diff --git a/comb/home/diskoConfigurations.nix b/comb/home/diskoConfigurations.nix index 02e9233..a8b1435 100644 --- a/comb/home/diskoConfigurations.nix +++ b/comb/home/diskoConfigurations.nix @@ -1,19 +1,19 @@ { - nom = { - disk = { - nvme0n1 = { - device = "/dev/nvme0n1"; + nom = { + disk = { + "Intenso_SSD_3833430-532201046" = { type = "disk"; + device = "/dev/disk/by-id/ata-Intenso_SSD_3833430-532201046"; content = { type = "table"; format = "gpt"; partitions = [ { type = "partition"; - name = "ESP"; - start = "1MiB"; - end = "100MiB"; - bootable = true; + name = "efi"; + start = "0"; + end = "8GiB"; + fs-type = "fat32"; content = { type = "filesystem"; format = "vfat"; @@ -21,21 +21,71 @@ }; } { - name = "root"; type = "partition"; - start = "100MiB"; + name = "swap"; + start = "8GiB"; end = "100%"; - part-type = "primary"; - bootable = true; content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; + type = "swap"; + randomEncryption = true; }; } ]; }; }; + "Samsung_SSD_980_PRO_1TB_S5GXNX1T325329W" = { + type = "disk"; + device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_1TB_S5GXNX1T325329W"; + content = { + type = "zfs"; + pool = "zpool"; + }; + }; }; - }; + rpool = { + type = "zpool"; + mode = "mirror"; + rootFsOptions = { + compression = "zstd"; + acltype = "posix"; + atime = "off"; + xattr = "sa"; + dnodesize = "auto"; + mountpoint = "none"; + canmount = "off"; + devices = "off"; + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + keylocation = "prompt"; + "autobackup:snap" = "true"; + "autobackup:home" = "true"; + }; + options = { + ashift = "12"; + bootfs = "rpool/root/nixos"; + }; + datasets = { + "root" = { + zfs_type = "filesystem"; + }; + "root/nixos" = { + zfs_type = "filesystem"; + options = { + canmount = "on"; + mountpoint = "/"; + }; + }; + "home" = { + zfs_type = "filesystem"; + }; + "home/root" = { + zfs_type = "filesystem"; + options = { + canmount = "on"; + mountpoint = "/root"; + }; + }; + }; + }; + }; } diff --git a/comb/home/hardwareProfiles.nix b/comb/home/hardwareProfiles.nix index 25169d3..a834466 100644 --- a/comb/home/hardwareProfiles.nix +++ b/comb/home/hardwareProfiles.nix @@ -8,22 +8,31 @@ imports = [ inputs.disko.nixosModules.disko {disko.devices = cell.diskoConfigurations.nom;} + inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd - inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate - inputs.nixos-hardware.nixosModules.common-gpu-amd ]; - boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci"]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; boot.initrd.kernelModules = []; boot.kernelModules = []; boot.extraModulePackages = []; - networking.useDHCP = lib.mkDefault true; + # ZFS + networking.hostId = "4313abca"; + boot.supportedFilesystems = ["zfs"]; + boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + + # WWhen using systemd-networkd it's still possible to use this option, + # but it's recommended to use it in conjunction with explicit per-interface + # declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault false; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.enableRedistributableFirmware = true; hardware.enableAllFirmware = true; - boot.kernelPackages = pkgs.linuxPackages_latest; + # high-resolution display + hardware.video.hidpi.enable = lib.mkDefault true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; }; } diff --git a/comb/home/nixosConfigurations.nix b/comb/home/nixosConfigurations.nix index 2b39296..d25392a 100644 --- a/comb/home/nixosConfigurations.nix +++ b/comb/home/nixosConfigurations.nix @@ -10,23 +10,18 @@ cell.hardwareProfiles.nom ]; - # Disable unnecessary stuff from the nixos defaults. - services.udisks2.enable = false; - networking.dhcpcd.enable = false; - networking.firewall.enable = false; - security.sudo.enable = false; + # Disable unnecessary stuff from the nixos defaults. + services.udisks2.enable = false; + networking.dhcpcd.enable = false; + networking.firewall.enable = false; + security.sudo.enable = false; - documentation.dev.enable = true; + documentation.dev.enable = true; - # swapDevices = [ - # { - # device = "/.swapfile"; - # size = 8192; # ~8GB - will be autocreated - # } - # ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + nix.settings = { auto-optimise-store = true; allowed-users = ["@wheel"]; @@ -38,29 +33,35 @@ accept-flake-config = true; }; - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - + networking.hostName = "nom"; time.timeZone = "Europe/Berlin"; - networking.useDHCP = false; - networking.interfaces.wlp2s0.useDHCP = true; - networking.networkmanager.enable = true; - systemd.services.NetworkManager-wait-online = { - enable = false; - serviceConfig.TimeoutSec = 15; - wantedBy = ["network-online.target"]; - }; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - # Select internationalisation properties. i18n.defaultLocale = "C.UTF-8"; console = { - keyMap = "de-latin1-nodeadkeys"; + keyMap = "de-latin1-nodeadkeys"; }; + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + passwordAuthentication = false; + kbdInteractiveAuthentication = false; + permitRootLogin = "yes"; + hostKeys = [ + { + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; + }; + + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + services.sshd.enable = true; # Enable sound. @@ -69,45 +70,42 @@ # Define a user account. Don't forget to set a password with ‘passwd’. users = { - users.lar = { - shell = pkgs.zsh; + users.root = { + initialHashedPassword = "$6$EBo/CaxB.dQoq2W8$lo2b5vKgJlLPdGGhEqa08q3Irf1Zd1PcFBCwJOrG8lqjwbABkn1DEhrMh1P3ezwnww2HusUBuZGDSMa4nvSQg1"; + openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5Uq+CDy5Pmt3If5M6d8K/Q7HArU6sZ7sgoj3T521Wm"]; + }; + users.myuser = { isNormalUser = true; - initialPassword = "password123"; - extraGroups = ["wheel"]; # Enable ‘sudo’ for the user. + shell = pkgs.zsh; + extraGroups = ["wheel" "audio" "video"]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + firefox + thunderbird + ]; }; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - kitty + kitty firefox - # Office - fava direnv # Git & Tools git - gh - gitoxide - ghq # Nix # nil # nix language server rnix-lsp # nix language server alejandra # nix formatter # Python - (python3Full.withPackages (p: - with p; [ - numpy - pandas - ptpython - requests - scipy - ])) - poetry # python project files black # python formatter ]; # Programs configuration + programs.neovim.enable = true; + programs.neovim.viAlias = true; + environment.variables.EDITOR = "nvim"; + programs.starship.enable = true; programs.nix-ld.enable = true; # quality of life for downloaded programs programs.zsh = { @@ -124,10 +122,7 @@ enable = true; config = { init.defaultBranch = "main"; - core.autocrlf = "input"; pull.rebase = true; - rebase.autosquash = true; - rerere.enable = true; }; }; #programs.ssh = {