add ssd
This commit is contained in:
parent
2bff480d76
commit
294b33e5ae
4 changed files with 198 additions and 1 deletions
|
@ -68,7 +68,7 @@ in
|
|||
"usb_storage"
|
||||
"sd_mod"
|
||||
];
|
||||
initrd.systemd.enable = true;
|
||||
# initrd.systemd.enable = true;
|
||||
loader.systemd-boot.enable = true;
|
||||
# extraModulePackages = [ config.boot.kernelPackages.ddcci-driver ];
|
||||
kernelModules = [
|
||||
|
|
|
@ -20,6 +20,7 @@ let
|
|||
|
||||
host_modules = {
|
||||
grimmauld-nixos = [ ./specific/grimm-nixos-laptop/configuration.nix ];
|
||||
grimm-nixos-ssd = [ ./specific/grimm-nixos-ssd/configuration.nix ];
|
||||
|
||||
grimmauld-nixos-server = [
|
||||
./specific/grimmauld-nixos-server/configuration.nix
|
||||
|
|
67
specific/grimm-nixos-ssd/configuration.nix
Normal file
67
specific/grimm-nixos-ssd/configuration.nix
Normal file
|
@ -0,0 +1,67 @@
|
|||
{ config, lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
# ./modules/kvm.nix
|
||||
./../../sway
|
||||
];
|
||||
|
||||
age.identityPaths = [ "/home/grimmauld/.ssh/id_ed25519" ];
|
||||
|
||||
|
||||
services.zfs.trim.enable = true;
|
||||
boot.supportedFilesystems.zfs = true;
|
||||
# networking.hostId = "2ea79333";
|
||||
# boot.kernelPackages = lib.mkForce config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||
|
||||
grimmShared = {
|
||||
tooling = {
|
||||
pass = true;
|
||||
};
|
||||
gaming = true;
|
||||
printing = true;
|
||||
portals = true;
|
||||
sound = {
|
||||
enable = true;
|
||||
midi = true;
|
||||
};
|
||||
graphical = true;
|
||||
firefox = {
|
||||
enable = true;
|
||||
plugins = {
|
||||
"uBlock0@raymondhill.net" = "ublock-origin";
|
||||
"{1e6672b5-a286-4217-83ec-81cc872debcf}" = "youtube-control-fix";
|
||||
"gdpr@cavi.au.dk" = "consent-o-matic";
|
||||
"{41f9e51d-35e4-4b29-af66-422ff81c8b41}" = "disable-javascript";
|
||||
"{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}" = "styl-us";
|
||||
"wappalyzer@crunchlabz.com" = "wappalyzer";
|
||||
"{b9db16a4-6edc-47ec-a1f4-b86292ed211d}" = "video-downloadhelper";
|
||||
"{1526fba1-ac33-4dfc-99d8-163e6129f7b9}" = "reveye-ris";
|
||||
};
|
||||
};
|
||||
cloudSync = {
|
||||
enable = true;
|
||||
username = "Grimmauld";
|
||||
server = "cloud.grimmauld.de";
|
||||
passwordFile = config.age.secrets.nextcloud_pass.path;
|
||||
};
|
||||
|
||||
spotify.enable = true;
|
||||
};
|
||||
|
||||
age.secrets.nextcloud_pass = {
|
||||
file = ./../../secrets/nextcloud_pass.age;
|
||||
mode = "777";
|
||||
};
|
||||
|
||||
networking.hostName = "grimm-nixos-ssd";
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
# nix.settings.extra-substituters = [ "https://nixcache.grimmauld.de" ];
|
||||
|
||||
nix.settings.trusted-public-keys = [
|
||||
"nixcache.grimmauld.de:LFBlakr8RYIuVb9I1S0+L9JGyB2THcfbPa0W6srghqo="
|
||||
];
|
||||
}
|
129
specific/grimm-nixos-ssd/hardware-configuration.nix
Normal file
129
specific/grimm-nixos-ssd/hardware-configuration.nix
Normal file
|
@ -0,0 +1,129 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "uas" "sd_mod" "kvm-intel" ];
|
||||
boot.initrd.kernelModules = [ "zfs" "nls_cp437" "nls_iso8859-1" "usbhid" "usb_storage" "nvme" ];
|
||||
boot.zfs = {
|
||||
forceImportRoot = false;
|
||||
requestEncryptionCredentials = false; # none of the zfs datasets that should be mounted are encrypted. User homes happen later.
|
||||
# [
|
||||
# "zpool/home"
|
||||
# "zpool/root"
|
||||
# "zpool/nix"
|
||||
# "zpool/var"
|
||||
# ];
|
||||
};
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.supportedFilesystems.zfs = true;
|
||||
networking.hostId = "40fa5ea8";
|
||||
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||
boot.extraModulePackages = [ ];
|
||||
boot.kernelParams = [ "mds=full,nosmt" ];
|
||||
services.homed.enable = true;
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "zpool/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{ device = "zpool/nix";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var" =
|
||||
{ device = "zpool/var";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
# fileSystems."/home" =
|
||||
# { device = "zpool/home";
|
||||
# fsType = "zfs";
|
||||
# };
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/12CE-A600";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" "umask=077" ];
|
||||
};
|
||||
|
||||
|
||||
grimmShared = {
|
||||
screens = {
|
||||
external = {
|
||||
id = "HDMI-A-1";
|
||||
pos = "0 0";
|
||||
};
|
||||
|
||||
internal = {
|
||||
id = "eDP-1";
|
||||
fps = [
|
||||
144
|
||||
60
|
||||
];
|
||||
};
|
||||
};
|
||||
laptop_hardware.enable = true;
|
||||
};
|
||||
|
||||
|
||||
# fileSystems."/crypt-storage" =
|
||||
# { device = "/dev/disk/by-uuid/6f0d65a8-24f0-439d-b5ee-03c0ef051fcb";
|
||||
# fsType = "ext4";
|
||||
# options = [ "umask=077" ]; # read only so a fat-finger can't accidentially bonk our salts, rendering the disk useless.
|
||||
# };
|
||||
|
||||
# fileSystems."/home/grimmauld" =
|
||||
# { device = "zpool/home/grimmauld";
|
||||
# fsType = "zfs";
|
||||
# };
|
||||
|
||||
security.pam = {
|
||||
zfs = {
|
||||
enable = true;
|
||||
homes = "zpool/home";
|
||||
};
|
||||
};
|
||||
|
||||
boot.initrd.luks.yubikeySupport = true; # enable yubikey support
|
||||
|
||||
boot.initrd.luks.devices."root" = {
|
||||
device = "/dev/disk/by-uuid/6e6ca6b4-cfd5-4384-955b-bad9c48fa9d6"; # /dev/sda3
|
||||
preLVM = true;
|
||||
allowDiscards = true;
|
||||
|
||||
yubikey = {
|
||||
slot = 2;
|
||||
twoFactor = true; # Set to false for 1FA
|
||||
gracePeriod = 30; # Time in seconds to wait for Yubikey to be inserted
|
||||
keyLength = 64; # Set to $KEY_LENGTH/8
|
||||
saltLength = 16; # Set to $SALT_LENGTH
|
||||
|
||||
storage = {
|
||||
device = "/dev/disk/by-uuid/6f0d65a8-24f0-439d-b5ee-03c0ef051fcb"; # same ID as the crypt-storage mount earlier
|
||||
fsType = "ext4";
|
||||
path = "/default";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
Loading…
Reference in a new issue