(impermanence): Update 2

6 files changed, 30 insertions, 24 deletions

diff --git a/disko.sh b/disko.sh
index 7c1296b..b173e77 100755
--- a/disko.sh
+++ b/disko.sh
@@ -3,4 +3,4 @@
 sudo nix \
   --experimental-features "nix-command flakes" \
   run github:nix-community/disko -- --mode disko ./disko.nix \
-  --arg device "/dev/nvme0n1"
+  --arg device '"/dev/nvme0n1"'
diff --git a/flake.nix b/flake.nix
index 27bd53d..ab858e1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -32,7 +32,7 @@
         specialArgs = { inherit inputs; };
         modules = [
           inputs.disko.nixosModules.default
-          (import ./disko.nix { device = "/dev/vda"; })
+          (import ./disko.nix { device = "/dev/nvme0n1"; })
 
           ./machines/x/configuration.nix
 
diff --git a/machines/x/configuration.nix b/machines/x/configuration.nix
index 82db98f..64da9ac 100644
--- a/machines/x/configuration.nix
+++ b/machines/x/configuration.nix
@@ -26,8 +26,16 @@
     "wm_utils.nix"
   ]);
 
-  boot.loader.grub.enable = true;
-  boot.loader.grub.efiSupport = true;
+  boot.loader = {
+    efi = {
+      canTouchEfiVariables = true;
+    };
+    grub = {
+      enable = true;
+      efiSupport = true;
+      device = "/dev/nvme0n1";
+    };
+  };
 
   boot.initrd.postDeviceCommands = lib.mkAfter ''
     mkdir /btrfs_tmp
@@ -54,19 +62,6 @@
     umount /btrfs_tmp
   '';
 
-  boot.extraModprobeConfig = "options kvm_amd nested=1";
-
-  nixpkgs.config.allowUnfree = true;
-  nixpkgs.config.allowUnfreePredicate = _: true;
-
-  services.fstrim.enable = true;
-
-  networking.hostName = "x";
-
-  environment.variables = {
-    XCURSOR_SIZE = "16";
-  };
-
   fileSystems."/persist".neededForBoot = true;
   environment.persistence."/persist/system" = {
     hideMounts = true;
@@ -77,18 +72,29 @@
       "/var/lib/nixos"
       "/var/lib/systemd/coredump"
       "/etc/NetworkManager/system-connections"
-      { directory = "/var/lib/colord"; user = "colord"; group = "colord"; mode = "u=rwx,g=rx,o="; }
     ];
     files = [
       "/etc/machine-id"
-      "/etc/shadow"
       { file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
     ];
   };
 
+  boot.extraModprobeConfig = "options kvm_amd nested=1";
+
+  nixpkgs.config.allowUnfree = true;
+  nixpkgs.config.allowUnfreePredicate = _: true;
+
+  services.fstrim.enable = true;
+
+  networking.hostName = "x";
+
+  environment.variables = {
+    XCURSOR_SIZE = "16";
+  };
+
   programs.fuse.userAllowOther = true;
   home-manager = {
-    extraSpecialArgs = {inherit inputs;};
+    extraSpecialArgs = { inherit inputs; };
     users = {
       "compromyse" = import ./home.nix;
     };
diff --git a/machines/x/hardware-configuration.nix b/machines/x/hardware-configuration.nix
index 7d34b69..39216b4 100644
--- a/machines/x/hardware-configuration.nix
+++ b/machines/x/hardware-configuration.nix
@@ -8,8 +8,8 @@
     [ (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" ];
-  boot.initrd.kernelModules = [ ];
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
diff --git a/modules/compromyse.nix b/modules/compromyse.nix
index a19b643..779a300 100644
--- a/modules/compromyse.nix
+++ b/modules/compromyse.nix
@@ -2,7 +2,7 @@
 
 {
   users.users.compromyse = {
-    initialPassword = "changeme";
+    hashedPassword = "$y$j9T$QfsPs3aK5iQOzctkQglAp1$00VuaoJthM6hNxnoMsx58CbI3rsFDem5xtsKqPRfy4C";
     isNormalUser = true;
     # openssh.authorizedKeys.keys = [];
     extraGroups = [ "wheel" "video" "storage" "input" "plugdev" "libvirtd" "docker" "kvm" ];
diff --git a/packages/dwl.nix b/packages/dwl.nix
index e5313a6..c0e1586 100644
--- a/packages/dwl.nix
+++ b/packages/dwl.nix
@@ -27,7 +27,7 @@ stdenv.mkDerivation (finalAttrs: {
     owner = "compromyse";
     repo = "dwl";
     rev = "compromyse";
-    hash = "sha256-wEaDA7VJhkYkSf88GcxjrIAp+iEc+/vnszufz9NU1h4=";
+    hash = "sha256-P9ieyKFBk+ROm+DzXOGmu05nYg0aoqhF9vRl8LpChg0=";
   };
 
   nativeBuildInputs = [