gefährlcihe update maybe ?
This commit is contained in:
@@ -2,24 +2,20 @@
|
|||||||
|
|
||||||
{
|
{
|
||||||
############################################################
|
############################################################
|
||||||
# BOOTLOADER - GRUB
|
# BOOTLOADER - SYSTEMD-BOOT (USB FRIENDLY)
|
||||||
############################################################
|
############################################################
|
||||||
|
|
||||||
boot.loader.grub = {
|
boot.loader.systemd-boot.enable = true;
|
||||||
enable = true;
|
|
||||||
device = "nodev";
|
|
||||||
efiSupport = true;
|
|
||||||
efiInstallAsRemovable = true;
|
|
||||||
useOSProber = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.loader.efi = {
|
boot.loader.efi = {
|
||||||
canTouchEfiVariables = false;
|
canTouchEfiVariables = false;
|
||||||
efiSysMountPoint = "/boot";
|
efiSysMountPoint = "/boot";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.configurationLimit = 5;
|
||||||
|
|
||||||
############################################################
|
############################################################
|
||||||
# INITRD - HARDWARE-AGNOSTIC + LUKS
|
# INITRD - HARDWARE-AGNOSTIC + FRAMEBUFFER FALLBACK + LUKS
|
||||||
############################################################
|
############################################################
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [
|
boot.initrd.availableKernelModules = [
|
||||||
@@ -32,16 +28,29 @@
|
|||||||
"sr_mod"
|
"sr_mod"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# Explicit graphics fallback for unknown hardware
|
||||||
|
boot.initrd.kernelModules = [
|
||||||
|
"i915"
|
||||||
|
"amdgpu"
|
||||||
|
"nouveau"
|
||||||
|
];
|
||||||
|
|
||||||
boot.kernelModules = [];
|
boot.kernelModules = [];
|
||||||
|
|
||||||
|
boot.kernelParams = [
|
||||||
|
"i8042.noaux"
|
||||||
|
"i8042.nomux"
|
||||||
|
"i8042.nopnp"
|
||||||
|
];
|
||||||
|
|
||||||
boot.initrd.luks.devices.root = {
|
boot.initrd.luks.devices.root = {
|
||||||
device = "/dev/disk/by-partlabel/nixos-crypt";
|
device = "/dev/disk/by-partlabel/nixos-crypt";
|
||||||
preLVM = true;
|
preLVM = true;
|
||||||
allowDiscards = true;
|
allowDiscards = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.plymouth.enable = true;
|
|
||||||
boot.initrd.systemd.enable = true;
|
boot.initrd.systemd.enable = true;
|
||||||
|
boot.plymouth.enable = true;
|
||||||
|
|
||||||
############################################################
|
############################################################
|
||||||
# FIRMWARE - WIDE HARDWARE SUPPORT
|
# FIRMWARE - WIDE HARDWARE SUPPORT
|
||||||
@@ -54,12 +63,17 @@
|
|||||||
hardware.cpu.amd.updateMicrocode = true;
|
hardware.cpu.amd.updateMicrocode = true;
|
||||||
|
|
||||||
############################################################
|
############################################################
|
||||||
# FILESYSTEMS - BASED ON LABELS
|
# FILESYSTEMS - USB LONGEVITY
|
||||||
############################################################
|
############################################################
|
||||||
|
|
||||||
fileSystems."/" = {
|
fileSystems."/" = {
|
||||||
device = "/dev/disk/by-label/nixos-root";
|
device = "/dev/disk/by-label/nixos-root";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
|
options = [
|
||||||
|
"noatime"
|
||||||
|
"nodiratime"
|
||||||
|
"discard"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
fileSystems."/boot" = {
|
||||||
@@ -68,7 +82,7 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
############################################################
|
############################################################
|
||||||
# NETWORKING
|
# NETWORKING / LOCALE
|
||||||
############################################################
|
############################################################
|
||||||
|
|
||||||
networking.networkmanager.enable = true;
|
networking.networkmanager.enable = true;
|
||||||
@@ -113,9 +127,11 @@
|
|||||||
services.printing.enable = true;
|
services.printing.enable = true;
|
||||||
|
|
||||||
############################################################
|
############################################################
|
||||||
# USER
|
# USERS
|
||||||
############################################################
|
############################################################
|
||||||
|
|
||||||
|
users.mutableUsers = true;
|
||||||
|
|
||||||
users.users.user = {
|
users.users.user = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = "user";
|
description = "user";
|
||||||
@@ -139,7 +155,7 @@
|
|||||||
|
|
||||||
gnomeExtensions.dash-in-panel
|
gnomeExtensions.dash-in-panel
|
||||||
gnomeExtensions.dash-to-panel
|
gnomeExtensions.dash-to-panel
|
||||||
|
|
||||||
obsidian
|
obsidian
|
||||||
libreoffice
|
libreoffice
|
||||||
keepassxc
|
keepassxc
|
||||||
@@ -160,7 +176,6 @@
|
|||||||
#!/run/current-system/sw/bin/bash
|
#!/run/current-system/sw/bin/bash
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# Ensure all system tools are available
|
|
||||||
export PATH="/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin"
|
export PATH="/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin"
|
||||||
export NIX_PATH="nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
|
export NIX_PATH="nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
|
||||||
|
|
||||||
@@ -170,21 +185,15 @@
|
|||||||
if [ ! -d "$LOCAL_PATH/.git" ]; then
|
if [ ! -d "$LOCAL_PATH/.git" ]; then
|
||||||
mkdir -p "$LOCAL_PATH"
|
mkdir -p "$LOCAL_PATH"
|
||||||
chmod 700 "$LOCAL_PATH"
|
chmod 700 "$LOCAL_PATH"
|
||||||
echo "Cloning config from $REPO_URL..."
|
|
||||||
git clone "$REPO_URL" "$LOCAL_PATH"
|
git clone "$REPO_URL" "$LOCAL_PATH"
|
||||||
else
|
else
|
||||||
cd "$LOCAL_PATH"
|
cd "$LOCAL_PATH"
|
||||||
echo "Fetching updates..."
|
|
||||||
git fetch origin
|
git fetch origin
|
||||||
LOCAL_HEAD=$(git rev-parse HEAD)
|
LOCAL_HEAD=$(git rev-parse HEAD)
|
||||||
REMOTE_HEAD=$(git rev-parse origin/main)
|
REMOTE_HEAD=$(git rev-parse origin/main)
|
||||||
if [ "$LOCAL_HEAD" != "$REMOTE_HEAD" ]; then
|
if [ "$LOCAL_HEAD" != "$REMOTE_HEAD" ]; then
|
||||||
echo "New config available. Updating..."
|
|
||||||
git reset --hard origin/main
|
git reset --hard origin/main
|
||||||
nixos-rebuild switch -I nixos-config="$LOCAL_PATH/configuration.nix"
|
nixos-rebuild switch -I nixos-config="$LOCAL_PATH/configuration.nix"
|
||||||
echo "System updated successfully."
|
|
||||||
else
|
|
||||||
echo "Config is already up to date."
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
@@ -197,6 +206,10 @@
|
|||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
User = "root";
|
User = "root";
|
||||||
Group = "root";
|
Group = "root";
|
||||||
|
TimeoutStartSec = "10min";
|
||||||
|
Restart = "on-failure";
|
||||||
|
StandardOutput = "journal";
|
||||||
|
StandardError = "journal";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -214,6 +227,17 @@
|
|||||||
|
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
|
|
||||||
|
boot.tmp.useTmpfs = true;
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# JOURNALD LIMITS (FLASH FRIENDLY)
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
services.journald.extraConfig = ''
|
||||||
|
SystemMaxUse=200M
|
||||||
|
RuntimeMaxUse=50M
|
||||||
|
'';
|
||||||
|
|
||||||
############################################################
|
############################################################
|
||||||
# NIXOS VERSION
|
# NIXOS VERSION
|
||||||
############################################################
|
############################################################
|
||||||
|
|||||||
Reference in New Issue
Block a user