patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

feat: added filesystem for desktopnix

Browse source
This commit is contained in:
Patrick Großmann 2023-08-30 14:25:52 +02:00
parent a137d46aa1
commit c869e5fc62
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
15 changed files with 224 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -43,6 +43,7 @@
## Hosts
- `patricknix` my main laptop
- `desktopnix` my main desktop
## Users
- `patrick` my normal everyday unprivileged user
@ -70,6 +71,11 @@
### Add additional hosts
1. Add host definition to `hosts.toml`
2. Create host configuration in `hosts/<name>`
1. Create and fill `default.nix`
1. Fill `net.nix`
1. Fill `fs.nix`
## Deploy

21
flake.lock
View file

@ -114,6 +114,26 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1693189188,
"narHash": "sha256-o6otfsB/ecudboYFwiCeL49BX3/8vRC/XUZTgkaDx54=",
"owner": "nix-community",
"repo": "disko",
"rev": "00169fe4a6015a88c3799f0bf89689e06a4d4896",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -345,6 +365,7 @@
"agenix-rekey": "agenix-rekey",
"colmena": "colmena",
"devshell": "devshell",
"disko": "disko",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"hyprland": "hyprland",

7
flake.nix
View file

@ -7,6 +7,11 @@
# to prevent multiple instances of systems
systems.url = "github:nix-systems/default";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
# should use system nixpkgs instead of their own
@ -90,7 +95,7 @@
}
// flake-utils.lib.eachDefaultSystem (system: rec {
pkgs = import nixpkgs {
overlays = [(import nix/lib.nix inputs)];
overlays = import ./lib inputs;
inherit system;
# TODO fix this to only allow specific unfree packages
config.allowUnfree = true;

1
hosts/common/core/default.nix
View file

@ -20,6 +20,7 @@
inputs.impermanence.nixosModules.impermanence
inputs.agenix.nixosModules.default
inputs.agenix-rekey.nixosModules.default
inputs.disko.nixosModules.disko
];
age.identityPaths = ["/state/etc/ssh/ssh_host_ed25519_key"];
}

16
hosts/common/core/impermanence.nix
View file

@ -5,6 +5,7 @@
}: {
# to allow all users to access hm managed persistent folders
programs.fuse.userAllowOther = true;
fileSystems."/state".neededForBoot = true;
environment.persistence."/state" = {
hideMounts = true;
@ -15,6 +16,18 @@
];
directories =
[
{
directory = "/var/log";
user = "root";
group = "root";
mode = "0755";
}
{
directory = "/var/lib/systemd";
user = "root";
group = "root";
mode = "0755";
}
{
directory = "/var/lib/nixos";
user = "root";
@ -22,9 +35,6 @@
mode = "0775";
}
]
++ lib.lists.optionals config.hardware.acpilight.enable [
"/var/lib/systemd/backlight"
]
++ lib.lists.optionals config.hardware.bluetooth.enable [
"/var/lib/bluetooth"
];

5
hosts/common/dev/default.nix
View file

@ -3,4 +3,9 @@
./docs.nix
];
environment.enableDebugInfo = true;
environment.shellInit = ''
gpg-connect-agent /bye
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
umask 077
'';
}

14
hosts/desktopnix/default.nix Normal file
View file

@ -0,0 +1,14 @@
{inputs, ...}: {
imports = [
inputs.nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
inputs.nixos-hardware.nixosModules.common-pc
inputs.nixos-hardware.nixosModules.common-pc-hdd
inputs.nixos-hardware.nixosModules.common-pc-ssd
../common/core
../common/dev
./net.nix
./fs.nix
];
}

50
hosts/desktopnix/fs.nix Normal file
View file

@ -0,0 +1,50 @@
{
config,
lib,
...
}: {
disko.devices = {
disk = {
m2-ssd = {
type = "disk";
device = "/dev/disk/by-id/${config.secrets.secrets.local.disk.m2-ssd}";
content = with lib.disko.gpt; {
type = "table";
format = "gpt";
partitions = [
(partEfiBoot "boot" "0%" "512MiB")
(partSwap "swap" "1GiB" "17GiB")
(partLuksZfs "rpool" "17GiB" "100%")
];
};
};
sata-ssd = {
type = "disk";
device = "/dev/disk/by-id/${config.secrets.secrets.local.disk.sata-ssd}";
content = with lib.disko.gpt; {
type = "table";
format = "gpt";
partitions = [
(partLuksZfs "infantry-fighting-vehicle" "0%" "100%")
];
};
};
sata-hdd = {
type = "disk";
device = "/dev/disk/by-id/${config.secrets.secrets.local.disk.sata-hdd}";
content = with lib.disko.gpt; {
type = "table";
format = "gpt";
partitions = [
(partLuksZfs "panzer" "0%" "100%")
];
};
};
};
zpool = with lib.disko.zfs; {
rpool = defaultZpoolOptions // {datasets = defaultZfsDatasets;};
infantry-fighting-vehicle = defaultZpoolOptions // {datasets = {};};
panzer = defaultZpoolOptions // {datasets = {};};
};
};
}

12
hosts/desktopnix/net.nix Normal file
View file

@ -0,0 +1,12 @@
{config, ...}: {
networking = {
inherit (config.secrets.secrets.local.networking) hostId;
};
systemd.network.networks = {
"01-lan1" = {
DHCP = "yes";
matchConfig.MACAddress = config.secrets.secrets.local.networking.lan1.mac;
dns = ["192.168.178.2"];
};
};
}

BIN
hosts/desktopnix/secrets/secrets.nix.age Normal file
View file

Binary file not shown.

7
hosts/patricknix/default.nix
View file

@ -30,10 +30,5 @@
../../users/patrick
];
# Set your time zone.
time.timeZone = "Asia/Seoul";
environment.shellInit = ''
gpg-connect-agent /bye
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
umask 077
'';
time.timeZone = "Europe/Berlin";
}

14
hosts/patricknix/net.nix
View file

@ -13,15 +13,25 @@
"01-lan1" = {
DHCP = "yes";
matchConfig.MACAddress = config.secrets.secrets.local.networking.lan1.mac;
networkConfig.IPv6PrivacyExtensions = "yes";
networkConfig = {
IPv6PrivacyExtensions = "yes";
MulticastDNS = true;
};
dns = ["9.9.9.9"];
dhcpV4Config.RouteMetric = 10;
dhcpV6Config.RouteMetric = 10;
};
"01-wlan1" = {
DHCP = "yes";
matchConfig.MACAddress = config.secrets.secrets.local.networking.wlan1.mac;
networkConfig.IPv6PrivacyExtensions = "yes";
networkConfig = {
IPv6PrivacyExtensions = "yes";
MulticastDNS = true;
};
# TODO: change dns to own when at home
dns = ["9.9.9.9"];
dhcpV4Config.RouteMetric = 40;
dhcpV6Config.RouteMetric = 40;
};
};
age.secrets.eduroam = {

4
lib/default.nix Normal file
View file

@ -0,0 +1,4 @@
inputs: [
(import ./impermanence.nix inputs)
(import ./disko.nix inputs)
]

79
lib/disko.nix Normal file
View file

@ -0,0 +1,79 @@
inputs: self: super: {
lib =
super.lib
// {
disko = {
gpt = {
partEfiBoot = name: start: end: {
inherit name start end;
fs-type = "fat32";
bootable = true;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
partSwap = name: start: end: {
inherit name start end;
fs-type = "linux-swap";
content = {
type = "swap";
randomEncryption = true;
};
};
partLuksZfs = name: start: end: {
inherit start end;
name = "enc-${name}";
content = {
type = "luks";
name = "enc-${name}";
extraOpenArgs = ["--allow-discard"];
content = {
type = "zfs";
pool = name;
};
};
};
};
zfs = rec {
defaultZpoolOptions = {
type = "zpool";
rootFsOptions = {
compression = "zstd";
acltype = "posix";
atime = "off";
xattr = "sa";
dnodesize = "auto";
mountpoint = "none";
canmount = "off";
devices = "off";
};
options.ashift = "12";
};
defaultZfsDatasets = {
"local" = unmountable;
"local/root" =
filesystem "/"
// {
postCreateHook = "zfs snapshot rpool/local/root@blank";
};
"local/nix" = filesystem "/nix";
"local/state" = filesystem "/state";
"safe" = unmountable;
"safe/persist" = filesystem "/persist";
};
unmountable = {type = "zfs_fs";};
filesystem = mountpoint: {
type = "zfs_fs";
options = {
canmount = "noauto";
inherit mountpoint;
};
inherit mountpoint;
# needed for initrd dependency
};
};
};
};
}

0
nix/lib.nix → lib/impermanence.nix
View file