From ff97141e6fe173c107db79583354036cf5289ca2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Tue, 20 Dec 2022 00:47:24 -0300 Subject: [PATCH] i15: update config --- hosts/i15.nix | 18 +++++++++---- install/i15.sh | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 5 deletions(-) create mode 100644 install/i15.sh diff --git a/hosts/i15.nix b/hosts/i15.nix index 61b3803..0bcde49 100644 --- a/hosts/i15.nix +++ b/hosts/i15.nix @@ -2,8 +2,9 @@ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { config, lib, pkgs, modulesPath, ... }: - -{ +let + btrfs_options = [ "compress=zstd:3" "noatime" ]; +in { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = @@ -12,6 +13,13 @@ boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; + boot.initrd.luks.devices = { + "main" = { + bypassWorkqueues = true; + device = "/dev/disk/by-label/CRYPT_ROOT"; + }; + }; + fileSystems."/boot/efi" = { device = "/dev/disk/by-label/NIX_BOOT"; fsType = "vfat"; @@ -20,13 +28,13 @@ fileSystems."/" = { device = "/dev/disk/by-label/NIX_ROOT"; fsType = "btrfs"; - options = [ "subvol=nixos" "compress=zstd" "noatime" ]; + options = [ "subvol=nixos" ] ++ btrfs_options; }; fileSystems."/home" = { device = "/dev/disk/by-label/NIX_ROOT"; fsType = "btrfs"; - options = [ "subvol=home" "compress=zstd" "noatime" ]; + options = [ "subvol=home" ] ++ btrfs_options; }; swapDevices = [{ @@ -42,7 +50,7 @@ # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; networking.hostName = "i15"; # Define your hostname. diff --git a/install/i15.sh b/install/i15.sh new file mode 100644 index 0000000..d5ec222 --- /dev/null +++ b/install/i15.sh @@ -0,0 +1,72 @@ +#!/bin/sh + +test -f ./flake.nix || { + echo 'This should be run from the root of the repository!' + exit 1 +} + +lsblk +echo 'Enter the name of the device to WIPE and install (something like "sda"):' +read DRIVE_ID + +echo 'Enter a passphrase to encrypt the disk:' +read -s DRIVE_PASSPHRASE + +echo "Creating partition table..." +parted -s "/dev/${DRIVE_ID}" -- mklabel gpt || exit 1 + +echo "Creating EFI system partition..." +parted -s "/dev/${DRIVE_ID}" -- mkpart ESP 1MiB 1GiB && +parted -s "/dev/${DRIVE_ID}" -- set 1 boot on && +mkfs.fat -F32 "/dev/${DRIVE_ID}1" -n NIX_BOOT || exit 1 + +echo "Creating encrypted root partition..." +parted -s "/dev/${DRIVE_ID}" -- mkpart luks 1GiB 100% && +echo "$DRIVE_PASSPHRASE" | cryptsetup --batch-mode luksFormat --label CRYPT_ROOT "/dev/${DRIVE_ID}2" && +echo "$DRIVE_PASSPHRASE" | cryptsetup luksOpen "/dev/${DRIVE_ID}2" "crypt_root" && { + + echo "Creating btrfs partition..." + mkfs.btrfs --quiet --label NIX_ROOT /dev/mapper/"crypt_root" && + MNTPOINT=$(mktemp -d) && + mount /dev/mapper/"crypt_root" "$MNTPOINT" && { + + echo "Creating subvolumes..." + btrfs subvolume create "$MNTPOINT"/main + btrfs subvolume create "$MNTPOINT"/home + btrfs subvolume create "$MNTPOINT"/swap + + } + + echo "Closing btrfs partition..." + umount -Rl "$MNTPOINT" && + rm -rf "$MNTPOINT" + + echo "Mounting root btrfs submodule..." + MNTPOINT=$(mktemp -d) && + mount /dev/mapper/"crypt_root" "$MNTPOINT" -o subvol=main,noatime,compress=zstd && { + + echo "Creating and mounting EFI system partition mountpoint..." + mkdir -p "$MNTPOINT/boot/efi" && + mount "/dev/${DRIVE_ID}1" "$MNTPOINT/boot/efi" && + + echo "Creating home partition mountpoint..." && + mkdir -p "$MNTPOINT/home" && + mount /dev/mapper/"crypt_root" "$MNTPOINT/home" -o subvol=home,noatime,compress=zstd && + + echo "Swapfile" && + mkdir -p "$MNTPOINT/swap" && + mount /dev/mapper/"crypt_root" "$MNTPOINT/home" -o subvol=swap,noatime && + + echo "Installing system..." && + nixos-install --flake .#i15 --root "$MNTPOINT" + + } + + echo "Closing root btrfs submodule..." + umount -Rl "$MNTPOINT" && + rm -rf "$MNTPOINT" + +} + +echo "Closing encrypted root partition..." +cryptsetup close "crypt_root"