From 522a453a5052838075d066999f2ad29d522a2247 Mon Sep 17 00:00:00 2001 From: Silas Schöffel Date: Sat, 5 Oct 2024 19:49:08 +0200 Subject: various changes, needs rebase --- modules/nixos/sils/basesystem.nix | 131 +++++++++++++++++++------------------- modules/nixos/sils/default.nix | 1 + modules/nixos/sils/disks.nix | 128 +++++++++++++++++++++++++++++++++++++ modules/nixos/sils/roles.nix | 16 +++++ 4 files changed, 212 insertions(+), 64 deletions(-) create mode 100644 modules/nixos/sils/disks.nix (limited to 'modules') diff --git a/modules/nixos/sils/basesystem.nix b/modules/nixos/sils/basesystem.nix index 89b5a5f..21d7ab9 100644 --- a/modules/nixos/sils/basesystem.nix +++ b/modules/nixos/sils/basesystem.nix @@ -26,80 +26,83 @@ in { extraModulePackages = []; kernelPackages = pkgs.linuxPackages_latest; lanzaboote = { - enable = true; + enable = false; configurationLimit = 10; pkiBundle = "/etc/secureboot"; settings = { editor = false; }; }; + loader.grub.enable = true; + loader.grub.efiSupport = true; + loader.grub.efiInstallAsRemovable = true; resumeDevice = config.sils.meta.mainDisk; - kernelParams = ["resume_offset=369403136"]; + #kernelParams = ["resume_offset=369403136"]; }; - fileSystems = { - "/" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["defaults" "size=2G" "mode=755"]; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["defaults" "size=5G" "mode=755"]; - }; - "/nix" = { - device = config.sils.meta.mainDisk; - fsType = "btrfs"; - options = ["subvol=nix" "compress-force=zstd"]; - }; - "/etc/NetworkManager" = { - device = config.sils.meta.mainDisk; - fsType = "btrfs"; - options = ["subvol=networkmanagerconfig" "compress-force=zstd"]; - }; - "/etc/secureboot" = { - device = config.sils.meta.mainDisk; - fsType = "btrfs"; - options = ["subvol=secureboot" "compress-force=zstd"]; - }; - "/etc/nixos" = { - device = config.sils.meta.mainDisk; - fsType = "btrfs"; - options = ["subvol=nixconfig" "compress-force=zstd"]; - }; - "/srv" = { - device = config.sils.meta.mainDisk; - fsType = "btrfs"; - options = ["subvol=srv" "compress-force=zstd"]; - neededForBoot = true; - }; - "/swap" = { - device = config.sils.meta.mainDisk; - fsType = "btrfs"; - options = ["subvol=swap" "noatime"]; - }; - "/home" = { - device = config.sils.meta.mainDisk; - fsType = "btrfs"; - options = ["subvol=home" "compress-force=zstd"]; - }; - "/srv/snapshots" = { - device = config.sils.meta.mainDisk; - fsType = "btrfs"; - options = ["subvol=snapshots" "compress-force=zstd"]; - }; - "/boot" = { - device = config.sils.meta.bootPart; - fsType = "vfat"; - }; - }; + #fileSystems = { + # "/" = { + # device = "tmpfs"; + # fsType = "tmpfs"; + # options = ["defaults" "size=2G" "mode=755"]; + # }; + # "/tmp" = { + # device = "tmpfs"; + # fsType = "tmpfs"; + # options = ["defaults" "size=5G" "mode=755"]; + # }; + # "/nix" = { + # device = config.sils.meta.mainDisk; + # fsType = "btrfs"; + # options = ["subvol=nix" "compress-force=zstd"]; + # }; + # "/etc/NetworkManager" = { + # device = config.sils.meta.mainDisk; + # fsType = "btrfs"; + # options = ["subvol=networkmanagerconfig" "compress-force=zstd"]; + # }; + # "/etc/secureboot" = { + # device = config.sils.meta.mainDisk; + # fsType = "btrfs"; + # options = ["subvol=secureboot" "compress-force=zstd"]; + # }; + # "/etc/nixos" = { + # device = config.sils.meta.mainDisk; + # fsType = "btrfs"; + # options = ["subvol=nixconfig" "compress-force=zstd"]; + # }; + # "/srv" = { + # device = config.sils.meta.mainDisk; + # fsType = "btrfs"; + # options = ["subvol=srv" "compress-force=zstd"]; + # neededForBoot = true; + # }; + # "/swap" = { + # device = config.sils.meta.mainDisk; + # fsType = "btrfs"; + # options = ["subvol=swap" "noatime"]; + # }; + # "/home" = { + # device = config.sils.meta.mainDisk; + # fsType = "btrfs"; + # options = ["subvol=home" "compress-force=zstd"]; + # }; + # "/srv/snapshots" = { + # device = config.sils.meta.mainDisk; + # fsType = "btrfs"; + # options = ["subvol=snapshots" "compress-force=zstd"]; + # }; + # "/boot" = { + # device = config.sils.meta.bootPart; + # fsType = "vfat"; + # }; + #}; - swapDevices = [ - { - device = "/swap/swapfile"; - } - ]; + #swapDevices = [ + # { + # device = "/swap/swapfile"; + # } + #]; system.stateVersion = "23.05"; diff --git a/modules/nixos/sils/default.nix b/modules/nixos/sils/default.nix index 922d706..c169bfb 100644 --- a/modules/nixos/sils/default.nix +++ b/modules/nixos/sils/default.nix @@ -3,6 +3,7 @@ ./apparmor.nix ./basesystem.nix ./bluetooth.nix + ./disks.nix ./environment.nix ./firejail.nix ./font.nix diff --git a/modules/nixos/sils/disks.nix b/modules/nixos/sils/disks.nix new file mode 100644 index 0000000..01c65e9 --- /dev/null +++ b/modules/nixos/sils/disks.nix @@ -0,0 +1,128 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.sils.disks; + defaultMountOptions = [ + "noatime" # should have some performance upsides, and I don't use it anyways + "lazytime" # make time changes in memory + ]; +in { + options.sils.disks = { + enable = lib.mkEnableOption "disk setup with disko"; + + disk = lib.mkOption { + type = lib.types.path; + example = lib.literalExpression "/dev/disk/by-uuid/0442cb6d-f13a-4635-b487-fa76189774c5"; + description = "The disk used for installing the OS."; + }; + + + #swap = { + # uuid = lib.mkOption { + # type = lib.types.str; + # example = lib.literalExpression "d1d20ae7-3d8a-44da-86da-677dbbb10c89"; + # description = "The uuid of the swapfile"; + # }; + # resumeOffset = lib.mkOption { + # type = lib.types.str; + # example = lib.literalExpression "134324224"; + # description = "The resume offset of the swapfile"; + # }; + #}; + }; + + config = lib.mkIf cfg.enable { + + disko.devices = { + disk = { + main = { + device = cfg.disk; + content = { + type = "gpt"; + partitions = { + root = { + size = "100%"; + name = "root"; + content = { + type = "luks"; + name = "cryptroot"; + extraOpenArgs = ["--allow-discards"]; + content = { + type = "btrfs"; + extraArgs = ["-f" "--label nixos"]; # Override existing partitions + subvolumes = { + "root" = { + mountpoint = "/"; + mountOptions = defaultMountOptions; + }; + "nix" = { + mountpoint = "/nix"; + mountOptions = defaultMountOptions; + }; + "persistent-storage" = { + mountpoint = "/srv"; + mountOptions = defaultMountOptions; + }; + "persistent-storage@snapshots" = { + mountpoint = "/srv/.snapshots"; + mountOptions = defaultMountOptions; + }; + "swap" = { + mountpoint = "/swap"; + mountOptions = defaultMountOptions; + }; + "home" = { + mountpoint = "/home"; + mountOptions = defaultMountOptions; + }; + }; + }; + }; + }; + boot = { + type = "EF00"; + size = "512M"; + name = "boot"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + }; + }; + }; + }; + nodev = { + "/tmp" = { + fsType = "tmpfs"; + mountOptions = ["defaults" "size=10G" "mode=755"]; + }; + }; + }; + fileSystems = { + "/srv" = { + neededForBoot = true; + }; + "/swap" = { + neededForBoot = true; + }; + }; + swapDevices = [ + #{ + # device = "/swap/swapfile"; + # priority = 1; # lower than zramSwap, just in case + # # size = 2048; # TODO: can nixos create a btrfs swapfile correctly? + #} + ]; + boot = { + kernelParams = [ + #"resume_offset=${cfg.swap.resumeOffset}" + ]; + #resumeDevice = "/dev/disk/by-uuid/${cfg.swap.uuid}"; + }; + }; +} diff --git a/modules/nixos/sils/roles.nix b/modules/nixos/sils/roles.nix index a39af33..c19bd42 100644 --- a/modules/nixos/sils/roles.nix +++ b/modules/nixos/sils/roles.nix @@ -22,6 +22,22 @@ in { sway.enable = lib.mkDefault false; theming.enable = lib.mkDefault true; } + else if roleCmp "laptop-light" + then { + apparmor.enable = lib.mkDefault true; + basesystem.enable = lib.mkDefault true; + bluetooth.enable = lib.mkDefault true; + environment.enable = lib.mkDefault true; + firejail.enable = false; + font.enable = lib.mkDefault true; + hyprland.enable = lib.mkDefault true; + impermanence.enable = lib.mkDefault true; + networking.enable = lib.mkDefault true; + nix-config.enable = lib.mkDefault true; + plymouth.enable = lib.mkDefault false; + sway.enable = lib.mkDefault false; + theming.enable = lib.mkDefault true; + } else if roleCmp "vm" then {} else {}; -- cgit 1.4.1