc.) @@ -101,19 +106,19 @@ enable = true; settings.default_session = { command = "mango"; - user = "pinj"; + user = username; }; }; # -------------------------------------------------------------------------- # USER ACCOUNT # -------------------------------------------------------------------------- - users.users.pinj = { + users.users.${username} = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "video" "seat" ]; # IMPORTANT: Generate a password hash with: mkpasswd -m sha-512 - # Then replace the placeholder below with the generated hash - hashedPassword = ""; + # Save it to /etc/nixos/secrets/${username}/password.hash (ensure permissions are 600) + hashedPasswordFile = passwordHashPath; packages = with pkgs; [ # -- Noctalia Shell -- inputs.quickshell.packages.${system}.default diff --git a/modules/dev.nix b/modules/dev.nix index 55c183e..95ead8d 100644 --- a/modules/dev.nix +++ b/modules/dev.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, username, ... }: { # Identification tag (shows in boot menu and `nixos-version`) @@ -24,7 +24,7 @@ # NOTE: After first enabling/applying this dev profile, you must log out and # log back in (or reboot) for the docker group membership to take effect. - users.users.pinj.extraGroups = [ "docker" ]; + users.users.${username}.extraGroups = [ "docker" ]; # -------------------------------------------------------------------------- # DEVELOPMENT TOOLS @@ -34,7 +34,7 @@ nix-direnv.enable = true; # Caches nix shells }; - users.users.pinj.packages = with pkgs; [ + users.users.${username}.packages = with pkgs; [ # -- Git -- lazygit gh # GitHub CLI diff --git a/modules/gaming.nix b/modules/gaming.nix index b93f913..9dc9fbd 100644 --- a/modules/gaming.nix +++ b/modules/gaming.nix @@ -1,4 +1,4 @@ -{ pkgs, inputs, ... }: +{ pkgs, inputs, username, ... }: { # Identification tags (shows in boot menu) @@ -62,12 +62,12 @@ # programs to function correctly. These groups are only added when using # the gaming profile. If you need consistent group membership across # both profiles, add these groups to common.nix instead. - users.users.pinj.extraGroups = [ "corectrl" "gamemode" ]; + users.users.${username}.extraGroups = [ "corectrl" "gamemode" ]; # -------------------------------------------------------------------------- # GAMING PACKAGES # -------------------------------------------------------------------------- - users.users.pinj.packages = with pkgs; [ + users.users.${username}.packages = with pkgs; [ # -- Performance Overlays -- mangohud # FPS counter, GPU stats goverlay # MangoHud GUI config