Simon Bruder
10b8d432d5
This applies the REUSE specification to the repository, so the licensing information can be tracked for every file individually.
107 lines
2.7 KiB
Nix
107 lines
2.7 KiB
Nix
# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
{ config, lib, modulesPath, pkgs, ... }:
|
|
|
|
{
|
|
imports =
|
|
[
|
|
(modulesPath + "/installer/scan/not-detected.nix")
|
|
];
|
|
|
|
boot = {
|
|
kernelModules = [ "kvm-amd" "sg" ];
|
|
extraModulePackages = [ ];
|
|
extraModprobeConfig = ''
|
|
options gigabyte_wmi force_load=1
|
|
'';
|
|
supportedFilesystems = [ "btrfs" ];
|
|
kernelParams = [ "ip=dhcp" ];
|
|
initrd = {
|
|
availableKernelModules = [
|
|
"aesni_intel" # hardware crypto for luks
|
|
"ahci"
|
|
"cryptd"
|
|
"igc" # network interface for remote unlocking
|
|
"r8169" # "
|
|
"sd_mod"
|
|
"usb_storage"
|
|
"usbhid"
|
|
"xhci_pci"
|
|
];
|
|
kernelModules = [ ];
|
|
network.enable = true; # remote unlocking
|
|
luks.devices = {
|
|
root = {
|
|
name = "root";
|
|
device = "/dev/disk/by-uuid/c5cf6858-cca0-40dc-a3b5-ab47a3f9d49c";
|
|
preLVM = true;
|
|
allowDiscards = true;
|
|
};
|
|
};
|
|
};
|
|
loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2KB480G7_PHYS749202D6480BGN";
|
|
};
|
|
|
|
# Getting this to work with NixOS is a headache,
|
|
# so trusty old crypttab comes to help.
|
|
environment.etc.crypttab.text = ''
|
|
data0 UUID=aa692e73-2b75-4239-8a87-5f5b69ea56c5 /root/luks-data luks
|
|
data1 UUID=1f4120b6-a3a0-4973-8c4c-a4d6703eea2a /root/luks-data luks
|
|
data-hot UUID=c9aeade0-4c96-4786-9b22-3161d935d644 /root/luks-data-hot luks,discard
|
|
'';
|
|
|
|
fileSystems = {
|
|
"/" = {
|
|
device = "/dev/disk/by-uuid/92a1f733-8a23-42ea-958b-0d01a5de7776";
|
|
fsType = "btrfs";
|
|
options = [ "compress=zstd" "discard" "noatime" ];
|
|
};
|
|
"/boot" = {
|
|
device = "/dev/disk/by-uuid/0f1822e1-643b-49e0-b279-5e3373c6a26c";
|
|
fsType = "ext2";
|
|
};
|
|
"/data/cold" = {
|
|
device = "/dev/mapper/data0";
|
|
fsType = "btrfs";
|
|
options = [ "compress=zstd" ];
|
|
};
|
|
"/data/hot" = {
|
|
device = "/dev/mapper/data-hot";
|
|
fsType = "btrfs";
|
|
options = [ "compress=zstd" "discard" "noatime" ];
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /data 0755 root root - -"
|
|
"d /data/hot 0755 root root - -"
|
|
"d /data/cold 0755 root root - -"
|
|
];
|
|
|
|
services.btrfs.autoScrub = {
|
|
enable = true;
|
|
fileSystems = [ "/data/cold" "/data/hot" ];
|
|
};
|
|
|
|
swapDevices = [
|
|
{
|
|
device = "/dev/disk/by-partuuid/22978e17-fbbf-4879-9385-5c9473df1706";
|
|
randomEncryption.enable = true;
|
|
}
|
|
];
|
|
|
|
powerManagement.cpuFreqGovernor = "schedutil";
|
|
|
|
networking = {
|
|
useDHCP = false;
|
|
interfaces.enp10s0.useDHCP = true;
|
|
interfaces.enp9s0.useDHCP = true;
|
|
};
|
|
|
|
services.logind.extraConfig = ''
|
|
HandlePowerKey=suspend
|
|
'';
|
|
}
|