From 5f9bc1e1a8eca330a1857e35226937d8876477e9 Mon Sep 17 00:00:00 2001 From: madmin Date: Fri, 14 Jun 2024 22:23:32 +0200 Subject: [PATCH] moving init files to structured config format --- configuration.nix | 193 ------------------------------------- disk-config.nix | 92 ------------------ hardware-configuration.nix | 25 ----- install-script.sh | 11 --- 4 files changed, 321 deletions(-) delete mode 100644 configuration.nix delete mode 100644 disk-config.nix delete mode 100644 hardware-configuration.nix delete mode 100644 install-script.sh diff --git a/configuration.nix b/configuration.nix deleted file mode 100644 index 7359ed1..0000000 --- a/configuration.nix +++ /dev/null @@ -1,193 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -{ config, lib, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ./disk-config.nix - { - _module.args = { - disk = "/dev/vda"; - withSwap = true; - swapSize = "16"; - }; - } - - ]; - - # Experimental - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - # I18n & Time - time.timeZone = "Europe/Amsterdam"; - i18n.defaultLocale = "en_US.UTF-8"; - - # Starter config - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. - }; - - # Enable the KDE Desktop Environment. - services.xserver.displayManager.sddm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - - boot = { - kernelPackages = pkgs.linuxPackages_latest; - supportedFilesystems = [ "btrfs" ]; - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - timeout = 3; - }; - initrd = { - kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"]; - # Mount USB key before trying to decrypt root filesystem - # postDeviceCommands = pkgs.lib.mkBefore '' - # mkdir -m 0755 -p /key - # sleep 2 # To make sure the usb key has been loaded - # mount -n -t vfat -o ro `findfs UUID=${PRIMARYUSBID}` /key || mount -n -t vfat -o ro `findfs UUID=${BACKUPUSBID}` /key - # ''; - ### ----> Instead use systemd mount unit - #systemd = { - # enable = true; # tpm2 unlock requires systemd initrd - # mounts = [{ - # what = "UUID=720657da-2c89-4f47-aba9-b43618778a3d"; - # where = "/key"; - # type = "btrfs"; - # }]; - #}; - luks.devices."crypted" = { - bypassWorkqueues = true; - device = lib.mkDefault "/dev/disk/by-partuuid/5e65cc4c-eb35-4d62-8fcd-387d6a87c067"; - # crypttabExtraOpts = [ "tpm2-device=auto" ]; # tpm2 unlock - preLVM = true; - - # If using a USB or SD Card for decryption include the following. - allowDiscards = true; - # keyFileSize = 4096; - # This is the disk id of your USB or SD Card. - # Get this by running `ls -l /dev/disk/by-id`, - # and copy the long string into the spot below. - # keyFile = "/key/hdd.key"; - - # Use this if you want to fallback to the encryption password when the drive can't be found. HIGHLY RECCOMENDED!!!! - #~~~~~ Actually it doesn't work as it is implied by systemd stage 1... - # fallbackToPassword = true; - - }; - }; - resumeDevice = "/dev/nvme0n1"; # should be pointing to part. where swap resides - kernelParams = [ - - # hibernation - "resume_offset=533760" - ]; - }; - swapDevices = [ { device = "/.swapvol"; size=16*1024; } ]; - - networking = { - hostName = "jeroboam"; - domain = "mattmor.in"; - # wireless.enable = true; # Enables wireless support via wpa_supplicant. - networkmanager.enable = true; # Easiest to use and most distros use this by default. - enableIPv6 = false; - }; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Configure keymap in X11 - services.xserver.xkb.layout = "us"; - services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - hardware.pulseaudio.enable = true; - # OR - # services.pipewire = { - # enable = true; - # pulse.enable = true; - # }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.laozi = { - isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘sudo’ for the user. - packages = with pkgs; [ - firefox - tree - ]; - hashedPassword = "$6$gqmjBcKTV.mEEFHT$00sEfU1PmYpteavq3ihu5GfxWjnG3wKB56TlyhC3f/XTDg2W/SGH1d78eNRdazHR0/5wiCJmHRNgRaRAP1mpP/"; - }; - users.mutableUsers = false; - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - wget - git - - ]; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "24.05"; # Did you read the comment? - -} diff --git a/disk-config.nix b/disk-config.nix deleted file mode 100644 index d476d88..0000000 --- a/disk-config.nix +++ /dev/null @@ -1,92 +0,0 @@ -# NOTE: ... is needed because dikso passes diskoFile -{ - lib, - disk ? [ "/dev/vda" ], - withSwap ? true, - swapSize ? "16", - ... -}: -{ - disko.devices = { - disk = { - main = { - type = "disk"; - device = "/dev/disk/by-id/nvme-eui.002538d211111953"; - content = { - type = "gpt"; - partitions = { - ESP = { - # name = "ESP"; - priority = 1; - start = "1M"; - end = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - luks = { - # name = "root"; - size = "100%"; - content = { - type = "luks"; - name = "crypted"; - # disable settings.keyFile if you want to use interactive password entry - # passwordFile = "/tmp/secret.key"; # Interactive - settings = { - allowDiscards = true; - # keyFile = "/tmp/secret.key"; - }; - # additionalKeyFiles = [ "/tmp/hdd.key" ]; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; # Override existing partition - # Subvolumes must set a mountpoint in order to be mounted, - # unless their parent is mounted - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "@home" = { - mountpoint = "/home"; - mountOptions = [ "compress=zstd" ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "@persist" = { - mountpoint = "/persist"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "@var-lib" = { - mountpoint = "/var/lib"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "@var-log" = { - mountpoint = "/var/log"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "@var-tmp" = { - mountpoint = "/var/tmp"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "@swap" = lib.mkIf withSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = "${swapSize}G"; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} - diff --git a/hardware-configuration.nix b/hardware-configuration.nix deleted file mode 100644 index ab9c378..0000000 --- a/hardware-configuration.nix +++ /dev/null @@ -1,25 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} \ No newline at end of file diff --git a/install-script.sh b/install-script.sh deleted file mode 100644 index d18e486..0000000 --- a/install-script.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -nix-shell shell.nix - -sudo mkdir -p /tmp/config/etc/nixos/ && cd /tmp/config/etc/nixos/ - -git clone https://git.mattmor.in/Nix/nixos-config.git - -sudo nix --experimental-features "nix-command flakes" flake lock - -sudo nix --experimental-features "nix-command flakes" run 'github:nix-community/disko#disko-install' -- --write-efi-boot-entries --flake '/tmp/config/etc/nixos#mymachine' --disk main /dev/disk/by-id/nvme-eui.002538d211111953