Compare commits
2 commits
7a28a056e7
...
85a817ee02
| Author | SHA1 | Date | |
|---|---|---|---|
|
85a817ee02 | ||
|
|
05082003e4 |
27
flake.lock
27
flake.lock
|
|
@ -142,6 +142,26 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"disko": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1677116397,
|
||||
"narHash": "sha256-2OHwhv4k1SDEuNxhq+zluvrd5pbW8d4TP9NKW4B8iO8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "8fddb2fd721365fa77ff68b709539639d4dc65d7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"dzgui": {
|
||||
"inputs": {
|
||||
"dzgui": "dzgui_2",
|
||||
|
|
@ -465,11 +485,11 @@
|
|||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1677153098,
|
||||
"narHash": "sha256-C5NsaJKeNe+Aa1REK6Ae1ywiybkKbtX92FP6OYZA0Lc=",
|
||||
"lastModified": 1677192448,
|
||||
"narHash": "sha256-bqHXpEDxPnDF4tdBld2fL13ZtWNGsv/EINENxS+T1UM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "12e6af8be38edb8358041e0ff3796919917c0d7b",
|
||||
"rev": "81cee6fd1d178fca9ad861247cc9b15cd114f203",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -533,6 +553,7 @@
|
|||
"alacritty-sixel": "alacritty-sixel",
|
||||
"demoji": "demoji",
|
||||
"dhist": "dhist",
|
||||
"disko": "disko",
|
||||
"dzgui": "dzgui",
|
||||
"home-manager": "home-manager",
|
||||
"hyprland": "hyprland",
|
||||
|
|
|
|||
15
flake.nix
15
flake.nix
|
|
@ -51,6 +51,9 @@
|
|||
dzgui.url = "github:lelgenio/dzgui-nix";
|
||||
dzgui.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
disko.url = "github:nix-community/disko";
|
||||
disko.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
# my stuff
|
||||
dhist = {
|
||||
url = "github:lelgenio/dhist";
|
||||
|
|
@ -82,6 +85,7 @@
|
|||
./system/configuration.nix
|
||||
./system/secrets.nix
|
||||
./system/specialisation.nix
|
||||
inputs.disko.nixosModules.disko
|
||||
# nur.nixosModules.nur
|
||||
inputs.agenix.nixosModules.default
|
||||
inputs.hyprland.nixosModules.default
|
||||
|
|
@ -104,15 +108,18 @@
|
|||
++ lib.optional (desktop == "kde") ./system/kde.nix;
|
||||
in
|
||||
{
|
||||
checks."${system}" = {
|
||||
disko-format-i15 = pkgs.callPackage ./hosts/i15/partitions-test.nix { };
|
||||
};
|
||||
nixosConfigurations = {
|
||||
i15 = lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
modules = [ ./hosts/i15.nix ] ++ common_modules;
|
||||
modules = [ ./hosts/i15 ] ++ common_modules;
|
||||
};
|
||||
monolith = lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
modules = [
|
||||
./hosts/monolith.nix
|
||||
./hosts/monolith
|
||||
./system/monolith-gitlab-runner.nix
|
||||
./system/nix-serve.nix
|
||||
./system/steam.nix
|
||||
|
|
@ -121,13 +128,13 @@
|
|||
rainbow = lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
modules = [
|
||||
./hosts/rainbow.nix
|
||||
./hosts/rainbow
|
||||
./system/rainbow-gitlab-runner.nix
|
||||
] ++ common_modules;
|
||||
};
|
||||
pixie = lib.nixosSystem {
|
||||
inherit system specialArgs;
|
||||
modules = [ ./hosts/pixie.nix ] ++ common_modules ++ [{
|
||||
modules = [ ./hosts/pixie ] ++ common_modules ++ [{
|
||||
packages.media-packages.enable = lib.mkOverride 0 false;
|
||||
programs.steam.enable = lib.mkOverride 0 false;
|
||||
services.flatpak.enable = lib.mkOverride 0 false;
|
||||
|
|
|
|||
|
|
@ -1,65 +0,0 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
let
|
||||
btrfs_options = [ "compress=zstd:3" "noatime" ];
|
||||
in
|
||||
{
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
boot.initrd.luks.devices = {
|
||||
"main" = {
|
||||
bypassWorkqueues = true;
|
||||
device = "/dev/disk/by-label/CRYPT_ROOT";
|
||||
};
|
||||
};
|
||||
|
||||
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||
fileSystems."/boot/efi" = {
|
||||
device = "/dev/disk/by-label/NIX_BOOT";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/NIX_ROOT";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@nixos" ] ++ btrfs_options;
|
||||
};
|
||||
|
||||
fileSystems."/home" = {
|
||||
device = "/dev/disk/by-label/NIX_ROOT";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@home" ] ++ btrfs_options;
|
||||
};
|
||||
|
||||
fileSystems."/swap" = {
|
||||
device = "/dev/disk/by-label/NIX_ROOT";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@swap" ] ++ btrfs_options;
|
||||
};
|
||||
|
||||
swapDevices = [{
|
||||
device = "/swap/swapfile";
|
||||
size = (1024 * 8) + (1024 * 2); # RAM size + 2 GB
|
||||
}];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||
hardware.cpu.intel.updateMicrocode =
|
||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
networking.hostName = "i15"; # Define your hostname.
|
||||
}
|
||||
25
hosts/i15/default.nix
Normal file
25
hosts/i15/default.nix
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
{ config, lib, pkgs, modulesPath, ... }: {
|
||||
networking.hostName = "i15"; # Define your hostname.
|
||||
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
disko.devices = (import ./partitions.nix { disks = [ "/dev/sda" ]; });
|
||||
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||
|
||||
swapDevices = [{
|
||||
device = "/swap/swapfile";
|
||||
size = (1024 * 8) + (1024 * 2); # RAM size + 2 GB
|
||||
}];
|
||||
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||
hardware.cpu.intel.updateMicrocode =
|
||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
14
hosts/i15/partitions-test.nix
Normal file
14
hosts/i15/partitions-test.nix
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
pkgs.makeDiskoTest {
|
||||
name = "test-disko-i15";
|
||||
disko-config = ./partitions.nix;
|
||||
enableOCR = true;
|
||||
bootCommands = ''
|
||||
machine.wait_for_text("[Pp]assphrase for")
|
||||
machine.send_chars("secretsecret\n")
|
||||
'';
|
||||
extraTestScript = ''
|
||||
machine.succeed("cryptsetup isLuks /dev/vda2");
|
||||
machine.succeed("mountpoint /home");
|
||||
'';
|
||||
}
|
||||
53
hosts/i15/partitions.nix
Normal file
53
hosts/i15/partitions.nix
Normal file
|
|
@ -0,0 +1,53 @@
|
|||
{ disks ? [ "/dev/sda" ], ... }:
|
||||
let
|
||||
btrfs_options = [ "compress=zstd:3" "noatime" ];
|
||||
in
|
||||
{
|
||||
disk.sda = {
|
||||
type = "disk";
|
||||
device = builtins.elemAt disks 0;
|
||||
content = {
|
||||
type = "table";
|
||||
format = "gpt";
|
||||
partitions = [
|
||||
{
|
||||
type = "partition";
|
||||
name = "NIX_BOOT";
|
||||
start = "1MiB";
|
||||
end = "300MiB";
|
||||
bootable = true;
|
||||
content = {
|
||||
type = "filesystem";
|
||||
extraArgs = [ "-n" "BOOT_I15" ];
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
# options = [ "defaults" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
type = "partition";
|
||||
name = "CRYPT_I15";
|
||||
start = "300MiB";
|
||||
end = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "main";
|
||||
keyFile = "/tmp/secret.key";
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [ "--label" "ROOT_I15" ];
|
||||
subvolumes = let mountOptions = btrfs_options; in {
|
||||
"/home" = { inherit mountOptions; };
|
||||
"/nixos" = {
|
||||
inherit mountOptions;
|
||||
mountpoint = "/";
|
||||
};
|
||||
"/swap" = { inherit mountOptions; };
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,63 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -xe
|
||||
|
||||
settle() {
|
||||
udevadm trigger --subsystem-match=block
|
||||
udevadm settle
|
||||
}
|
||||
|
||||
lsblk
|
||||
echo 'Enter the name of the device to WIPE and install (something like "sda"):'
|
||||
read DRIVE_ID
|
||||
|
||||
echo 'Enter a passphrase to encrypt the disk:'
|
||||
read -s DRIVE_PASSPHRASE
|
||||
|
||||
echo "Creating partition table..."
|
||||
parted -s "/dev/${DRIVE_ID}" -- mklabel gpt
|
||||
|
||||
echo "Creating EFI system partition..."
|
||||
parted -s "/dev/${DRIVE_ID}" -- mkpart ESP 1MiB 1GiB
|
||||
parted -s "/dev/${DRIVE_ID}" -- set 1 boot on
|
||||
mkfs.fat -F32 "/dev/${DRIVE_ID}1" -n NIX_BOOT
|
||||
|
||||
echo "Creating encrypted root partition..."
|
||||
parted -s "/dev/${DRIVE_ID}" -- mkpart luks 1GiB 100%
|
||||
echo "$DRIVE_PASSPHRASE" | cryptsetup --batch-mode luksFormat --label CRYPT_ROOT "/dev/${DRIVE_ID}2"
|
||||
settle
|
||||
echo "$DRIVE_PASSPHRASE" | cryptsetup luksOpen /dev/disk/by-label/CRYPT_ROOT "crypt_root"
|
||||
|
||||
echo "Creating btrfs partition..."
|
||||
mkfs.btrfs --quiet --label NIX_ROOT /dev/mapper/"crypt_root"
|
||||
MNTPOINT=$(mktemp -d)
|
||||
mount /dev/mapper/"crypt_root" "$MNTPOINT"
|
||||
|
||||
echo "Creating subvolumes..."
|
||||
btrfs subvolume create "$MNTPOINT"/@nixos
|
||||
btrfs subvolume create "$MNTPOINT"/@home
|
||||
btrfs subvolume create "$MNTPOINT"/@swap
|
||||
|
||||
echo "Closing btrfs partition..."
|
||||
umount -Rl "$MNTPOINT"
|
||||
rm -rf "$MNTPOINT"
|
||||
|
||||
echo "Mounting root btrfs submodule to '$MNTPOINT' ..."
|
||||
MNTPOINT=$(mktemp -d)
|
||||
mount /dev/disk/by-label/NIX_ROOT "$MNTPOINT" -o subvol=@nixos,noatime,compress=zstd
|
||||
|
||||
echo "Creating and mounting EFI system partition mountpoint..."
|
||||
mkdir -p "$MNTPOINT/boot"
|
||||
mount /dev/disk/by-label/NIX_BOOT "$MNTPOINT/boot"
|
||||
|
||||
echo "Creating home partition mountpoint..."
|
||||
mkdir -p "$MNTPOINT/home"
|
||||
mount /dev/disk/by-label/NIX_ROOT "$MNTPOINT/home" -o subvol=@home,noatime,compress=zstd
|
||||
|
||||
echo "Swapfile"
|
||||
mkdir -p "$MNTPOINT/swap"
|
||||
mount /dev/disk/by-label/NIX_ROOT "$MNTPOINT/swap" -o subvol=@swap,noatime
|
||||
|
||||
# echo "Installing system..."
|
||||
nixos-generate-config --root "$MNTPOINT"
|
||||
# nixos-install --root "$MNTPOINT"
|
||||
|
|
@ -79,5 +79,14 @@
|
|||
|
||||
variables = (final: prev: {
|
||||
uservars = import ../user/variables.nix;
|
||||
|
||||
makeDiskoTest =
|
||||
let
|
||||
makeTest = import (prev.path + "/nixos/tests/make-test-python.nix");
|
||||
eval-config = import (prev.path + "/nixos/lib/eval-config.nix");
|
||||
in
|
||||
(prev.callPackage "${inputs.disko}/tests/lib.nix" {
|
||||
inherit makeTest eval-config;
|
||||
}).makeDiskoTest;
|
||||
});
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue