tristan/nix
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Add disko & move hardware stuff to hardware.nix

Browse source 
Signed-off-by: Tristan Druyen <tristan@vault81.de>
This commit is contained in:
Tristan D. 2023-09-18 15:55:29 +02:00
parent 20741967ef
commit b1a2be5480
Signed by: tristan
SSH key fingerprint: SHA256:U7y6eMb7CQDaTHv9XoX6/BaQnPqyxxKc+Xnfcefi6rY
5 changed files with 151 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
configuration.nix
View file

@ -14,19 +14,6 @@
''; '';
}; };
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Setup keyfile
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
# Enable swap on luks
boot.initrd.luks.devices."luks-fa1e760a-71a3-4a79-a791-684cd82d9c3c".device = "/dev/disk/by-uuid/fa1e760a-71a3-4a79-a791-684cd82d9c3c";
boot.initrd.luks.devices."luks-fa1e760a-71a3-4a79-a791-684cd82d9c3c".keyFile = "/crypto_keyfile.bin";
fonts.fonts = with pkgs; [ fonts.fonts = with pkgs; [
noto-fonts noto-fonts
noto-fonts-cjk noto-fonts-cjk

123
disko.nix Normal file
View file

@ -0,0 +1,123 @@
{
disko.devices = {
disk = {
cryptroot_0 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:02:00.0-nvme-1";
content = {
type = "gpt";
partitions = {
ESP = {
label = "fake_EFI";
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountOptions = [
"defaults"
];
};
};
luks = {
end = "-256G";
content = {
type = "luks";
name = "crypted_0";
extraOpenArgs = ["--allow-discards"];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [];
# content is empty here as the btrfs partition will be created via extraArgs of the cryptroot_1 partition def
};
};
luksSwap = {
end = "-192G";
content = {
type = "luks";
name = "crypted_swap_0";
extraOpenArgs = ["--allow-discards"];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [];
content = {
type = "swap";
};
};
};
};
};
};
cryptroot_1 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:04:00.0-nvme-1";
content = {
type = "gpt";
partitions = {
ESP = {
label = "real_EFI";
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
end = "-256G";
content = {
type = "luks";
name = "crypted_1";
extraOpenArgs = ["--allow-discards"];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [];
content = {
type = "btrfs";
extraArgs = [
"-L btrfs_vault"
"-f"
"-m raid1"
"-d raid1"
"/dev/mapper/crypted_0"
];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = ["compress=zstd" "noatime"];
};
"/home" = {
mountpoint = "/home";
mountOptions = ["compress=zstd" "noatime"];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"];
};
};
};
};
};
luksSwap = {
end = "-192G";
content = {
type = "luks";
name = "crypted_swap_1";
extraOpenArgs = ["--allow-discards"];
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [];
content = {
type = "swap";
resumeDevice = true;
};
};
};
};
};
};
};
};
}

3
flake.nix
View file

@ -34,6 +34,9 @@
formatter = { formatter = {
x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra; x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
}; };
diskoConfigurations = {
nixos-pulse = import ./disko.nix;
};
nixosConfigurations = let nixosConfigurations = let
customPkgs = import nixpkgs { customPkgs = import nixpkgs {
system = "x86_64-linux"; system = "x86_64-linux";

22
hardware.nix
View file

@ -10,11 +10,31 @@
]; ];
boot = { boot = {
# Bootloader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = { initrd = {
# Setup keyfile
secrets = {
"/crypto_keyfile.bin" = null;
};
# modules
availableKernelModules = ["xhci_pci" "uas" "sd_mod"]; availableKernelModules = ["xhci_pci" "uas" "sd_mod"];
kernelModules = []; kernelModules = [];
luks.devices."luks-0ebc7402-5f50-4549-a407-b1f859285102".device = "/dev/disk/by-uuid/0ebc7402-5f50-4549-a407-b1f859285102"; # Enable swap on luks
luks = {
# Root
devices."luks-0ebc7402-5f50-4549-a407-b1f859285102".device = "/dev/disk/by-uuid/0ebc7402-5f50-4549-a407-b1f859285102";
# Swap
devices."luks-fa1e760a-71a3-4a79-a791-684cd82d9c3c".device = "/dev/disk/by-uuid/fa1e760a-71a3-4a79-a791-684cd82d9c3c";
devices."luks-fa1e760a-71a3-4a79-a791-684cd82d9c3c".keyFile = "/crypto_keyfile.bin";
};
}; };
kernelModules = ["kvm-amd" "amdgpu"]; kernelModules = ["kvm-amd" "amdgpu"];

1
home.nix
View file

@ -73,7 +73,6 @@
user = "tristand"; user = "tristand";
identityFile = "~/.ssh/id_v81_ed25519"; identityFile = "~/.ssh/id_v81_ed25519";
}; };
}; };
}; };