aires/nix-configuration
aires/nix-configuration
1
0
Fork 0
Code Actions Activity

Compare commits

base: aires:73c60fcfabd9028d0faa3507ea615d5e39493704
Branches Tags
aires:main
aires:aux-template
...
compare: aires:e16ae12c16a91a0ef7a84d7e0d1c45917b17f7dd
Branches Tags
aires:main
aires:aux-template

7 commits
73c60fcfab ... e16ae12c16

Author SHA1 Message Date
Aires e16ae12c16 More attempts to get Disko working 2024-06-02 14:16:44 -04:00
Aires beac5982e9 Merge branch 'main' into disko 2024-06-02 13:41:35 -04:00
Aires ca40bc1151 Add branch name option to nixos-upgrade with defaults to main 2024-06-02 13:41:18 -04:00
Aires cc4ae56ea3 Fix auto-update on Haven 2024-06-02 12:37:48 -04:00
Aires d959c546b0 Disable automatic login on Khanda 2024-06-02 11:33:05 -04:00
Aires 4d1539884b Messing around with nixos-upgrade 2024-06-01 12:56:37 -04:00
Aires ea103376a3 Enable TPM2 unlocking on Khanda 2024-06-01 11:16:19 -04:00
8 changed files with 200 additions and 207 deletions
Show stats Expand all files Collapse all files

40
hosts/Haven/hardware-configuration.nix
View file

@ -9,6 +9,17 @@
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
# Format and configure the disk using Disko
host.base.disko = {
enable = false;
primaryDisk = "nvme0n1";
enableTPM = true;
swapFile = {
enable = true;
size = "16G";
};
};
boot = { boot = {
supportedFilesystems = [ "btrfs" ]; supportedFilesystems = [ "btrfs" ];
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
@ -38,35 +49,6 @@
}; };
}; };
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ];
};
"/home" = {
device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a";
fsType = "btrfs";
options = [ "subvol=@home,compress=zstd" ];
};
"/swap" = {
device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/0120-A755";
fsType = "vfat";
};
};
swapDevices = [
{
device = "/swap/swapfile";
size = 16384;
}
];
networking = { networking = {
useDHCP = lib.mkDefault true; useDHCP = lib.mkDefault true;
hostName = "Haven"; hostName = "Haven";

1
hosts/Khanda/default.nix
View file

@ -21,7 +21,6 @@
}; };
users.aires = { users.aires = {
enable = true; enable = true;
autologin = true;
services = { services = {
syncthing = { syncthing = {
enable = true; enable = true;

85
hosts/Khanda/hardware-configuration.nix
View file

@ -9,8 +9,22 @@
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
# Format and configure the disk using Disko
host.base.disko = {
enable = false;
primaryDisk = "nvme0n1";
enableTPM = true;
swapFile = {
enable = true;
size = "16G";
};
};
boot = { boot = {
initrd = { initrd = {
# Enable systemd for TPM auto-unlocking
systemd.enable = true;
availableKernelModules = [ availableKernelModules = [
"surface_aggregator" "surface_aggregator"
"surface_aggregator_registry" "surface_aggregator_registry"
@ -78,75 +92,6 @@
surface-control.enable = true; surface-control.enable = true;
}; };
# NOTE: Use a default kernel to skip full kernel rebuilds # Uncomment this to use the default kernel and skip rebuilding the kernel
# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
# Disk management
disko.enableConfig = true; # Disable while testing
disko.devices = {
disk = {
nvme0n1 = {
type = "disk";
device = "/dev/disk/by-id/nvme-MZ9L4256HCJQ-00BMV-SAMSUNG_S69VNE0X195093";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
label = "boot";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
luks = {
size = "100%";
label = "nixos";
content = {
type = "luks";
name = "cryptroot";
settings = {
allowDiscards = true;
crypttabExtraOpts = ["tpm2-device=auto"];
};
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
# Subvolume name is different from mountpoint
"/root" = {
mountOptions = [ "compress=zstd" "noatime" ];
mountpoint = "/";
};
"/home" = {
mountOptions = [ "compress=zstd" "noatime" ];
mountpoint = "/home";
};
"/nix" = {
mountOptions = [ "compress=zstd" "noatime" ];
mountpoint = "/nix";
};
"/swap" = {
mountpoint = "/.swap";
swap.swapfile.size = "8G";
};
"/log" = {
mountpoint = "/var/log";
mountOptions = ["compress=zstd" "noatime"];
};
};
};
};
};
};
};
};
};
};
} }

102
hosts/Shura/hardware-configuration.nix
View file

@ -9,6 +9,17 @@
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
# Format and configure the disk using Disko
host.base.disko = {
enable = false;
primaryDisk = "nvme0n1";
enableTPM = true;
swapFile = {
enable = true;
size = "16G";
};
};
# Configure the kernel. # Configure the kernel.
boot = { boot = {
# First, install the latest Zen kernel # First, install the latest Zen kernel
@ -44,28 +55,6 @@
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
}; };
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ];
};
"/home" = {
device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@home,compress=zstd" ];
};
"/swap" = {
device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/AFCB-D880";
fsType = "vfat";
};
};
networking = { networking = {
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
@ -79,73 +68,4 @@
}; };
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
# Disk management
disko.enableConfig = false; # Disable while testing
disko.devices = {
disk = {
nvme0n1 = {
type = "disk";
device = "";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
label = "boot";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
luks = {
size = "100%";
label = "nixos";
content = {
type = "luks";
name = "cryptroot";
settings = {
allowDiscards = true;
crypttabExtraOpts = ["tpm2-device=auto"];
};
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
# Subvolume name is different from mountpoint
"/root" = {
mountOptions = [ "compress=zstd" "noatime" ];
mountpoint = "/";
};
"/home" = {
mountOptions = [ "compress=zstd" "noatime" ];
mountpoint = "/home";
};
"/nix" = {
mountOptions = [ "compress=zstd" "noatime" ];
mountpoint = "/nix";
};
"/swap" = {
mountpoint = "/.swap";
swap.swapfile.size = "16G";
};
"/log" = {
mountpoint = "/var/log";
mountOptions = ["compress=zstd" "noatime"];
};
};
};
};
};
};
};
};
};
};
} }

112
modules/base/disko.nix Normal file
View file

@ -0,0 +1,112 @@
{ lib, config, ... }:
let
cfg = config.host.base.disko;
in
{
options = {
host.base.disko = {
enable = lib.mkEnableOption (lib.mdDoc "Enables Disko for disk & partition management.");
primaryDisk = lib.mkOption {
type = lib.types.attrs;
description = "The disk to format using Disko.";
default = {
name = "nvme0n1";
id = "";
};
};
enableTPM = lib.mkOption {
type = lib.types.bool;
description = "Enables TPM2 support.";
default = true;
};
swapFile = lib.mkOption {
type = lib.types.attrs;
description = "Swap file enabling and configuration.";
default = {
enable = true;
size = "8G";
};
};
};
};
config = lib.mkIf cfg.enable {
# Disk management
disko.enableConfig = true;
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/${cfg.primaryDisk.id}";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
label = "boot";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
luks = {
size = "100%";
label = "nixos";
content = {
type = "luks";
name = "cryptroot";
settings = {
allowDiscards = true;
crypttabExtraOpts = lib.mkIf cfg.enableTPM [ "tpm2-device=auto" ];
};
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/";
};
"/home" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/home";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"/swap" = lib.mkIf cfg.swapFile.enable {
mountpoint = "/.swap";
swap.swapfile.size = cfg.swapFile.size;
};
"/log" = {
mountpoint = "/var/log";
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
};
};
};
};
};
};
};
};
}

10
modules/base/system.nix
View file

@ -26,12 +26,20 @@
}; };
}; };
# Configure automatic updates for all hosts
host.services.autoUpgrade = {
enable = true;
configDir = config.secrets.nixConfigFolder;
onCalendar = "daily";
user = config.users.users.aires.name;
};
services = { services = {
# Enable fwupd (firmware updater) # Enable fwupd (firmware updater)
fwupd.enable = true; fwupd.enable = true;
# Autoscrub BTRFS partitions # Autoscrub BTRFS partitions
btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") { btrfs.autoScrub = {
enable = true; enable = true;
interval = "weekly"; interval = "weekly";
fileSystems = [ "/" ]; fileSystems = [ "/" ];

55
modules/services/autoupgrade.nix
View file

@ -31,9 +31,36 @@ in
type = lib.types.bool; type = lib.types.bool;
description = "Enables automatic system updates."; description = "Enables automatic system updates.";
}; };
branches = lib.mkOption {
type = lib.types.attrs;
description = "Which local and remote branches to compare.";
default = {
local = "main";
remote = "main";
remoteName = "origin";
};
};
configDir = lib.mkOption {
type = lib.types.str;
description = "Path where your NixOS configuration files are stored.";
};
onCalendar = lib.mkOption {
default = "daily";
type = lib.types.str;
description = "How frequently to run updates. See systemd.timer(5) and systemd.time(7) for configuration details.";
};
persistent = lib.mkOption {
default = true;
type = lib.types.bool;
description = "If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. This is useful to catch up on missed runs of the service when the system was powered down.";
};
pushUpdates = lib.mkEnableOption ( pushUpdates = lib.mkEnableOption (
lib.mdDoc "Updates the flake.lock file and pushes it back to the repo." lib.mdDoc "Updates the flake.lock file and pushes it back to the repo."
); );
user = lib.mkOption {
type = lib.types.str;
description = "The user who owns the configDir.";
};
}; };
}; };
@ -46,29 +73,30 @@ in
User = "root"; User = "root";
}; };
path = pathPkgs; path = pathPkgs;
# Git diffing strategy courtesy of https://stackoverflow.com/a/40255467
script = '' script = ''
cd ${config.secrets.nixConfigFolder} cd ${cfg.configDir}
# Check if there are changes from Git. # Check if there are changes from Git.
echo "Pulling latest version..." echo "Pulling latest version..."
sudo -u aires git fetch sudo -u ${cfg.user} git fetch
sudo -u aires git diff --quiet --exit-code main origin/main || true sudo -u ${cfg.user} git diff --quiet --exit-code ${cfg.branches.local} ${cfg.branches.remoteName}/${cfg.branches.remote} || true
# If we have changes (git diff returns 1), pull changes and run the update # If we have changes (git diff returns 1), pull changes and run the update
if [ $? -eq 1 ]; then if [ $? -eq 1 ]; then
echo "Updates found, running nixos-rebuild..." echo "Updates found, running nixos-rebuild..."
sudo -u aires git pull --recurse-submodules sudo -u ${cfg.user} git pull --recurse-submodules
nh os switch nixos-rebuild switch --flake .
else else
echo "No updates found. Exiting." echo "No updates found. Exiting."
fi fi
''; '';
}; };
systemd.timers."nixos-upgrade-timer" = { systemd.timers."nixos-upgrade" = {
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
OnCalendar = "daily"; OnCalendar = cfg.onCalendar;
Persistent = "true"; Persistent = cfg.persistent;
Unit = "nixos-upgrade.service"; Unit = "nixos-upgrade.service";
}; };
}; };
@ -78,13 +106,12 @@ in
systemd.services."nixos-upgrade-flake" = { systemd.services."nixos-upgrade-flake" = {
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = config.users.users.aires.name; User = cfg.user;
}; };
path = pathPkgs; path = pathPkgs;
# Git diffing strategy courtesy of https://stackoverflow.com/a/40255467
script = '' script = ''
set -eu set -eu
cd ${config.secrets.nixConfigFolder} cd ${cfg.configDir}
# Make sure we're up-to-date # Make sure we're up-to-date
echo "Pulling the latest version..." echo "Pulling the latest version..."
git pull --recurse-submodules git pull --recurse-submodules
@ -93,13 +120,13 @@ in
''; '';
}; };
systemd.timers."nixos-upgrade-flake-timer" = { systemd.timers."nixos-upgrade-flake" = {
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
OnCalendar = "daily"; OnCalendar = cfg.onCalendar;
Persistent = "true"; Persistent = cfg.persistent;
Unit = "nixos-upgrade-flake.service"; Unit = "nixos-upgrade-flake.service";
}; };
}; };

2
modules/services/ssh.nix
View file

@ -8,7 +8,7 @@ in
host.services.ssh = { host.services.ssh = {
enable = lib.mkEnableOption (lib.mdDoc "Enables SSH server."); enable = lib.mkEnableOption (lib.mdDoc "Enables SSH server.");
ports = lib.mkOption { ports = lib.mkOption {
default = [ ]; default = [ 22 ];
type = lib.types.listOf lib.types.int; type = lib.types.listOf lib.types.int;
description = "Ports for SSH to listen on."; description = "Ports for SSH to listen on.";
}; };