about summary refs log tree commit diff stats
path: root/modules/by-name/di/disks
diff options
authorBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-10-18 17:07:46 +0200
committerBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-10-18 17:07:46 +0200
commitc52c7f314ccadcc2fcd91e28c8fd1b88f6d5ce0c (patch)
treee8b947710b467b32740598ff574982097836f66c /modules/by-name/di/disks
parentchore(pkgs/yt): 1.2.1 -> 1.3.0 (diff)
refactor(modules): Move all system modules to `by-name`
From now on all modules should be added to the new `by-name` directory.
This should help remove the (superficial and utterly useless)
distinction between `home-manager` and `NixOS` modules.
Diffstat (limited to 'modules/by-name/di/disks')
3 files changed, 220 insertions, 0 deletions
diff --git a/modules/by-name/di/disks/fstrim.nix b/modules/by-name/di/disks/fstrim.nix
new file mode 100644
index 00000000..6daeb65e
--- /dev/null
+++ b/modules/by-name/di/disks/fstrim.nix
@@ -0,0 +1,42 @@
+  pkgs,
+  lib,
+  cfg,
+}: {
+  timers.fstrim = lib.mkIf cfg.ssd {
+    wantedBy = ["timers.target"];
+    wants = ["fstrim.service"];
+    unitConfig = {
+      Description = "Discard unused blocks once a week";
+      Documentation = "man:fstrim";
+      ConditionVirtualization = "!container";
+      ConditionPathExists = "!/etc/initrd-release";
+    };
+    timerConfig = {
+      OnCalendar = "weekly";
+      AccuracySec = "1h";
+      Persistent = "true";
+      RandomizedDelaySec = "6000";
+    };
+  };
+  services.fstrim = lib.mkIf cfg.ssd {
+    wantedBy = lib.mkForce [];
+    unitConfig = {
+      Description = "Discard unused blocks on filesystems from /etc/fstab";
+      Documentation = "man:fstrim(8)";
+      ConditionVirtualization = "!container";
+    };
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "${pkgs.util-linux}/bin/fstrim --listed-in /etc/fstab:/proc/self/mountinfo --verbose --quiet-unsupported";
+      PrivateDevices = "no";
+      PrivateNetwork = "yes";
+      PrivateUsers = "no";
+      ProtectKernelTunables = "yes";
+      ProtectKernelModules = "yes";
+      ProtectControlGroups = "yes";
+      MemoryDenyWriteExecute = "yes";
+      SystemCallFilter = "@default @file-system @basic-io @system-service";
+    };
+  };
diff --git a/modules/by-name/di/disks/hibernate.nix b/modules/by-name/di/disks/hibernate.nix
new file mode 100644
index 00000000..a50e5b57
--- /dev/null
+++ b/modules/by-name/di/disks/hibernate.nix
@@ -0,0 +1,45 @@
+{pkgs}: {
+  services = {
+    hibernate-preparation = {
+      wantedBy = ["systemd-hibernate.service"];
+      unitConfig = {
+        Description = "Enable swap file and disable zram before hibernate";
+        Before = "systemd-hibernate.service";
+      };
+      serviceConfig = {
+        Type = "oneshot";
+        User = "root";
+        ExecStart = "${pkgs.bash}/bin/bash -c \"${pkgs.util-linux}/bin/swapon /swap/swapfile && ${pkgs.util-linux}/bin/swapoff /dev/zram0\"";
+      };
+    };
+    hibernate-resume = {
+      wantedBy = ["systemd-hibernate.service"];
+      unitConfig = {
+        Description = "Disable swap after resuming from hibernation";
+        After = "hibernate.target";
+      };
+      serviceConfig = {
+        Type = "oneshot";
+        User = "root";
+        ExecStart = "${pkgs.util-linux}/bin/swapoff /swap/swapfile";
+      };
+    };
+    # swapoff-start = {
+    #      wantedBy = ["multi-user.target"];
+    #      unitConfig = {
+    #        Description = "Disable hardware swap after booting";
+    #      };
+    #      serviceConfig = {
+    #        Type = "oneshot";
+    #        User = "root";
+    #        ExecStart = "${pkgs.util-linux}/bin/swapoff /swap/swapfile";
+    #      };
+    #    };
+    systemd-hibernate.serviceConfig.Environment = "SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK=1";
+    systemd-logind.serviceConfig.Environment = "SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK=1";
+  };
+  sleep.extraConfig = ''
+    HibernateDelaySec=5m
+  '';
diff --git a/modules/by-name/di/disks/module.nix b/modules/by-name/di/disks/module.nix
new file mode 100644
index 00000000..c0e5bcfd
--- /dev/null
+++ b/modules/by-name/di/disks/module.nix
@@ -0,0 +1,133 @@
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  # FIXME: The iso redeploy requires a bigger efi partition  <2024-05-12>
+  cfg = config.soispha.disks;
+  defaultMountOptions = [
+    "compress-force=zstd:15" # This saves disk space, at a performance cost
+    "noatime" # should have some performance upsides, and I don't use it anyways
+    "lazytime" # make time changes in memory
+  ];
+in {
+  options.soispha.disks = {
+    enable = lib.mkEnableOption "disk setup with disko";
+    disk = lib.mkOption {
+      type = lib.types.path;
+      example = lib.literalExpression "/dev/disk/by-uuid/0442cb6d-f13a-4635-b487-fa76189774c5";
+      description = "The disk used for installing the OS.";
+    };
+    ssd = lib.mkEnableOption "ssd specific improvements, like trim";
+    swap = {
+      uuid = lib.mkOption {
+        type = lib.types.str;
+        example = lib.literalExpression "d1d20ae7-3d8a-44da-86da-677dbbb10c89";
+        description = "The uuid of the swapfile";
+      };
+      resumeOffset = lib.mkOption {
+        type = lib.types.str;
+        example = lib.literalExpression "134324224";
+        description = "The resume offset of the swapfile";
+      };
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    systemd = lib.recursiveUpdate (import ./hibernate.nix {inherit pkgs;}) (import ./fstrim.nix {inherit pkgs lib cfg;});
+    disko.devices = {
+      disk = {
+        main = {
+          device = cfg.disk;
+          content = {
+            type = "gpt";
+            partitions = {
+              root = {
+                size = "100%";
+                name = "root";
+                content = {
+                  type = "luks";
+                  name = "nixos";
+                  extraOpenArgs = ["--allow-discards"];
+                  content = {
+                    type = "btrfs";
+                    extraArgs = ["-f" "--label nixos"]; # Override existing partitions
+                    subvolumes = {
+                      "nix" = {
+                        mountpoint = "/nix";
+                        mountOptions = defaultMountOptions;
+                      };
+                      "persistent-storage" = {
+                        mountpoint = "/srv";
+                        mountOptions = defaultMountOptions;
+                      };
+                      "persistent-storage@snapshots" = {
+                        mountpoint = "/srv/.snapshots";
+                        mountOptions = defaultMountOptions;
+                      };
+                      "swap" = {
+                        mountpoint = "/swap";
+                        mountOptions = defaultMountOptions;
+                      };
+                    };
+                  };
+                };
+              };
+              boot = {
+                type = "EF00";
+                size = "512M";
+                name = "boot";
+                content = {
+                  type = "filesystem";
+                  format = "vfat";
+                  mountpoint = "/boot";
+                };
+              };
+            };
+          };
+        };
+      };
+      nodev = {
+        "/" = {
+          fsType = "tmpfs";
+          mountOptions = ["defaults" "size=4G" "mode=755"];
+        };
+        "/tmp" = {
+          fsType = "tmpfs";
+          mountOptions = ["defaults" "size=16G" "mode=755"];
+        };
+      };
+    };
+    fileSystems = {
+      "/srv" = {
+        neededForBoot = true;
+      };
+      "/swap" = {
+        neededForBoot = true;
+      };
+    };
+    swapDevices = [
+      #{
+      #        device = "/swap/swapfile";
+      #        priority = 1; # lower than zramSwap, just in case
+      #        # size = 2048; # TODO: can nixos create a btrfs swapfile correctly?
+      #}
+    ];
+    zramSwap = {
+      enable = true;
+      priority = 10; # needs to be higher than hardware-swap
+    };
+    boot = {
+      kernelParams = [
+        "resume_offset=${cfg.swap.resumeOffset}"
+        "zswap.enabled=0" # zswap and zram are not really compatible
+      ];
+      resumeDevice = "/dev/disk/by-uuid/${cfg.swap.uuid}";
+    };
+  };