tp3: disable modules, update disko config

elohmeier · Dec 26, 2024 · b967b30 · b967b30
1 parent ce7eb8c
commit b967b30
Show file tree

Hide file tree

Showing 5 changed files with 118 additions and 63 deletions.
diff --git a/modules/flake/packages.nix b/modules/flake/packages.nix
@@ -3,7 +3,7 @@ _: {
     { pkgs, ... }:
     {
       packages = {
-        inherit (pkgs) prom-checktlsa;
+        inherit (pkgs) disko prom-checktlsa;
 
         inherit (pkgs.ptsd-node-packages) readability-cli;
       };

diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
@@ -38,7 +38,6 @@ in
     generic-desktop = ./generic-desktop.nix;
     generic-disk = ./generic-disk.nix;
     hcloud = ./hcloud;
-    hl5380dn = ./hl5380dn.nix;
     host-htz1 = ./hosts/htz1;
     host-htz2 = ./hosts/htz2;
     hw-hetzner-vm = ./hw/hetzner-vm.nix;
@@ -51,12 +50,15 @@ in
     ports = ./ports.nix;
     prometheus-node = ./prometheus-node.nix;
     tailscale = ./tailscale.nix;
-    tp3 = ./tp3.nix;
     tp4 = ./tp4.nix;
     users = ./users;
     utmvm-nixos-3 = ./utmvm-nixos-3.nix;
   };
 
+  flake.diskoConfigurations = {
+    tp3 = import ./tp3/modules/disko.nix;
+  };
+
   flake.nixosConfigurations = {
     # htz1 = nixosSystemFor "x86_64-linux" [
     #   self.nixosModules.borgbackup
@@ -94,16 +96,15 @@ in
     # sudo systemd-cryptenroll --tpm2-device=/dev/tpmrm0 --tpm2-pcrs=0+7 /dev/nvme0n1p2
     tp3 = nixosSystemFor "x86_64-linux" [
       inputs.disko.nixosModules.disko
-      inputs.home-manager.nixosModule
+      # inputs.home-manager.nixosModule
       inputs.lanzaboote.nixosModules.lanzaboote
-      inputs.nix95.nixosModules.nix95
+      # inputs.nix95.nixosModules.nix95
       self.nixosModules.defaults
-      self.nixosModules.hl5380dn
       self.nixosModules.networkmanager
-      self.nixosModules.nix-persistent
-      self.nixosModules.tailscale
-      self.nixosModules.tp3
+      # self.nixosModules.nix-persistent
+      # self.nixosModules.tailscale
       self.nixosModules.users
+      ./tp3
     ];
 
     # build using `NIX_CONFIG="extra-experimental-features = nix-command flakes" nix shell nixpkgs#git --command nix build /Users/enno/repos/ptsd#nixosConfigurations.orb-nixos.config.system.build.topLevel -L`

diff --git a/modules/nixos/hl5380dn.nix b/modules/nixos/hl5380dn.nix
diff --git a/modules/nixos/tp3.nix → modules/nixos/tp3/default.nix b/modules/nixos/tp3.nix → modules/nixos/tp3/default.nix
@@ -30,28 +30,33 @@
       # ./nix-security-box/web.nix
       # ./nix-security-box/windows.nix
       # ./nix-security-box/wireless.nix
+
+      ./modules/disko.nix
     ];
+
+    networking.hostId = "c1acffeb";
+
     #config.permittedInsecurePackages = [
     #  "tightvnc-1.3.10"
     #  "python-2.7.18.6"
     #];
 
-    system.stateVersion = "23.11";
+    system.stateVersion = "24.11";
     networking.hostName = "tp3";
     # services.getty.autologinUser = config.users.users.mainUser.name;
     ptsd.tailscale.enable = true;
-    disko.devices = import ./disko/luks-lvm-immutable.nix { inherit lib; };
+    # disko.devices = import ./disko/luks-lvm-immutable.nix { inherit lib; };
     programs.fish.enable = true;
-    fileSystems = {
-      "/" = {
-        fsType = "tmpfs";
-        options = [
-          "size=4G"
-          "mode=1755"
-        ];
-      };
-    };
-    swapDevices = [ { device = "/dev/pool/swap"; } ];
+    # fileSystems = {
+    #   "/" = {
+    #     fsType = "tmpfs";
+    #     options = [
+    #       "size=4G"
+    #       "mode=1755"
+    #     ];
+    #   };
+    # };
+    # swapDevices = [ { device = "/dev/pool/swap"; } ];
     time.timeZone = "Europe/Berlin";
     services.pipewire = {
       enable = true;
@@ -69,14 +74,15 @@
 
       resumeDevice = "/dev/pool/swap";
 
-      lanzaboote = {
-        enable = true;
-        pkiBundle = "/nix/persistent/etc/secureboot";
-        configurationLimit = 7;
-      };
+      # lanzaboote = {
+      #   enable = true;
+      #   pkiBundle = "/nix/persistent/etc/secureboot";
+      #   configurationLimit = 7;
+      # };
 
       loader = {
-        systemd-boot.enable = lib.mkForce false; # replaced by lanzaboote
+        systemd-boot.enable = true;
+        # systemd-boot.enable = lib.mkForce false; # replaced by lanzaboote
         systemd-boot.editor = false;
         efi.canTouchEfiVariables = true;
       };
@@ -115,7 +121,7 @@
     systemd.network.wait-online.timeout = 0;
     services.fstrim.enable = true;
     services.xserver.videoDrivers = [ "modesetting" ];
-    programs.steam.enable = true;
+    # programs.steam.enable = true;
 
     hardware.bluetooth.enable = true;
     hardware.bluetooth.powerOnBoot = true;
@@ -146,8 +152,8 @@
       pkgs.btop
       pkgs.file
       pkgs.git
-      pkgs.glxinfo
-      pkgs.gnome-disk-utility
+      # pkgs.glxinfo
+      # pkgs.gnome-disk-utility
       pkgs.gptfdisk
       pkgs.home-manager
       pkgs.libcanberra-gtk3
@@ -158,11 +164,8 @@
       pkgs.wirelesstools
     ];
 
-    virtualisation.podman = {
-      enable = true;
-    };
-
-    virtualisation.virtualbox.host.enable = true;
+    # virtualisation.podman.enable = true;
+    # virtualisation.virtualbox.host.enable = true;
 
     systemd.services.tailscaled.wantedBy = lib.mkForce [ ]; # manual start to reduce battery usage (frequent wakeups)
 

diff --git a/modules/nixos/tp3/modules/disko.nix b/modules/nixos/tp3/modules/disko.nix
@@ -0,0 +1,79 @@
+{
+  disko.devices = {
+    disk = {
+      root = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "1G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "nofail" ];
+              };
+            };
+            windows = {
+              size = "250G";
+              type = "0700";
+            };
+            zfs = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "zroot";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      zroot = {
+        type = "zpool";
+        rootFsOptions = {
+          mountpoint = "none";
+          compression = "lz4";
+          acltype = "posixacl";
+          xattr = "sa";
+          "com.sun:auto-snapshot" = "true";
+        };
+        options.ashift = "12";
+        datasets = {
+          "root" = {
+            type = "zfs_fs";
+            options = {
+              mountpoint = "none";
+              encryption = "aes-256-gcm";
+              keyformat = "passphrase";
+              #keylocation = "file:///tmp/secret.key";
+              keylocation = "prompt";
+            };
+          };
+          "root/nixos" = {
+            type = "zfs_fs";
+            options.mountpoint = "/";
+            mountpoint = "/";
+          };
+          "root/home" = {
+            type = "zfs_fs";
+            options.mountpoint = "/home";
+            mountpoint = "/home";
+          };
+          "root/tmp" = {
+            type = "zfs_fs";
+            mountpoint = "/tmp";
+            options = {
+              mountpoint = "/tmp";
+              sync = "disabled";
+            };
+          };
+        };
+      };
+    };
+  };
+}