basesystem: init module

This is almost entirely a duplicate of flake/nixosConfigurations/basesystem.nix
author: Silas Schöffel <sils@sils.li> 2024-04-02 18:23:56 +0200
committer: Silas Schöffel <sils@sils.li> 2024-04-02 18:23:56 +0200
commit: 76ab2da02ada38367418f7ef988c143cba564b37 (patch)
tree: ce52313e50414710145df72e51718618506b1a0a /modules/nixos
parent: hosts/thinklappi: consume meta module (diff)
download: nix-config-76ab2da02ada38367418f7ef988c143cba564b37.zip
2 files changed, 118 insertions, 0 deletions
diff --git a/modules/nixos/sils/basesystem.nix b/modules/nixos/sils/basesystem.nix
new file mode 100644
index 0000000..1812feb
--- /dev/null
+++ b/modules/nixos/sils/basesystem.nix
@@ -0,0 +1,117 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+  config = {
+    networking.hostName = config.sils.meta.hostname;
+
+    boot = {
+      initrd = {
+        systemd.enable = true;
+        availableKernelModules = ["xhci_pci" "nvme" "rtsx_pci_sdmmc"];
+        kernelModules = [];
+        luks.devices."cryptroot" = {
+          crypttabExtraOpts = ["fido2-device=auto"];
+          device = config.sils.meta.rootPart;
+        };
+      };
+      kernelModules = ["kvm-intel"];
+      extraModulePackages = [];
+      kernelPackages = pkgs.linuxPackages_latest;
+      lanzaboote = {
+        enable = true;
+        configurationLimit = 10;
+        pkiBundle = "/etc/secureboot";
+      };
+      resumeDevice = config.sils.meta.mainDisk;
+      kernelParams = ["resume_offset=369403136"];
+    };
+
+    fileSystems = {
+      "/" = {
+        device = "tmpfs";
+        fsType = "tmpfs";
+        options = ["defaults" "size=2G" "mode=755"];
+      };
+      "/tmp" = {
+        device = "tmpfs";
+        fsType = "tmpfs";
+        options = ["defaults" "size=5G" "mode=755"];
+      };
+      "/nix" = {
+        device = config.sils.meta.mainDisk;
+        fsType = "btrfs";
+        options = ["subvol=nix" "compress-force=zstd"];
+      };
+      "/etc/NetworkManager" = {
+        device = config.sils.meta.mainDisk;
+        fsType = "btrfs";
+        options = ["subvol=networkmanagerconfig" "compress-force=zstd"];
+      };
+      "/etc/secureboot" = {
+        device = config.sils.meta.mainDisk;
+        fsType = "btrfs";
+        options = ["subvol=secureboot" "compress-force=zstd"];
+      };
+      "/etc/nixos" = {
+        device = config.sils.meta.mainDisk;
+        fsType = "btrfs";
+        options = ["subvol=nixconfig" "compress-force=zstd"];
+      };
+      "/srv" = {
+        device = config.sils.meta.mainDisk;
+        fsType = "btrfs";
+        options = ["subvol=srv" "compress-force=zstd"];
+        neededForBoot = true;
+      };
+      "/swap" = {
+        device = config.sils.meta.mainDisk;
+        fsType = "btrfs";
+        options = ["subvol=swap" "noatime"];
+      };
+      "/home" = {
+        device = config.sils.meta.mainDisk;
+        fsType = "btrfs";
+        options = ["subvol=home" "compress-force=zstd"];
+      };
+      "/srv/snapshots" = {
+        device = config.sils.meta.mainDisk;
+        fsType = "btrfs";
+        options = ["subvol=snapshots" "compress-force=zstd"];
+      };
+      "/boot" = {
+        device = config.sils.meta.bootPart;
+        fsType = "vfat";
+      };
+    };
+
+    swapDevices = [
+      {
+        device = "/swap/swapfile";
+      }
+    ];
+
+    system.stateVersion = "23.05";
+
+    i18n.defaultLocale = "en_US.UTF-8";
+
+    time.timeZone = "Europe/Berlin";
+    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+    # (the default) this is the recommended approach. When using systemd-networkd it's
+    # still possible to use this option, but it's recommended to use it in conjunction
+    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+    networking.useDHCP = true;
+    # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+    # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
+
+    nixpkgs.hostPlatform = config.sils.meta.system;
+    powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+    hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  };
+}
diff --git a/modules/nixos/sils/default.nix b/modules/nixos/sils/default.nix
index bff087e..38d83a6 100644
--- a/modules/nixos/sils/default.nix
+++ b/modules/nixos/sils/default.nix
@@ -1,5 +1,6 @@
 {...}: {
   imports = [
+    ./basesystem.nix
     ./meta.nix
     ./plymouth.nix
   ];
author	Silas Schöffel <sils@sils.li>	2024-04-02 18:23:56 +0200
committer	Silas Schöffel <sils@sils.li>	2024-04-02 18:23:56 +0200
commit	76ab2da02ada38367418f7ef988c143cba564b37 (patch)
tree	ce52313e50414710145df72e51718618506b1a0a /modules/nixos
parent	hosts/thinklappi: consume meta module (diff)
download	nix-config-76ab2da02ada38367418f7ef988c143cba564b37.zip