summaryrefslogtreecommitdiff
path: root/nixos
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2023-10-03 15:24:27 +0200
committerAlex Auvolat <alex@adnab.me>2023-10-03 15:24:41 +0200
commit3b084286c97a75e8d2eb0ae06819bb5fd43bb8e9 (patch)
tree68198a4ca91f951b3207e993b62fba90eac3d1f2 /nixos
parentcd08dfe01827a78a7c77e2ced392ac0318c7f4a7 (diff)
downloaduser-config-3b084286c97a75e8d2eb0ae06819bb5fd43bb8e9.tar.gz
user-config-3b084286c97a75e8d2eb0ae06819bb5fd43bb8e9.zip
lindy: reinstall on zfs
Diffstat (limited to 'nixos')
-rw-r--r--nixos/lindy.nix100
1 files changed, 65 insertions, 35 deletions
diff --git a/nixos/lindy.nix b/nixos/lindy.nix
index 760b656..471026d 100644
--- a/nixos/lindy.nix
+++ b/nixos/lindy.nix
@@ -11,7 +11,13 @@
];
networking.hostName = "lindy";
- networking.hostId = "00000000";
+ networking.hostId = "b8149765";
+
+ # Driver config
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
+ boot.initrd.kernelModules = [ "dm-snapshot" ];
+ boot.kernelModules = [ "kvm-intel" "wl" ];
+ boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
# ZFS config
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
@@ -24,59 +30,83 @@
# Use Grub
boot.loader.grub.enable = true;
+ boot.loader.grub.efiSupport = true;
boot.loader.grub.device = "nodev";
boot.loader.grub.extraGrubInstallArgs = [ "--bootloader-id=NixOS" ];
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.efi.canTouchEfiVariables = true;
- boot.initrd.availableKernelModules =
- [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.kernelModules = [ "kvm-intel" "wl" ];
- boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
-
boot.initrd.luks.devices = {
cryptssd = {
- device = "/dev/disk/by-uuid/1b074a78-9116-420e-b872-7bf49ca10ce1";
+ device = "/dev/disk/by-uuid/a5aad0b3-fb8c-4711-80db-d8fdcc832f83";
allowDiscards = true;
};
};
+ fileSystems."/" =
+ { device = "none";
+ fsType = "tmpfs";
+ options = [ "defaults" "size=6G" "mode=755" ];
+ };
+
+ fileSystems."/var" =
+ { device = "lindy/nixos/var";
+ fsType = "zfs";
+ };
+
+ fileSystems."/home" =
+ { device = "lindy/home";
+ fsType = "zfs";
+ neededForBoot = true; # because contains password files used below
+ };
+
+ fileSystems."/nix" =
+ { device = "lindy/nixos/nix";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/b9f80731-ac5a-476e-9454-32fef4ebc40f";
+ fsType = "ext4";
+ options = [ "discard" ];
+ };
+
+ fileSystems."/boot/efi" =
+ { device = "/dev/disk/by-uuid/02D0-F1C6";
+ fsType = "vfat";
+ };
+
+ fileSystems."/root" = # /root contains the Borg cache for the backup script
+ { device = "/nix/persist/root";
+ fsType = "none";
+ options = [ "bind" ];
+ };
+
+ fileSystems."/etc/NetworkManager/system-connections" =
+ { device = "/nix/persist/etc/NetworkManager/system-connections";
+ fsType = "none";
+ options = [ "bind" ];
+ };
+
+ environment.etc."machine-id".source = "/nix/persist/etc/machine-id";
+
+ # ---- zonz (encrypted zfs) ----
+
environment.etc.crypttab = {
enable = true;
text = ''
-Kurisu UUID=f593d307-66cc-4586-a899-f1ca20d74430 /root/kurisu_key
-Kogami UUID=61534c91-df18-4c71-9244-54e677f5d4fa /root/kogami_key
+Kurisu UUID=f593d307-66cc-4586-a899-f1ca20d74430 /nix/persist/root/kurisu_key
+Kogami UUID=61534c91-df18-4c71-9244-54e677f5d4fa /nix/persist/root/kogami_key
'';
};
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/2e64e6fc-ab7c-4620-b56b-faee641bd2a6";
- fsType = "ext4";
- options = [ "discard" ];
- };
-
- fileSystems."/home" = {
- device = "/dev/disk/by-uuid/1ef4b6f4-975d-4e04-9d88-0640e83ed0b4";
- fsType = "ext4";
- options = [ "discard" ];
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/0728e7e5-8e21-44bd-9287-eb066d489a0e";
- fsType = "ext4";
- options = [ "discard" ];
- };
-
- fileSystems."/boot/efi" = {
- device = "/dev/disk/by-uuid/02D0-F1C6";
- fsType = "vfat";
- };
+ # ---- immutable user config ----
- swapDevices =
- [{ device = "/dev/disk/by-uuid/5950785a-9793-4d04-b791-8f4dbc497ec3"; }];
+ users.mutableUsers = false;
+ users.users.lx.passwordFile = "/home/lx/.password";
+ users.users.lx.uid = 1000;
- users.users.lx.home = "/home/lx.nix";
+ # ----
# Backup
services.cron.enable = true;