aires/nix-configuration
aires/nix-configuration
1
0
Fork 0
Code Actions Activity

Filesystems: scooch LUKS definition over to module

Browse source
This commit is contained in:
Aires 2024-07-03 21:13:13 -04:00
parent 031b719d64
commit 1d93917d7b
5 changed files with 113 additions and 93 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
flake.lock
View file

@ -138,11 +138,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719992360, "lastModified": 1720045378,
"narHash": "sha256-SRq0ZRkqagqpMGVf4z9q9CIWRbPYjO7FTqSJyWh7nes=", "narHash": "sha256-lmE7B+QXw7lWdBu5GQlUABSpzPk3YBb9VbV+IYK5djk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "36e2f9da91ce8b63a549a47688ae60d47c50de4b", "rev": "0a30138c694ab3b048ac300794c2eb599dc40266",
"type": "github" "type": "github"
}, },
"original": { "original": {

25
hosts/Dimaga/hardware-configuration.nix
View file

@ -15,25 +15,29 @@ in
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = { boot = {
initrd = { initrd.availableKernelModules = [
availableKernelModules = [
"xhci_pci" "xhci_pci"
"nvme" "nvme"
"usb_storage" "usb_storage"
"sd_mod" "sd_mod"
"sdhci_pci" "sdhci_pci"
]; ];
luks.devices."luks-${luksUUID}" = {
device = "/dev/disk/by-uuid/${luksUUID}";
crypttabExtraOpts = [ "tpm2-device=auto" ]; # Enable TPM auto-unlocking
};
};
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ]; extraModulePackages = [ ];
# Enable mdadm for Sapana (RAID 5 primary storage).
swraid = {
enable = true;
mdadmConf = ''
ARRAY /dev/md/Sapana metadata=1.2 UUID=51076daf:efdb34dd:bce48342:3b549fcb
MAILADDR ${config.secrets.users.aires.email}
'';
};
}; };
# Configure the main filesystem. # Configure the main filesystem.
aux.system.filesystem.btrfs = { aux.system.filesystem = {
btrfs = {
enable = true; enable = true;
devices = { devices = {
boot = "/dev/disk/by-uuid/${bootUUID}"; boot = "/dev/disk/by-uuid/${bootUUID}";
@ -44,6 +48,11 @@ in
size = 16384; size = 16384;
}; };
}; };
luks = {
enable = true;
uuid = luksUUID;
};
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

13
hosts/Khanda/hardware-configuration.nix
View file

@ -46,11 +46,6 @@ in
"surface_kbd" "surface_kbd"
"pinctrl_tigerlake" "pinctrl_tigerlake"
]; ];
luks.devices."luks-${luksUUID}" = {
device = "/dev/disk/by-uuid/${luksUUID}";
crypttabExtraOpts = [ "tpm2-device=auto" ]; # Enable TPM auto-unlocking
};
}; };
kernel.sysctl = { kernel.sysctl = {
@ -75,7 +70,8 @@ in
}; };
# Configure the main filesystem. # Configure the main filesystem.
aux.system.filesystem.btrfs = { aux.system.filesystem = {
btrfs = {
enable = true; enable = true;
devices = { devices = {
boot = "/dev/disk/by-uuid/${bootUUID}"; boot = "/dev/disk/by-uuid/${bootUUID}";
@ -86,6 +82,11 @@ in
size = 16384; size = 16384;
}; };
}; };
luks = {
enable = true;
uuid = luksUUID;
};
};
networking = { networking = {
useDHCP = lib.mkDefault true; useDHCP = lib.mkDefault true;

12
hosts/Shura/hardware-configuration.nix
View file

@ -29,17 +29,14 @@ in
"sd_mod" "sd_mod"
"rtsx_pci_sdmmc" "rtsx_pci_sdmmc"
]; ];
luks.devices."luks-${luksUUID}" = {
device = "/dev/disk/by-uuid/${luksUUID}";
crypttabExtraOpts = [ "tpm2-device=auto" ]; # Enable TPM auto-unlocking
};
}; };
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
}; };
# Configure the main filesystem. # Configure the main filesystem.
aux.system.filesystem.btrfs = { aux.system.filesystem = {
btrfs = {
enable = true; enable = true;
devices = { devices = {
boot = "/dev/disk/by-uuid/${bootUUID}"; boot = "/dev/disk/by-uuid/${bootUUID}";
@ -50,6 +47,11 @@ in
size = 16384; size = 16384;
}; };
}; };
luks = {
enable = true;
uuid = luksUUID;
};
};
networking = { networking = {
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

64
modules/system/filesystem.nix
View file

@ -1,12 +1,13 @@
{ lib, config, ... }: { lib, config, ... }:
let let
cfg = config.aux.system.filesystem.btrfs; cfg = config.aux.system.filesystem;
standardMountOpts = [ "compress=zstd" ]; standardMountOpts = [ "compress=zstd" ];
in in
{ {
options = { options = {
aux.system.filesystem.btrfs = { aux.system.filesystem = {
btrfs = {
enable = lib.mkEnableOption (lib.mdDoc "Enables standard BTRFS subvolumes and parameters."); enable = lib.mkEnableOption (lib.mdDoc "Enables standard BTRFS subvolumes and parameters.");
devices = { devices = {
boot = lib.mkOption { boot = lib.mkOption {
@ -20,16 +21,6 @@ in
default = ""; default = "";
}; };
}; };
subvolumes = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Which subvolumes to mount. Leave as the default to create all standard subvolumes.";
default = [
"/"
"/home"
"/nix"
"/var/log"
];
};
swapFile = { swapFile = {
enable = lib.mkEnableOption (lib.mdDoc "Enables the creation of a swap file."); enable = lib.mkEnableOption (lib.mdDoc "Enables the creation of a swap file.");
size = lib.mkOption { size = lib.mkOption {
@ -39,25 +30,42 @@ in
}; };
}; };
}; };
luks = {
enable = lib.mkEnableOption (
lib.mkDoc "Enables an encrypted LUKS container for the BTRFS partition."
);
uuid = lib.mkOption {
type = lib.types.str;
description = "The UUID of the encrypted LUKS volume.";
};
};
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.btrfs.enable {
# Check for blank parameters # Check for blank parameters
assertions = [ assertions = [
{ {
assertion = cfg.devices.btrfs != ""; assertion = cfg.btrfs.devices.btrfs != "";
message = "Please specify a BTRFS partition to use as a filesystem."; message = "Please specify a BTRFS partition to use as a filesystem.";
} }
{ {
assertion = cfg.devices.boot != ""; assertion = cfg.btrfs.devices.boot != "";
message = "Please specify a boot partition to use as a filesystem."; message = "Please specify a boot partition to use as a filesystem.";
} }
]; ];
boot.initrd.luks.devices = lib.mkIf cfg.luks.enable {
"luks-${cfg.luks.uuid}" = {
device = "/dev/disk/by-uuid/${cfg.luks.uuid}";
# Enable TPM auto-unlocking if configured
crypttabExtraOpts = lib.mkIf config.aux.system.bootloader.tpm2.enable [ "tpm2-device=auto" ];
};
};
fileSystems = fileSystems =
{ {
"/" = lib.mkIf (builtins.elem "/" cfg.subvolumes) { "/" = {
device = cfg.devices.btrfs; device = cfg.btrfs.devices.btrfs;
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"subvol=@" "subvol=@"
@ -65,27 +73,27 @@ in
]; ];
}; };
"/boot" = { "/boot" = {
device = cfg.devices.boot; device = cfg.btrfs.devices.boot;
fsType = "vfat"; fsType = "vfat";
}; };
"/home" = lib.mkIf (builtins.elem "/home" cfg.subvolumes) { "/home" = {
device = cfg.devices.btrfs; device = cfg.btrfs.devices.btrfs;
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"subvol=@home" "subvol=@home"
"compress=zstd" "compress=zstd"
]; ];
}; };
"/var/log" = lib.mkIf (builtins.elem "/var/log" cfg.subvolumes) { "/var/log" = {
device = cfg.devices.btrfs; device = cfg.btrfs.devices.btrfs;
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"subvol=@log" "subvol=@log"
"compress=zstd" "compress=zstd"
]; ];
}; };
"/nix" = lib.mkIf (builtins.elem "/nix" cfg.subvolumes) { "/nix" = {
device = cfg.devices.btrfs; device = cfg.btrfs.devices.btrfs;
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"subvol=@nix" "subvol=@nix"
@ -94,9 +102,9 @@ in
]; ];
}; };
} }
// lib.optionalAttrs cfg.swapFile.enable { // lib.optionalAttrs cfg.btrfs.swapFile.enable {
"/swap" = { "/swap" = {
device = cfg.devices.btrfs; device = cfg.btrfs.devices.btrfs;
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"subvol=@swap" "subvol=@swap"
@ -105,10 +113,10 @@ in
}; };
}; };
swapDevices = lib.mkIf cfg.swapFile.enable [ swapDevices = lib.mkIf cfg.btrfs.swapFile.enable [
{ {
device = "/swap/swapfile"; device = "/swap/swapfile";
size = cfg.swapFile.size; size = cfg.btrfs.swapFile.size;
} }
]; ];
}; };