Make disko usage easier

Also fix some bugs.

README.md

@@ -4,7 +4,7 @@ This Nix flake is used to manage:
 - my work laptop (an Apple M2 Macbook Air)
 - my NixOS desktop
 
-For the configuration of my other desktop hosts running either [AlpineLinux](https://alpinelinux.org) or [ChimeraLinux](https://chimera-linux.org/), see [dotfiles-ansible](/folliehiyuki/dotfiles-ansible) and [sysconfig](/folliehiyuki/sysconfig) repositories.
+For the configuration of my other desktop hosts running either [AlpineLinux](https://alpinelinux.org) or [ChimeraLinux](https://chimera-linux.org/), see [dotfiles-ansible](/folliehiyuki/dotfiles-ansible) repository.
 
 <!--toc:start-->
 ## Table of Content
@@ -32,16 +32,26 @@ nix build .#darwinConfigurations.hoangnguyenhuy.system
 
 The NixOS host is set up with `tmpfs` root, so a few prerequisite steps are needed before `nixos-install` can be executed:
 ```bash
-# Partition the targeted disk and mount to /mnt
+# Destroy, partition, format the targeted disk and mount them to /mnt
+nix build .#nixosConfigurations.aragorn.config.system.build.diskoScript
+./result
+# Alternatively, the original `disko` toplevel script can be invoked via nix run
+nix run .#disko -- --mode disko --flake .#aragorn
 
 # Generate SSH key pairs
 # Update .sops.yaml file with this new key, and run `sops updatekeys` for the host secrets
-mkdir -m 0755 -p /mnt/nix/persist/etc/ssh
-ssh-keygen -t rsa -b 4096 -C root@aragorn -f /mnt/nix/persist/etc/ssh/ssh_host_rsa_key
-ssh-keygen -t ed25519 -C root@aragorn -f /mnt/nix/persist/etc/ssh/ssh_host_ed25519_key
+mkdir -m 0755 -p /mnt/persist/etc/ssh
+ssh-keygen -t rsa -b 4096 -C root@aragorn -f /mnt/persist/etc/ssh/ssh_host_rsa_key
+ssh-keygen -t ed25519 -C root@aragorn -f /mnt/persist/etc/ssh/ssh_host_ed25519_key
 
 # Generate a machine-id file (should be confidential :v)
-systemd-machine-id-setup --root /mnt/nix/persist/
+systemd-machine-id-setup --root /mnt/persist/
+
+# Now install the NixOS system
+nixos-install --flake .#aragorn
+
+# Reconfigure the installed system in the future
+nixos-rebuild switch --flake .#aragorn
 ```
 
 ## Credits

flake/apps.nix

@@ -0,0 +1,8 @@
+_: {
+  perSystem = { inputs', ... }: {
+    apps.disko = {
+      type = "app";
+      program = "${inputs'.disko.packages.disko}/bin/disko";
+    };
+  };
+}

home-manager/default.nix

@@ -6,9 +6,6 @@
     extraSpecialArgs = { inherit inputs; };
     backupFileExtension = "old";
 
-    sharedModules = with inputs; (self.lib.listModuleDirsRecursive ./.) ++ [
-      nix-index-database.hmModules.nix-index
-      sops-nix.homeManagerModules.sops
-    ];
+    sharedModules = inputs.self.lib.listModuleDirsRecursive ./.;
   };
 }

home-manager/programs/gallery-dl/default.nix

@@ -30,8 +30,8 @@ in
       nitter = {
         filename = "{tweet_id}_{num}.{extension}";
         directory = [ "twitter" "{user[name]}" ];
-        quoted = extractor.twitter.quoted;
-        videos = extractor.twitter.videos;
+        inherit (extractor.twitter) quoted;
+        inherit (extractor.twitter) videos;
 
         "nitter.absturztau.be" = { root = "https://nitter.absturztau.be"; };
       };
@@ -67,8 +67,8 @@ in
       };
 
       mangahere = {
-        chapter-filter = extractor.mangafox.chapter-filter;
-        directory = extractor.mangadex.directory;
+        inherit (extractor.mangafox) chapter-filter;
+        inherit (extractor.mangadex) directory;
       };
 
       mangakakalot = extractor.mangahere;

hosts/aragorn/hardware.nix

@@ -1,4 +1,4 @@
-{ config, lib, ... }: {
+{ config, ... }: {
   boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
   boot.kernelModules = [ "kvm-amd" ];
   boot.supportedFilesystems = [ "zfs" ];
@@ -35,6 +35,7 @@
               type = "filesystem";
               format = "vfat";
               mountpoint = "/boot";
+              mountOptions = [ "umask=0077" ];
             };
           };
           luks = {

hosts/aragorn/users/default.nix

@@ -1,6 +1,6 @@
 { config, pkgs, ... }:
 let
-  secrets = config.sops.secrets;
+  inherit (config.sops) secrets;
 in
 {
   sops.secrets = {

nixos/default.nix

@@ -9,8 +9,10 @@
   documentation.man.generateCaches = true;
 
   # cgroups isn't available on MacOS
-  nix.use-cgroups = true;
-  nix.settings.experimental-features = [ "cgroups" ];
+  nix.settings = {
+    use-cgroups = true;
+    experimental-features = [ "cgroups" ];
+  };
 
   nix.gc = {
     automatic = true;