jay/nixverse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More nixy setup.

Browse Source
This commit is contained in:
jay
2025-07-09 07:54:44 -04:00
parent b07d76f877
commit d0a8eea837
5 changed files with 205 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
nodes/hosts/nixy/configuration.nix Normal file
View File

@@ -0,0 +1,21 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./impermanence.nix
./programs/streamcontroller.nix
./system/bootloader.nix
./system/environment.nix
./system/filesystems.nix
./system/networking.nix
];
system.stateVersion = "24.11"; # Did you read the comment?
}

119
nodes/hosts/nixy/disk-config.nix Normal file
View File

@@ -0,0 +1,119 @@
{
disko.devices = {
disk = {
nvme1n1 = {
type = "disk";
device = "/dev/nvme1n1";
content = {
type = "gpt";
partitions = {
ESP = {
label = "boot";
name = "ESP";
size = "4500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"defaults"
];
};
};
luks = {
size = "100%";
label = "luks";
content = {
type = "luks";
name = "cryptroot";
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
allowDiscards = true;
#keyFile = "/tmp/secret.key";
};
#additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-L" "nixos" "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
"/persist" = {
mountpoint = "/persist";
mountOptions = [
"subvol=persist"
"compress=zstd"
"noatime"
];
};
"/log" = {
mountpoint = "/var/log";
mountOptions = [
"subvol=log"
"compress=zstd"
"noatime"
];
};
};
};
};
};
};
};
};
nvme0n1 = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
label = "lukshome";
content = {
type = "luks";
name = "crypthome";
settings = {
allowDiscards = true;
#keyFile = "/tmp/secret.key";
};
content = {
type = "btrfs";
extraArgs = ["-L" "home" "-f"];
subvolumes = {
"/home" = {
mountpoint = "/home";
mountOptions = ["subvol=home" "compress=zstd" "noatime"];
};
};
};
};
};
};
};
};
};
};
fileSystems."/nix/persist".neededForBoot = true;
fileSystems."/var/log".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
}

21
nodes/hosts/nixy/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,21 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp8s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

40
nodes/hosts/nixy/impermanence.nix Normal file
View File

@@ -0,0 +1,40 @@
{lib, ...}: {
# Reset root subvolume on boot
boot.initrd.postResumeCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/luks /btrfs_tmp # CONFIRM THIS IS CORRECT FROM findmnt
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
# Use /persist as the persistence root, matching Disko's mountpoint
environment.persistence."/nix/persist" = {
hideMounts = true;
directories = [
"/etc" # System configuration (Keep this here for persistence via bind-mount)
"/var/spool" # Mail queues, cron jobs
"/srv" # Web server data, etc.
"/root"
];
files = [
];
};
}

4
nodes/hosts/nixy/node.nix Normal file
View File

@@ -0,0 +1,4 @@
{
os = "nixos";
channel = "stable";
}