diff --git a/modules/flake/packages.nix b/modules/flake/packages.nix index 6b796519..60c4a70e 100644 --- a/modules/flake/packages.nix +++ b/modules/flake/packages.nix @@ -3,7 +3,7 @@ _: { { pkgs, ... }: { packages = { - inherit (pkgs) prom-checktlsa; + inherit (pkgs) disko prom-checktlsa; inherit (pkgs.ptsd-node-packages) readability-cli; }; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 5754da39..1dc71f25 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -38,7 +38,6 @@ in generic-desktop = ./generic-desktop.nix; generic-disk = ./generic-disk.nix; hcloud = ./hcloud; - hl5380dn = ./hl5380dn.nix; host-htz1 = ./hosts/htz1; host-htz2 = ./hosts/htz2; hw-hetzner-vm = ./hw/hetzner-vm.nix; @@ -51,12 +50,15 @@ in ports = ./ports.nix; prometheus-node = ./prometheus-node.nix; tailscale = ./tailscale.nix; - tp3 = ./tp3.nix; tp4 = ./tp4.nix; users = ./users; utmvm-nixos-3 = ./utmvm-nixos-3.nix; }; + flake.diskoConfigurations = { + tp3 = import ./tp3/modules/disko.nix; + }; + flake.nixosConfigurations = { # htz1 = nixosSystemFor "x86_64-linux" [ # self.nixosModules.borgbackup @@ -94,16 +96,15 @@ in # sudo systemd-cryptenroll --tpm2-device=/dev/tpmrm0 --tpm2-pcrs=0+7 /dev/nvme0n1p2 tp3 = nixosSystemFor "x86_64-linux" [ inputs.disko.nixosModules.disko - inputs.home-manager.nixosModule + # inputs.home-manager.nixosModule inputs.lanzaboote.nixosModules.lanzaboote - inputs.nix95.nixosModules.nix95 + # inputs.nix95.nixosModules.nix95 self.nixosModules.defaults - self.nixosModules.hl5380dn self.nixosModules.networkmanager - self.nixosModules.nix-persistent - self.nixosModules.tailscale - self.nixosModules.tp3 + # self.nixosModules.nix-persistent + # self.nixosModules.tailscale self.nixosModules.users + ./tp3 ]; # build using `NIX_CONFIG="extra-experimental-features = nix-command flakes" nix shell nixpkgs#git --command nix build /Users/enno/repos/ptsd#nixosConfigurations.orb-nixos.config.system.build.topLevel -L` diff --git a/modules/nixos/hl5380dn.nix b/modules/nixos/hl5380dn.nix deleted file mode 100644 index cb3b8864..00000000 --- a/modules/nixos/hl5380dn.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -{ - services.printing.enable = true; - - hardware.printers = { - ensurePrinters = [ - { - name = "HL5380DN"; - deviceUri = "socket://192.168.1.2:9100"; - location = "fraam office"; - model = "drv:///sample.drv/generpcl.ppd"; - ppdOptions = { - PageSize = "A4"; - Resolution = "600dpi"; - InputSlot = "Auto"; - MediaType = "PLAIN"; - }; - } - ]; - }; - -} diff --git a/modules/nixos/tp3.nix b/modules/nixos/tp3/default.nix similarity index 82% rename from modules/nixos/tp3.nix rename to modules/nixos/tp3/default.nix index be220572..641e750c 100644 --- a/modules/nixos/tp3.nix +++ b/modules/nixos/tp3/default.nix @@ -30,28 +30,33 @@ # ./nix-security-box/web.nix # ./nix-security-box/windows.nix # ./nix-security-box/wireless.nix + + ./modules/disko.nix ]; + + networking.hostId = "c1acffeb"; + #config.permittedInsecurePackages = [ # "tightvnc-1.3.10" # "python-2.7.18.6" #]; - system.stateVersion = "23.11"; + system.stateVersion = "24.11"; networking.hostName = "tp3"; # services.getty.autologinUser = config.users.users.mainUser.name; ptsd.tailscale.enable = true; - disko.devices = import ./disko/luks-lvm-immutable.nix { inherit lib; }; + # disko.devices = import ./disko/luks-lvm-immutable.nix { inherit lib; }; programs.fish.enable = true; - fileSystems = { - "/" = { - fsType = "tmpfs"; - options = [ - "size=4G" - "mode=1755" - ]; - }; - }; - swapDevices = [ { device = "/dev/pool/swap"; } ]; + # fileSystems = { + # "/" = { + # fsType = "tmpfs"; + # options = [ + # "size=4G" + # "mode=1755" + # ]; + # }; + # }; + # swapDevices = [ { device = "/dev/pool/swap"; } ]; time.timeZone = "Europe/Berlin"; services.pipewire = { enable = true; @@ -69,14 +74,15 @@ resumeDevice = "/dev/pool/swap"; - lanzaboote = { - enable = true; - pkiBundle = "/nix/persistent/etc/secureboot"; - configurationLimit = 7; - }; + # lanzaboote = { + # enable = true; + # pkiBundle = "/nix/persistent/etc/secureboot"; + # configurationLimit = 7; + # }; loader = { - systemd-boot.enable = lib.mkForce false; # replaced by lanzaboote + systemd-boot.enable = true; + # systemd-boot.enable = lib.mkForce false; # replaced by lanzaboote systemd-boot.editor = false; efi.canTouchEfiVariables = true; }; @@ -115,7 +121,7 @@ systemd.network.wait-online.timeout = 0; services.fstrim.enable = true; services.xserver.videoDrivers = [ "modesetting" ]; - programs.steam.enable = true; + # programs.steam.enable = true; hardware.bluetooth.enable = true; hardware.bluetooth.powerOnBoot = true; @@ -146,8 +152,8 @@ pkgs.btop pkgs.file pkgs.git - pkgs.glxinfo - pkgs.gnome-disk-utility + # pkgs.glxinfo + # pkgs.gnome-disk-utility pkgs.gptfdisk pkgs.home-manager pkgs.libcanberra-gtk3 @@ -158,11 +164,8 @@ pkgs.wirelesstools ]; - virtualisation.podman = { - enable = true; - }; - - virtualisation.virtualbox.host.enable = true; + # virtualisation.podman.enable = true; + # virtualisation.virtualbox.host.enable = true; systemd.services.tailscaled.wantedBy = lib.mkForce [ ]; # manual start to reduce battery usage (frequent wakeups) diff --git a/modules/nixos/tp3/modules/disko.nix b/modules/nixos/tp3/modules/disko.nix new file mode 100644 index 00000000..eff0c031 --- /dev/null +++ b/modules/nixos/tp3/modules/disko.nix @@ -0,0 +1,79 @@ +{ + disko.devices = { + disk = { + root = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "nofail" ]; + }; + }; + windows = { + size = "250G"; + type = "0700"; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + rootFsOptions = { + mountpoint = "none"; + compression = "lz4"; + acltype = "posixacl"; + xattr = "sa"; + "com.sun:auto-snapshot" = "true"; + }; + options.ashift = "12"; + datasets = { + "root" = { + type = "zfs_fs"; + options = { + mountpoint = "none"; + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + #keylocation = "file:///tmp/secret.key"; + keylocation = "prompt"; + }; + }; + "root/nixos" = { + type = "zfs_fs"; + options.mountpoint = "/"; + mountpoint = "/"; + }; + "root/home" = { + type = "zfs_fs"; + options.mountpoint = "/home"; + mountpoint = "/home"; + }; + "root/tmp" = { + type = "zfs_fs"; + mountpoint = "/tmp"; + options = { + mountpoint = "/tmp"; + sync = "disabled"; + }; + }; + }; + }; + }; + }; +}