From 18dca35839263fdc7882b5a15b18b4aa056e157f Mon Sep 17 00:00:00 2001
From: ska <ska@noreply.git.skarockoi.de>
Date: Fri, 19 Dec 2025 23:15:48 +0000
Subject: [PATCH] Update configuration.nix

---
 configuration.nix | 112 ++++++++++++----------------------------------
 1 file changed, 28 insertions(+), 84 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index faf998a..b1305ff 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -4,21 +4,40 @@ let
   gitLocalPath = "/var/lib/nixos-config";
 in
 {
-  imports = [ ./hardware-configuration.nix ];
+  # NO hardware configuration import - we handle boot and filesystems directly
   
-  # Critical boot settings
+  # Generic boot settings for any UEFI system
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
+  boot.supportedFilesystems = [ "vfat" "ext4" "crypto_LUKS" ];
   
-  # Keep QEMU profile for testing, but make it work on physical hardware too
+  # Generic kernel modules for most hardware
   boot.initrd.availableKernelModules = [ 
-    "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "usb_storage" "sd_mod" "sr_mod"
+    "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod"
+    "usbhid" "hid_generic" "nvme"
   ];
-  boot.kernelModules = [ "kvm-intel" ];
   
+  # Filesystem setup using device paths that work for most USB installations
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+  
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+    options = [ "fmask=0077" "dmask=0077" ];
+  };
+  
+  # LUKS encryption setup (will be set up during installation)
+  boot.initrd.luks.devices."root" = {
+    device = "/dev/disk/by-label/luks";
+    preLVM = true;
+  };
+  
+  # Your existing configuration below (unchanged)
   networking.hostName = "nixos-usb";
   networking.networkmanager.enable = true;
-  
   time.timeZone = "Europe/Berlin";
   i18n.defaultLocale = "de_DE.UTF-8";
   i18n.extraLocaleSettings = {
@@ -40,7 +59,6 @@ in
   services.xserver.libinput.enable = true;
   console.keyMap = "de";
   
-  # Audio setup
   services.pulseaudio.enable = false;
   security.rtkit.enable = true;
   services.pipewire = {
@@ -52,29 +70,21 @@ in
   
   services.printing.enable = true;
   
-  # User setup
   users.users.user = {
     isNormalUser = true;
     description = "user";
-    extraGroups = [ "networkmanager" "wheel" "audio" "video" "disk" ];
+    extraGroups = [ "networkmanager" "wheel" ];
     shell = pkgs.bash;
   };
   
-  # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
   
-  # Essential packages
   environment.systemPackages = with pkgs; [
     git
     vim
     curl
     wget
     openssh
-    rsync
-    pciutils
-    usbutils
-    gparted
-    gnome-disk-utility
     obsidian
     libreoffice
     keepassxc
@@ -86,48 +96,11 @@ in
     epiphany
     gnomeExtensions.gsconnect
     gnomeExtensions.dash-to-dock
-    file
-    psmisc
-    lsof
-    strace
   ];
   
   programs.firefox.enable = true;
   
-  # First-boot setup script with proper PATH setup
-  environment.etc."first-boot-setup.sh".text = ''
-    #!/run/current-system/sw/bin/bash
-    set -e
-    
-    if [ ! -f /var/lib/nixos-firstboot-done ]; then
-      echo "=== First boot setup for cloned NixOS USB ==="
-      
-      # Generate new machine-id
-      echo "Generating new machine ID..."
-      rm -f /etc/machine-id /var/lib/dbus/machine-id 2>/dev/null || true
-      systemd-machine-id-setup
-      
-      # Regenerate hardware configuration for this machine
-      echo "Detecting hardware configuration..."
-      nixos-generate-config --root / --no-filesystems
-      
-      # Ensure proper permissions
-      chmod 700 /root
-      if [ -d /home/user ]; then
-        chmod 755 /home/user
-        chown -R user:user /home/user
-      fi
-      
-      # Mark first boot complete
-      mkdir -p /var/lib
-      touch /var/lib/nixos-firstboot-done
-      echo "First boot setup complete."
-    fi
-  '';
-  
-  environment.etc."first-boot-setup.sh".mode = "0700";
-  
-  # Auto-update script
+  # Keep your auto-update script unchanged
   environment.etc."update-nixos-config.sh".text = ''
     #!/run/current-system/sw/bin/bash
     set -e
@@ -160,31 +133,9 @@ in
   
   environment.etc."update-nixos-config.sh".mode = "0700";
   
-  # First boot service with proper PATH
-  systemd.services.first-boot-setup = {
-    description = "One-time setup for cloned NixOS USB";
-    script = "/etc/first-boot-setup.sh";
-    path = with pkgs; [
-      systemd
-      git
-      nixos-install-tools  # Provides nixos-generate-config
-      coreutils
-      findutils
-      glibc
-    ];
-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = true;
-      ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib";
-    };
-    wantedBy = [ "multi-user.target" ];
-  };
-  
-  # Auto-update service
   systemd.services.nixos-git-update = {
-    description = "Update NixOS from Git config repository";
+    description = "Update NixOS from public Git config";
     script = "/etc/update-nixos-config.sh";
-    path = with pkgs; [ git nixos-install-tools coreutils ];
     serviceConfig = {
       Type = "oneshot";
       User = "root";
@@ -192,7 +143,6 @@ in
     };
   };
   
-  # Run updates hourly after boot
   systemd.timers.nixos-git-update = {
     description = "Check for config updates hourly";
     wantedBy = [ "timers.target" ];
@@ -202,11 +152,5 @@ in
     };
   };
   
-  # Udev rules for USB devices
-  services.udev.extraRules = ''
-    # Allow all users to mount USB devices
-    ACTION=="add", SUBSYSTEM=="block", ENV{ID_BUS}=="usb", MODE="0660", GROUP="disk"
-  '';
-  
   system.stateVersion = "25.11";
 }
\ No newline at end of file