feat: added filesystem for desktopnix

2023-08-30 14:25:52 +02:00 · 2023-08-30 14:25:52 +02:00 · c869e5fc62
parent a137d46aa1
commit c869e5fc62
15 changed files with 224 additions and 12 deletions
--- a/README.md
+++ b/README.md
@ -43,6 +43,7 @@
 ## Hosts
 - `patricknix` my main laptop
 - `desktopnix` my main desktop
 ## Users
 - `patrick` my normal everyday unprivileged user
@ -70,6 +71,11 @@
 ### Add additional hosts
 1. Add host definition to `hosts.toml`
 2. Create host configuration in `hosts/<name>`
    1. Create and fill `default.nix`
    1. Fill `net.nix`
    1. Fill `fs.nix`
 ## Deploy
--- a/flake.lock
+++ b/flake.lock
@ -114,6 +114,26 @@
        "type": "github"
      }
    },
    "disko": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1693189188,
        "narHash": "sha256-o6otfsB/ecudboYFwiCeL49BX3/8vRC/XUZTgkaDx54=",
        "owner": "nix-community",
        "repo": "disko",
        "rev": "00169fe4a6015a88c3799f0bf89689e06a4d4896",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "disko",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
@ -345,6 +365,7 @@
        "agenix-rekey": "agenix-rekey",
        "colmena": "colmena",
        "devshell": "devshell",
        "disko": "disko",
        "flake-utils": "flake-utils",
        "home-manager": "home-manager",
        "hyprland": "hyprland",
--- a/flake.nix
+++ b/flake.nix
@ -7,6 +7,11 @@
    # to prevent multiple instances of systems
    systems.url = "github:nix-systems/default";
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    home-manager = {
      url = "github:nix-community/home-manager";
      # should use system nixpkgs instead of their own
@ -90,7 +95,7 @@
    }
    // flake-utils.lib.eachDefaultSystem (system: rec {
      pkgs = import nixpkgs {
-        overlays = [(import nix/lib.nix inputs)];
+        overlays = import ./lib inputs;
        inherit system;
        # TODO fix this to only allow specific unfree packages
        config.allowUnfree = true;
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@ -20,6 +20,7 @@
    inputs.impermanence.nixosModules.impermanence
    inputs.agenix.nixosModules.default
    inputs.agenix-rekey.nixosModules.default
    inputs.disko.nixosModules.disko
  ];
  age.identityPaths = ["/state/etc/ssh/ssh_host_ed25519_key"];
 }
--- a/hosts/common/core/impermanence.nix
+++ b/hosts/common/core/impermanence.nix
@ -5,6 +5,7 @@
 }: {
  # to allow all users to access hm managed persistent folders
  programs.fuse.userAllowOther = true;
  fileSystems."/state".neededForBoot = true;
  environment.persistence."/state" = {
    hideMounts = true;
@ -15,6 +16,18 @@
    ];
    directories =
      [
        {
          directory = "/var/log";
          user = "root";
          group = "root";
          mode = "0755";
        }
        {
          directory = "/var/lib/systemd";
          user = "root";
          group = "root";
          mode = "0755";
        }
        {
          directory = "/var/lib/nixos";
          user = "root";
@ -22,9 +35,6 @@
          mode = "0775";
        }
      ]
      ++ lib.lists.optionals config.hardware.acpilight.enable [
        "/var/lib/systemd/backlight"
      ]
      ++ lib.lists.optionals config.hardware.bluetooth.enable [
        "/var/lib/bluetooth"
      ];
--- a/hosts/common/dev/default.nix
+++ b/hosts/common/dev/default.nix
@ -3,4 +3,9 @@
    ./docs.nix
  ];
  environment.enableDebugInfo = true;
  environment.shellInit = ''
    gpg-connect-agent /bye
    export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
    umask 077
  '';
 }
--- a/hosts/desktopnix/default.nix
+++ b/hosts/desktopnix/default.nix
@ -0,0 +1,14 @@
 {inputs, ...}: {
  imports = [
    inputs.nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
    inputs.nixos-hardware.nixosModules.common-pc
    inputs.nixos-hardware.nixosModules.common-pc-hdd
    inputs.nixos-hardware.nixosModules.common-pc-ssd
    ../common/core
    ../common/dev
    ./net.nix
    ./fs.nix
  ];
 }
--- a/hosts/desktopnix/fs.nix
+++ b/hosts/desktopnix/fs.nix
@ -0,0 +1,50 @@
 {
  config,
  lib,
  ...
 }: {
  disko.devices = {
    disk = {
      m2-ssd = {
        type = "disk";
        device = "/dev/disk/by-id/${config.secrets.secrets.local.disk.m2-ssd}";
        content = with lib.disko.gpt; {
          type = "table";
          format = "gpt";
          partitions = [
            (partEfiBoot "boot" "0%" "512MiB")
            (partSwap "swap" "1GiB" "17GiB")
            (partLuksZfs "rpool" "17GiB" "100%")
          ];
        };
      };
      sata-ssd = {
        type = "disk";
        device = "/dev/disk/by-id/${config.secrets.secrets.local.disk.sata-ssd}";
        content = with lib.disko.gpt; {
          type = "table";
          format = "gpt";
          partitions = [
            (partLuksZfs "infantry-fighting-vehicle" "0%" "100%")
          ];
        };
      };
      sata-hdd = {
        type = "disk";
        device = "/dev/disk/by-id/${config.secrets.secrets.local.disk.sata-hdd}";
        content = with lib.disko.gpt; {
          type = "table";
          format = "gpt";
          partitions = [
            (partLuksZfs "panzer" "0%" "100%")
          ];
        };
      };
    };
    zpool = with lib.disko.zfs; {
      rpool = defaultZpoolOptions // {datasets = defaultZfsDatasets;};
      infantry-fighting-vehicle = defaultZpoolOptions // {datasets = {};};
      panzer = defaultZpoolOptions // {datasets = {};};
    };
  };
 }
--- a/hosts/desktopnix/net.nix
+++ b/hosts/desktopnix/net.nix
@ -0,0 +1,12 @@
 {config, ...}: {
  networking = {
    inherit (config.secrets.secrets.local.networking) hostId;
  };
  systemd.network.networks = {
    "01-lan1" = {
      DHCP = "yes";
      matchConfig.MACAddress = config.secrets.secrets.local.networking.lan1.mac;
      dns = ["192.168.178.2"];
    };
  };
 }
--- a/hosts/desktopnix/secrets/secrets.nix.age
+++ b/hosts/desktopnix/secrets/secrets.nix.age
--- a/hosts/patricknix/default.nix
+++ b/hosts/patricknix/default.nix
@ -30,10 +30,5 @@
    ../../users/patrick
  ];
  # Set your time zone.
-  time.timeZone = "Asia/Seoul";
+  time.timeZone = "Europe/Berlin";
  environment.shellInit = ''
    gpg-connect-agent /bye
    export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
    umask 077
  '';
 }
--- a/hosts/patricknix/net.nix
+++ b/hosts/patricknix/net.nix
@ -13,15 +13,25 @@
    "01-lan1" = {
      DHCP = "yes";
      matchConfig.MACAddress = config.secrets.secrets.local.networking.lan1.mac;
-      networkConfig.IPv6PrivacyExtensions = "yes";
+      networkConfig = {
        IPv6PrivacyExtensions = "yes";
        MulticastDNS = true;
      };
      dns = ["9.9.9.9"];
      dhcpV4Config.RouteMetric = 10;
      dhcpV6Config.RouteMetric = 10;
    };
    "01-wlan1" = {
      DHCP = "yes";
      matchConfig.MACAddress = config.secrets.secrets.local.networking.wlan1.mac;
-      networkConfig.IPv6PrivacyExtensions = "yes";
+      networkConfig = {
        IPv6PrivacyExtensions = "yes";
        MulticastDNS = true;
      };
      # TODO: change dns to own when at home
      dns = ["9.9.9.9"];
      dhcpV4Config.RouteMetric = 40;
      dhcpV6Config.RouteMetric = 40;
    };
  };
  age.secrets.eduroam = {
--- a/lib/default.nix
+++ b/lib/default.nix
@ -0,0 +1,4 @@
 inputs: [
  (import ./impermanence.nix inputs)
  (import ./disko.nix inputs)
 ]
--- a/lib/disko.nix
+++ b/lib/disko.nix
@ -0,0 +1,79 @@
 inputs: self: super: {
  lib =
    super.lib
    // {
      disko = {
        gpt = {
          partEfiBoot = name: start: end: {
            inherit name start end;
            fs-type = "fat32";
            bootable = true;
            content = {
              type = "filesystem";
              format = "vfat";
              mountpoint = "/boot";
            };
          };
          partSwap = name: start: end: {
            inherit name start end;
            fs-type = "linux-swap";
            content = {
              type = "swap";
              randomEncryption = true;
            };
          };
          partLuksZfs = name: start: end: {
            inherit start end;
            name = "enc-${name}";
            content = {
              type = "luks";
              name = "enc-${name}";
              extraOpenArgs = ["--allow-discard"];
              content = {
                type = "zfs";
                pool = name;
              };
            };
          };
        };
        zfs = rec {
          defaultZpoolOptions = {
            type = "zpool";
            rootFsOptions = {
              compression = "zstd";
              acltype = "posix";
              atime = "off";
              xattr = "sa";
              dnodesize = "auto";
              mountpoint = "none";
              canmount = "off";
              devices = "off";
            };
            options.ashift = "12";
          };
          defaultZfsDatasets = {
            "local" = unmountable;
            "local/root" =
              filesystem "/"
              // {
                postCreateHook = "zfs snapshot rpool/local/root@blank";
              };
            "local/nix" = filesystem "/nix";
            "local/state" = filesystem "/state";
            "safe" = unmountable;
            "safe/persist" = filesystem "/persist";
          };
          unmountable = {type = "zfs_fs";};
          filesystem = mountpoint: {
            type = "zfs_fs";
            options = {
              canmount = "noauto";
              inherit mountpoint;
            };
            inherit mountpoint;
            # needed for initrd dependency
          };
        };
      };
    };
 }
--- a/lib/impermanence.nix
+++ b/lib/impermanence.nix