From e9842c73cbd5d75a29ab6dfbe50161999cc8d16f Mon Sep 17 00:00:00 2001 From: ska Date: Mon, 22 Dec 2025 15:34:09 +0000 Subject: [PATCH] Update configuration.nix --- configuration.nix | 99 ++++++++++++++++++++++++++++------------------- 1 file changed, 59 insertions(+), 40 deletions(-) diff --git a/configuration.nix b/configuration.nix index 698dc10..d1b2105 100644 --- a/configuration.nix +++ b/configuration.nix @@ -41,7 +41,7 @@ }; ############################################################ - # FIRMWARE – WIDE HARDWARE SUPPORT + # FIRMWARE ############################################################ hardware.enableAllFirmware = true; @@ -51,7 +51,7 @@ hardware.cpu.amd.updateMicrocode = true; ############################################################ - # FILESYSTEMS – BASED ON LABELS + # FILESYSTEMS ############################################################ fileSystems."/" = { @@ -65,7 +65,7 @@ }; ############################################################ - # NETWORKING + # NETWORKING / LOCALE ############################################################ networking.networkmanager.enable = true; @@ -82,7 +82,7 @@ services.blueman.enable = true; ############################################################ - # DESKTOP – GNOME + # DESKTOP ############################################################ services.displayManager.gdm.enable = true; @@ -90,7 +90,7 @@ services.libinput.enable = true; ############################################################ - # AUDIO – PIPEWIRE + # AUDIO ############################################################ services.pulseaudio.enable = false; @@ -133,12 +133,6 @@ curl wget openssh - - gnomeExtensions.apps - gnomeExtensions.window-list - gnomeExtensions.dock-from-dash - gnomeExtensions.places-status-indicator - obsidian libreoffice keepassxc @@ -152,55 +146,92 @@ programs.firefox.enable = true; ############################################################ - # GIT AUTO‑UPDATE SCRIPT + # PORTABLE USB‑ROOT LOSS → SHUTDOWN + ############################################################ + + systemd.services.shutdown-on-root-usb-loss = { + description = "Shutdown if USB device backing / disappears"; + wantedBy = [ "multi-user.target" ]; + after = [ "local-fs.target" ]; + + serviceConfig = { + Type = "simple"; + ExecStart = pkgs.writeShellScript "watch-root-usb" '' + set -e + + ROOT_SRC="$(findmnt -n -o SOURCE / || true)" + [ -z "$ROOT_SRC" ] && exit 0 + + if [[ "$ROOT_SRC" == /dev/dm-* ]]; then + PARENT="$(lsblk -no PKNAME "$ROOT_SRC")" + ROOT_DEV="/dev/$PARENT" + else + ROOT_DEV="$ROOT_SRC" + fi + + TRAN="$(lsblk -no TRAN "$ROOT_DEV" || true)" + [ "$TRAN" != "usb" ] && exec sleep infinity + + DEV_NAME="$(basename "$ROOT_DEV")" + + while [ -e "/sys/class/block/$DEV_NAME" ]; do + sleep 1 + done + + systemctl poweroff + ''; + Restart = "no"; + }; + }; + + ############################################################ + # KERNEL FAILSAFE + ############################################################ + + boot.kernel.sysctl = { + "kernel.panic" = 5; + "kernel.panic_on_oops" = 1; + }; + + ############################################################ + # GIT AUTO‑UPDATE ############################################################ environment.etc."update-nixos-config.sh".text = '' #!/run/current-system/sw/bin/bash set -e - # Ensure all system tools are available export PATH="/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin" export NIX_PATH="nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" LOCAL_PATH="/var/lib/nixos-config" - REPO_URL="https://git.skarockoi.de/ska/nixos-production.git " + REPO_URL="https://git.skarockoi.de/ska/nixos-production.git" if [ ! -d "$LOCAL_PATH/.git" ]; then mkdir -p "$LOCAL_PATH" chmod 700 "$LOCAL_PATH" - echo "Cloning config from $REPO_URL..." git clone "$REPO_URL" "$LOCAL_PATH" else cd "$LOCAL_PATH" - echo "Fetching updates..." git fetch origin - LOCAL_HEAD=$(git rev-parse HEAD) - REMOTE_HEAD=$(git rev-parse origin/main) - if [ "$LOCAL_HEAD" != "$REMOTE_HEAD" ]; then - echo "New config available. Updating..." + if [ "$(git rev-parse HEAD)" != "$(git rev-parse origin/main)" ]; then git reset --hard origin/main nixos-rebuild switch -I nixos-config="$LOCAL_PATH/configuration.nix" - echo "System updated successfully." - else - echo "Config is already up to date." fi fi ''; environment.etc."update-nixos-config.sh".mode = "0700"; systemd.services.nixos-git-update = { - description = "Update NixOS from public Git config"; + description = "Update NixOS from Git"; script = "/etc/update-nixos-config.sh"; serviceConfig = { Type = "oneshot"; User = "root"; - Group = "root"; }; }; systemd.timers.nixos-git-update = { - description = "Check for config updates at startup"; wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = "60s"; @@ -208,25 +239,13 @@ }; ############################################################ - # USB OPTIMIZATIONS + # SWAP ############################################################ zramSwap.enable = true; ############################################################ - # USB ROOT DEVICE MONITOR (SHUTDOWN ON DISCONNECT) - ############################################################ - - # Monitor root device removal and shut down - services.udev.extraRules = '' - # Match the root filesystem device by label (or use PARTLABEL/UUID if preferred) - KERNEL=="sd*", ENV{ID_FS_LABEL}=="nixos-root", SYMLINK+="nixos-root-device" - # Trigger when the root device is removed - ACTION=="remove", KERNEL=="sd*", ENV{ID_FS_LABEL}=="nixos-root", RUN+="/run/current-system/sw/bin/systemctl poweroff" - ''; - - ############################################################ - # NIXOS VERSION + # VERSION ############################################################ system.stateVersion = "25.11";