Add disko

2023-02-24 11:59:17 -03:00 · 2023-02-24 11:59:17 -03:00 · b1c96cb075
commit b1c96cb075
parent 3c09386643
8 changed files with 77 additions and 13 deletions
--- a/hosts/i15/default.nix
+++ b/hosts/i15/default.nix
@ -0,0 +1,25 @@
+{ config, lib, pkgs, modulesPath, ... }: {
+  networking.hostName = "i15"; # Define your hostname.
+
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  disko.devices = (import ./partitions.nix { disks = [ "/dev/sda" ]; });
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+
+  swapDevices = [{
+    device = "/swap/swapfile";
+    size = (1024 * 8) + (1024 * 2); # RAM size + 2 GB
+  }];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  hardware.cpu.intel.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/i15/partitions-test.nix
+++ b/hosts/i15/partitions-test.nix
@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+pkgs.makeDiskoTest {
+  name = "test-disko-i15";
+  disko-config = ./partitions.nix;
+  enableOCR = true;
+  bootCommands = ''
+    machine.wait_for_text("[Pp]assphrase for")
+    machine.send_chars("secretsecret\n")
+  '';
+  extraTestScript = ''
+    machine.succeed("cryptsetup isLuks /dev/vda2");
+    machine.succeed("mountpoint /home");
+  '';
+}
--- a/hosts/i15/partitions.nix
+++ b/hosts/i15/partitions.nix
@ -1,4 +1,8 @@
-{ disks ? [ "/dev/sda" ], ... }: {
+{ disks ? [ "/dev/sda" ], ... }:
+let
+  btrfs_options = [ "compress=zstd:3" "noatime" ];
+in
+{
  disk.sda = {
    type = "disk";
    device = builtins.elemAt disks 0;
@ -10,28 +14,36 @@
          type = "partition";
          name = "NIX_BOOT";
          start = "1MiB";
-          end = "1GiB";
+          end = "300MiB";
          bootable = true;
          content = {
            type = "filesystem";
+            extraArgs = [ "-n" "BOOT_I15" ];
            format = "vfat";
            mountpoint = "/boot";
-            options = [ "defaults" ];
+            # options = [ "defaults" ];
          };
        }
        {
          type = "partition";
-          name = "NIX_CRYPT_ROOT";
-          start = "1GiB";
+          name = "CRYPT_I15";
+          start = "300MiB";
          end = "100%";
          content = {
            type = "luks";
            name = "main";
+            keyFile = "/tmp/secret.key";
            content = {
              type = "btrfs";
-              name = "BTRFS_ROOT";
-              mountpoint = "/";
-              subvolumes = [ "/home" "/nixos" "/swap" ];
+              extraArgs = [ "--label" "ROOT_I15" ];
+              subvolumes = let mountOptions = btrfs_options; in {
+                "/home" = { inherit mountOptions; };
+                "/nixos" = {
+                  inherit mountOptions;
+                  mountpoint = "/";
+                };
+                "/swap" = { inherit mountOptions; };
+              };
            };
          };
        }
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
--- a/hosts/pixie/default.nix
+++ b/hosts/pixie/default.nix
--- a/hosts/rainbow/default.nix
+++ b/hosts/rainbow/default.nix