rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-02-22 02:20:56 +01:00
Code Issues Projects Releases Packages Wiki Activity

switched the thinkpad to zfs again

Browse source
This commit is contained in:
Rouven Seifert 2023-08-02 18:04:26 +02:00
parent 3949aa8bb9
commit 085e064e46
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
6 changed files with 67 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -1,7 +1,7 @@
keys: keys:
- &yubi 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09 - &yubi 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
- &rouven age1l80slr486r82csm758q2a32j2e2qdxdyxgh46um6thsjv08la9sq7475p6 - &rouven age1l80slr486r82csm758q2a32j2e2qdxdyxgh46um6thsjv08la9sq7475p6
- &thinkpad age1pwdahgk2yty9w8cw5ht90mral76h0ndp3vkp93xm4g0cttjlsvgqn8vlys - &thinkpad age1ejusm7c5smk5r0lcu7yynudrqc6j63pcyk9m4uh23f8kqd84cfqs88hjl6
- &nuc age18z4z5pgw8eluu32xe3krg4sxd2rncsnjw6e2axcun7x3vrj62vhq8eyz00 - &nuc age18z4z5pgw8eluu32xe3krg4sxd2rncsnjw6e2axcun7x3vrj62vhq8eyz00
- &falkenstein-1 age1de938w6hzpv4cuzss7v3pt0chv4d0t220ue5n9d93ffuak7u949sumnhz3 - &falkenstein-1 age1de938w6hzpv4cuzss7v3pt0chv4d0t220ue5n9d93ffuak7u949sumnhz3
creation_rules: creation_rules:

45
hosts/thinkpad/default.nix
View file

@ -16,20 +16,21 @@
# This setting is usually set to true in configuration.nix # This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false # generated at installation time. So we force it to false
# for now. # for now.
loader.systemd-boot.enable = lib.mkForce false; # loader.systemd-boot.enable = lib.mkForce false;
lanzaboote = { loader.systemd-boot.enable = true;
enable = true; # lanzaboote = {
pkiBundle = "/etc/secureboot"; # enable = true;
configurationLimit = 10; # pkiBundle = "/etc/secureboot";
}; # configurationLimit = 10;
# };
extraModulePackages = [ extraModulePackages = [
config.boot.kernelPackages.v4l2loopback.out config.boot.kernelPackages.v4l2loopback.out
]; ];
loader.systemd-boot.editor = false; #loader.systemd-boot.editor = false;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
tmp.useTmpfs = true; tmp.useTmpfs = true;
}; };
@ -61,19 +62,19 @@
# ]; # ];
}; };
environment.persistence."/nix/persist/system" = { #environment.persistence."/nix/persist/system" = {
directories = [ # directories = [
"/etc/nixos" # bind mounted from /nix/persist/system/etc/nixos to /etc/nixos # "/etc/nixos" # bind mounted from /nix/persist/system/etc/nixos to /etc/nixos
"/etc/ssh" # "/etc/ssh"
"/etc/secureboot" # "/etc/secureboot"
"/root/.ssh" # "/root/.ssh"
]; # ];
files = [ # files = [
"/etc/machine-id" # "/etc/machine-id"
]; # ];
}; #};
# impermanence fixes # impermanence fixes
sops.age.sshKeyPaths = lib.mkForce [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ]; #sops.age.sshKeyPaths = lib.mkForce [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ];
sops.gnupg.sshKeyPaths = lib.mkForce [ ]; sops.gnupg.sshKeyPaths = lib.mkForce [ ];
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
@ -118,8 +119,6 @@
security = { security = {
polkit.enable = true; polkit.enable = true;
audit.enable = true;
auditd.enable = true;
}; };
services.pipewire = { services.pipewire = {
@ -158,7 +157,6 @@
enable = true; enable = true;
openFirewall = false; openFirewall = false;
}; };
btrfs.autoScrub.enable = true; # periodically check filesystem and repair it
fwupd.enable = true; # firmware updates fwupd.enable = true; # firmware updates
}; };
@ -195,7 +193,6 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# hardware utilities # hardware utilities
btdu
nvme-cli nvme-cli
intel-gpu-tools intel-gpu-tools

38
hosts/thinkpad/hardware-configuration.nix
View file

@ -22,45 +22,39 @@
device = "/dev/disk/by-uuid/4a5fd2d9-1b37-4895-a24b-835a9cd4063e"; device = "/dev/disk/by-uuid/4a5fd2d9-1b37-4895-a24b-835a9cd4063e";
}; };
fileSystems."/" =
{
device = "tmpfs";
fsType = "tmpfs";
options = [ "mode=755" ];
};
fileSystems."/nix" =
fileSystems."/home" =
{ {
device = "/dev/disk/by-uuid/3d44cde5-17a2-4023-b9ae-3a02ae68aa81"; device = "rpool/nixos/nix";
fsType = "btrfs"; fsType = "zfs";
options = [ "subvol=home" "compress=zstd" "discard=async" "noatime" ];
}; };
fileSystems."/var/lib" = fileSystems."/var/lib" =
{ {
device = "/dev/disk/by-uuid/3d44cde5-17a2-4023-b9ae-3a02ae68aa81"; device = "rpool/nixos/var/lib";
fsType = "btrfs"; fsType = "zfs";
options = [ "subvol=lib" "compress=zstd" "discard=async" "noatime" "x-mount.mkdir" ];
}; };
fileSystems."/var/log" = fileSystems."/var/log" =
{ {
device = "/dev/disk/by-uuid/3d44cde5-17a2-4023-b9ae-3a02ae68aa81"; device = "rpool/nixos/var/log";
fsType = "btrfs"; fsType = "zfs";
options = [ "subvol=log" "compress=zstd" "discard=async" "noatime" "x-mount.mkdir" ];
}; };
fileSystems."/nix" = fileSystems."/home" =
{ {
device = "/dev/disk/by-uuid/3d44cde5-17a2-4023-b9ae-3a02ae68aa81"; device = "rpool/nixos/home";
fsType = "btrfs"; fsType = "zfs";
options = [ "subvol=nix" "compress=zstd" "discard=async" "noatime" ]; };
fileSystems."/" =
{
device = "rpool/nixos/fixroot";
fsType = "zfs";
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ {
device = "/dev/disk/by-uuid/B174-4DAE"; device = "/dev/disk/by-uuid/DF86-7611";
fsType = "vfat"; fsType = "vfat";
}; };

10
hosts/thinkpad/modules/backup/default.nix
View file

@ -21,9 +21,13 @@
"/home/*/.cache" "/home/*/.cache"
"/home/*/.zcomp*" "/home/*/.zcomp*"
"/home/*/.zcomp*" "/home/*/.zcomp*"
"/home/*/.local/share/Steam" "/home/*/.gradle*"
"/home/*/.local/share/Trash" "/home/*/.java*"
"/home/*/.local/share/vifm/Trash" "/home/*/.m2*"
"/home/*/.wine*"
"/home/*/.mypy_cache*"
"/home/*/.local/share"
"/home/*/.local/share"
"/home/*/Linux/Isos" "/home/*/Linux/Isos"
]; ];
}; };

1
hosts/thinkpad/modules/networks/default.nix
View file

@ -14,6 +14,7 @@
networking = { networking = {
useNetworkd = true; useNetworkd = true;
hostName = "thinkpad"; hostName = "thinkpad";
hostId = "d8d34032";
enableIPv6 = true; enableIPv6 = true;
wireless = { wireless = {
enable = true; enable = true;

42
secrets/thinkpad.yaml
View file

@ -14,36 +14,36 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age1pwdahgk2yty9w8cw5ht90mral76h0ndp3vkp93xm4g0cttjlsvgqn8vlys - recipient: age1ejusm7c5smk5r0lcu7yynudrqc6j63pcyk9m4uh23f8kqd84cfqs88hjl6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCQ243byszWm45UmpialpS YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZ3BTZ1ZiMGozVUhFUDYx
OVVsTEFQNDZrS3NRdUc1aFBOcTFyclZkenpzCmtXcnlsZGNBOTBhZVJSNFdrck9i UFhUV1Q5YzVuR1N1V25WckpMV3Fod2hmejJVCmRnQjRUMmhVbll6b0N2TmJOSFVF
MHI0WjA4dy9DTFk3cWwydkJvR0h3RmsKLS0tIGxsM0hzUmg4RVBUOTI3QTZMZG4x cHNiK3NVSkJyUjAzMkNXWTNYejBsbUkKLS0tIFRMWXRac1lzZ3dvb1BxTExucDNh
d1J5UHJDYjlZWEV1aEVDSmxhWDB0anMKMNzyd465AdMyX0o9NxF+hcLyROcd8xoJ YW1scVZDOUFaNUJ4UkFNT2U4eFh6VGsKfv6BaEvr0ibn1cSqE9GeUe4BrYwY9RTB
39K5xIDzcqpu6HfoZk1kZ/TT1DS2Xiw0rDuJHWdfpnS8zNe6DL3a7Q== PNnqxnwBX01rCitKFfpNe1rBHazp+DDh9Dw2N+m/hH6gXvu7LjcwGQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-30T13:44:51Z" lastmodified: "2023-07-30T13:44:51Z"
mac: ENC[AES256_GCM,data:kddokPxPpClyToDm6a3Iu0UfTFxqN2oRsGYLBgzW3iuScz0NpOJXYfHyOXmzTLyj7LSFr4xuE86/KsaWeGxse8CCqnbnbsj2Ok7nEjWqT26L7fUDklBkTb3EZQqgz1v+rl35mlto+GfsA5kskwwUOiQGuwxqWPZTznf3WqWq6pI=,iv:8qaKsXRh9O57zeWVJQqW4m4U6OgRjMaEQKclnt8jrIQ=,tag:rrC1JqCZH8br3hYlxBCRYA==,type:str] mac: ENC[AES256_GCM,data:kddokPxPpClyToDm6a3Iu0UfTFxqN2oRsGYLBgzW3iuScz0NpOJXYfHyOXmzTLyj7LSFr4xuE86/KsaWeGxse8CCqnbnbsj2Ok7nEjWqT26L7fUDklBkTb3EZQqgz1v+rl35mlto+GfsA5kskwwUOiQGuwxqWPZTznf3WqWq6pI=,iv:8qaKsXRh9O57zeWVJQqW4m4U6OgRjMaEQKclnt8jrIQ=,tag:rrC1JqCZH8br3hYlxBCRYA==,type:str]
pgp: pgp:
- created_at: "2023-02-16T20:53:51Z" - created_at: "2023-08-02T14:13:52Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
wcFMAzUXo8ZPJwGLAQ/+NB4eFL48UlOgU36c4fo5eGFAFCx54wovfOq33S3yc5tx wcFMAzUXo8ZPJwGLAQ//VVEf2kjskLK9GCYh0d51LrosaUAutDYvG/QKUqO7o1HQ
UewzA5DZ9FECG8vl/CvxDNZdDZcdHWdF8r0MEKtToMMuDgcw4c1oDyZsKPCycWJm vXYHjSo6A927Z3uWPCEgJBufMgAEen/VNOLC/3nZ94Qb18ORLpvWYr3xFL6uQuGF
/vzVnmQDD1TfS1FoZNLU+IHm1VZ6c51s1A24KhIZc4fre0U4jA9JXv2ZelCJzzOm /8l2r0MMCkulClJDkwEd/BR2wp/VEwVnlAk22EYuGqn1xbp7IO48YMpMG1qSNcZ0
5PqOdItIl/avnDH7Q5iBBsHkebM3exrpq0VzUABaiiR6mjcn8uhh5T11oxgMZgvD 4BaXgkVfe11fB4mv5FGN3D6EA1PvXNBt5Fx64AUv6AqJRlkpjOmrpm88gPOuKQ4a
AzP+IsBHh1dkuhy5tV0eUtzD95aYvofuszIFSe6Aj/HX7Iod/C70M5KWQNMQhqXI vwcqZnP7ryWGTJ+IFeKYDxUFYMhq0Dm+xvkfER5py9qIy3D/5rcG4kl73I+5sN+2
d2YRZc9VGcrZ0RgYnUyoC15h7k91tO9UHhAbR9IG3j7px5QLs8/JjaUi64wIRbDd hN9/pmGEzi5EkHmkyRBSZ1oqLDlW/lXa3FcuAyjMRzU1sGesJLiDW7P8pTdVb63a
EiT+vbmpv3V2aqAdwRGOOd5buWrrdLIyk+2BdmtVqOtI2kOrQr328J3uM7+z1c55 o+rVaj78V0dk7TZ3bIteJ/sMzZBM5z3h4hXIvyyhA5aiuw48FcPRqChdlbI6rDRJ
iE5QlS8zZL8zY+5sSCpijmKNPGe4SsJxJ72PLyT+y9DwI4259uNW2fpt+ZsT4yWr ZRlh0uYJdtGN1nqln24Do+Dp40pvceZCJbzxJjI9MZyQY3G3ilTTKSVt8V4+XRYr
MWv/EvuPuIq774odk5B+ECvucUcufJ2j0R1XoVGVvNc6N8VZiMGpfYx7+w6soEQQ 89jffQEYH1qA0HmPP8QvrW3dRHsPYRsZgLNco8yOqOj6wdL/QqTfQLI7uZKtNBOt
GDaNJ1ETw4nYOvb19nF+ymKFhRz1fV7w6QRn6vI0tBO3UTGR1bx6+D5oM+OazzgA M7rVKpcmCBoMBlc95qALI+v6eh21AbTMYkblWAEf36ufjyOTwWqh1lfl9UI/MwMD
HcQGrxn/sAVKm/zXri479VNw5w4T4F5qhXaYyYhQmssKGBEpqhm02jzy8NRaUmPS vLJ9Z+UxP1GLRwz2kh5vr3b+6FKIahUuWsNH+MhaTYqCo4rzzXpIFYeB9Gcut/XS
UQEuypPFKDKZhGW5GeToRNYnlrd/txV8n/bvRN2OrhkgHN0D8HLn/X9AW3dd/KnT UQHQajWoKDl/Gd/VOZHZWZEuNKz+3TzJzhVIY/RoI7QvhZipAIH+/UflEUcSEHP2
FIL5dAFoBIC5GFu0xNGyuA/9MLNWRpwMF7tU3vr2726iTQ== p20IEABHoFu38njZquAMRQoEljIl8T9bc4DxTrnWjoz4JA==
=3Wti =1/wz
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09 fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted