From a9e15c9f99de745b11b5a8b4277ce037a9230521 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 18 Jul 2023 23:15:40 +0200 Subject: add zinzin machine with rootless nixos on zfs (pretty nice config!) --- nixos/zinzin.nix | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ nixpkgs/zinzin.nix | 1 + 2 files changed, 94 insertions(+) create mode 100644 nixos/zinzin.nix create mode 120000 nixpkgs/zinzin.nix diff --git a/nixos/zinzin.nix b/nixos/zinzin.nix new file mode 100644 index 0000000..12e3d1f --- /dev/null +++ b/nixos/zinzin.nix @@ -0,0 +1,93 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ./common.nix + ./icewm.nix + ]; + + networking.hostName = "zinzin"; + networking.hostId = "304a68ef"; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.initrd.luks.devices = { + lukszfs = { + device = "/dev/disk/by-uuid/f75e45a4-dc1e-4f38-b2d8-3336ec3790ef"; + allowDiscards = true; + }; + }; + + # ---- standard filesystems ---- + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3BC8-460B"; + fsType = "vfat"; + }; + + fileSystems."/home" = + { device = "zinzin/nixos/home"; + fsType = "zfs"; + neededForBoot = true; # because contains password files used below + }; + + fileSystems."/nix" = + { device = "zinzin/nixos/nix"; + fsType = "zfs"; + }; + + swapDevices = [ ]; + + # ---- tmpfs root filesystem with special persisted directory ---- + + fileSystems."/" = { + device = "none"; + fsType = "tmpfs"; + options = [ "defaults" "size=4G" "mode=755" ]; + }; + + fileSystems."/persist" = + { device = "zinzin/nixos/persist"; + fsType = "zfs"; + neededForBoot = true; # because contains /var/log + }; + + environment.etc."machine-id".source = "/persist/etc/machine-id"; + + fileSystems."/etc/NetworkManager/system-connections" = + { device = "/persist/etc/NetworkManager/system-connections"; + fsType = "none"; + depends = [ "/persist" "/mnt-root/persist" ]; + options = [ "bind" ]; + }; + + fileSystems."/var/log" = + { device = "/persist/var/log"; + fsType = "none"; + depends = [ "/persist" "/mnt-root/persist" ]; + options = [ "bind" ]; + }; + + # ---- immutable user config for tmpfs root ---- + + users.mutableUsers = false; + users.users.lx.passwordFile = "/home/lx/.password"; + + # ---- + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixpkgs/zinzin.nix b/nixpkgs/zinzin.nix new file mode 120000 index 0000000..4d5015a --- /dev/null +++ b/nixpkgs/zinzin.nix @@ -0,0 +1 @@ +kusanagi.nix \ No newline at end of file -- cgit v1.2.3