From 26e8003332b6e1c22a17b9fca3c8c37d9b0cafdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Gro=C3=9Fmann?= Date: Wed, 30 Aug 2023 20:18:26 +0200 Subject: [PATCH] chore: improve iso --- README.md | 3 +- hosts/common/core/impermanence.nix | 13 +++++ hosts/common/graphical/fonts.nix | 2 +- hosts/desktopnix/default.nix | 2 - hosts/desktopnix/fs.nix | 6 +- hosts/desktopnix/secrets/secrets.nix.age | Bin 816 -> 820 bytes hosts/patricknix/default.nix | 2 - hosts/patricknix/fs.nix | 68 ++++++++--------------- hosts/patricknix/secrets/secrets.nix.age | Bin 805 -> 807 bytes 9 files changed, 42 insertions(+), 54 deletions(-) diff --git a/README.md b/README.md index 44039a8..18a93b6 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,7 @@ - `formatter` nix code formatter - `hosts` host meta declaration - `pkgs` nixpkgs +- `packages` additional packages - `secretsConfig` meta configuration for secrets - `stateVersion` global stateversion used by nixos and home-manager to determine default config @@ -77,8 +78,8 @@ 1. Fill `fs.nix` 2. Don't forget to add necesarry config for filesystems, etc. 3. Generate ISO image with `nix build --print-out-paths --no-link .#images..live-iso` + - This might take multiple minutes(~10) 3. Copy ISO to usb and boot -5. Copy installer from local machine to live systemd ## Deploy diff --git a/hosts/common/core/impermanence.nix b/hosts/common/core/impermanence.nix index 972bbde..31ccd80 100644 --- a/hosts/common/core/impermanence.nix +++ b/hosts/common/core/impermanence.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, ... }: { # to allow all users to access hm managed persistent folders @@ -39,4 +40,16 @@ "/var/lib/bluetooth" ]; }; + + # After importing the rpool, rollback the root system to be empty. + boot.initrd.systemd.services.impermanence-root = { + wantedBy = ["initrd.target"]; + after = ["zfs-import-rpool.service"]; + before = ["sysroot.mount"]; + unitConfig.DefaultDependencies = "no"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.zfs}/bin/zfs rollback -r rpool/local/root@blank"; + }; + }; } diff --git a/hosts/common/graphical/fonts.nix b/hosts/common/graphical/fonts.nix index a16169c..0b893e8 100644 --- a/hosts/common/graphical/fonts.nix +++ b/hosts/common/graphical/fonts.nix @@ -34,7 +34,7 @@ ''; }; - fonts = with pkgs; [ + packages = with pkgs; [ (nerdfonts.override {fonts = ["FiraCode"];}) ibm-plex dejavu_fonts diff --git a/hosts/desktopnix/default.nix b/hosts/desktopnix/default.nix index ceadf92..8b5e19e 100644 --- a/hosts/desktopnix/default.nix +++ b/hosts/desktopnix/default.nix @@ -18,8 +18,6 @@ ../common/hardware/yubikey.nix ../common/hardware/zfs.nix - ./smb-mounts.nix - ./net.nix ./fs.nix diff --git a/hosts/desktopnix/fs.nix b/hosts/desktopnix/fs.nix index 8e259a2..ecab8eb 100644 --- a/hosts/desktopnix/fs.nix +++ b/hosts/desktopnix/fs.nix @@ -7,7 +7,7 @@ disk = { m2-ssd = { type = "disk"; - device = "/dev/disk/by-id/${config.secrets.secrets.local.disk.m2-ssd}"; + device = "/dev/disk/by-id/${config.secrets.secrets.local.disko.m2-ssd}"; content = with lib.disko.gpt; { type = "table"; format = "gpt"; @@ -20,7 +20,7 @@ }; sata-ssd = { type = "disk"; - device = "/dev/disk/by-id/${config.secrets.secrets.local.disk.sata-ssd}"; + device = "/dev/disk/by-id/${config.secrets.secrets.local.disko.sata-ssd}"; content = with lib.disko.gpt; { type = "table"; format = "gpt"; @@ -31,7 +31,7 @@ }; sata-hdd = { type = "disk"; - device = "/dev/disk/by-id/${config.secrets.secrets.local.disk.sata-hdd}"; + device = "/dev/disk/by-id/${config.secrets.secrets.local.disko.sata-hdd}"; content = with lib.disko.gpt; { type = "table"; format = "gpt"; diff --git a/hosts/desktopnix/secrets/secrets.nix.age b/hosts/desktopnix/secrets/secrets.nix.age index 5938deb97f3f40bdf02302faeefd0f144b96330d..e35e5b3fd7111d269a4cb187f780e5c9ce581ac0 100644 GIT binary patch delta 767 zcmWmAS!>e(003YW-6S3xjw$Y8D^742YI>zHin`dOXL_Vbb5sO-w@KEfNt-r4IP^hZ zbSiTXjxkXfLlm4k4^YQo4~mMncnmyH6b}>xb>fMC;CuMS8pazAn0jdkku3!yAT8wK zB5gIoeqQW};+3Gl%Lr5!5EUYVWHgq|3qTytxhqKob0GEY-T+M^Zj09;yErul$2Y^c zjb^bLN|f<1NC4)ICZ(X86&vg{@eC!!FcY>mR<1K;Yqh|;*?e9R>bMVw14NFlGnCA- zQLOBV`;3qm3BWRtQbB?z62UqN8I;brq9Emoshpjq4Q{QID)$uJHJug%kV^E2XSZ^d zOo???RC_Yf-C-k(nv5C>ox}*Rl#yr;Cetz8;f?~TE0@EoVL{`qa#Ry4Wsp>` zcuH1qnN8HfT!}3ttD&M(^*jFCy|A6(xpdG2;fl<}y&_*lX|zPJwCIZT2uaf-*wy> zoIVcL$G`QRXD<(YX`c8qotVH*4}5)${Z91WebrX*p5RO7JJ8J|8Q7SKL2>J?`-F+eemS!m&%#Zx4Ygu!BY=bb^dK5R*;9ZIm@11?QaLWFRq!K z32XySEe*|SUG%ht+B@;#7&X_tf6w}(Z=Q^9__Sy0@NmnzLgR3aY@bP<9GVw={`0{v z&X-jNyP(d_s zGdWdxSqf`)W=1qYFgPz}VM!}mR#A6CMKx4VH8XNbc~m$yM`L+XIBrQWSaVG@V+t)k zAaH4REpRe5HXvA3QEOE}AVG9zRCr`iGv_Ud3R<>Rd{i8T4h0WLwYYZST{>cPex-&bvR5$Q)5LiLvspn zOG#IBVQesTG;DNjYB_asLPA)0H+e-jaZWN}MtU|eQgv5vQ*||DFKd%e0Tq9BS6X*c zV`XNPcQZ73OlAsdMK5zRYDzO!K{!c5 zVPtu1Zc;H;VlYN?XjL;eH#RRzc6B#za$|IAPHPG+J|J0DXf`%GX+AAya%Ew2WgudB zAT>8rWoBVnOi?gMRd07jaCC22G-+jFVnK6EL26S(W>;cSY;js= zOEd}=>;U-fKuR9`2Qp`+5ou%k!pWNpjv^5kDCAT z0n^$jpS)9F?|%`F3D)mTOhPdrC5|^zV|?kZ6V_=frLXyuG~W>5@7o(Xriy|~mNi1` z)JguSv}44y^$Sq(X5>5e?<#kH;d~O42J43^YrUBecf#Q3eY!Vbl{#lRkjI9g*+o~S z3pPl8hC1Qbw5%Pz$@@>NwKvuRrBzO~ebWv+IilrokLgB(&Ki5lp7Cz=Ygh8Z_2<&B t@f@y6f}QaiC2qD33M&7{W9!sW(YG*i2n?-7>eY2ZcaTkz(YQ0|99u`kC-MLQ diff --git a/hosts/patricknix/default.nix b/hosts/patricknix/default.nix index c0d1a38..da2ca14 100644 --- a/hosts/patricknix/default.nix +++ b/hosts/patricknix/default.nix @@ -29,6 +29,4 @@ ../../users/patrick ]; - # Set your time zone. - time.timeZone = "Europe/Berlin"; } diff --git a/hosts/patricknix/fs.nix b/hosts/patricknix/fs.nix index c6c0ce6..2ab6abe 100644 --- a/hosts/patricknix/fs.nix +++ b/hosts/patricknix/fs.nix @@ -1,48 +1,26 @@ -{pkgs, ...}: { - fileSystems."/" = { - device = "rpool/local/root"; - neededForBoot = true; - fsType = "zfs"; - options = ["zfsutil" "X-mount.mkdir"]; - }; - - fileSystems."/nix" = { - device = "rpool/local/nix"; - neededForBoot = true; - fsType = "zfs"; - options = ["zfsutil" "X-mount.mkdir"]; - }; - - fileSystems."/persist" = { - device = "rpool/safe/persist"; - neededForBoot = true; - fsType = "zfs"; - options = ["zfsutil" "X-mount.mkdir"]; - }; - - fileSystems."/state" = { - device = "rpool/local/state"; - neededForBoot = true; - fsType = "zfs"; - options = ["zfsutil" "X-mount.mkdir"]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/BC47-8FB9"; - fsType = "vfat"; - }; - - # After importing the rpool, rollback the root system to be empty. - boot.initrd.systemd.services.impermanence-root = { - wantedBy = ["initrd.target"]; - after = ["zfs-import-rpool.service"]; - before = ["sysroot.mount"]; - unitConfig.DefaultDependencies = "no"; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.zfs}/bin/zfs rollback -r rpool/local/root@blank"; +{ + config, + lib, + ... +}: { + disko.devices = { + disk = { + m2-ssd = { + type = "disk"; + device = "/dev/disk/by-id/${config.secrets.secrets.local.disko.m2-ssd}"; + content = with lib.disko.gpt; { + type = "table"; + format = "gpt"; + partitions = [ + (partEfiBoot "boot" "0%" "512MiB") + #(partSwap "swap" "1GiB" "17GiB") + (partLuksZfs "rpool" "512MiB" "100%") + ]; + }; + }; + }; + zpool = with lib.disko.zfs; { + rpool = defaultZpoolOptions // {datasets = defaultZfsDatasets;}; }; }; - - swapDevices = []; } diff --git a/hosts/patricknix/secrets/secrets.nix.age b/hosts/patricknix/secrets/secrets.nix.age index 52d5d049c7184eef62d8b5848f6f2d2901239662..d5fc00bc4f591de86e59657736b4036ec05b4adb 100644 GIT binary patch delta 754 zcmWmA-HX!(003}3^~Pli-i_lPR%d;2&2*qJWM8U##I%qH%h?cXu%%=d_Xlt-zb%K@-vP6}d zVuhF#EvGUvY=(_c)aKa9Y!U4=OcDs3@EeU@z)vH zz0|-sYYHX_Dbwn;MKaIkJi$!om1jTKOVb^tV*>*Wd2 zH6Su%Cg3DviZ$NBs)`XUC-f%I+b(Y=%~+?#y|(*PvZ_*8v&w+cm;zZMT#sZVjI4I) zFleGUA$x*Lq*G2^wE)oUVS*&vR3}bD5SPjcNiOW<)OK&Kr#57yqL=g>PuOL*`8o*+ z)Xkb`)%+g&K2xXP^@lmZpPHXI#Ty9_fG44HneTf_7fZJ2YLKafYC#>3OU$HDpgeGn zZiF4XE4DZ-A|=aOMu&U(kY329`HIw~iWYhyu(A? zmYo%9JPMgmxReo17oBn;vydf$0ebrP?GK0l(Ad;mk)hEoj&mMy@=dI-7}~Wf2hTT?=wFb}dhcuG z)A`S~CW7}N?3_DqY&}_cP?~P*|NM(?EM35#jSxF;{TW|*wS4^a;-Ranca@#L&pvs3 z;EgxkAp-a#GP3u`{KxmcS$p<;-(}yfF-QL7*zO(W@cKn%arMCF=x@FkFGj`-H*D~` fZ*Q*M9=r3=_AI`C&$|Bkr61Q1%{^Mb&R+f>7U373 literal 805 zcmZwC%ZuZ5003YVM9G|YSp+e%hov)g+B}=UvXZoU{Mt#Av}v2uD7r_%zu@DuR(8{l7Fm_#UK}09 z*{Zcgpymx&M+pLe!s@4+B+q09<$7ZOxtjZD-xmcSV+8WGeHRw)-^SlFfiib z(t`*GyiNVbGWnGUN|BD?`J)Fq=c-n_SdXN6)x|kPK}|%S*CRXRP^U0 zrIR?R5@d?|I_Y%#v(oM4Xf3hrI+mAswZ_9Sj!FM(t#x}cNXJ2}swvu^h(q63T4IZf z4p@~m3Zu3PvkiP>swfcKC)|Z3*FaEk7A*ubQDz-0s3|1|X|)@9sibjAS5}wYV@qr{ zSD9^XY}kE4kl@jBt_aJQGWcrhY|TRorYpY@n}<-~>T7h`!eno)ksKJ61W1B(qZ_+8 z(tBZ?hwLCCNQc_8+?v9-U8z+aEmCP!$k|FT2T(ukaU=ELfKjxSHZt$f!!7S@vOvvv zn`NB9>LoLd5&3zJdRaZi)aeSrWd>?Cn{c3Elrt>e4gaJ(qRXaiAj`G-JM!` zbflzAy79sidiEU8CO>}NkY7Aep1Ji~a_w*O?z^9zzxK(euYYy6e|rAm#nGMpKRS(I z55N7apl`5KEHPT=3f_IkXn609bG;S?*Fv+{X3h7Z~t&<{OfUD zJpz{=JYT>1``OETH?CWEqo>Ee3?J-)_fOw!JlUY0Ys>FB-#s#q)BQVto@MhHdyhSR M<;xGA`uUrG02p2zs{jB1