diff --git a/hosts/firefly/boot/default.nix b/hosts/firefly/boot/default.nix index 7c224b3..2aa9bea 100644 --- a/hosts/firefly/boot/default.nix +++ b/hosts/firefly/boot/default.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ config, pkgs, ... }: let commonKernelParams = [ # Nvidia settings @@ -31,13 +31,13 @@ in { services.root-reset = { description = "Reset root and snapshot last boot"; wantedBy = [ "initrd.target" ]; - after = [ "dev-firefly-root.device" ]; + after = [ "dev-${config.networking.hostName}-root.device" ]; before = [ "sysroot.mount" ]; unitConfig.DefaultDependencies = "no"; serviceConfig.Type = "oneshot"; script = '' mkdir -p /mnt - mount /dev/firefly/root /mnt + mount /dev/${config.networking.hostName}/root /mnt if [[ -e /mnt/prev ]]; then btrfs subvolume delete /mnt/prev diff --git a/hosts/firefly/default.nix b/hosts/firefly/default.nix index 1f11c11..aba8770 100644 --- a/hosts/firefly/default.nix +++ b/hosts/firefly/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ ... }: { imports = [ ./boot diff --git a/hosts/firefly/disko/default.nix b/hosts/firefly/disko/default.nix index 6a8043e..e52c45d 100644 --- a/hosts/firefly/disko/default.nix +++ b/hosts/firefly/disko/default.nix @@ -1,10 +1,10 @@ -{ disko, ... }: +{ disko, config, ... }: { imports = [ disko.nixosModules.disko ]; disko.devices = { disk = { - firefly = { + "${config.networking.hostName}" = { type = "disk"; device = "/dev/nvme0n1"; content = { @@ -29,7 +29,7 @@ passwordFile = "/tmp/secret.key"; content = { type = "lvm_pv"; - vg = "firefly"; + vg = "${config.networking.hostName}"; }; }; }; @@ -39,7 +39,7 @@ }; lvm_vg = { - firefly = { + "${config.networking.hostName}" = { type = "lvm_vg"; lvs = { root = { diff --git a/hosts/firefly/hardware/default.nix b/hosts/firefly/hardware/default.nix index d8f301d..a03500f 100644 --- a/hosts/firefly/hardware/default.nix +++ b/hosts/firefly/hardware/default.nix @@ -21,22 +21,6 @@ }; fileSystems = { - # Useful system mounts - "/etc/libvirt" = { - device = "/dev/disk/by-uuid/f18a0302-9914-471d-828c-85ab1a67a8be"; - options = [ "nosuid" "nodev" "nofail" ]; - }; - "/etc/libvirt/VMs/Bulk" = { - depends = [ "/etc/libvirt" ]; - device = "/dev/disk/by-uuid/3eb36c3e-81ac-4281-89f0-c89242d88dd6"; - options = [ "nosuid" "nodev" "nofail" ]; - }; - "/var/lib/libvirt" = { - depends = [ "/etc/libvirt" ]; - device = "/etc/libvirt/varlibvirt"; - options = [ "bind" "rw" ]; - }; - # Games and such "/mnt/Linux1" = { device = "/dev/disk/by-uuid/b2901f8c-ffda-4b88-bb63-a9ea0c96ccb4"; @@ -46,6 +30,10 @@ device = "/dev/disk/by-uuid/f08e4f38-162c-402f-ba2a-5925151b78bf"; options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; }; + "/mnt/Linux3" = { + device = "/dev/disk/by-uuid/e7bc75bd-c371-4b28-b212-7be9b1fad339"; + options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ]; + }; "/mnt/Windows1" = { device = "/dev/disk/by-uuid/10BC97B2BC979138"; options = [ "nosuid" "nodev" "noauto" ]; @@ -55,6 +43,16 @@ options = [ "nosuid" "nodev" "noauto" ]; }; + # Bulk storage mounts + "/persist/var/lib/libvirt" = { + device = "/dev/disk/by-uuid/abf78669-de2a-4afa-8e62-604f4e4cb355"; + options = [ "subvol=libvirt" "nosuid" "nodev" "nofail" ]; + }; + "/persist/home/jimbo/VMs" = { + device = "/dev/disk/by-uuid/abf78669-de2a-4afa-8e62-604f4e4cb355"; + options = [ "subvol=images" "nosuid" "nodev" "nofail" ]; + }; + # Network mounts "/home/jimbo/JimboNFS" = { device = "${config.ips.server}:/export/JimboNFS"; diff --git a/modules/home/files/default.nix b/modules/home/files/default.nix index 8656069..02463b6 100644 --- a/modules/home/files/default.nix +++ b/modules/home/files/default.nix @@ -1,8 +1,5 @@ { pkgs, config, ... }: { home.file = { - "VMs" = { - source = config.lib.file.mkOutOfStoreSymlink "/etc/libvirt/VMs"; - }; ".face" = { source = ./assets/pfp.png; }; diff --git a/modules/system/devices/disks/impermanence/jimbo/default.nix b/modules/system/devices/disks/impermanence/jimbo/default.nix index f007f39..5325d28 100644 --- a/modules/system/devices/disks/impermanence/jimbo/default.nix +++ b/modules/system/devices/disks/impermanence/jimbo/default.nix @@ -9,6 +9,7 @@ "Pictures" "Videos" "Games" + "VMs" ".snapshots" ".mozilla" diff --git a/modules/system/devices/disks/impermanence/root/default.nix b/modules/system/devices/disks/impermanence/root/default.nix index 460045b..ee7871a 100644 --- a/modules/system/devices/disks/impermanence/root/default.nix +++ b/modules/system/devices/disks/impermanence/root/default.nix @@ -5,16 +5,10 @@ directories = [ "/etc/nixos" "/etc/secureboot" - "/var/log" - "/var/lib/systemd/coredump" "/var/lib/nixos" ]; files = [ "/etc/machine-id" - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" ]; }; } diff --git a/modules/system/programs/security/default.nix b/modules/system/programs/security/default.nix index d9e1871..a5c9b78 100644 --- a/modules/system/programs/security/default.nix +++ b/modules/system/programs/security/default.nix @@ -3,5 +3,6 @@ imports = [ ./apparmor ./doas + ./polkit ]; } diff --git a/modules/system/programs/security/polkit/default.nix b/modules/system/programs/security/polkit/default.nix new file mode 100644 index 0000000..1b00dae --- /dev/null +++ b/modules/system/programs/security/polkit/default.nix @@ -0,0 +1,7 @@ +{ config, ... }: +{ + security = { + polkit.enable = config.system.desktop.enable; + rtkit.enable = config.system.desktop.enable; + }; +} diff --git a/modules/system/services/common/ssh/default.nix b/modules/system/services/common/ssh/default.nix index 81ffd07..2d3776b 100644 --- a/modules/system/services/common/ssh/default.nix +++ b/modules/system/services/common/ssh/default.nix @@ -11,4 +11,11 @@ UsePAM = false; }; }; + + environment.persistence."/persist".files = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; } diff --git a/modules/system/services/pc/default.nix b/modules/system/services/pc/default.nix index b87a57c..c0e2659 100644 --- a/modules/system/services/pc/default.nix +++ b/modules/system/services/pc/default.nix @@ -5,7 +5,6 @@ ./gvfs ./libvirtd ./mpd - ./polkit ./sunshine ]; } diff --git a/modules/system/services/pc/libvirtd/default.nix b/modules/system/services/pc/libvirtd/default.nix index a8b5ec4..59dc194 100644 --- a/modules/system/services/pc/libvirtd/default.nix +++ b/modules/system/services/pc/libvirtd/default.nix @@ -27,13 +27,24 @@ }; }; - environment.systemPackages = with pkgs; [ - virt-manager - virtiofsd - dnsmasq - spice-vdagent - looking-glass-client - ]; + environment = { + systemPackages = with pkgs; [ + virt-manager + virtiofsd + dnsmasq + spice-vdagent + looking-glass-client + ]; + + persistence."/persist".directories = [ + "/var/lib/libvirt/dnsmasq" + "/var/lib/libvirt/nwfilter" + "/var/lib/libvirt/qemu" + "/var/lib/libvirt/secrets" + "/var/lib/libvirt/storage" + "/var/lib/libvirt/swtpm" + ]; + }; # Needed to make NAT work networking.firewall.trustedInterfaces = [ diff --git a/modules/system/services/pc/polkit/default.nix b/modules/system/services/pc/polkit/default.nix deleted file mode 100644 index b8b850e..0000000 --- a/modules/system/services/pc/polkit/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - security = { - polkit.enable = true; - rtkit.enable = true; - }; -}