Khanda: Finalize new config

bin/install-nixos.sh

@@ -7,18 +7,20 @@ set -e
 # Configuration parameters
 ask_root_password=true	# Prompt for a root user password
 flakeDir="."			# Where the flake.nix file is stored
-boot_drive="/dev/disk/by-uuid/whatever"	# The drive to install the bootloader to
-root_drive="/dev/disk/by-id/whatever"	# The partition to install NixOS to
+boot_drive="/dev/disk/by-uuid/B2D7-96C3"	# The drive to install the bootloader to
+luks_drive="/dev/nvme0n1p2"
+root_drive="/dev/mapper/nixos-crypt"	# The partition to install NixOS to
 
 if [ "$(id -u)" != "0" ]; then
    echo "This script must be run as root" 1>&2
    exit 1
 fi
 
-cryptsetup --allow-discards --label=nixos-crypt --type=luks2 luksFormat $root_drive
+# FIXME: Need to get the UUID from the newly-created LUKS partition, then use it going forward.
+cryptsetup --label=nixos-crypt --type=luks2 luksFormat $root_drive
 cryptsetup luksOpen $root_drive nixos-crypt
+mkfs.btrfs -L nixos $root_drive
 mount /dev/mapper/nixos-crypt /mnt
-mkfs.btrfs -L nixos /mnt
 btrfs subvolume create /mnt/@
 btrfs subvolume create /mnt/@home
 btrfs subvolume create /mnt/@log
@@ -33,10 +35,6 @@ mount -o subvol=@home $root_drive /mnt/home
 mount -o subvol=@log $root_drive /mnt/var/log
 mount -o subvol=@nix $root_drive /mnt/nix
 mount -o subvol=@swap $root_drive /mnt/swap
-
-# Create swapfile
-btrfs filesystem mkswapfile --size $(free -h --si | grep Mem: | awk '{print $2}') --uuid clear /mnt/swap/swapfile
-
 echo "Disks partitioned and mounted to /mnt."
 
 # Generate hardware-configuration.nix
@@ -46,7 +44,7 @@ echo "Configuration files generated and saved to /home/nixos."
 echo "Setup complete!"
 echo "To install, set up your system's configuration files under ./hosts/yourHost and add it to flake.nix."
 echo "Then, run the following command:"
-echo "nixos-install --verbose --root /mnt --flake $flakeDir.#yourHost $( (( ask_root_password == false )) && echo "--no-root-password" )"
+echo "nixos-install --verbose --root /mnt --flake $flakeDir#Khanda --max-jobs 1 --cores 10 $( (( ask_root_password == false )) && echo "--no-root-password" )"
 
 exit 0
 

hosts/Khanda/hardware-configuration.nix

@@ -6,6 +6,11 @@
   modulesPath,
   ...
 }:
+let
+  bootUUID = "B2D7-96C3"; # The UUID of the boot partition.
+  luksUUID = "f5ff391a-f2ef-4ac3-9ce8-9f5ed950b212"; # The UUID of the locked LUKS partition.
+  rootUUID = "fed155a3-04ae-47c0-996d-0398faaa6a17"; # The UUID of the unlocked filesystem partition.
+in
 {
   imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
 
@@ -42,9 +47,9 @@
         "pinctrl_tigerlake"
       ];
 
-      luks.devices."luks-bd1fe396-6740-4e7d-af2c-26ca9a3031f1" = {
-        device = "/dev/disk/by-uuid/bd1fe396-6740-4e7d-af2c-26ca9a3031f1";
-        crypttabExtraOpts = [ "tpm2-device=auto" ];
+      luks.devices."luks-${luksUUID}" = {
+        device = "/dev/disk/by-uuid/${luksUUID}";
+        crypttabExtraOpts = [ "tpm2-device=auto" ]; # Enable TPM auto-unlocking
       };
     };
 
@@ -69,21 +74,19 @@
     ];
   };
 
-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/b34afd29-94ff-421b-bb96-8497951abf58";
-      fsType = "btrfs";
-      options = [ "subvol=@,compress=zstd,nodiscard" ];
+  # Configure the main filesystem.
+  aux.system.filesystem.btrfs = {
+    enable = true;
+    devices = {
+      boot = "/dev/disk/by-uuid/${bootUUID}";
+      btrfs = "/dev/disk/by-uuid/${rootUUID}";
     };
-
-    "/boot" = {
-      device = "/dev/disk/by-uuid/DD2A-9C83";
-      fsType = "vfat";
+    swapFile = {
+      enable = true;
+      size = 16384;
     };
   };
 
-  swapDevices = [ { device = "/dev/disk/by-uuid/8c2519d9-3e47-4aa1-908d-98b1aa8b909d"; } ];
-
   networking = {
     useDHCP = lib.mkDefault true;
     hostName = "Khanda";
@@ -106,5 +109,5 @@
   environment.systemPackages = with pkgs; [ libwacom-surface ];
 
   # NOTE: Use a default kernel to skip full kernel rebuilds
-  # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
 }