From 05082003e48e449ca2a59454082401d205cb87e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Thu, 23 Feb 2023 19:18:15 -0300 Subject: [PATCH 1/2] add disko --- flake.nix | 4 +++ hosts/partition/i15.nix | 41 +++++++++++++++++++++++++++ install/i15.sh | 63 ----------------------------------------- 3 files changed, 45 insertions(+), 63 deletions(-) create mode 100644 hosts/partition/i15.nix delete mode 100644 install/i15.sh diff --git a/flake.nix b/flake.nix index 9fd02e9..62bc3bd 100644 --- a/flake.nix +++ b/flake.nix @@ -51,6 +51,9 @@ dzgui.url = "github:lelgenio/dzgui-nix"; dzgui.inputs.nixpkgs.follows = "nixpkgs"; + inputs.disko.url = "github:nix-community/disko"; + inputs.disko.inputs.nixpkgs.follows = "nixpkgs"; + # my stuff dhist = { url = "github:lelgenio/dhist"; @@ -82,6 +85,7 @@ ./system/configuration.nix ./system/secrets.nix ./system/specialisation.nix + inputs.disko.nixosModules.disko # nur.nixosModules.nur inputs.agenix.nixosModules.default inputs.hyprland.nixosModules.default diff --git a/hosts/partition/i15.nix b/hosts/partition/i15.nix new file mode 100644 index 0000000..f97dad3 --- /dev/null +++ b/hosts/partition/i15.nix @@ -0,0 +1,41 @@ +{ disks ? [ "/dev/sda" ], ... }: { + disk.sda = { + type = "disk"; + device = builtins.elemAt disks 0; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + type = "partition"; + name = "NIX_BOOT"; + start = "1MiB"; + end = "1GiB"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + options = [ "defaults" ]; + }; + } + { + type = "partition"; + name = "NIX_CRYPT_ROOT"; + start = "1GiB"; + end = "100%"; + content = { + type = "luks"; + name = "main"; + content = { + type = "btrfs"; + name = "BTRFS_ROOT"; + mountpoint = "/"; + subvolumes = [ "/home" "/nixos" "/swap" ]; + }; + }; + } + ]; + }; + }; +} diff --git a/install/i15.sh b/install/i15.sh deleted file mode 100644 index 72a5ac6..0000000 --- a/install/i15.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/sh - -set -xe - -settle() { - udevadm trigger --subsystem-match=block - udevadm settle -} - -lsblk -echo 'Enter the name of the device to WIPE and install (something like "sda"):' -read DRIVE_ID - -echo 'Enter a passphrase to encrypt the disk:' -read -s DRIVE_PASSPHRASE - -echo "Creating partition table..." -parted -s "/dev/${DRIVE_ID}" -- mklabel gpt - -echo "Creating EFI system partition..." -parted -s "/dev/${DRIVE_ID}" -- mkpart ESP 1MiB 1GiB -parted -s "/dev/${DRIVE_ID}" -- set 1 boot on -mkfs.fat -F32 "/dev/${DRIVE_ID}1" -n NIX_BOOT - -echo "Creating encrypted root partition..." -parted -s "/dev/${DRIVE_ID}" -- mkpart luks 1GiB 100% -echo "$DRIVE_PASSPHRASE" | cryptsetup --batch-mode luksFormat --label CRYPT_ROOT "/dev/${DRIVE_ID}2" -settle -echo "$DRIVE_PASSPHRASE" | cryptsetup luksOpen /dev/disk/by-label/CRYPT_ROOT "crypt_root" - -echo "Creating btrfs partition..." -mkfs.btrfs --quiet --label NIX_ROOT /dev/mapper/"crypt_root" -MNTPOINT=$(mktemp -d) -mount /dev/mapper/"crypt_root" "$MNTPOINT" - -echo "Creating subvolumes..." -btrfs subvolume create "$MNTPOINT"/@nixos -btrfs subvolume create "$MNTPOINT"/@home -btrfs subvolume create "$MNTPOINT"/@swap - -echo "Closing btrfs partition..." -umount -Rl "$MNTPOINT" -rm -rf "$MNTPOINT" - -echo "Mounting root btrfs submodule to '$MNTPOINT' ..." -MNTPOINT=$(mktemp -d) -mount /dev/disk/by-label/NIX_ROOT "$MNTPOINT" -o subvol=@nixos,noatime,compress=zstd - -echo "Creating and mounting EFI system partition mountpoint..." -mkdir -p "$MNTPOINT/boot" -mount /dev/disk/by-label/NIX_BOOT "$MNTPOINT/boot" - -echo "Creating home partition mountpoint..." -mkdir -p "$MNTPOINT/home" -mount /dev/disk/by-label/NIX_ROOT "$MNTPOINT/home" -o subvol=@home,noatime,compress=zstd - -echo "Swapfile" -mkdir -p "$MNTPOINT/swap" -mount /dev/disk/by-label/NIX_ROOT "$MNTPOINT/swap" -o subvol=@swap,noatime - -# echo "Installing system..." -nixos-generate-config --root "$MNTPOINT" -# nixos-install --root "$MNTPOINT" From 85a817ee02191903481d737a2ff292017b74f0ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Fri, 24 Feb 2023 11:59:17 -0300 Subject: [PATCH 2/2] Add disko --- flake.lock | 27 +++++++- flake.nix | 15 +++-- hosts/i15.nix | 65 ------------------- hosts/i15/default.nix | 25 +++++++ hosts/i15/partitions-test.nix | 14 ++++ .../{partition/i15.nix => i15/partitions.nix} | 28 +++++--- hosts/{monolith.nix => monolith/default.nix} | 0 hosts/{pixie.nix => pixie/default.nix} | 0 hosts/{rainbow.nix => rainbow/default.nix} | 0 overlays/default.nix | 9 +++ 10 files changed, 101 insertions(+), 82 deletions(-) delete mode 100644 hosts/i15.nix create mode 100644 hosts/i15/default.nix create mode 100644 hosts/i15/partitions-test.nix rename hosts/{partition/i15.nix => i15/partitions.nix} (50%) rename hosts/{monolith.nix => monolith/default.nix} (100%) rename hosts/{pixie.nix => pixie/default.nix} (100%) rename hosts/{rainbow.nix => rainbow/default.nix} (100%) diff --git a/flake.lock b/flake.lock index 03c2398..e132837 100644 --- a/flake.lock +++ b/flake.lock @@ -142,6 +142,26 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677116397, + "narHash": "sha256-2OHwhv4k1SDEuNxhq+zluvrd5pbW8d4TP9NKW4B8iO8=", + "owner": "nix-community", + "repo": "disko", + "rev": "8fddb2fd721365fa77ff68b709539639d4dc65d7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "dzgui": { "inputs": { "dzgui": "dzgui_2", @@ -465,11 +485,11 @@ }, "nur": { "locked": { - "lastModified": 1677153098, - "narHash": "sha256-C5NsaJKeNe+Aa1REK6Ae1ywiybkKbtX92FP6OYZA0Lc=", + "lastModified": 1677192448, + "narHash": "sha256-bqHXpEDxPnDF4tdBld2fL13ZtWNGsv/EINENxS+T1UM=", "owner": "nix-community", "repo": "NUR", - "rev": "12e6af8be38edb8358041e0ff3796919917c0d7b", + "rev": "81cee6fd1d178fca9ad861247cc9b15cd114f203", "type": "github" }, "original": { @@ -533,6 +553,7 @@ "alacritty-sixel": "alacritty-sixel", "demoji": "demoji", "dhist": "dhist", + "disko": "disko", "dzgui": "dzgui", "home-manager": "home-manager", "hyprland": "hyprland", diff --git a/flake.nix b/flake.nix index 62bc3bd..0104c95 100644 --- a/flake.nix +++ b/flake.nix @@ -51,8 +51,8 @@ dzgui.url = "github:lelgenio/dzgui-nix"; dzgui.inputs.nixpkgs.follows = "nixpkgs"; - inputs.disko.url = "github:nix-community/disko"; - inputs.disko.inputs.nixpkgs.follows = "nixpkgs"; + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; # my stuff dhist = { @@ -108,15 +108,18 @@ ++ lib.optional (desktop == "kde") ./system/kde.nix; in { + checks."${system}" = { + disko-format-i15 = pkgs.callPackage ./hosts/i15/partitions-test.nix { }; + }; nixosConfigurations = { i15 = lib.nixosSystem { inherit system specialArgs; - modules = [ ./hosts/i15.nix ] ++ common_modules; + modules = [ ./hosts/i15 ] ++ common_modules; }; monolith = lib.nixosSystem { inherit system specialArgs; modules = [ - ./hosts/monolith.nix + ./hosts/monolith ./system/monolith-gitlab-runner.nix ./system/nix-serve.nix ./system/steam.nix @@ -125,13 +128,13 @@ rainbow = lib.nixosSystem { inherit system specialArgs; modules = [ - ./hosts/rainbow.nix + ./hosts/rainbow ./system/rainbow-gitlab-runner.nix ] ++ common_modules; }; pixie = lib.nixosSystem { inherit system specialArgs; - modules = [ ./hosts/pixie.nix ] ++ common_modules ++ [{ + modules = [ ./hosts/pixie ] ++ common_modules ++ [{ packages.media-packages.enable = lib.mkOverride 0 false; programs.steam.enable = lib.mkOverride 0 false; services.flatpak.enable = lib.mkOverride 0 false; diff --git a/hosts/i15.nix b/hosts/i15.nix deleted file mode 100644 index 31a2f7f..0000000 --- a/hosts/i15.nix +++ /dev/null @@ -1,65 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: -let - btrfs_options = [ "compress=zstd:3" "noatime" ]; -in -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = - [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - boot.initrd.luks.devices = { - "main" = { - bypassWorkqueues = true; - device = "/dev/disk/by-label/CRYPT_ROOT"; - }; - }; - - boot.loader.efi.efiSysMountPoint = "/boot/efi"; - fileSystems."/boot/efi" = { - device = "/dev/disk/by-label/NIX_BOOT"; - fsType = "vfat"; - }; - - fileSystems."/" = { - device = "/dev/disk/by-label/NIX_ROOT"; - fsType = "btrfs"; - options = [ "subvol=@nixos" ] ++ btrfs_options; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-label/NIX_ROOT"; - fsType = "btrfs"; - options = [ "subvol=@home" ] ++ btrfs_options; - }; - - fileSystems."/swap" = { - device = "/dev/disk/by-label/NIX_ROOT"; - fsType = "btrfs"; - options = [ "subvol=@swap" ] ++ btrfs_options; - }; - - swapDevices = [{ - device = "/swap/swapfile"; - size = (1024 * 8) + (1024 * 2); # RAM size + 2 GB - }]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; - - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; - hardware.cpu.intel.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; - networking.hostName = "i15"; # Define your hostname. -} diff --git a/hosts/i15/default.nix b/hosts/i15/default.nix new file mode 100644 index 0000000..6518e66 --- /dev/null +++ b/hosts/i15/default.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, modulesPath, ... }: { + networking.hostName = "i15"; # Define your hostname. + + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.availableKernelModules = + [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + disko.devices = (import ./partitions.nix { disks = [ "/dev/sda" ]; }); + boot.loader.efi.efiSysMountPoint = "/boot/efi"; + + swapDevices = [{ + device = "/swap/swapfile"; + size = (1024 * 8) + (1024 * 2); # RAM size + 2 GB + }]; + + networking.useDHCP = lib.mkDefault true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/i15/partitions-test.nix b/hosts/i15/partitions-test.nix new file mode 100644 index 0000000..89f06b7 --- /dev/null +++ b/hosts/i15/partitions-test.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: +pkgs.makeDiskoTest { + name = "test-disko-i15"; + disko-config = ./partitions.nix; + enableOCR = true; + bootCommands = '' + machine.wait_for_text("[Pp]assphrase for") + machine.send_chars("secretsecret\n") + ''; + extraTestScript = '' + machine.succeed("cryptsetup isLuks /dev/vda2"); + machine.succeed("mountpoint /home"); + ''; +} diff --git a/hosts/partition/i15.nix b/hosts/i15/partitions.nix similarity index 50% rename from hosts/partition/i15.nix rename to hosts/i15/partitions.nix index f97dad3..ed7ff7e 100644 --- a/hosts/partition/i15.nix +++ b/hosts/i15/partitions.nix @@ -1,4 +1,8 @@ -{ disks ? [ "/dev/sda" ], ... }: { +{ disks ? [ "/dev/sda" ], ... }: +let + btrfs_options = [ "compress=zstd:3" "noatime" ]; +in +{ disk.sda = { type = "disk"; device = builtins.elemAt disks 0; @@ -10,28 +14,36 @@ type = "partition"; name = "NIX_BOOT"; start = "1MiB"; - end = "1GiB"; + end = "300MiB"; bootable = true; content = { type = "filesystem"; + extraArgs = [ "-n" "BOOT_I15" ]; format = "vfat"; mountpoint = "/boot"; - options = [ "defaults" ]; + # options = [ "defaults" ]; }; } { type = "partition"; - name = "NIX_CRYPT_ROOT"; - start = "1GiB"; + name = "CRYPT_I15"; + start = "300MiB"; end = "100%"; content = { type = "luks"; name = "main"; + keyFile = "/tmp/secret.key"; content = { type = "btrfs"; - name = "BTRFS_ROOT"; - mountpoint = "/"; - subvolumes = [ "/home" "/nixos" "/swap" ]; + extraArgs = [ "--label" "ROOT_I15" ]; + subvolumes = let mountOptions = btrfs_options; in { + "/home" = { inherit mountOptions; }; + "/nixos" = { + inherit mountOptions; + mountpoint = "/"; + }; + "/swap" = { inherit mountOptions; }; + }; }; }; } diff --git a/hosts/monolith.nix b/hosts/monolith/default.nix similarity index 100% rename from hosts/monolith.nix rename to hosts/monolith/default.nix diff --git a/hosts/pixie.nix b/hosts/pixie/default.nix similarity index 100% rename from hosts/pixie.nix rename to hosts/pixie/default.nix diff --git a/hosts/rainbow.nix b/hosts/rainbow/default.nix similarity index 100% rename from hosts/rainbow.nix rename to hosts/rainbow/default.nix diff --git a/overlays/default.nix b/overlays/default.nix index 995079d..7117a37 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -79,5 +79,14 @@ variables = (final: prev: { uservars = import ../user/variables.nix; + + makeDiskoTest = + let + makeTest = import (prev.path + "/nixos/tests/make-test-python.nix"); + eval-config = import (prev.path + "/nixos/lib/eval-config.nix"); + in + (prev.callPackage "${inputs.disko}/tests/lib.nix" { + inherit makeTest eval-config; + }).makeDiskoTest; }); }