From 3b084286c97a75e8d2eb0ae06819bb5fd43bb8e9 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 3 Oct 2023 15:24:27 +0200 Subject: lindy: reinstall on zfs --- nixos/lindy.nix | 100 ++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 65 insertions(+), 35 deletions(-) (limited to 'nixos') diff --git a/nixos/lindy.nix b/nixos/lindy.nix index 760b656..471026d 100644 --- a/nixos/lindy.nix +++ b/nixos/lindy.nix @@ -11,7 +11,13 @@ ]; networking.hostName = "lindy"; - networking.hostId = "00000000"; + networking.hostId = "b8149765"; + + # Driver config + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" "wl" ]; + boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; # ZFS config boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; @@ -24,59 +30,83 @@ # Use Grub boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; boot.loader.grub.device = "nodev"; boot.loader.grub.extraGrubInstallArgs = [ "--bootloader-id=NixOS" ]; boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.loader.efi.canTouchEfiVariables = true; - boot.initrd.availableKernelModules = - [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-intel" "wl" ]; - boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; - boot.initrd.luks.devices = { cryptssd = { - device = "/dev/disk/by-uuid/1b074a78-9116-420e-b872-7bf49ca10ce1"; + device = "/dev/disk/by-uuid/a5aad0b3-fb8c-4711-80db-d8fdcc832f83"; allowDiscards = true; }; }; + fileSystems."/" = + { device = "none"; + fsType = "tmpfs"; + options = [ "defaults" "size=6G" "mode=755" ]; + }; + + fileSystems."/var" = + { device = "lindy/nixos/var"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "lindy/home"; + fsType = "zfs"; + neededForBoot = true; # because contains password files used below + }; + + fileSystems."/nix" = + { device = "lindy/nixos/nix"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/b9f80731-ac5a-476e-9454-32fef4ebc40f"; + fsType = "ext4"; + options = [ "discard" ]; + }; + + fileSystems."/boot/efi" = + { device = "/dev/disk/by-uuid/02D0-F1C6"; + fsType = "vfat"; + }; + + fileSystems."/root" = # /root contains the Borg cache for the backup script + { device = "/nix/persist/root"; + fsType = "none"; + options = [ "bind" ]; + }; + + fileSystems."/etc/NetworkManager/system-connections" = + { device = "/nix/persist/etc/NetworkManager/system-connections"; + fsType = "none"; + options = [ "bind" ]; + }; + + environment.etc."machine-id".source = "/nix/persist/etc/machine-id"; + + # ---- zonz (encrypted zfs) ---- + environment.etc.crypttab = { enable = true; text = '' -Kurisu UUID=f593d307-66cc-4586-a899-f1ca20d74430 /root/kurisu_key -Kogami UUID=61534c91-df18-4c71-9244-54e677f5d4fa /root/kogami_key +Kurisu UUID=f593d307-66cc-4586-a899-f1ca20d74430 /nix/persist/root/kurisu_key +Kogami UUID=61534c91-df18-4c71-9244-54e677f5d4fa /nix/persist/root/kogami_key ''; }; - fileSystems."/" = { - device = "/dev/disk/by-uuid/2e64e6fc-ab7c-4620-b56b-faee641bd2a6"; - fsType = "ext4"; - options = [ "discard" ]; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/1ef4b6f4-975d-4e04-9d88-0640e83ed0b4"; - fsType = "ext4"; - options = [ "discard" ]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/0728e7e5-8e21-44bd-9287-eb066d489a0e"; - fsType = "ext4"; - options = [ "discard" ]; - }; - - fileSystems."/boot/efi" = { - device = "/dev/disk/by-uuid/02D0-F1C6"; - fsType = "vfat"; - }; + # ---- immutable user config ---- - swapDevices = - [{ device = "/dev/disk/by-uuid/5950785a-9793-4d04-b791-8f4dbc497ec3"; }]; + users.mutableUsers = false; + users.users.lx.passwordFile = "/home/lx/.password"; + users.users.lx.uid = 1000; - users.users.lx.home = "/home/lx.nix"; + # ---- # Backup services.cron.enable = true; -- cgit v1.2.3