aires/nix-configuration
aires/nix-configuration
1
0
Fork 0
Code Actions Activity

Compare commits

base: aires:73c60fcfabd9028d0faa3507ea615d5e39493704
Branches Tags
aires:main
aires:aux-template
...
compare: aires:e16ae12c16a91a0ef7a84d7e0d1c45917b17f7dd
Branches Tags
aires:main
aires:aux-template

7 commits
73c60fcfab ... e16ae12c16

Author SHA1 Message Date
Aires e16ae12c16 More attempts to get Disko working 2024-06-02 14:16:44 -04:00
Aires beac5982e9 Merge branch 'main' into disko 2024-06-02 13:41:35 -04:00
Aires ca40bc1151 Add branch name option to nixos-upgrade with defaults to main 2024-06-02 13:41:18 -04:00
Aires cc4ae56ea3 Fix auto-update on Haven 2024-06-02 12:37:48 -04:00
Aires d959c546b0 Disable automatic login on Khanda 2024-06-02 11:33:05 -04:00
Aires 4d1539884b Messing around with nixos-upgrade 2024-06-01 12:56:37 -04:00
Aires ea103376a3 Enable TPM2 unlocking on Khanda 2024-06-01 11:16:19 -04:00
8 changed files with 200 additions and 207 deletions
Show stats Expand all files Collapse all files

40
hosts/Haven/hardware-configuration.nix
View file

@ -9,6 +9,17 @@
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
# Format and configure the disk using Disko
host.base.disko = {
enable = false;
primaryDisk = "nvme0n1";
enableTPM = true;
swapFile = {
enable = true;
size = "16G";
};
};
boot = {
supportedFilesystems = [ "btrfs" ];
kernelModules = [ "kvm-amd" ];
@ -38,35 +49,6 @@
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ];
};
"/home" = {
device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a";
fsType = "btrfs";
options = [ "subvol=@home,compress=zstd" ];
};
"/swap" = {
device = "/dev/disk/by-uuid/2c76c660-3573-4622-8771-f23fa7ee302a";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/0120-A755";
fsType = "vfat";
};
};
swapDevices = [
{
device = "/swap/swapfile";
size = 16384;
}
];
networking = {
useDHCP = lib.mkDefault true;
hostName = "Haven";

1
hosts/Khanda/default.nix
View file

@ -21,7 +21,6 @@
};
users.aires = {
enable = true;
autologin = true;
services = {
syncthing = {
enable = true;

85
hosts/Khanda/hardware-configuration.nix
View file

@ -9,8 +9,22 @@
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
# Format and configure the disk using Disko
host.base.disko = {
enable = false;
primaryDisk = "nvme0n1";
enableTPM = true;
swapFile = {
enable = true;
size = "16G";
};
};
boot = {
initrd = {
# Enable systemd for TPM auto-unlocking
systemd.enable = true;
availableKernelModules = [
"surface_aggregator"
"surface_aggregator_registry"
@ -78,75 +92,6 @@
surface-control.enable = true;
};
# NOTE: Use a default kernel to skip full kernel rebuilds
# Uncomment this to use the default kernel and skip rebuilding the kernel
# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
# Disk management
disko.enableConfig = true; # Disable while testing
disko.devices = {
disk = {
nvme0n1 = {
type = "disk";
device = "/dev/disk/by-id/nvme-MZ9L4256HCJQ-00BMV-SAMSUNG_S69VNE0X195093";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
label = "boot";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
luks = {
size = "100%";
label = "nixos";
content = {
type = "luks";
name = "cryptroot";
settings = {
allowDiscards = true;
crypttabExtraOpts = ["tpm2-device=auto"];
};
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
# Subvolume name is different from mountpoint
"/root" = {
mountOptions = [ "compress=zstd" "noatime" ];
mountpoint = "/";
};
"/home" = {
mountOptions = [ "compress=zstd" "noatime" ];
mountpoint = "/home";
};
"/nix" = {
mountOptions = [ "compress=zstd" "noatime" ];
mountpoint = "/nix";
};
"/swap" = {
mountpoint = "/.swap";
swap.swapfile.size = "8G";
};
"/log" = {
mountpoint = "/var/log";
mountOptions = ["compress=zstd" "noatime"];
};
};
};
};
};
};
};
};
};
};
}

102
hosts/Shura/hardware-configuration.nix
View file

@ -9,6 +9,17 @@
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
# Format and configure the disk using Disko
host.base.disko = {
enable = false;
primaryDisk = "nvme0n1";
enableTPM = true;
swapFile = {
enable = true;
size = "16G";
};
};
# Configure the kernel.
boot = {
# First, install the latest Zen kernel
@ -44,28 +55,6 @@
kernelModules = [ "kvm-amd" ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@,compress=zstd" ];
};
"/home" = {
device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@home,compress=zstd" ];
};
"/swap" = {
device = "/dev/disk/by-uuid/b801fbea-4cb5-4255-bea9-a2ce77d1a1b7";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/AFCB-D880";
fsType = "vfat";
};
};
networking = {
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -79,73 +68,4 @@
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
# Disk management
disko.enableConfig = false; # Disable while testing
disko.devices = {
disk = {
nvme0n1 = {
type = "disk";
device = "";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
label = "boot";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
luks = {
size = "100%";
label = "nixos";
content = {
type = "luks";
name = "cryptroot";
settings = {
allowDiscards = true;
crypttabExtraOpts = ["tpm2-device=auto"];
};
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
# Subvolume name is different from mountpoint
"/root" = {
mountOptions = [ "compress=zstd" "noatime" ];
mountpoint = "/";
};
"/home" = {
mountOptions = [ "compress=zstd" "noatime" ];
mountpoint = "/home";
};
"/nix" = {
mountOptions = [ "compress=zstd" "noatime" ];
mountpoint = "/nix";
};
"/swap" = {
mountpoint = "/.swap";
swap.swapfile.size = "16G";
};
"/log" = {
mountpoint = "/var/log";
mountOptions = ["compress=zstd" "noatime"];
};
};
};
};
};
};
};
};
};
};
}

112
modules/base/disko.nix Normal file
View file

@ -0,0 +1,112 @@
{ lib, config, ... }:
let
cfg = config.host.base.disko;
in
{
options = {
host.base.disko = {
enable = lib.mkEnableOption (lib.mdDoc "Enables Disko for disk & partition management.");
primaryDisk = lib.mkOption {
type = lib.types.attrs;
description = "The disk to format using Disko.";
default = {
name = "nvme0n1";
id = "";
};
};
enableTPM = lib.mkOption {
type = lib.types.bool;
description = "Enables TPM2 support.";
default = true;
};
swapFile = lib.mkOption {
type = lib.types.attrs;
description = "Swap file enabling and configuration.";
default = {
enable = true;
size = "8G";
};
};
};
};
config = lib.mkIf cfg.enable {
# Disk management
disko.enableConfig = true;
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/${cfg.primaryDisk.id}";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
label = "boot";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
luks = {
size = "100%";
label = "nixos";
content = {
type = "luks";
name = "cryptroot";
settings = {
allowDiscards = true;
crypttabExtraOpts = lib.mkIf cfg.enableTPM [ "tpm2-device=auto" ];
};
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
subvolumes = {
"/root" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/";
};
"/home" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/home";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"/swap" = lib.mkIf cfg.swapFile.enable {
mountpoint = "/.swap";
swap.swapfile.size = cfg.swapFile.size;
};
"/log" = {
mountpoint = "/var/log";
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
};
};
};
};
};
};
};
};
}

10
modules/base/system.nix
View file

@ -26,12 +26,20 @@
};
};
# Configure automatic updates for all hosts
host.services.autoUpgrade = {
enable = true;
configDir = config.secrets.nixConfigFolder;
onCalendar = "daily";
user = config.users.users.aires.name;
};
services = {
# Enable fwupd (firmware updater)
fwupd.enable = true;
# Autoscrub BTRFS partitions
btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") {
btrfs.autoScrub = {
enable = true;
interval = "weekly";
fileSystems = [ "/" ];

55
modules/services/autoupgrade.nix
View file

@ -31,9 +31,36 @@ in
type = lib.types.bool;
description = "Enables automatic system updates.";
};
branches = lib.mkOption {
type = lib.types.attrs;
description = "Which local and remote branches to compare.";
default = {
local = "main";
remote = "main";
remoteName = "origin";
};
};
configDir = lib.mkOption {
type = lib.types.str;
description = "Path where your NixOS configuration files are stored.";
};
onCalendar = lib.mkOption {
default = "daily";
type = lib.types.str;
description = "How frequently to run updates. See systemd.timer(5) and systemd.time(7) for configuration details.";
};
persistent = lib.mkOption {
default = true;
type = lib.types.bool;
description = "If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. This is useful to catch up on missed runs of the service when the system was powered down.";
};
pushUpdates = lib.mkEnableOption (
lib.mdDoc "Updates the flake.lock file and pushes it back to the repo."
);
user = lib.mkOption {
type = lib.types.str;
description = "The user who owns the configDir.";
};
};
};
@ -46,29 +73,30 @@ in
User = "root";
};
path = pathPkgs;
# Git diffing strategy courtesy of https://stackoverflow.com/a/40255467
script = ''
cd ${config.secrets.nixConfigFolder}
cd ${cfg.configDir}
# Check if there are changes from Git.
echo "Pulling latest version..."
sudo -u aires git fetch
sudo -u aires git diff --quiet --exit-code main origin/main || true
sudo -u ${cfg.user} git fetch
sudo -u ${cfg.user} git diff --quiet --exit-code ${cfg.branches.local} ${cfg.branches.remoteName}/${cfg.branches.remote} || true
# If we have changes (git diff returns 1), pull changes and run the update
if [ $? -eq 1 ]; then
echo "Updates found, running nixos-rebuild..."
sudo -u aires git pull --recurse-submodules
nh os switch
sudo -u ${cfg.user} git pull --recurse-submodules
nixos-rebuild switch --flake .
else
echo "No updates found. Exiting."
fi
'';
};
systemd.timers."nixos-upgrade-timer" = {
systemd.timers."nixos-upgrade" = {
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persistent = "true";
OnCalendar = cfg.onCalendar;
Persistent = cfg.persistent;
Unit = "nixos-upgrade.service";
};
};
@ -78,13 +106,12 @@ in
systemd.services."nixos-upgrade-flake" = {
serviceConfig = {
Type = "oneshot";
User = config.users.users.aires.name;
User = cfg.user;
};
path = pathPkgs;
# Git diffing strategy courtesy of https://stackoverflow.com/a/40255467
script = ''
set -eu
cd ${config.secrets.nixConfigFolder}
cd ${cfg.configDir}
# Make sure we're up-to-date
echo "Pulling the latest version..."
git pull --recurse-submodules
@ -93,13 +120,13 @@ in
'';
};
systemd.timers."nixos-upgrade-flake-timer" = {
systemd.timers."nixos-upgrade-flake" = {
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persistent = "true";
OnCalendar = cfg.onCalendar;
Persistent = cfg.persistent;
Unit = "nixos-upgrade-flake.service";
};
};

2
modules/services/ssh.nix
View file

@ -8,7 +8,7 @@ in
host.services.ssh = {
enable = lib.mkEnableOption (lib.mdDoc "Enables SSH server.");
ports = lib.mkOption {
default = [ ];
default = [ 22 ];
type = lib.types.listOf lib.types.int;
description = "Ports for SSH to listen on.";
};