feat: add disko config for nom

comb/home/diskoConfigurations.nix

@@ -1,19 +1,19 @@
 {
   nom = {
     disk = {
-      nvme0n1 = {
+      "Intenso_SSD_3833430-532201046" = {
-        device = "/dev/nvme0n1";
         type = "disk";
+        device = "/dev/disk/by-id/ata-Intenso_SSD_3833430-532201046";
         content = {
           type = "table";
           format = "gpt";
           partitions = [
             {
               type = "partition";
-              name = "ESP";
+              name = "efi";
-              start = "1MiB";
+              start = "0";
-              end = "100MiB";
+              end = "8GiB";
-              bootable = true;
+              fs-type = "fat32";
               content = {
                 type = "filesystem";
                 format = "vfat";
@@ -21,21 +21,71 @@
               };
             }
             {
-              name = "root";
               type = "partition";
-              start = "100MiB";
+              name = "swap";
+              start = "8GiB";
               end = "100%";
-              part-type = "primary";
-              bootable = true;
               content = {
-                type = "filesystem";
+                type = "swap";
-                format = "ext4";
+                randomEncryption = true;
-                mountpoint = "/";
               };
             }
           ];
         };
       };
+      "Samsung_SSD_980_PRO_1TB_S5GXNX1T325329W" = {
+        type = "disk";
+        device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_1TB_S5GXNX1T325329W";
+        content = {
+          type = "zfs";
+          pool = "zpool";
+        };
+      };
+    };
+    rpool = {
+      type = "zpool";
+      mode = "mirror";
+      rootFsOptions = {
+        compression = "zstd";
+        acltype = "posix";
+        atime = "off";
+        xattr = "sa";
+        dnodesize = "auto";
+        mountpoint = "none";
+        canmount = "off";
+        devices = "off";
+        encryption = "aes-256-gcm";
+        keyformat = "passphrase";
+        keylocation = "prompt";
+        "autobackup:snap" = "true";
+        "autobackup:home" = "true";
+      };
+      options = {
+        ashift = "12";
+        bootfs = "rpool/root/nixos";
+      };
+      datasets = {
+        "root" = {
+          zfs_type = "filesystem";
+        };
+        "root/nixos" = {
+          zfs_type = "filesystem";
+          options = {
+            canmount = "on";
+            mountpoint = "/";
+          };
+        };
+        "home" = {
+          zfs_type = "filesystem";
+        };
+        "home/root" = {
+          zfs_type = "filesystem";
+          options = {
+            canmount = "on";
+            mountpoint = "/root";
+          };
+        };
+      };
     };
   };
 }

comb/home/hardwareProfiles.nix

@@ -8,22 +8,31 @@
     imports = [
       inputs.disko.nixosModules.disko
       {disko.devices = cell.diskoConfigurations.nom;}
+      inputs.nixos-hardware.nixosModules.common-cpu-intel
       inputs.nixos-hardware.nixosModules.common-pc-laptop
       inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
-      inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
-      inputs.nixos-hardware.nixosModules.common-gpu-amd
     ];
 
-    boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci"];
+    boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
     boot.initrd.kernelModules = [];
     boot.kernelModules = [];
     boot.extraModulePackages = [];
 
-    networking.useDHCP = lib.mkDefault true;
+    # ZFS
+    networking.hostId = "4313abca";
+    boot.supportedFilesystems = ["zfs"];
+    boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+
+    # WWhen using systemd-networkd it's still possible to use this option,
+    # but it's recommended to use it in conjunction with explicit per-interface
+    # declarations with `networking.interfaces.<interface>.useDHCP`.
+    networking.useDHCP = lib.mkDefault false;
 
-    hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
     hardware.enableRedistributableFirmware = true;
     hardware.enableAllFirmware = true;
-    boot.kernelPackages = pkgs.linuxPackages_latest;
+    # high-resolution display
+    hardware.video.hidpi.enable = lib.mkDefault true;
+
+    powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
   };
 }

comb/home/nixosConfigurations.nix

@@ -18,15 +18,10 @@
 
     documentation.dev.enable = true;
 
-    # swapDevices = [
-    #   {
-    #     device = "/.swapfile";
-    #     size = 8192; # ~8GB - will be autocreated
-    #   }
-    # ];
     # Use the systemd-boot EFI boot loader.
     boot.loader.systemd-boot.enable = true;
     boot.loader.efi.canTouchEfiVariables = true;
+
     nix.settings = {
       auto-optimise-store = true;
       allowed-users = ["@wheel"];
@@ -38,29 +33,35 @@
       accept-flake-config = true;
     };
 
-    # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+    networking.hostName = "nom";
-
     time.timeZone = "Europe/Berlin";
 
-    networking.useDHCP = false;
-    networking.interfaces.wlp2s0.useDHCP = true;
-    networking.networkmanager.enable = true;
-    systemd.services.NetworkManager-wait-online = {
-      enable = false;
-      serviceConfig.TimeoutSec = 15;
-      wantedBy = ["network-online.target"];
-    };
-
-    # Configure network proxy if necessary
-    # networking.proxy.default = "http://user:password@proxy:port/";
-    # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
     # Select internationalisation properties.
     i18n.defaultLocale = "C.UTF-8";
     console = {
       keyMap = "de-latin1-nodeadkeys";
     };
 
+    # Enable the OpenSSH daemon.
+    services.openssh = {
+      enable = true;
+      passwordAuthentication = false;
+      kbdInteractiveAuthentication = false;
+      permitRootLogin = "yes";
+      hostKeys = [
+        {
+          path = "/etc/ssh/ssh_host_ed25519_key";
+          type = "ed25519";
+        }
+      ];
+    };
+
+    # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+    # Configure network proxy if necessary
+    # networking.proxy.default = "http://user:password@proxy:port/";
+    # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
     services.sshd.enable = true;
 
     # Enable sound.
@@ -69,11 +70,18 @@
 
     # Define a user account. Don't forget to set a password with ‘passwd’.
     users = {
-      users.lar = {
+      users.root = {
-        shell = pkgs.zsh;
+        initialHashedPassword = "$6$EBo/CaxB.dQoq2W8$lo2b5vKgJlLPdGGhEqa08q3Irf1Zd1PcFBCwJOrG8lqjwbABkn1DEhrMh1P3ezwnww2HusUBuZGDSMa4nvSQg1";
+        openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5Uq+CDy5Pmt3If5M6d8K/Q7HArU6sZ7sgoj3T521Wm"];
+      };
+      users.myuser = {
         isNormalUser = true;
-        initialPassword = "password123";
+        shell = pkgs.zsh;
-        extraGroups = ["wheel"]; # Enable ‘sudo’ for the user.
+        extraGroups = ["wheel" "audio" "video"]; # Enable ‘sudo’ for the user.
+        packages = with pkgs; [
+          firefox
+          thunderbird
+        ];
       };
     };
 
@@ -82,32 +90,22 @@
     environment.systemPackages = with pkgs; [
       kitty
       firefox
-      # Office
-      fava
       direnv
       # Git & Tools
       git
-      gh
-      gitoxide
-      ghq
       # Nix
       # nil # nix language server
       rnix-lsp # nix language server
       alejandra # nix formatter
       # Python
-      (python3Full.withPackages (p:
-        with p; [
-          numpy
-          pandas
-          ptpython
-          requests
-          scipy
-        ]))
-      poetry # python project files
       black # python formatter
     ];
 
     # Programs configuration
+    programs.neovim.enable = true;
+    programs.neovim.viAlias = true;
+    environment.variables.EDITOR = "nvim";
+
     programs.starship.enable = true;
     programs.nix-ld.enable = true; # quality of life for downloaded programs
     programs.zsh = {
@@ -124,10 +122,7 @@
       enable = true;
       config = {
         init.defaultBranch = "main";
-        core.autocrlf = "input";
         pull.rebase = true;
-        rebase.autosquash = true;
-        rerere.enable = true;
       };
     };
     #programs.ssh = {