From ba88891d0339d248454b23989357cbdd422a66ef Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Feb 2026 20:39:56 +0000 Subject: [PATCH 01/13] Initial plan -- 2.49.1 From 62c62ef680f9a96e1b613611141028432a3f80b6 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Feb 2026 20:54:32 +0000 Subject: [PATCH 02/13] Centralize hostname/user defaults Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com> --- README.md | 24 ++++++++++++------------ flake.nix | 7 +++++-- modules/common.nix | 19 +++++++++---------- modules/dev.nix | 6 +++--- modules/gaming.nix | 6 +++--- 5 files changed, 32 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index 7b991e8..c2b1aa9 100644 --- a/README.md +++ b/README.md @@ -52,18 +52,18 @@ mkdir -p hosts/ cp /etc/nixos/hardware-configuration.nix hosts// ``` -### 2. Replace Placeholders +### 2. Review Configuration Defaults -Edit the following files and replace these placeholders: +Defaults are set in `flake.nix` and used across modules. Update them there: -| Placeholder | Example Value | Files | -|-------------|---------------|-------| -| `` | `desktop` | `flake.nix`, `modules/common.nix` | -| `` | `john` | `modules/common.nix`, `modules/dev.nix`, `modules/gaming.nix` | -| `` | `America/New_York` | `modules/common.nix` | -| `` | `en_US.UTF-8` | `modules/common.nix` | +| Setting | Example Value | File | +|---------|---------------|------| +| `hostname` | `desktop` | `flake.nix` | +| `username` | `john` | `flake.nix` | +| `time.timeZone` | `America/New_York` | `modules/common.nix` | +| `i18n.defaultLocale` | `en_US.UTF-8` | `modules/common.nix` | -Also rename the `hosts/hostname/` directory to match your actual hostname, and ensure the same hostname is used for all `` placeholders (including in `flake.nix`). +Also rename the `hosts//` directory to match your actual hostname, and ensure the same hostname is set in `flake.nix`. ### 3. Stage Files in Git @@ -136,10 +136,10 @@ sudo nixos-rebuild boot --profile-name gaming --flake .#gaming ### Change Password -Generate a password hash and update `modules/common.nix`: +Generate a password hash and save it to `/etc/nixos/secrets//password.hash`: ```bash mkpasswd -m sha-512 -# Copy the output and replace in common.nix +# Save the output to /etc/nixos/secrets//password.hash with 600 permissions ``` ### Setup MangoWC @@ -225,4 +225,4 @@ cat /proc/sys/vm/max_map_count # Should be 2147483642 on gaming profile ## License -MIT \ No newline at end of file +MIT diff --git a/flake.nix b/flake.nix index ff0dd48..0ecfbdc 100644 --- a/flake.nix +++ b/flake.nix @@ -37,15 +37,18 @@ outputs = { self, nixpkgs, mango, quickshell, noctalia, nix-gaming, home-manager, ... }@inputs: let system = "x86_64-linux"; + hostname = "atlas"; + username = "pinj"; lib = nixpkgs.lib; - specialArgs = { inherit inputs system; }; + hostConfig = ./hosts + "/${hostname}/hardware-configuration.nix"; + specialArgs = { inherit inputs system hostname username; }; # Verify mango flake exports the expected module mangoModule = assert lib.hasAttrByPath [ "nixosModules" "mango" ] mango; mango.nixosModules.mango; commonModules = [ - ./hosts/atlas/hardware-configuration.nix + hostConfig ./modules/common.nix mangoModule # Home Manager module - Foundation for user-level package management diff --git a/modules/common.nix b/modules/common.nix index cb1413e..d77c70f 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -1,4 +1,4 @@ -{ config, pkgs, inputs, system, ... }: +{ config, pkgs, inputs, system, hostname, username, ... }: { # -------------------------------------------------------------------------- @@ -10,7 +10,7 @@ # -------------------------------------------------------------------------- # SYSTEM # -------------------------------------------------------------------------- - networking.hostName = "atlas"; + networking.hostName = hostname; time.timeZone = "Europe/Berlin"; i18n.defaultLocale = "en_US.UTF-8"; @@ -57,12 +57,11 @@ # RADV (Mesa) is the default and performs better for gaming }; - # RADV is already the default Vulkan driver - # This variable is optional but makes it explicit - environment.variables.AMD_VULKAN_ICD = "RADV"; - # Wayland session variables for proper app integration environment.sessionVariables = { + # RADV is already the default Vulkan driver + # This variable is optional but makes it explicit + AMD_VULKAN_ICD = "RADV"; QT_QPA_PLATFORM = "wayland"; MOZ_ENABLE_WAYLAND = "1"; NIXOS_OZONE_WL = "1"; # Electron apps (VS Code, Discord, etc.) @@ -101,19 +100,19 @@ enable = true; settings.default_session = { command = "mango"; - user = "pinj"; + user = username; }; }; # -------------------------------------------------------------------------- # USER ACCOUNT # -------------------------------------------------------------------------- - users.users.pinj = { + users.users.${username} = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "video" "seat" ]; # IMPORTANT: Generate a password hash with: mkpasswd -m sha-512 - # Then replace the placeholder below with the generated hash - hashedPassword = ""; + # Save it to the path below (ensure permissions are 600) + hashedPasswordFile = "/etc/nixos/secrets/${username}/password.hash"; packages = with pkgs; [ # -- Noctalia Shell -- inputs.quickshell.packages.${system}.default diff --git a/modules/dev.nix b/modules/dev.nix index 55c183e..95ead8d 100644 --- a/modules/dev.nix +++ b/modules/dev.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, username, ... }: { # Identification tag (shows in boot menu and `nixos-version`) @@ -24,7 +24,7 @@ # NOTE: After first enabling/applying this dev profile, you must log out and # log back in (or reboot) for the docker group membership to take effect. - users.users.pinj.extraGroups = [ "docker" ]; + users.users.${username}.extraGroups = [ "docker" ]; # -------------------------------------------------------------------------- # DEVELOPMENT TOOLS @@ -34,7 +34,7 @@ nix-direnv.enable = true; # Caches nix shells }; - users.users.pinj.packages = with pkgs; [ + users.users.${username}.packages = with pkgs; [ # -- Git -- lazygit gh # GitHub CLI diff --git a/modules/gaming.nix b/modules/gaming.nix index b93f913..9dc9fbd 100644 --- a/modules/gaming.nix +++ b/modules/gaming.nix @@ -1,4 +1,4 @@ -{ pkgs, inputs, ... }: +{ pkgs, inputs, username, ... }: { # Identification tags (shows in boot menu) @@ -62,12 +62,12 @@ # programs to function correctly. These groups are only added when using # the gaming profile. If you need consistent group membership across # both profiles, add these groups to common.nix instead. - users.users.pinj.extraGroups = [ "corectrl" "gamemode" ]; + users.users.${username}.extraGroups = [ "corectrl" "gamemode" ]; # -------------------------------------------------------------------------- # GAMING PACKAGES # -------------------------------------------------------------------------- - users.users.pinj.packages = with pkgs; [ + users.users.${username}.packages = with pkgs; [ # -- Performance Overlays -- mangohud # FPS counter, GPU stats goverlay # MangoHud GUI config -- 2.49.1 From 87c317921f9dd85613cfa9ca17a76e8ccdb68795 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Feb 2026 20:55:19 +0000 Subject: [PATCH 03/13] Clarify password file setup docs Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com> --- README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index c2b1aa9..08c6eae 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ Defaults are set in `flake.nix` and used across modules. Update them there: | `time.timeZone` | `America/New_York` | `modules/common.nix` | | `i18n.defaultLocale` | `en_US.UTF-8` | `modules/common.nix` | -Also rename the `hosts//` directory to match your actual hostname, and ensure the same hostname is set in `flake.nix`. +Also rename the default `hosts/atlas/` directory to match your actual hostname, and ensure the same hostname is set in `flake.nix`. ### 3. Stage Files in Git @@ -136,10 +136,12 @@ sudo nixos-rebuild boot --profile-name gaming --flake .#gaming ### Change Password -Generate a password hash and save it to `/etc/nixos/secrets//password.hash`: +Generate a password hash and save it to `/etc/nixos/secrets//password.hash` (required before applying the config): ```bash -mkpasswd -m sha-512 -# Save the output to /etc/nixos/secrets//password.hash with 600 permissions +sudo mkdir -p /etc/nixos/secrets/ +sudo chmod 700 /etc/nixos/secrets/ +mkpasswd -m sha-512 | sudo tee /etc/nixos/secrets//password.hash +sudo chmod 600 /etc/nixos/secrets//password.hash ``` ### Setup MangoWC -- 2.49.1 From 4370c6a22d9cdc364c69bec421b45fa47254e9ec Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Feb 2026 20:55:47 +0000 Subject: [PATCH 04/13] Validate username format Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com> --- modules/common.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/common.nix b/modules/common.nix index d77c70f..26479bc 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -1,6 +1,12 @@ { config, pkgs, inputs, system, hostname, username, ... }: { + assertions = [ + { + assertion = builtins.match "^[a-z_][a-z0-9_-]*$" username != null; + message = "username must be a simple system user name without path separators."; + } + ]; # -------------------------------------------------------------------------- # BOOT # -------------------------------------------------------------------------- -- 2.49.1 From f95c64168cd06a60101bf9445c0f87b00ec7a47b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Feb 2026 20:56:31 +0000 Subject: [PATCH 05/13] Pass password hash path via flake Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com> --- README.md | 2 +- flake.nix | 3 ++- modules/common.nix | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 08c6eae..f867d6f 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ Defaults are set in `flake.nix` and used across modules. Update them there: | `time.timeZone` | `America/New_York` | `modules/common.nix` | | `i18n.defaultLocale` | `en_US.UTF-8` | `modules/common.nix` | -Also rename the default `hosts/atlas/` directory to match your actual hostname, and ensure the same hostname is set in `flake.nix`. +Also rename the default `hosts/atlas/` directory to match your actual hostname, and ensure the same hostname is set in `flake.nix` (the flake uses it to locate `hosts//hardware-configuration.nix`). ### 3. Stage Files in Git diff --git a/flake.nix b/flake.nix index 0ecfbdc..2c9aa7e 100644 --- a/flake.nix +++ b/flake.nix @@ -41,7 +41,8 @@ username = "pinj"; lib = nixpkgs.lib; hostConfig = ./hosts + "/${hostname}/hardware-configuration.nix"; - specialArgs = { inherit inputs system hostname username; }; + passwordHashPath = "/etc/nixos/secrets/${username}/password.hash"; + specialArgs = { inherit inputs system hostname username passwordHashPath; }; # Verify mango flake exports the expected module mangoModule = assert lib.hasAttrByPath [ "nixosModules" "mango" ] mango; diff --git a/modules/common.nix b/modules/common.nix index 26479bc..e83d742 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -1,4 +1,4 @@ -{ config, pkgs, inputs, system, hostname, username, ... }: +{ config, pkgs, inputs, system, hostname, username, passwordHashPath, ... }: { assertions = [ @@ -118,7 +118,7 @@ extraGroups = [ "wheel" "networkmanager" "video" "seat" ]; # IMPORTANT: Generate a password hash with: mkpasswd -m sha-512 # Save it to the path below (ensure permissions are 600) - hashedPasswordFile = "/etc/nixos/secrets/${username}/password.hash"; + hashedPasswordFile = passwordHashPath; packages = with pkgs; [ # -- Noctalia Shell -- inputs.quickshell.packages.${system}.default -- 2.49.1 From 7981be949f335590767ee573afdc41ee0e00de94 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Feb 2026 20:57:01 +0000 Subject: [PATCH 06/13] Refine username assertion and docs Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com> --- README.md | 2 +- modules/common.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f867d6f..ffc5519 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ Defaults are set in `flake.nix` and used across modules. Update them there: | `time.timeZone` | `America/New_York` | `modules/common.nix` | | `i18n.defaultLocale` | `en_US.UTF-8` | `modules/common.nix` | -Also rename the default `hosts/atlas/` directory to match your actual hostname, and ensure the same hostname is set in `flake.nix` (the flake uses it to locate `hosts//hardware-configuration.nix`). +Rename the default `hosts/atlas/` directory to match your hostname (e.g., `hosts/desktop/`), then update the `hostname` value in `flake.nix` to match. The flake uses it to locate `hosts//hardware-configuration.nix`. ### 3. Stage Files in Git diff --git a/modules/common.nix b/modules/common.nix index e83d742..96aaf14 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -3,7 +3,7 @@ { assertions = [ { - assertion = builtins.match "^[a-z_][a-z0-9_-]*$" username != null; + assertion = builtins.match "^[a-z_][a-z0-9_]*$" username != null; message = "username must be a simple system user name without path separators."; } ]; -- 2.49.1 From 94ec2169bd9de2b3497d9bd6dd15c40036254760 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Feb 2026 20:58:05 +0000 Subject: [PATCH 07/13] Validate username once in flake Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com> --- flake.nix | 10 ++++++++-- modules/common.nix | 6 +++--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index 2c9aa7e..1100e17 100644 --- a/flake.nix +++ b/flake.nix @@ -40,9 +40,15 @@ hostname = "atlas"; username = "pinj"; lib = nixpkgs.lib; + usernameValid = + builtins.match "^[a-z_][a-z0-9_]*$" username != null + && builtins.match "^_+$" username == null + && builtins.match "^nix" username == null + && username != "root"; hostConfig = ./hosts + "/${hostname}/hardware-configuration.nix"; - passwordHashPath = "/etc/nixos/secrets/${username}/password.hash"; - specialArgs = { inherit inputs system hostname username passwordHashPath; }; + passwordHashPath = assert usernameValid; + "/etc/nixos/secrets/${username}/password.hash"; + specialArgs = { inherit inputs system hostname username usernameValid passwordHashPath; }; # Verify mango flake exports the expected module mangoModule = assert lib.hasAttrByPath [ "nixosModules" "mango" ] mango; diff --git a/modules/common.nix b/modules/common.nix index 96aaf14..ec4924e 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -1,10 +1,10 @@ -{ config, pkgs, inputs, system, hostname, username, passwordHashPath, ... }: +{ config, pkgs, inputs, system, hostname, username, usernameValid, passwordHashPath, ... }: { assertions = [ { - assertion = builtins.match "^[a-z_][a-z0-9_]*$" username != null; - message = "username must be a simple system user name without path separators."; + assertion = usernameValid; + message = "username must be a simple system user name and not reserved."; } ]; # -------------------------------------------------------------------------- -- 2.49.1 From 0a24c471aacaa22f0c807db8074cdf8d60d6bcc7 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Feb 2026 20:58:32 +0000 Subject: [PATCH 08/13] Fix flake assertion syntax Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com> --- README.md | 2 +- flake.nix | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ffc5519..5dac41d 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ Defaults are set in `flake.nix` and used across modules. Update them there: | `time.timeZone` | `America/New_York` | `modules/common.nix` | | `i18n.defaultLocale` | `en_US.UTF-8` | `modules/common.nix` | -Rename the default `hosts/atlas/` directory to match your hostname (e.g., `hosts/desktop/`), then update the `hostname` value in `flake.nix` to match. The flake uses it to locate `hosts//hardware-configuration.nix`. +Rename the default `hosts/atlas/` directory to match your hostname (e.g., `hosts/desktop/`). After renaming the directory, update the `hostname` value in `flake.nix` to match. The flake uses it to locate `hosts//hardware-configuration.nix`. ### 3. Stage Files in Git diff --git a/flake.nix b/flake.nix index 1100e17..371ca30 100644 --- a/flake.nix +++ b/flake.nix @@ -46,8 +46,7 @@ && builtins.match "^nix" username == null && username != "root"; hostConfig = ./hosts + "/${hostname}/hardware-configuration.nix"; - passwordHashPath = assert usernameValid; - "/etc/nixos/secrets/${username}/password.hash"; + passwordHashPath = assert usernameValid; "/etc/nixos/secrets/${username}/password.hash"; specialArgs = { inherit inputs system hostname username usernameValid passwordHashPath; }; # Verify mango flake exports the expected module -- 2.49.1 From 78fb8223744372bf1637922911b6fe98166f3859 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Feb 2026 20:59:23 +0000 Subject: [PATCH 09/13] Tighten path/docs clarity Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com> --- README.md | 10 +++++----- flake.nix | 4 ++-- modules/common.nix | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 5dac41d..6cd1497 100644 --- a/README.md +++ b/README.md @@ -136,12 +136,12 @@ sudo nixos-rebuild boot --profile-name gaming --flake .#gaming ### Change Password -Generate a password hash and save it to `/etc/nixos/secrets//password.hash` (required before applying the config): +Generate a password hash and save it to `/etc/nixos/secrets//password.hash` (replace `` with your actual username): ```bash -sudo mkdir -p /etc/nixos/secrets/ -sudo chmod 700 /etc/nixos/secrets/ -mkpasswd -m sha-512 | sudo tee /etc/nixos/secrets//password.hash -sudo chmod 600 /etc/nixos/secrets//password.hash +sudo mkdir -p /etc/nixos/secrets/john +sudo chmod 700 /etc/nixos/secrets/john +mkpasswd -m sha-512 | sudo tee /etc/nixos/secrets/john/password.hash +sudo chmod 600 /etc/nixos/secrets/john/password.hash ``` ### Setup MangoWC diff --git a/flake.nix b/flake.nix index 371ca30..e8f591a 100644 --- a/flake.nix +++ b/flake.nix @@ -45,8 +45,8 @@ && builtins.match "^_+$" username == null && builtins.match "^nix" username == null && username != "root"; - hostConfig = ./hosts + "/${hostname}/hardware-configuration.nix"; - passwordHashPath = assert usernameValid; "/etc/nixos/secrets/${username}/password.hash"; + hostConfig = (./hosts + "/${hostname}") + "/hardware-configuration.nix"; + passwordHashPath = "/etc/nixos/secrets/${username}/password.hash"; specialArgs = { inherit inputs system hostname username usernameValid passwordHashPath; }; # Verify mango flake exports the expected module diff --git a/modules/common.nix b/modules/common.nix index ec4924e..ec6f24e 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -4,7 +4,7 @@ assertions = [ { assertion = usernameValid; - message = "username must be a simple system user name and not reserved."; + message = "username must start with a-z or _, contain only lowercase letters, digits, and underscores, and must not be root or start with nix."; } ]; # -------------------------------------------------------------------------- -- 2.49.1 From 359c6fc719a5f588ba6844b724c93190f99674bb Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Feb 2026 20:59:52 +0000 Subject: [PATCH 10/13] Correct username prefix check Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com> --- README.md | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 6cd1497..6a6ae97 100644 --- a/README.md +++ b/README.md @@ -138,10 +138,10 @@ sudo nixos-rebuild boot --profile-name gaming --flake .#gaming Generate a password hash and save it to `/etc/nixos/secrets//password.hash` (replace `` with your actual username): ```bash -sudo mkdir -p /etc/nixos/secrets/john -sudo chmod 700 /etc/nixos/secrets/john -mkpasswd -m sha-512 | sudo tee /etc/nixos/secrets/john/password.hash -sudo chmod 600 /etc/nixos/secrets/john/password.hash +sudo mkdir -p /etc/nixos/secrets/ +sudo chmod 700 /etc/nixos/secrets/ +mkpasswd -m sha-512 | sudo tee /etc/nixos/secrets//password.hash +sudo chmod 600 /etc/nixos/secrets//password.hash ``` ### Setup MangoWC diff --git a/flake.nix b/flake.nix index e8f591a..f792485 100644 --- a/flake.nix +++ b/flake.nix @@ -43,7 +43,7 @@ usernameValid = builtins.match "^[a-z_][a-z0-9_]*$" username != null && builtins.match "^_+$" username == null - && builtins.match "^nix" username == null + && builtins.match "^nix.*" username == null && username != "root"; hostConfig = (./hosts + "/${hostname}") + "/hardware-configuration.nix"; passwordHashPath = "/etc/nixos/secrets/${username}/password.hash"; -- 2.49.1 From d2981b67416848cd6e25bfd89ba153a9222a3571 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Feb 2026 21:00:23 +0000 Subject: [PATCH 11/13] Simplify host config path Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com> --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index f792485..c5f4752 100644 --- a/flake.nix +++ b/flake.nix @@ -45,7 +45,7 @@ && builtins.match "^_+$" username == null && builtins.match "^nix.*" username == null && username != "root"; - hostConfig = (./hosts + "/${hostname}") + "/hardware-configuration.nix"; + hostConfig = ./hosts + "/${hostname}/hardware-configuration.nix"; passwordHashPath = "/etc/nixos/secrets/${username}/password.hash"; specialArgs = { inherit inputs system hostname username usernameValid passwordHashPath; }; -- 2.49.1 From 3d1018dcc32d1508cde7558dfad0a3ab74e07b3a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Feb 2026 21:00:58 +0000 Subject: [PATCH 12/13] Clarify password hash docs Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com> --- README.md | 2 +- modules/common.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6a6ae97..7eac3a9 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ Defaults are set in `flake.nix` and used across modules. Update them there: | `time.timeZone` | `America/New_York` | `modules/common.nix` | | `i18n.defaultLocale` | `en_US.UTF-8` | `modules/common.nix` | -Rename the default `hosts/atlas/` directory to match your hostname (e.g., `hosts/desktop/`). After renaming the directory, update the `hostname` value in `flake.nix` to match. The flake uses it to locate `hosts//hardware-configuration.nix`. +Update the `hostname` value in `flake.nix` to match your machine. Then rename the default `hosts/atlas/` directory to the same value (e.g., `hosts/desktop/`). The flake uses it to locate `hosts//hardware-configuration.nix`. ### 3. Stage Files in Git diff --git a/modules/common.nix b/modules/common.nix index ec6f24e..ac3b882 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -117,7 +117,7 @@ isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "video" "seat" ]; # IMPORTANT: Generate a password hash with: mkpasswd -m sha-512 - # Save it to the path below (ensure permissions are 600) + # Save it to the path defined in flake.nix (ensure permissions are 600) hashedPasswordFile = passwordHashPath; packages = with pkgs; [ # -- Noctalia Shell -- -- 2.49.1 From 2f4cbd863a67ccb1a2d4cd1891d2b15ccebc4059 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 1 Feb 2026 21:01:25 +0000 Subject: [PATCH 13/13] Assert host config exists Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com> --- flake.nix | 3 ++- modules/common.nix | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index c5f4752..448218a 100644 --- a/flake.nix +++ b/flake.nix @@ -45,7 +45,8 @@ && builtins.match "^_+$" username == null && builtins.match "^nix.*" username == null && username != "root"; - hostConfig = ./hosts + "/${hostname}/hardware-configuration.nix"; + hostConfig = assert builtins.pathExists (./hosts + "/${hostname}/hardware-configuration.nix"); + ./hosts + "/${hostname}/hardware-configuration.nix"; passwordHashPath = "/etc/nixos/secrets/${username}/password.hash"; specialArgs = { inherit inputs system hostname username usernameValid passwordHashPath; }; diff --git a/modules/common.nix b/modules/common.nix index ac3b882..20b71a3 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -117,7 +117,7 @@ isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "video" "seat" ]; # IMPORTANT: Generate a password hash with: mkpasswd -m sha-512 - # Save it to the path defined in flake.nix (ensure permissions are 600) + # Save it to /etc/nixos/secrets/${username}/password.hash (ensure permissions are 600) hashedPasswordFile = passwordHashPath; packages = with pkgs; [ # -- Noctalia Shell -- -- 2.49.1