feat: add disko config for nom

2022-12-04 16:05:54 +01:00 · 2022-12-04 16:05:54 +01:00 · 0b7adc0b33
commit 0b7adc0b33
parent 8d107a7cf1
3 changed files with 126 additions and 72 deletions
--- a/comb/home/diskoConfigurations.nix
+++ b/comb/home/diskoConfigurations.nix
@ -1,19 +1,19 @@
 {
-	nom = {
+  nom = {
-		    disk = {
+    disk = {
-      nvme0n1 = {
+      "Intenso_SSD_3833430-532201046" = {
        device = "/dev/nvme0n1";
        type = "disk";
        device = "/dev/disk/by-id/ata-Intenso_SSD_3833430-532201046";
        content = {
          type = "table";
          format = "gpt";
          partitions = [
            {
              type = "partition";
-              name = "ESP";
+              name = "efi";
-              start = "1MiB";
+              start = "0";
-              end = "100MiB";
+              end = "8GiB";
-              bootable = true;
+              fs-type = "fat32";
              content = {
                type = "filesystem";
                format = "vfat";
@ -21,21 +21,71 @@
              };
            }
            {
              name = "root";
              type = "partition";
-              start = "100MiB";
+              name = "swap";
              start = "8GiB";
              end = "100%";
              part-type = "primary";
              bootable = true;
              content = {
-                type = "filesystem";
+                type = "swap";
-                format = "ext4";
+                randomEncryption = true;
                mountpoint = "/";
              };
            }
          ];
        };
      };
      "Samsung_SSD_980_PRO_1TB_S5GXNX1T325329W" = {
        type = "disk";
        device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_1TB_S5GXNX1T325329W";
        content = {
          type = "zfs";
          pool = "zpool";
        };
      };
    };
-	};
+    rpool = {
      type = "zpool";
      mode = "mirror";
      rootFsOptions = {
        compression = "zstd";
        acltype = "posix";
        atime = "off";
        xattr = "sa";
        dnodesize = "auto";
        mountpoint = "none";
        canmount = "off";
        devices = "off";
        encryption = "aes-256-gcm";
        keyformat = "passphrase";
        keylocation = "prompt";
        "autobackup:snap" = "true";
        "autobackup:home" = "true";
      };
      options = {
        ashift = "12";
        bootfs = "rpool/root/nixos";
      };
      datasets = {
        "root" = {
          zfs_type = "filesystem";
        };
        "root/nixos" = {
          zfs_type = "filesystem";
          options = {
            canmount = "on";
            mountpoint = "/";
          };
        };
        "home" = {
          zfs_type = "filesystem";
        };
        "home/root" = {
          zfs_type = "filesystem";
          options = {
            canmount = "on";
            mountpoint = "/root";
          };
        };
      };
    };
  };
 }
--- a/comb/home/hardwareProfiles.nix
+++ b/comb/home/hardwareProfiles.nix
@ -8,22 +8,31 @@
    imports = [
      inputs.disko.nixosModules.disko
      {disko.devices = cell.diskoConfigurations.nom;}
      inputs.nixos-hardware.nixosModules.common-cpu-intel
      inputs.nixos-hardware.nixosModules.common-pc-laptop
      inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
      inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
      inputs.nixos-hardware.nixosModules.common-gpu-amd
    ];
-    boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci"];
+    boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
    boot.initrd.kernelModules = [];
    boot.kernelModules = [];
    boot.extraModulePackages = [];
-    networking.useDHCP = lib.mkDefault true;
+    # ZFS
    networking.hostId = "4313abca";
    boot.supportedFilesystems = ["zfs"];
    boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
    # WWhen using systemd-networkd it's still possible to use this option,
    # but it's recommended to use it in conjunction with explicit per-interface
    # declarations with `networking.interfaces.<interface>.useDHCP`.
    networking.useDHCP = lib.mkDefault false;
    hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
    hardware.enableRedistributableFirmware = true;
    hardware.enableAllFirmware = true;
-    boot.kernelPackages = pkgs.linuxPackages_latest;
+    # high-resolution display
    hardware.video.hidpi.enable = lib.mkDefault true;
    powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  };
 }
--- a/comb/home/nixosConfigurations.nix
+++ b/comb/home/nixosConfigurations.nix
@ -10,23 +10,18 @@
      cell.hardwareProfiles.nom
    ];
-	# Disable unnecessary stuff from the nixos defaults.
+    # Disable unnecessary stuff from the nixos defaults.
-	services.udisks2.enable = false;
+    services.udisks2.enable = false;
-	networking.dhcpcd.enable = false;
+    networking.dhcpcd.enable = false;
-	networking.firewall.enable = false;
+    networking.firewall.enable = false;
-	security.sudo.enable = false;
+    security.sudo.enable = false;
-	documentation.dev.enable = true;
+    documentation.dev.enable = true;
    # swapDevices = [
    #   {
    #     device = "/.swapfile";
    #     size = 8192; # ~8GB - will be autocreated
    #   }
    # ];
    # Use the systemd-boot EFI boot loader.
    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;
    nix.settings = {
      auto-optimise-store = true;
      allowed-users = ["@wheel"];
@ -38,29 +33,35 @@
      accept-flake-config = true;
    };
-    # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+    networking.hostName = "nom";
    time.timeZone = "Europe/Berlin";
    networking.useDHCP = false;
    networking.interfaces.wlp2s0.useDHCP = true;
    networking.networkmanager.enable = true;
    systemd.services.NetworkManager-wait-online = {
      enable = false;
      serviceConfig.TimeoutSec = 15;
      wantedBy = ["network-online.target"];
    };
    # Configure network proxy if necessary
    # networking.proxy.default = "http://user:password@proxy:port/";
    # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
    # Select internationalisation properties.
    i18n.defaultLocale = "C.UTF-8";
    console = {
-	  keyMap = "de-latin1-nodeadkeys";
+      keyMap = "de-latin1-nodeadkeys";
    };
    # Enable the OpenSSH daemon.
    services.openssh = {
      enable = true;
      passwordAuthentication = false;
      kbdInteractiveAuthentication = false;
      permitRootLogin = "yes";
      hostKeys = [
        {
          path = "/etc/ssh/ssh_host_ed25519_key";
          type = "ed25519";
        }
      ];
    };
    # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
    # Configure network proxy if necessary
    # networking.proxy.default = "http://user:password@proxy:port/";
    # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
    services.sshd.enable = true;
    # Enable sound.
@ -69,45 +70,42 @@
    # Define a user account. Don't forget to set a password with ‘passwd’.
    users = {
-      users.lar = {
+      users.root = {
-        shell = pkgs.zsh;
+        initialHashedPassword = "$6$EBo/CaxB.dQoq2W8$lo2b5vKgJlLPdGGhEqa08q3Irf1Zd1PcFBCwJOrG8lqjwbABkn1DEhrMh1P3ezwnww2HusUBuZGDSMa4nvSQg1";
        openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5Uq+CDy5Pmt3If5M6d8K/Q7HArU6sZ7sgoj3T521Wm"];
      };
      users.myuser = {
        isNormalUser = true;
-        initialPassword = "password123";
+        shell = pkgs.zsh;
-        extraGroups = ["wheel"]; # Enable ‘sudo’ for the user.
+        extraGroups = ["wheel" "audio" "video"]; # Enable ‘sudo’ for the user.
        packages = with pkgs; [
          firefox
          thunderbird
        ];
      };
    };
    # List packages installed in system profile. To search, run:
    # $ nix search wget
    environment.systemPackages = with pkgs; [
-	  kitty
+      kitty
      firefox
      # Office
      fava
      direnv
      # Git & Tools
      git
      gh
      gitoxide
      ghq
      # Nix
      # nil # nix language server
      rnix-lsp # nix language server
      alejandra # nix formatter
      # Python
      (python3Full.withPackages (p:
        with p; [
          numpy
          pandas
          ptpython
          requests
          scipy
        ]))
      poetry # python project files
      black # python formatter
    ];
    # Programs configuration
    programs.neovim.enable = true;
    programs.neovim.viAlias = true;
    environment.variables.EDITOR = "nvim";
    programs.starship.enable = true;
    programs.nix-ld.enable = true; # quality of life for downloaded programs
    programs.zsh = {
@ -124,10 +122,7 @@
      enable = true;
      config = {
        init.defaultBranch = "main";
        core.autocrlf = "input";
        pull.rebase = true;
        rebase.autosquash = true;
        rerere.enable = true;
      };
    };
    #programs.ssh = {