1 files changed, 64 insertions, 76 deletions

diff --git a/nixos/kusanagi.nix b/nixos/kusanagi.nix
index 4b75489..59d0eee 100644
--- a/nixos/kusanagi.nix
+++ b/nixos/kusanagi.nix
@@ -4,102 +4,90 @@
 { config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-    ./common.nix
-    #./kde.nix
-    ./icewm.nix
-    #./gnome.nix
-  ];
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+      ./common.nix
+      ./icewm.nix
+    ];
 
   networking.hostName = "kusanagi";
+  networking.hostId = "b807fe35";
 
-  # Use systemd-boot
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  boot.initrd.availableKernelModules =
-    [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  specialisation = {
-    # Old computer challenge
-    tiny.configuration = {
-      boot.kernelParams = [
-        "maxcpus=1"
-        "mem=512M"
-      ];
-      powerManagement.cpuFreqGovernor = "powersave";
-    };
-  };
-
   boot.initrd.luks.devices = {
-    crypted = {
-      device = "/dev/disk/by-uuid/e3271725-effb-4b00-a5d4-8a7a64f55420";
+    lukszfs = {
+      device = "/dev/disk/by-uuid/90f30f15-3ee3-4a15-bab6-36fb31630e2a";
       allowDiscards = true;
     };
   };
 
+  # ---- standard filesystems ----
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/E2FA-FB92";
+      fsType = "vfat";
+    };
+
+  fileSystems."/home" =
+    { device = "kusanagi/nixos/home";
+      fsType = "zfs";
+      neededForBoot = true; # because contains password files used below
+    };
+
+  fileSystems."/nix" =
+    { device = "kusanagi/nixos/nix";
+      fsType = "zfs";
+    };
+
+  swapDevices = [ ];
+
+  # ---- tmpfs root filesystem with special persisted directory ----
+
   fileSystems."/" = {
-    device = "/dev/disk/by-uuid/2f606c6b-8009-4158-b367-2e0cf1a57ade";
-    fsType = "ext4";
-    options = [ "discard" ];
+    device = "none";
+    fsType = "tmpfs";
+    options = [ "defaults" "size=4G" "mode=755" ];
   };
 
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/0143-7D54";
-    fsType = "vfat";
-  };
+  fileSystems."/persist" =
+    { device = "kusanagi/nixos/persist";
+      fsType = "zfs";
+      neededForBoot = true;  # because contains /var/log
+    };
 
-  fileSystems."/home" = {
-    device = "/dev/disk/by-uuid/f955ce34-f25e-4abf-8732-bcf17465f78c";
-    fsType = "ext4";
-    options = [ "discard" ];
-  };
+  environment.etc."machine-id".source = "/persist/etc/machine-id";
 
-  swapDevices =
-    [{ device = "/dev/disk/by-uuid/c78cfb77-75ee-4aae-9b24-b91f8eebb7c2"; }];
+  fileSystems."/etc/NetworkManager/system-connections" =
+    { device = "/persist/etc/NetworkManager/system-connections";
+      fsType = "none";
+      depends = [ "/persist" "/mnt-root/persist" ];
+      options = [ "bind" ];
+    };
 
-  # Nix-serve for friends on local network
-  services.nix-serve = {
-    enable = true;
-    secretKeyFile = "/var/lib/nix-serve/cache-priv-key.pem";
-  };
-  services.nginx = {
-	enable = true;
-	recommendedProxySettings = true;
-	virtualHosts = {
-	  "adnab.local" = {
-		locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
-	  };
-	};
-  };
-  networking.extraHosts = ''
-    127.0.0.1 adnab.local
-  '';
-
-  # Docker
-  virtualisation.docker.enable = true;
-  users.users.lx.extraGroups = [ "docker" ];
-  environment.systemPackages = with pkgs; [
-    docker-compose
-  ];
-
-  # Printer
-  services.printing.drivers = [ pkgs.cups-brother-hl1210w ];
-
-  networking.firewall.allowedTCPPorts = [
-    80    # nginx
-    57890 # troop
-  ];
-  networking.firewall.allowedUDPPorts = [
-    57890 # troop
-  ];
+  fileSystems."/var/log" =
+    { device = "/persist/var/log";
+      fsType = "none";
+      depends = [ "/persist" "/mnt-root/persist" ];
+      options = [ "bind" ];
+    };
+
+  # ---- immutable user config for tmpfs root ----
+
+  users.mutableUsers = false;
+  users.users.lx.passwordFile = "/home/lx/.password";
+
+  # ----
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  #powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-  hardware.cpu.intel.updateMicrocode =
-    lib.mkDefault config.hardware.enableRedistributableFirmware;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }