Simon Bruder
4a8a7e0a4f
Since I currently do not have access to sayuri, sayuri’s migration is not done yet. The host keys and wg-home-private-key secret still have to be added.
101 lines
2.5 KiB
Nix
101 lines
2.5 KiB
Nix
{ config, lib, modulesPath, pkgs, ... }:
|
|
|
|
{
|
|
imports =
|
|
[
|
|
(modulesPath + "/installer/scan/not-detected.nix")
|
|
<nixos-hardware/common/cpu/intel>
|
|
<nixos-hardware/common/pc/ssd>
|
|
];
|
|
|
|
boot = {
|
|
kernelModules = [ "kvm-intel" ];
|
|
blacklistedKernelModules = [ "acpi_power_meter" ]; # constantly pollutes kernel log
|
|
extraModulePackages = [ ];
|
|
supportedFilesystems = [ "btrfs" ];
|
|
kernelParams =
|
|
let
|
|
mainInterface = config.systemd.network.networks.eno1;
|
|
first = lib.flip lib.elemAt 0;
|
|
in
|
|
[
|
|
"ip=${first mainInterface.address}::${first mainInterface.gateway}::${config.networking.hostName}:${mainInterface.name}"
|
|
];
|
|
initrd = {
|
|
availableKernelModules = [
|
|
"aesni_intel" # hardware crypto for luks
|
|
"ahci"
|
|
"ehci_pci"
|
|
"sd_mod"
|
|
"tg3" # network interface
|
|
"uhci_hcd"
|
|
"usb_storage"
|
|
"usbhid"
|
|
"xhci_pci"
|
|
];
|
|
kernelModules = [ ];
|
|
network.enable = true; # remote unlocking
|
|
luks.devices = {
|
|
root = {
|
|
name = "root";
|
|
device = "/dev/disk/by-uuid/72b59109-8df1-4fca-9b2e-d9dc973fce75";
|
|
preLVM = true;
|
|
allowDiscards = true;
|
|
};
|
|
};
|
|
};
|
|
loader.grub.device = "/dev/disk/by-id/ata-CT240BX500SSD1_2045E4C67C52";
|
|
};
|
|
|
|
environment.etc.crypttab.text = ''
|
|
data0 UUID=aa692e73-2b75-4239-8a87-5f5b69ea56c5 /root/luks-data luks
|
|
data1 UUID=1f4120b6-a3a0-4973-8c4c-a4d6703eea2a /root/luks-data luks
|
|
'';
|
|
|
|
fileSystems = {
|
|
"/" = {
|
|
device = "/dev/disk/by-uuid/c45b49b9-bc3c-4e53-85ae-0d430ba1cafb";
|
|
fsType = "ext4";
|
|
options = [ "discard" "noatime" ];
|
|
};
|
|
"/boot" = {
|
|
device = "/dev/disk/by-uuid/a1ceeabf-fe24-42ce-9ffc-99ebe7b97d5c";
|
|
fsType = "ext2";
|
|
};
|
|
"/data" = {
|
|
device = "/dev/mapper/data0";
|
|
fsType = "btrfs";
|
|
options = [ "compress=zstd" ];
|
|
};
|
|
};
|
|
|
|
services.btrfs.autoScrub = {
|
|
enable = true;
|
|
fileSystems = [ "/data" ];
|
|
};
|
|
|
|
swapDevices = [
|
|
{
|
|
device = "/dev/disk/by-partuuid/e62d8794-aff9-44d0-8080-06cf4c128306";
|
|
randomEncryption.enable = true;
|
|
}
|
|
];
|
|
|
|
powerManagement.cpuFreqGovernor = "performance";
|
|
|
|
networking.useDHCP = false;
|
|
systemd.network = {
|
|
enable = true;
|
|
networks = {
|
|
eno1 = {
|
|
name = "eno1";
|
|
dns = [ "192.168.100.1" ];
|
|
domains = [ "home.sbruder.de" ];
|
|
address = [ "192.168.100.61/24" ];
|
|
gateway = [ "192.168.100.1" ];
|
|
};
|
|
};
|
|
};
|
|
services.resolved.enable = false;
|
|
}
|