Compare commits
5 Commits
254e435dde
...
838eedcdd9
Author | SHA1 | Date |
---|---|---|
Simon Bruder | 838eedcdd9 | |
Simon Bruder | dc0a64a44e | |
Simon Bruder | 9724413740 | |
Simon Bruder | 764834c16f | |
Simon Bruder | bd32d54ebf |
30
README.md
30
README.md
|
@ -45,6 +45,15 @@ Set up wifi if no wired connection is available:
|
|||
|
||||
Create the partition table (enter the indented lines in the repl):
|
||||
|
||||
parted /dev/nvmeXnY
|
||||
mktable GPT
|
||||
mkpart ESP 1MiB 512MiB
|
||||
mkpart root 512MiB 100%
|
||||
set 1 esp on
|
||||
quit
|
||||
|
||||
On MBR:
|
||||
|
||||
parted /dev/sdX
|
||||
mktable GPT
|
||||
mkpart primary 1MiB 2MiB
|
||||
|
@ -54,19 +63,10 @@ Create the partition table (enter the indented lines in the repl):
|
|||
disk_toggle pmbr_boot
|
||||
quit
|
||||
|
||||
On UEFI:
|
||||
|
||||
parted /dev/nvmeXnY
|
||||
mktable GPT
|
||||
mkpart ESP 1MiB 512MiB
|
||||
mkpart root 512MiB 100%
|
||||
set 1 esp on
|
||||
quit
|
||||
|
||||
Format encrypted partition and open it:
|
||||
|
||||
cryptsetup luksFormat --type luks2 /dev/sdX3
|
||||
cryptsetup open --type luks2 /dev/sdX3 HOSTNAME-pv
|
||||
cryptsetup luksFormat --type luks2 /dev/nvmeXnYp2
|
||||
cryptsetup open --type luks2 /dev/nvmeXnYp2 HOSTNAME-pv
|
||||
|
||||
Create LVM (replace `8G` with desired swap size):
|
||||
|
||||
|
@ -81,13 +81,13 @@ the following after opening the luks partition: `vgchange -ay`.
|
|||
|
||||
Create filesystems:
|
||||
|
||||
mkfs.ext2 /dev/sdX2
|
||||
mkfs.fat -F 32 -n boot /dev/nvmeXnYpZ
|
||||
mkfs.btrfs -L root /dev/HOSTNAME-vg/root
|
||||
mkswap -L swap /dev/HOSTNAME-vg/swap
|
||||
|
||||
On UEFI:
|
||||
On MBR:
|
||||
|
||||
mkfs.fat -F 32 -n boot /dev/nvmeXnYpZ
|
||||
mkfs.ext2 /dev/sdX2
|
||||
mkfs.btrfs -L root /dev/HOSTNAME-vg/root
|
||||
mkswap -L swap /dev/HOSTNAME-vg/swap
|
||||
|
||||
|
@ -95,7 +95,7 @@ Mount the file systems and activate swap:
|
|||
|
||||
mount /dev/HOSTNAME-vg/root /mnt
|
||||
mkdir /mnt/boot
|
||||
mount /dev/sdX2 /mnt/boot
|
||||
mount /dev/nvmeXnYp1 /mnt/boot
|
||||
swapon /dev/HOSTNAME-vg/swap
|
||||
|
||||
Generate hardware configuration and copy hardware configuration to machine
|
||||
|
|
|
@ -67,8 +67,8 @@ in
|
|||
};
|
||||
wireguardPeers = lib.singleton {
|
||||
wireguardPeerConfig = {
|
||||
Endpoint = "146.70.117.194:51820";
|
||||
PublicKey = "ydXFN45/kROELJrF6id+uIrnS5DvTKSCkZDjfL9De2Q=";
|
||||
Endpoint = "193.32.127.70:51820";
|
||||
PublicKey = "dV/aHhwG0fmp0XuvSvrdWjCtdyhPDDFiE/nuv/1xnRM=";
|
||||
AllowedIPs = [ "0.0.0.0/0" "::0/0" ];
|
||||
PersistentKeepalive = 25;
|
||||
};
|
||||
|
|
|
@ -8,9 +8,7 @@ Custom build in a be quiet! Pure Base 500.
|
|||
* CPU: AMD Ryzen 7 5800X
|
||||
* RAM: 2×16GB G.Skill Aegis DDR4-3200 CL16 (not because it is anything special)
|
||||
* PSU: be quiet! System Power 10 750W
|
||||
* Main SSD: 250GB Samsung 970 Evo Pro NVMe
|
||||
* Secondary SSD: 256GB micron MTFDDAK256TBN-1AR15ABHA SATA
|
||||
* HDD: 2TB Toshiba HDWA120
|
||||
* SSD: 1TB Samsung 980 Pro NVMe
|
||||
* GPU: Intel Arc A770 Limited Edition (16GB VRAM)
|
||||
* Case fans: 2 be quiet! Pure Wings 2 140 mm (included in case), 3 more with PWM
|
||||
* CPU Cooler: Noctua NH-U12S with an additional NF-F12 PWM
|
||||
|
|
|
@ -26,11 +26,6 @@
|
|||
wireguard.home.enable = true;
|
||||
};
|
||||
|
||||
virtualisation.libvirtd = {
|
||||
enable = true;
|
||||
qemu.package = pkgs.qemu_kvm;
|
||||
};
|
||||
|
||||
services.tor = {
|
||||
enable = true;
|
||||
client.enable = true;
|
||||
|
@ -40,35 +35,6 @@
|
|||
enableTor = true;
|
||||
};
|
||||
|
||||
services.samba = {
|
||||
enable = true;
|
||||
securityType = "user";
|
||||
extraConfig = ''
|
||||
interfaces = 192.168.122.1
|
||||
bind interfaces only = yes
|
||||
map to guest = bad user
|
||||
load printers = no
|
||||
printing = bsd
|
||||
disable spoolss = yes
|
||||
usershare max shares = 0
|
||||
acl allow execute always = True
|
||||
'';
|
||||
shares = {
|
||||
qemu = {
|
||||
path = "/data/cache/win10/shared";
|
||||
browseable = "yes";
|
||||
"read only" = "no";
|
||||
"guest ok" = "yes";
|
||||
"force user" = "simon";
|
||||
};
|
||||
};
|
||||
};
|
||||
networking.firewall.trustedInterfaces = [ "virbr0" ];
|
||||
systemd.services.samba-nmbd = {
|
||||
wants = [ "libvirtd.service" ];
|
||||
after = [ "libvirtd.service" ];
|
||||
};
|
||||
|
||||
networking.hostName = "hitagi";
|
||||
|
||||
system.stateVersion = "20.03";
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
luks.devices = {
|
||||
root = {
|
||||
name = "root";
|
||||
device = "/dev/disk/by-uuid/1607bb2a-329b-4252-b11a-b43eb6b7bf0c";
|
||||
device = "/dev/disk/by-uuid/63c6aa7c-47c5-43f5-b0eb-c32b0768327b";
|
||||
preLVM = true;
|
||||
allowDiscards = true;
|
||||
};
|
||||
|
@ -36,44 +36,19 @@
|
|||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-uuid/9e6b279e-6995-44da-b673-21b9e23a5278";
|
||||
device = "/dev/disk/by-uuid/3994f497-9848-459e-9642-cbc14a7d3c97";
|
||||
fsType = "btrfs";
|
||||
options = [ "discard=async" "noatime" "compress=zstd" ];
|
||||
};
|
||||
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-uuid/75DA-DFE2";
|
||||
device = "/dev/disk/by-uuid/96B6-34BD";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
"/data" = {
|
||||
device = "/dev/mapper/data";
|
||||
fsType = "btrfs";
|
||||
options = [ "compress=zstd" ];
|
||||
encrypted = {
|
||||
label = "data";
|
||||
enable = true;
|
||||
blkDev = "/dev/disk/by-uuid/7f4ba71e-3aca-4294-b37f-49f37b584dbd";
|
||||
keyFile = "/mnt-root/root/luks-data";
|
||||
};
|
||||
};
|
||||
|
||||
"/data/ssd" = {
|
||||
device = "/dev/mapper/data-ssd";
|
||||
fsType = "btrfs";
|
||||
options = [ "discard=async" "noatime" "compress=zstd" ];
|
||||
encrypted = {
|
||||
# !!! HACK
|
||||
label = "data-ssd --allow-discards";
|
||||
enable = true;
|
||||
blkDev = "/dev/disk/by-uuid/41baa168-7fa0-4eb3-b314-50766ddf126d";
|
||||
keyFile = "/mnt-root/root/luks-data";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{ device = "/dev/disk/by-uuid/2774d182-ddc9-4d79-886e-995fcd60a88a"; }
|
||||
{ device = "/dev/disk/by-uuid/98de7ced-4d7c-4915-bf5b-1a0300458ea6"; }
|
||||
];
|
||||
|
||||
# GPU
|
||||
|
|
Binary file not shown.
Loading…
Reference in New Issue