2021-01-26 18:42:42 +01:00
|
|
|
|
{ config, lib, modulesPath, pkgs, ... }:
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
imports =
|
|
|
|
|
[
|
|
|
|
|
(modulesPath + "/installer/scan/not-detected.nix")
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
boot = {
|
2022-10-15 23:27:12 +02:00
|
|
|
|
kernelModules = [ "kvm-amd" "sg" ];
|
2021-01-26 18:42:42 +01:00
|
|
|
|
extraModulePackages = [ ];
|
2023-02-22 16:59:14 +01:00
|
|
|
|
extraModprobeConfig = ''
|
|
|
|
|
options gigabyte_wmi force_load=1
|
|
|
|
|
'';
|
2021-01-26 18:42:42 +01:00
|
|
|
|
supportedFilesystems = [ "btrfs" ];
|
2023-04-02 12:16:00 +02:00
|
|
|
|
# FIXME this doesn’t work because (AFAIK) there is no VLAN support in the ip= parameter
|
|
|
|
|
kernelParams = [
|
2023-04-15 18:08:46 +02:00
|
|
|
|
(with config.systemd.network.networks; "ip=${lib.elemAt br-lan.address 0}::::${config.networking.hostName}:${lan.name}")
|
2023-04-02 12:16:00 +02:00
|
|
|
|
];
|
2021-01-26 18:42:42 +01:00
|
|
|
|
initrd = {
|
|
|
|
|
availableKernelModules = [
|
|
|
|
|
"aesni_intel" # hardware crypto for luks
|
|
|
|
|
"ahci"
|
2022-09-17 12:02:14 +02:00
|
|
|
|
"cryptd"
|
2023-04-15 18:08:46 +02:00
|
|
|
|
"igc" # network interface for remote unlocking
|
2021-01-26 18:42:42 +01:00
|
|
|
|
"sd_mod"
|
|
|
|
|
"usb_storage"
|
|
|
|
|
"usbhid"
|
|
|
|
|
"xhci_pci"
|
|
|
|
|
];
|
|
|
|
|
kernelModules = [ ];
|
|
|
|
|
network.enable = true; # remote unlocking
|
|
|
|
|
luks.devices = {
|
|
|
|
|
root = {
|
|
|
|
|
name = "root";
|
2022-01-14 17:04:35 +01:00
|
|
|
|
device = "/dev/disk/by-uuid/c5cf6858-cca0-40dc-a3b5-ab47a3f9d49c";
|
2021-01-26 18:42:42 +01:00
|
|
|
|
preLVM = true;
|
|
|
|
|
allowDiscards = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2022-01-14 17:04:35 +01:00
|
|
|
|
loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2KB480G7_PHYS749202D6480BGN";
|
2021-01-26 18:42:42 +01:00
|
|
|
|
};
|
|
|
|
|
|
2023-06-28 23:13:57 +02:00
|
|
|
|
# Getting this to work with NixOS is a headache,
|
|
|
|
|
# so trusty old crypttab comes to help.
|
2021-03-01 15:27:18 +01:00
|
|
|
|
environment.etc.crypttab.text = ''
|
|
|
|
|
data0 UUID=aa692e73-2b75-4239-8a87-5f5b69ea56c5 /root/luks-data luks
|
|
|
|
|
data1 UUID=1f4120b6-a3a0-4973-8c4c-a4d6703eea2a /root/luks-data luks
|
2023-06-28 23:13:57 +02:00
|
|
|
|
data-hot UUID=c9aeade0-4c96-4786-9b22-3161d935d644 /root/luks-data-hot luks,discard
|
2021-03-01 15:27:18 +01:00
|
|
|
|
'';
|
2021-01-26 18:42:42 +01:00
|
|
|
|
|
|
|
|
|
fileSystems = {
|
|
|
|
|
"/" = {
|
2022-01-14 17:04:35 +01:00
|
|
|
|
device = "/dev/disk/by-uuid/92a1f733-8a23-42ea-958b-0d01a5de7776";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "compress=zstd" "discard" "noatime" ];
|
2021-01-26 18:42:42 +01:00
|
|
|
|
};
|
|
|
|
|
"/boot" = {
|
2022-01-14 17:04:35 +01:00
|
|
|
|
device = "/dev/disk/by-uuid/0f1822e1-643b-49e0-b279-5e3373c6a26c";
|
2021-01-26 18:42:42 +01:00
|
|
|
|
fsType = "ext2";
|
|
|
|
|
};
|
2023-06-28 23:13:57 +02:00
|
|
|
|
"/data/cold" = {
|
2021-01-26 18:42:42 +01:00
|
|
|
|
device = "/dev/mapper/data0";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "compress=zstd" ];
|
|
|
|
|
};
|
2023-06-28 23:13:57 +02:00
|
|
|
|
"/data/hot" = {
|
|
|
|
|
device = "/dev/mapper/data-hot";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
options = [ "compress=zstd" "discard" "noatime" ];
|
|
|
|
|
};
|
2021-01-26 18:42:42 +01:00
|
|
|
|
};
|
|
|
|
|
|
2023-06-28 23:13:57 +02:00
|
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
|
"d /data 0755 root root - -"
|
|
|
|
|
"d /data/hot 0755 root root - -"
|
|
|
|
|
"d /data/cold 0755 root root - -"
|
|
|
|
|
];
|
|
|
|
|
|
2021-01-26 18:42:42 +01:00
|
|
|
|
services.btrfs.autoScrub = {
|
|
|
|
|
enable = true;
|
2023-06-28 23:13:57 +02:00
|
|
|
|
fileSystems = [ "/data/cold" "/data/hot" ];
|
2021-01-26 18:42:42 +01:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
swapDevices = [
|
|
|
|
|
{
|
2022-01-14 17:04:35 +01:00
|
|
|
|
device = "/dev/disk/by-partuuid/22978e17-fbbf-4879-9385-5c9473df1706";
|
2021-01-26 18:42:42 +01:00
|
|
|
|
randomEncryption.enable = true;
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
|
2022-09-17 12:02:14 +02:00
|
|
|
|
powerManagement.cpuFreqGovernor = "schedutil";
|
2021-01-26 18:42:42 +01:00
|
|
|
|
|
2022-10-07 22:19:58 +02:00
|
|
|
|
services.logind.extraConfig = ''
|
|
|
|
|
HandlePowerKey=suspend
|
|
|
|
|
'';
|
2021-01-26 18:42:42 +01:00
|
|
|
|
}
|