diff --git a/flake.lock b/flake.lock index a2f410e..4bab678 100644 --- a/flake.lock +++ b/flake.lock @@ -67,6 +67,26 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1752113600, + "narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=", + "owner": "nix-community", + "repo": "disko", + "rev": "79264292b7e3482e5702932949de9cbb69fedf6d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "flake-registry": { "flake": false, "locked": { @@ -225,6 +245,7 @@ "inputs": { "agenix": "agenix", "devshell": "devshell", + "disko": "disko", "flake-registry": "flake-registry", "flake-utils": "flake-utils", "home-manager": "home-manager", diff --git a/flake.nix b/flake.nix index 6ccece0..622f9f0 100644 --- a/flake.nix +++ b/flake.nix @@ -4,6 +4,10 @@ inputs = { nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 14780f1..38c38da 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,6 +1,7 @@ { self, agenix, + disko, home-manager, homepage, nixos-hardware, @@ -40,6 +41,7 @@ in extraModules = [ # TODO lanzaboote.nixosModules.lanzaboote + disko.nixosModules.disko { nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; dadada.pkgs = self.packages.${system}; diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 56b3bcb..04fd504 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -3,10 +3,9 @@ imports = [ ../modules/profiles/laptop.nix + ./disks.nix ]; - ### TODO double check with generated hw-config - boot = { # TODO lanzaboote = { # enable = true; @@ -47,113 +46,6 @@ pkgs.sbctl ]; - # TODO compare with nixos-generate-config --show-hardware-config - fileSystems = { - "/boot" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "vfat"; - }; - - "/" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "subvol=root" - "compress=zstd" - ]; - }; - - "/home" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - options = [ - "compress=zstd" - "subvol=home" - ]; - }; - - "/home/dadada" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - options = [ - "compress=zstd" - "subvol=home/dadada" - ]; - }; - - "/nix" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "noatime" - "compress=zstd" - "subvol=nix" - ]; - }; - - "/nix/var/nix/builds" = { - device = "none"; - fsType = "tmpfs"; - options = [ - # Max 80% of available RAM - "size=80%" - # Only owner (nix daemon may write) - "mode=755" - ]; - }; - - "/root" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "compress=zstd" - "subvol=root" - ]; - }; - - "/var" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "compress=zstd" - "subvol=var" - ]; - }; - - "/var/lib/paperless" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "compress=zstd" - "subvol=var/lib/paperless" - ]; - }; - - "/var/swap" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "noatime" - "subvol=swap" - ]; - }; - - # NOTE: /tmp is tmpfs because of config in base.nix - }; - - # TODO btrfs filesystem mkswapfile --uuid clear /var/swap/swapfile - # swapDevices = [{ - # device = "/var/swap/swapfile"; - # size = 80*1024; # Creates an 80GB swap file - # }]; - hardware = { # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features bluetooth.enable = true; diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix new file mode 100644 index 0000000..6b07f9b --- /dev/null +++ b/nixos/stolas/disks.nix @@ -0,0 +1,99 @@ +{ + disko.devices = { + nodev."/nix/var/nix/builds" = { + fsType = "tmpfs"; + mountOptions = [ + "size=80%" + "defaults" + "mode=755" + ]; + }; + disk = { + main = { + type = "disk"; + device = "/dev/disk/by-uuid/TODO"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + # TODO tmpfs for nix/var/nix/builds + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + #passwordFile = "/tmp/secret.key"; # Interactive + settings = { + allowDiscards = true; + #keyFile = "/tmp/secret.key"; + }; + #additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ + "compress=zstd" + "relatime" + ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/dadada" = { + mountpoint = "/home/dadada"; + mountOptions = [ + "compress=zstd" + "relatime" + ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/var" = { + mountpoint = "/var"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/paperless" = { + mountpoint = "/var/lib/paperless"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "64G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +}